Swift websockets不接受客户端证书
我正在开发一个需要使用websockets支持客户端证书的项目.我目前正在使用红蜘蛛,但不幸的是,在阅读文档时,似乎没有关于支持这一点的任何信息.我已经浏览了其他几个
swift Web套接字库,但没有一个提到对此的支持
有谁知道任何支持这种功能的库? 任何信息将不胜感激!! 编辑: 所以我目前正在使用红蜘蛛来试试这个.我有证书设置.这是我到目前为止尝试的代码 public struct IdentityAndTrust { public var identityRef:SecIdentity public var trust:SecTrust public var certData : Data } var socket = WebSocket(url: URL(string: "(ConstantKeys.ipAddress)")!,protocols: []) var identityTest : IdentityAndTrust? func createTrust() { do { let urlPath = Bundle.main.path(forResource: "client",ofType: "p12") let url = NSURL.fileURL(withPath: urlPath!) let certificateData = try Data(contentsOf: url) identityTest = extractTrustAndIdentity(certData: certificateData,certPassword: ConstantKeys.password) } catch { print(error) } } func extractTrustAndIdentity(certData:Data,certPassword:String) -> IdentityAndTrust { var identityAndTrust:IdentityAndTrust! var securityError:OSStatus = errSecSuccess var items: CFArray? let certOptions: Dictionary = [ kSecImportExportPassphrase as String : certPassword ]; // import certificate to read its entries securityError = SecPKCS12Import(certData as CFData,certOptions as CFDictionary,&items); if securityError == errSecSuccess { let certItems:CFArray = items as CFArray!; let certItemsArray:Array = certItems as Array let dict:AnyObject? = certItemsArray.first; if let certEntry:Dictionary = dict as? Dictionary<String,AnyObject> { // grab the identity let identityPointer:AnyObject? = certEntry["identity"]; let secIdentityRef:SecIdentity = identityPointer as! SecIdentity!; // grab the trust let trustPointer:AnyObject? = certEntry["trust"]; let trustRef:SecTrust = trustPointer as! SecTrust; // grab the certificate chain var certRef: SecCertificate? SecIdentityCopyCertificate(secIdentityRef,&certRef); let certArray:NSMutableArray = NSMutableArray(); certArray.add(certRef as SecCertificate!); identityAndTrust = IdentityAndTrust(identityRef: secIdentityRef,trust: trustRef,certData : certData); } } return identityAndTrust } 然后我像这样连接socket let key = SecTrustCopyPublicKey(identityTest!.trust)!; let ssl = SSLCert(key: key) socket.security = SSLSecurity(certs: [ssl],usePublicKeys: false) socket.enabledSSLCipherSuites = [TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] socket.delegate = self socket.connect() 但是我收到以下错误消息
我知道证书是有效的,因为我使用它来发出https请求,它工作正常.那么有谁知道它为什么不起作用?或者有没有人知道另一个可以帮助解决这个问题的套接字库? 解决方法
您可以通过简单地使用NSURLSession(URLSession)而不使用任何第三方库来执行SSL固定,但如果您仍想使用它,则SocketRocket,AFNetworking支持它.
以下链接可以帮助您: http://www.yeradis.com/swift-authentication-challenge http://www.indelible.org/ink/trusted-ssl-certificates/ https://jetforme.org/2013/05/validating-a-self-signed-ssl-certificate-in-ios-and-os-x-against-a-changing-host-name/enter link description here 您选择的任何方法(第三方或URLSession),我建议您阅读此安全问题: https://github.com/facebook/SocketRocket/pull/534 https://www.synopsys.com/blogs/software-security/ineffective-certificate-pinning-implementations/enter link description here (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |