iphone - 如何使 iPhoneHTTPServer 成为安全服务器

Question

我是 iPhone 开发的新手。

我从下面的链接下载了 iPhoneHTTPServer 应用程序。 https://github.com/robbiehanson/CocoaHTTPServer/tree/master/Samples/iPhoneHTTPServer

它适用于 HTTP 请求。

现在我想把它做成一个安全的服务器。 (使用 HTTPS)为此，我在 MyHTTPConnection.m 中覆盖了以下两种方法

我确定此方法的更改:

 /**
 * Overrides HTTPConnection's method
 **/
 - (BOOL)isSecureServer
 {
    // Create an HTTPS server (all connections will be secured via SSL/TLS)
    return YES; 
 }

我需要在波纹管方法中应用更改:(请在这里指导我。)问题:DDKeychain 和 Cocoa.h 不适用于 iOS。

 /**
  * Overrides HTTPConnection's method
  * 
  * This method is expected to returns an array appropriate for use in  
  * kCFStreamSSLCertificates SSL Settings.
  * It should be an array of SecCertificateRefs except for the first element in
  * the array, which is a SecIdentityRef.
  **/
  - (NSArray *)sslIdentityAndCertificates
  {
      NSArray *result = [DDKeychain SSLIdentityAndCertificates];
      if([result count] == 0)
      {
        [DDKeychain createNewIdentity];
        return [DDKeychain SSLIdentityAndCertificates];
      }
      return result;
  }

Answer 1

我已经通过以下步骤解决了问题:

1. 从您的Keychain Access(Mac OS X)导出证书
   • 打开钥匙串(keychain)访问
   • 选择证书，右键单击并选择导出...
   • 导出证书文件格式:个人信息交换 (.p12)
     
   • 提供导出文件的名称和密码。
     文件名:TestCertificate.p12
     密码:test123(*如果不起作用，请尝试您的管理员登录密码)
     
     

2. 在您的 XCode 项目中导入 TestCertificate.p12。

3. 在您的项目中添加Security.framework。

4. 在您的代码中导入Security.h 文件。
   
   #import <Security/Security.h>

5. 覆盖并更改 sslIdentityAndCertificates 方法，如下所示。
   

    /**
     * Overrides HTTPConnection's method
     * 
     * This method is expected to returns an array appropriate for use in kCFStreamSSLCertificates SSL Settings.
     * It should be an array of SecCertificateRefs except for the first element in the array, which is a SecIdentityRef.
     **/
    - (NSArray *)sslIdentityAndCertificates
    {    
        SecIdentityRef identityRef = NULL;
        SecCertificateRef certificateRef = NULL;
        SecTrustRef trustRef = NULL;

        NSString *thePath = [[NSBundle mainBundle] pathForResource:@"TestCertificate" ofType:@"p12"];
        NSData *PKCS12Data = [[NSData alloc] initWithContentsOfFile:thePath]; 
        CFDataRef inPKCS12Data = (CFDataRef)PKCS12Data; 
        CFStringRef password = CFSTR("test123"); 
        const void *keys[] = { kSecImportExportPassphrase }; 
        const void *values[] = { password }; 
        CFDictionaryRef optionsDictionary = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL); 
        CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL); 

        OSStatus securityError = errSecSuccess;   
        securityError =  SecPKCS12Import(inPKCS12Data, optionsDictionary, &items); 
        if (securityError == 0) { 
            CFDictionaryRef myIdentityAndTrust = CFArrayGetValueAtIndex (items, 0);
            const void *tempIdentity = NULL;
            tempIdentity = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemIdentity);
            identityRef = (SecIdentityRef)tempIdentity;
            const void *tempTrust = NULL;
            tempTrust = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemTrust);
            trustRef = (SecTrustRef)tempTrust;
        } else {
            NSLog(@"Failed with error code %d",(int)securityError);
            return nil;
        }

        SecIdentityCopyCertificate(identityRef, &certificateRef);
        NSArray *result = [[NSArray alloc] initWithObjects:(id)identityRef, (id)certificateRef, nil];

        return result;    
    }