Я пытаюсь добиться аутентификации сертификата клиента с использованием URLSession, но SSL Handshake завершается неудачно.
Вот мой код для аутентификации -
-(void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential))completionHandler {
NSLog(@"didReceiveAuthenticationChallenge - %@", challenge.protectionSpace);
if ( [challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust] )
{
SecTrustRef secTrustRef = challenge.protectionSpace.serverTrust;
if (secTrustRef != NULL)
{
SecTrustResultType result;
OSErr er = SecTrustEvaluate(secTrustRef, &result);
if (er != noErr){
NSLog(@"error");
}
switch ( result )
{
case kSecTrustResultProceed:
NSLog(@"kSecTrustResultProceed");
completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);
break;
case kSecTrustResultUnspecified: // called 2nd
NSLog(@"kSecTrustResultUnspecified");
completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, [NSURLCredential credentialForTrust:secTrustRef]);
break;
case kSecTrustResultRecoverableTrustFailure:
NSLog(@"kSecTrustResultRecoverableTrustFailure");
completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, [NSURLCredential credentialForTrust:secTrustRef]);
break;
}
}
return;
} else if ( [challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodClientCertificate] )
{
NSString *p12Path = [[NSBundle mainBundle] pathForResource:@“p12filepath" ofType:@"p12"];
NSData *p12Data = [[NSData alloc] initWithContentsOfFile:p12Path];
CFStringRef password = CFSTR(“password");
const void *keys[] = { kSecImportExportPassphrase };
const void *values[] = { password };
CFDictionaryRef optionsDictionary = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL);
CFArrayRef p12Items;
OSStatus result = SecPKCS12Import((__bridge CFDataRef)p12Data, optionsDictionary, &p12Items);
if(result == noErr) {
SecCertificateRef certRef;
CFDictionaryRef identityDict = CFArrayGetValueAtIndex(p12Items, 0);
SecIdentityRef identityApp =(SecIdentityRef)CFDictionaryGetValue(identityDict,kSecImportItemIdentity);
SecIdentityCopyCertificate(identityApp, &certRef);
SecCertificateRef certArray[1] = { certRef };
CFArrayRef myCerts = CFArrayCreate(NULL, (void *)certArray, 1, NULL);
NSURLCredential *credential = [NSURLCredential credentialWithIdentity:identityApp certificates:(__bridge NSArray
*)myCerts persistence:NSURLCredentialPersistencePermanent];
completionHandler(NSURLSessionAuthChallengeUseCredential, credential);
NSLog(@"myCerts : %@",myCerts);
CFRelease(myCerts);
CFRelease(certRef);
}
} else if ([[challenge protectionSpace] authenticationMethod] == NSURLAuthenticationMethodDefault || [[challenge protectionSpace] authenticationMethod] == NSURLAuthenticationMethodNTLM) {
NSLog(@"BASIC AUTHENTICATION");
} else {
//If everything fails, we cancel the challenge.
[[challenge sender] cancelAuthenticationChallenge:challenge];
}
}
Ошибка, которую я получаю -
[BoringSSL] Функция nw_protocol_boringssl_input_finished: строка 1436 Одноранговый разъединен во время рукопожатия.Отправка сообщения об ошибке errSSLFatalAlert (-9802)
TIC TCP Conn Failed [1: 0x60c00017f380]: 3: -9802 Ошибка (-9802)
2018-08-24 15:32:35.060020 + 0530 TestProject [20549: 17847062] Ошибка загрузки HTTP NSURLSession / NSURLConnection (kCFStreamErrorDomainSSL, -9802)
Задача. <1> Ошибка загрузки HTTP (код ошибки: -1200 [3: -9802])
Задача. <1> завершена с ошибкой - код: -1200
Я правильно настроил info.plist, как указано здесь - https://stackoverflow.com/a/32756356/10269423