get pfx file included in a mobilecertificate in iOS

问题

I'm trying to connect to a server using a .pfx that is stored in a .mobileconfig file on my iPhone.

When the server ask for it in

-(void)connection:(NSURLConnection*)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge*)challenge{

How can I create the NSURLCredential with the .pfx? Should I use

+ (NSURLCredential *)credentialWithIdentity:(SecIdentityRef)identity certificates:(NSArray *)certArray persistence:(NSURLCredentialPersistence)persistence

If thats the case, how do I extract the .pfx to put it into the array.

Thanks in advance.

回答1:

So no, there is no way to get the certificate from the mobileconfig file. iOS applications use its own keychain access and storage. Only email and other phone service like internet can make use of those certificates

回答2:

U can use my code:

 - (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge   
{
    NSString *path = [[NSBundle mainBundle] pathForResource:@"torbix" ofType:@"pfx"];
    NSData *pfxdata = [NSData dataWithContentsOfFile:path];
    CFDataRef inpfxdata = (CFDataRef)pfxdata;
    SecIdentityRef myIdentity;
    SecTrustRef myTrust;
    OSStatus status = extractIdentityAndTrust(inpfxdata, &myIdentity, &myTrust);
    SecCertificateRef myCertificate;
    SecIdentityCopyCertificate(myIdentity, &myCertificate);
    const void *certs[] = { myCertificate };
    CFArrayRef certsArray = CFArrayCreate(NULL, certs, 1, NULL);
    NSURLCredential *credential = [NSURLCredential credentialWithIdentity:myIdentity
                                                             certificates:(NSArray *)myCertificate
                                                              persistence:NSURLCredentialPersistencePermanent];
    [challenge.sender useCredential:credential forAuthenticationChallenge:challenge];
    CFRelease(myIdentity);
    CFRelease(myCertificate);
    CFRelease(certsArray);

}
//extractIdentityAndTrust method.
-(OSStatus) extractIdentityAndTrust:(CFDataRef)inpfxdata identity:(SecIdentityRef *)identity trust:(SecTrustRef *)trust
{
    OSStatus securityError = errSecSuccess;
    CFStringRef password = CFSTR("password");
    const void *keys[] = { kSecImportExportPassphrase };
    const void *values[] = { password };
    CFDictionaryRef options = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL);
    CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
    securityError = SecPKCS12Import(inpfxdata, options, &items);
    if (securityError == 0) {
        CFDictionaryRef myIdentityAndTrust = CFArrayGetValueAtIndex(items, 0);
        const void *tempIdentity = NULL;
        tempIdentity = CFDictionaryGetValue(myIdentityAndTrust, kSecImportItemIdentity);
        *identity = (SecIdentityRef)tempIdentity;
        const void *tempTrust = NULL;
        tempTrust = CFDictionaryGetValue(myIdentityAndTrust, kSecImportItemTrust);
        *trust = (SecTrustRef)tempTrust;
    }
    if (options) {
        CFRelease(options);
    }
    return securityError;
}

good luck!^-^

来源：https://stackoverflow.com/questions/11718305/get-pfx-file-included-in-a-mobilecertificate-in-ios