如何在 Swift 中注册我自己的根证书颁发机构?
How do I register my own Root Certificate Authority in Swift?
如何将我自己的根证书颁发机构 (CA) 文件添加到 Swift 中设备的根 CA 列表?
我正在尝试将下面的 Objective-C 代码转换为 Swift,但我不知道如何针对这种情况正确编写字典。
Swift:
let rootCertPath = NSBundle.mainBundle().pathForResource("server", ofType: "crt")!
let rootCertData = NSData(contentsOfFile: rootCertPath)
let rootCert = SecCertificateCreateWithData(kCFAllocatorDefault, rootCertData)
// Error: '_' is not convertible to 'CFStringRef'
let dict =
[
kSecClass: kSecClassCertificate,
kSecValueRef: rootCert
] as CFDictionaryRef
error = SecItemAdd(dict, result)
Objective-C:
NSString *rootCertPath = [[NSBundle mainBundle] pathForResource:@"server" ofType:@"crt"];
NSData *rootCertData = [NSData dataWithContentsOfFile:rootCertPath];
OSStatus err = noErr;
SecCertificateRef rootCert = SecCertificateCreateWithData(kCFAllocatorDefault, (CFDataRef) rootCertData);
CFTypeRef result;
NSDictionary* dict = [NSDictionary dictionaryWithObjectsAndKeys:
(id)kSecClassCertificate, kSecClass,
rootCert, kSecValueRef,
nil];
err = SecItemAdd((CFDictionaryRef)dict, &result);
if( err == noErr) {
NSLog(@"Install root certificate success");
} else if( err == errSecDuplicateItem ) {
NSLog(@"duplicate root certificate entry");
} else {
NSLog(@"install root certificate failure");
}
来源:iOS - Install SSL certificate programmatically
我找到了一个似乎可行的解决方案,但我不完全确定它是否是正确的方法。如有错误请指正
首先我需要将证书从 *.crt 转换为 *.der,因为它一直在创建一个 nil SecCertificate。
openssl x509 -in server.crt -out server.der -outform DER
我的代码:
func installRootCertificate() -> Bool
{
var result: UnsafeMutablePointer<Unmanaged<AnyObject>?> = nil
var error = noErr
let rootCertPath = NSBundle.mainBundle().pathForResource("server", ofType: "der")!
let rootCertData = NSData(contentsOfFile: rootCertPath)!
let rootCert = SecCertificateCreateWithData(kCFAllocatorDefault, rootCertData)
let kSecClassValue = NSString(format: kSecClass)
let kSecClassCertificateValue = NSString(format: kSecClassCertificate)
let kSecValueRefValue = NSString(format: kSecValueRef)
let dict =
[
kSecClassValue: kSecClassCertificateValue,
kSecValueRefValue: rootCert.takeRetainedValue()
] as CFDictionaryRef
error = SecItemAdd(dict, result)
if(error == noErr)
{
println("Installed root certificate successfully");
return true
}
else if(error == errSecDuplicateItem)
{
println("Duplicate root certificate entry");
}
else
{
println("Install root certificate failure")
}
return false
}
如何将我自己的根证书颁发机构 (CA) 文件添加到 Swift 中设备的根 CA 列表?
我正在尝试将下面的 Objective-C 代码转换为 Swift,但我不知道如何针对这种情况正确编写字典。
Swift:
let rootCertPath = NSBundle.mainBundle().pathForResource("server", ofType: "crt")!
let rootCertData = NSData(contentsOfFile: rootCertPath)
let rootCert = SecCertificateCreateWithData(kCFAllocatorDefault, rootCertData)
// Error: '_' is not convertible to 'CFStringRef'
let dict =
[
kSecClass: kSecClassCertificate,
kSecValueRef: rootCert
] as CFDictionaryRef
error = SecItemAdd(dict, result)
Objective-C:
NSString *rootCertPath = [[NSBundle mainBundle] pathForResource:@"server" ofType:@"crt"];
NSData *rootCertData = [NSData dataWithContentsOfFile:rootCertPath];
OSStatus err = noErr;
SecCertificateRef rootCert = SecCertificateCreateWithData(kCFAllocatorDefault, (CFDataRef) rootCertData);
CFTypeRef result;
NSDictionary* dict = [NSDictionary dictionaryWithObjectsAndKeys:
(id)kSecClassCertificate, kSecClass,
rootCert, kSecValueRef,
nil];
err = SecItemAdd((CFDictionaryRef)dict, &result);
if( err == noErr) {
NSLog(@"Install root certificate success");
} else if( err == errSecDuplicateItem ) {
NSLog(@"duplicate root certificate entry");
} else {
NSLog(@"install root certificate failure");
}
来源:iOS - Install SSL certificate programmatically
我找到了一个似乎可行的解决方案,但我不完全确定它是否是正确的方法。如有错误请指正
首先我需要将证书从 *.crt 转换为 *.der,因为它一直在创建一个 nil SecCertificate。
openssl x509 -in server.crt -out server.der -outform DER
我的代码:
func installRootCertificate() -> Bool
{
var result: UnsafeMutablePointer<Unmanaged<AnyObject>?> = nil
var error = noErr
let rootCertPath = NSBundle.mainBundle().pathForResource("server", ofType: "der")!
let rootCertData = NSData(contentsOfFile: rootCertPath)!
let rootCert = SecCertificateCreateWithData(kCFAllocatorDefault, rootCertData)
let kSecClassValue = NSString(format: kSecClass)
let kSecClassCertificateValue = NSString(format: kSecClassCertificate)
let kSecValueRefValue = NSString(format: kSecValueRef)
let dict =
[
kSecClassValue: kSecClassCertificateValue,
kSecValueRefValue: rootCert.takeRetainedValue()
] as CFDictionaryRef
error = SecItemAdd(dict, result)
if(error == noErr)
{
println("Installed root certificate successfully");
return true
}
else if(error == errSecDuplicateItem)
{
println("Duplicate root certificate entry");
}
else
{
println("Install root certificate failure")
}
return false
}