Geek asks and answers

Via. bks keystores certificate in iPhone app

I am creating an iPhone application that requires .bks keystores for authentication. I did not find anything about this information for iOS apps.

I would like to know if Apple allows the use of key stores in their applications and how to get started with iOS. Certificates are created using BouncyCastle. I found information about this for Android, but for iOS, I had no luck. Any help would be appreciated.

+5
source share
1 answer

You can export the certificate (s) that you need from the keystore, for example

keytool -exportcert -keystore <keystore> -file some.cer

You may need to specify keytool about the type of store and the storage provider, see here .

.cer keychain iOS :

- (void) importCertToKeyChain: (NSData *) data
{
    // Delete the old certificate, otherwise SecItemAdd complains.
    OSStatus oss = SecItemDelete((__bridge CFDictionaryRef)([self clientCertificateQuery]));

    // Import the certificate
    SecCertificateRef certRef = NULL;
    certRef = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)(data));

    NSDictionary *att = [NSDictionary dictionaryWithObjectsAndKeys: (__bridge id)(kSecClassCertificate), kSecClass, (__bridge id) certRef, kSecValueRef, nil];

    oss = SecItemAdd((__bridge CFDictionaryRef)(att), NULL);
}

, , :

- (SecCertificateRef) getCertFromKeyChain
{
    CFTypeRef ref = NULL;
    SecItemCopyMatching((__bridge CFDictionaryRef)([self clientCertificateQuery]), &ref);

    return (SecCertificateRef) ref;
}

CertificateQuery .

static NSString *clientCertSubject = @"TestSubjectClient";

-(NSMutableDictionary *) clientCertificateQuery
{
    NSMutableDictionary *query = [[NSMutableDictionary alloc] init];
    [query setObject:(__bridge id) kSecClassCertificate forKey:(__bridge id)kSecClass];
    [query setObject:clientCertSubject forKey:(__bridge id<NSCopying>)(kSecMatchSubjectContains)];
    [query setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecReturnRef];
 id)kSecAttrKeyType];
    return query;
}

PCKS12 ( BKS ). SecPKCS12Import, keychain iOS. , , - .

Update:

camdaochemgio , , , (, ) . .cer .ipa.

PKCS # P12 , .

PKCS # P12, ( ):

 keytool -importkeystore -srckeystore KEYSTORE.jks -destkeystore KEYSTORE.p12 -srcstoretype BKS -deststoretype PKCS12 -srcstorepass mysecret -deststorepass mysecret -srcalias myalias -destalias myalias -srckeypass mykeypass -destkeypass mykeypass -noprompt

.p12, ( go )

// Load Certificate
NSString *path = [[NSBundle mainBundle] pathForResource:@"cert" ofType:@"p12"];
NSData *p12data = [NSData dataWithContentsOfFile:path];
CFDataRef inP12data = (__bridge CFDataRef)p12data;

// Only password based PKCS#12 blobs are supported
CFStringRef password = CFSTR("Password");
const void *keys[] = { kSecImportExportPassphrase };
const void *values[] = { password };
CFDictionaryRef options = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL);

// The import
CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
OSStatus securityError = SecPKCS12Import(inP12data, options, &items);

if (securityError == 0)
{
    // Exploring the content
    CFDictionaryRef myIdentityAndTrust = CFArrayGetValueAtIndex(items, 0);
    const void *tempIdentity = NULL;
    tempIdentity = CFDictionaryGetValue(myIdentityAndTrust, kSecImportItemIdentity);
    *identity = (SecIdentityRef)tempIdentity;
    const void *tempTrust = NULL;
    tempTrust = CFDictionaryGetValue(myIdentityAndTrust, kSecImportItemTrust);
    *trust = (SecTrustRef)tempTrust;
}

if (options) {
    CFRelease(options);
}

, :

+2

More articles:


All Articles