无法提取证书(错误-26275)
问题描述:
我有支持NSURLConnection的UIWebView。我想添加证书。当我想从证书中提取身份和信任OSStatus返回错误-26275。你有什么想法如何使它正确吗?下面的代码:无法提取证书(错误-26275)
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
NSError *error = nil;
NSString *path = [[NSBundle mainBundle] pathForResource:[@"xxxx.pem" stringByDeletingPathExtension] ofType:[@"xxxx.pem" pathExtension]];
NSData *certData = [[NSData alloc] initWithContentsOfFile:path options:0 error:&error];
CFDataRef inP12data = (__bridge CFDataRef)certData;
SecIdentityRef identity;
SecTrustRef trust;
OSStatus status = extractIdentityAndTrust(inP12data, &identity, &trust);
NSLog(@"status %d", (int)status);
if(status == errSecSuccess) {
SecCertificateRef certificate;
SecIdentityCopyCertificate(identity, &certificate);
const void *certs[] = { certificate };
CFArrayRef certsArray = CFArrayCreate(NULL, certs, 1, NULL);
NSArray *certificatesForCredential = (__bridge NSArray *)certsArray;
NSURLCredential *credential = [NSURLCredential credentialWithIdentity:identity
certificates:certificatesForCredential
persistence:NSURLCredentialPersistencePermanent];
[challenge.sender useCredential:credential forAuthenticationChallenge:challenge];
CFRelease(identity);
CFRelease(certificate);
CFRelease(certsArray);
}
else {
[challenge.sender cancelAuthenticationChallenge:challenge];
}
}
和extractIdentityAndTrust功能:
OSStatus extractIdentityAndTrust(CFDataRef inPKCS12Data, SecIdentityRef *identity, SecTrustRef *trust){
OSStatus securityError = errSecSuccess;
CFStringRef password = CFSTR("XXXXX");
const void *keys[] = { kSecImportExportPassphrase };
const void *values[] = { password };
CFDictionaryRef optionsDictionary = CFDictionaryCreate(
NULL, keys,
values, 1,
NULL, NULL);
CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
securityError = SecPKCS12Import(inPKCS12Data,
optionsDictionary,
&items);
if (securityError == 0) {
CFDictionaryRef myIdentityAndTrust = CFArrayGetValueAtIndex (items, 0);
const void *tempIdentity = NULL;
tempIdentity = CFDictionaryGetValue (myIdentityAndTrust,
kSecImportItemIdentity);
*identity = (SecIdentityRef)tempIdentity;
const void *tempTrust = NULL;
tempTrust = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemTrust);
*trust = (SecTrustRef)tempTrust;
}
if (optionsDictionary) {
CFRelease(optionsDictionary);
}
return securityError;
}
答
正是有了证书的问题。我看着控制台管理 - >设备 - >当前设备 - >控制台,我看到:
Could not load download manifest with underlying error: Error Domain=NSURLErrorDomain Code=-1202 "Cannot connect to the Store"
我刚刚安装的证书,一切工作正常。方法如下:
NSString *rootCertPath = [[NSBundle mainBundle] pathForResource:@"XXXXX" ofType:@"pem"];
NSData *rootCertData = [NSData dataWithContentsOfFile:rootCertPath];
OSStatus err = noErr;
SecCertificateRef rootCert = SecCertificateCreateWithData(kCFAllocatorDefault, (CFDataRef) rootCertData);
CFTypeRef result;
NSDictionary* dict = [NSDictionary dictionaryWithObjectsAndKeys:
(id)kSecClassCertificate, kSecClass,
rootCert, kSecValueRef,
nil];
err = SecItemAdd((CFDictionaryRef)dict, &result);
if(err == noErr) {
NSLog(@"Install root certificate success");
} else if(err == errSecDuplicateItem) {
NSLog(@"duplicate root certificate entry");
} else {
NSLog(@"install root certificate failure");
}