个人中心
gpt4 book ai didi

ios - iOS 中的 SecKeyRawVerify 收到误报

转载 作者:行者123 更新时间:2023-11-29 01:19:41 27 4
gpt4 key购买 nike

我正在使用 RSASHA-256 签署 JWT 并尝试在我的 iOS SDK 上验证它。

发送完整数据时,验证通过。

但是,当篡改收到的数据时,我仍然收到误报。

在此处添加代码:

//
//  NSData+VerifySignature.m
//  InsertFramework
//
//  Created by yaniv1 on 1/13/16.
//  Copyright © 2016 Insert. All rights reserved.
//

#import "NSData+VerifySignature.h"
#import "IIOStringEncoder.h"
#import "IIOLog.h"
#import "IIORSA.h"

@implementation NSData (VerifySignature)

-(NSArray *)createComponents{
    NSString *data =[[NSString alloc] initWithData:self    encoding:NSUTF8StringEncoding];
NSArray *components = [data componentsSeparatedByString:@"."];
if (!components || [components count] != 3) {
    IIOErrorLog(@"Invalid JWT received for verification");
    return nil;
}

return components;
}

-(NSData *)verifySignature:(NSHTTPURLResponse *)urlResponse {

//Getting response header content-type and checking if it is jwt
NSString *contentType = [[[urlResponse allHeaderFields][@"Content-Type"] componentsSeparatedByString:@";"] objectAtIndex:0];

if (![contentType isEqualToString:@"insert/jwt"])
{
    return nil;
}

NSArray *signatureComponents = [self createComponents];
if (!signatureComponents) {
    return nil;
}

//JWT is seperated into his 3 components
NSString *header = signatureComponents[0];
NSString *payload = signatureComponents[1];
NSString *signature = signatureComponents[2];

//Turining signature received in base64 to base64UrlEncoded
NSData *base64UrlEncodedSig = [IIOStringEncoder dataWithBase64UrlEncodedString:signature];

SecKeyRef pKey = [IIORSA addPublicKey];
if (!pKey) {
    IIOErrorLog(@"Failed to create public key, which results in verification failure");
    return nil;
}

//Creating the data to verify the signature, meaning the header.payload
NSString *headerAndPayload = [[header stringByAppendingString:@"."] stringByAppendingString:payload];
NSData *dataHeaderAndPayload = [headerAndPayload dataUsingEncoding:NSUTF8StringEncoding];

//Verify the signature. For further details, go to
BOOL status = SecKeyRawVerify (pKey,
                      kSecPaddingPKCS1SHA1,
                      (const uint8_t *)[dataHeaderAndPayload bytes],
                      (size_t)[dataHeaderAndPayload length],
                      (const uint8_t *)[base64UrlEncodedSig bytes],
                      (size_t)[base64UrlEncodedSig length]
                      );

if (!status) {
    IIOErrorLog(@"Failed to verify signature");
    return nil;
}

NSData *payloadDecodedData = [[NSData alloc]   initWithBase64EncodedString:payload options:0];

    return payloadDecodedData;
}

@end

有人可以建议吗?

最佳答案

该方法不返回 BOOL。查看reference :

OSStatus SecKeyRawVerify(SecKeyRef key,
    SecPadding padding,
    const uint8_t *signedData,
    size_t signedDataLen,
    const uint8_t *sig,
    size_t sigLen);

关于ios - iOS 中的 SecKeyRawVerify 收到误报,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34763884/

27 4 0
文章推荐: 安卓工作室 : Cant get App to install on emulator
文章推荐: MySQL 不允许创建列名为 DB_ROW_ID 的表
文章推荐: android - retrofit2中不同api添加通用参数
文章推荐: mysql - 在 mac OS 中安装 mysqlclient 库
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com