0

I have to login via https in an Obj-C project. Everything is fine with all the url, the user, pass and the needed stuff. For identify, the server checks by ssl .cert and .key files. So far, so good, the files were uploaded to the server, and the connection made well by curl from terminal. Here comes my problem. Spend some days, read the available stuff here and there, but simply can't find any solution to send the ssl files with the request in Obj-C. (The server cannot accept p12)

Here's the curl:

curl -q -k --cert cert2048.crt --key key2048.key https://somesite.com/ -d "username=usrnm&password=psswrd"

Here's my Obj-C code so far:

-(void)connect {
    
    NSURL *url = [NSURL URLWithString:[NSString stringWithFormat:@"https://somesite.com/"]];
    
    NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:url
                                                           cachePolicy:NSURLRequestUseProtocolCachePolicy
                                                       timeoutInterval:60.0];
    
    NSDictionary* bodyParameters = @{
                                     @"username": @"usrnm",
                                     @"password": @"psswrd"
                                     };
    
    [request setHTTPBody:[self httpBodyForParameters:bodyParameters]];
    
    
    [request setHTTPMethod:@"POST"];
    [request setValue:@"gzip, deflate" forHTTPHeaderField:@"Accept-Encoding"];
    [request setValue:@"keep-alive" forHTTPHeaderField:@"Connection"];
    
    NSURLSessionConfiguration *configuration = [NSURLSessionConfiguration defaultSessionConfiguration];
    NSURLSession *session = [NSURLSession sessionWithConfiguration:configuration delegate:self delegateQueue:nil];
    
    NSURLSessionDataTask *postDataTask = [session dataTaskWithRequest:request completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
        
        NSError *jsonError;
        NSDictionary *jsonResponse = [NSJSONSerialization JSONObjectWithData:data options:0 error:&jsonError];
        NSLog(@"%@", jsonResponse);
    }];
    
    [postDataTask resume];
}

(httpBodyForParameters simply sets up the request body)

The connection establish, everything passes, the jsonResponse holds response as expected (well, the error message about authentication failure, in regular format). But I simply can't find a way to send the ssl files as in the curl line. Sadly, https authentication is far beyond my knowledge. I'm stucked. Every help appreciated.

Thank you, Sz

szvarga
  • 3
  • 2

1 Answers1

0

That curl command is using the cert and key as a client certificate for authentication, not sending them as files. It's actually part of the authentication handshake.

The code for importing PKCS data and using it in response to a client certificate challenge is fairly involved, so rather than try to explain it all off the top of my head, I'm going to point you to another Stack Overflow question and answer that contain pretty extensive code snippets.

Creating a SecCertificateRef for NSURLConnection Authentication Challenge

However, be aware that some of the code in that link is not quite correct. For the protection spaces that are not handled, you should use default handling, not cancel the challenge.

dgatwood
  • 10,129
  • 1
  • 28
  • 49