Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

C# Asynchronous Tcp Server with SSL. How can I get mutual authentication with iOS NSStream?

This is my first post at stackoverflow.com, so if i do something wrong just let me know. So onto the problem.

I have a C# server currently running System.Net.Socket Sockets similar to the sample code Microsoft provided here.

I also have an Objective-C iPad client running NSInputStream/NSOutputStream bound to CFReadStream/CFWriteStream.

At present with only username/password authentication sent via an XML Serialized Object the client and server can communicate without any issues.

The problem I now have is that the communication has to be secure, and talking to clients, SSL encryption would be acceptable. However, I don't think they would accept just the "Server Certificate" as good enough. So I am trying to get the iPad client to use a "Client Certificate". I would like to enable true mutual authentication.

If I can't achieve mutual authentication, a third party VPN Software could be the better solution to secure the communication.

I haven't completed the conversion yet, but I have found a few articles that give me good examples of this, but there are no examples that fit my situation for client side certificates on the iPad. The samples that i have found are:

C# SSL Tcp Server

Apple Developer site that shows how to use SSL, but no client certificate

iPad SSL Stream without client certificate.

iPad SSL Stream without client certificate

iPad HTTP Client that uses client certificate

Basically the system must eventually run TCP communication with SSL embedded with the ability to manage certificates. Not sure if it makes a difference, but as this would be going to many different clients, it is preferable to be compatible with SSL 3.0 and TLS(any version).

As I have only been dabbling in Objective-C for the past 6 months and am more familiar with C#, I will probably need you to explain your answer in simpler terms.

Edit:
I am more concerned with the Objective-C side of the equation, as I am fairly sure the C# side will be simple. Basically I need someone to explain how to implement client side certificates on a TCP NSStream in Objective-C or point me in the direction of possible solutions or approaches to the problem.

Any help will be greatly appreciated.

Chris

like image 701
user1709113 Avatar asked Sep 30 '12 01:09

user1709113


People also ask

What C is used for?

C programming language is a machine-independent programming language that is mainly used to create many types of applications and operating systems such as Windows, and other complicated programs such as the Oracle database, Git, Python interpreter, and games and is considered a programming foundation in the process of ...

What is the full name of C?

In the real sense it has no meaning or full form. It was developed by Dennis Ritchie and Ken Thompson at AT&T bell Lab. First, they used to call it as B language then later they made some improvement into it and renamed it as C and its superscript as C++ which was invented by Dr.

Why is C named so?

Quote from wikipedia: "A successor to the programming language B, C was originally developed at Bell Labs by Dennis Ritchie between 1972 and 1973 to construct utilities running on Unix." The creators want that everyone "see" his language. So he named it "C".


1 Answers

I cannot answer your question with regards to how to implement this on the objective-c side as what you ask is beyond what a single application can achieve on IOS devices. Thinking outside the box..

From Apple:

iOS supports the Simple Certificate Enrollment Protocol (SCEP). SCEP is an Internet draft in the IETF, and is designed to provide a simplified way of handling certificate distribution for large-scale deployments. This enables over-the-air enrollment of identity certificates to iPhone and iPad that can be used for authentication to corporate services.

Knowing this and searching for SCEP in the developer library points me to this page - https://developer.apple.com/library/ios/#documentation/NetworkingInternet/Conceptual/iPhoneOTAConfiguration/Introduction/Introduction.html

This page will be of interest, notice that Microsoft Server supports this:- https://developer.apple.com/library/ios/#documentation/NetworkingInternet/Conceptual/iPhoneOTAConfiguration/OTASecurity/OTASecurity.html#//apple_ref/doc/uid/TP40009505-CH3-SW1 and it even has some sample client/server code.

My interest is generally in the field of Mobile-Device-Management and have been looking into this.

Hope this helps.

like image 174
teopeurt Avatar answered Sep 21 '22 10:09

teopeurt