2

I'm trying to connect to a server using a .pfx that is stored in a .mobileconfig file on my iPhone.

When the server ask for it in

-(void)connection:(NSURLConnection*)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge*)challenge{

How can I create the NSURLCredential with the .pfx? Should I use

+ (NSURLCredential *)credentialWithIdentity:(SecIdentityRef)identity certificates:(NSArray *)certArray persistence:(NSURLCredentialPersistence)persistence

If thats the case, how do I extract the .pfx to put it into the array.

Thanks in advance.

user1447414
  • 1,306
  • 2
  • 12
  • 25

2 Answers2

2

So no, there is no way to get the certificate from the mobileconfig file. iOS applications use its own keychain access and storage. Only email and other phone service like internet can make use of those certificates

user1447414
  • 1,306
  • 2
  • 12
  • 25
1

U can use my code:

 - (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge   
{
    NSString *path = [[NSBundle mainBundle] pathForResource:@"torbix" ofType:@"pfx"];
    NSData *pfxdata = [NSData dataWithContentsOfFile:path];
    CFDataRef inpfxdata = (CFDataRef)pfxdata;
    SecIdentityRef myIdentity;
    SecTrustRef myTrust;
    OSStatus status = extractIdentityAndTrust(inpfxdata, &myIdentity, &myTrust);
    SecCertificateRef myCertificate;
    SecIdentityCopyCertificate(myIdentity, &myCertificate);
    const void *certs[] = { myCertificate };
    CFArrayRef certsArray = CFArrayCreate(NULL, certs, 1, NULL);
    NSURLCredential *credential = [NSURLCredential credentialWithIdentity:myIdentity
                                                             certificates:(NSArray *)myCertificate
                                                              persistence:NSURLCredentialPersistencePermanent];
    [challenge.sender useCredential:credential forAuthenticationChallenge:challenge];
    CFRelease(myIdentity);
    CFRelease(myCertificate);
    CFRelease(certsArray);

}
//extractIdentityAndTrust method.
-(OSStatus) extractIdentityAndTrust:(CFDataRef)inpfxdata identity:(SecIdentityRef *)identity trust:(SecTrustRef *)trust
{
    OSStatus securityError = errSecSuccess;
    CFStringRef password = CFSTR("password");
    const void *keys[] = { kSecImportExportPassphrase };
    const void *values[] = { password };
    CFDictionaryRef options = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL);
    CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
    securityError = SecPKCS12Import(inpfxdata, options, &items);
    if (securityError == 0) {
        CFDictionaryRef myIdentityAndTrust = CFArrayGetValueAtIndex(items, 0);
        const void *tempIdentity = NULL;
        tempIdentity = CFDictionaryGetValue(myIdentityAndTrust, kSecImportItemIdentity);
        *identity = (SecIdentityRef)tempIdentity;
        const void *tempTrust = NULL;
        tempTrust = CFDictionaryGetValue(myIdentityAndTrust, kSecImportItemTrust);
        *trust = (SecTrustRef)tempTrust;
    }
    if (options) {
        CFRelease(options);
    }
    return securityError;
}

good luck!^-^

enjoy-writing
  • 520
  • 3
  • 4
  • the problem with that is that path returns nil, as the pfx is (i guess) not in the mainbundle. Its merged into the mobileconfig. I also tried to install the pfx without the mobileconfig and the path still returns nil. Do you have the pfx into documents directory? – user1447414 Jul 30 '12 at 11:03