Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Creating a SecCertificateRef for NSURLConnection Authentication Challenge

Tags:

iphone

ios5.1

I am receiving an authentication challenge from a server my app is trying to connect to, so I have implemented the connection:didReceiveAuthenticationChallenge: method. I need to send a SecCertificateRef and a SecIdentityRef. The identity is working, but the the certificate needs to be sent as a NSArray, and I can't figure out how to convert a CFArrayRef to a NSArray.

This is my method for creating the identity and certificate:

// Returns an array containing the certificate
- (CFArrayRef)getCertificate {
  SecCertificateRef certificate = nil;
  NSString *thePath = [[NSBundle mainBundle] pathForResource:@"CertificateName" ofType:@"p12"];
  NSData *PKCS12Data = [[NSData alloc] initWithContentsOfFile:thePath];
  CFDataRef inPKCS12Data = (__bridge CFDataRef)PKCS12Data;
  certificate = SecCertificateCreateWithData(nil, inPKCS12Data);
  SecCertificateRef certs[1] = { certificate };
  CFArrayRef array = CFArrayCreate(NULL, (const void **) certs, 1, NULL);

  SecPolicyRef myPolicy   = SecPolicyCreateBasicX509();
  SecTrustRef myTrust;

  OSStatus status = SecTrustCreateWithCertificates(array, myPolicy, &myTrust);
  if (status == noErr) {
    NSLog(@"No Err creating certificate");
  } else {
    NSLog(@"Possible Err Creating certificate");
  }
  return array;
}

// Returns the identity
- (SecIdentityRef)getClientCertificate {
  SecIdentityRef identityApp = nil;
  NSString *thePath = [[NSBundle mainBundle] pathForResource:@"CertificateName" ofType:@"p12"];
  NSData *PKCS12Data = [[NSData alloc] initWithContentsOfFile:thePath];
  CFDataRef inPKCS12Data = (__bridge CFDataRef)PKCS12Data;
  CFStringRef password = CFSTR("password");
  const void *keys[] = { kSecImportExportPassphrase };//kSecImportExportPassphrase };
  const void *values[] = { password };
  CFDictionaryRef options = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL);
  CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
  OSStatus securityError = SecPKCS12Import(inPKCS12Data, options, &items);
  CFRelease(options);
  CFRelease(password);
  if (securityError == errSecSuccess) {
    NSLog(@"Success opening p12 certificate. Items: %ld", CFArrayGetCount(items));
    CFDictionaryRef identityDict = CFArrayGetValueAtIndex(items, 0);
    identityApp = (SecIdentityRef)CFDictionaryGetValue(identityDict, kSecImportItemIdentity);
  } else {
    NSLog(@"Error opening Certificate.");
  }
  return identityApp;
}

And then in the connection:didReceiveAuthenticationChallenge: i have:

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
  if ([challenge previousFailureCount] == 0) {
    SecIdentityRef identity = [self getClientCertificate];  // Go get a SecIdentityRef
    CFArrayRef certs = [self getCertificate]; // Get an array of certificates

    // Convert the CFArrayRef to a NSArray
    NSArray *myArray = (__bridge NSArray *)certs;

    // Create the NSURLCredential
    NSURLCredential *newCredential = [NSURLCredential credentialWithIdentity:identity certificates:certs persistence:NSURLCredentialPersistenceNone];

    // Send
    [challenge.sender useCredential:newCredential forAuthenticationChallenge:challenge];
  } else {
    // Failed
    [[challenge sender] cancelAuthenticationChallenge:challenge];
  }
}

The application crashes when the NSURLCredential is created. Upon further inspection, I have concluded that when I convert the CFArrayRef to a NSArray, the data of the SecCertificateRef is lost, and the array contains null causing a crash.

How could I place a SecCertificateRef in a NSArray? Did I miss a step, or am I just doing it wrong?

like image 764
David Skrundz Avatar asked Apr 20 '12 00:04

David Skrundz


1 Answers

I finally found the answer. I was supposed to use SecIdentityCopyCertificate(identity, &certificateRef); instead of SecCertificateCreateWithData(nil, inPKCS12Data); to create my certificate.

like image 100
David Skrundz Avatar answered Oct 31 '22 20:10

David Skrundz