인증서를 추출 할 수 없습니다 (오류 -26275)

Question

NSURLConnection을 지원하는 UIWebView가 있습니다. 인증서를 추가하고 싶습니다. 인증서에서 신원과 신뢰를 추출하려면 OSStatus가 오류 -26275를 반환합니다. 올바른 방법을 알고 있습니까?

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge { 
NSError *error = nil; 
NSString *path = [[NSBundle mainBundle] pathForResource:[@"xxxx.pem" stringByDeletingPathExtension] ofType:[@"xxxx.pem" pathExtension]]; 
NSData *certData = [[NSData alloc] initWithContentsOfFile:path options:0 error:&error]; 
CFDataRef inP12data = (__bridge CFDataRef)certData; 
SecIdentityRef identity; 
SecTrustRef trust; 


OSStatus status = extractIdentityAndTrust(inP12data, &identity, &trust); 
NSLog(@"status %d", (int)status); 
if(status == errSecSuccess) { 
    SecCertificateRef certificate; 
    SecIdentityCopyCertificate(identity, &certificate); 
    const void *certs[] = { certificate }; 
    CFArrayRef certsArray = CFArrayCreate(NULL, certs, 1, NULL); 
    NSArray *certificatesForCredential = (__bridge NSArray *)certsArray; 
    NSURLCredential *credential = [NSURLCredential credentialWithIdentity:identity 
                  certificates:certificatesForCredential 
                   persistence:NSURLCredentialPersistencePermanent]; 
    [challenge.sender useCredential:credential forAuthenticationChallenge:challenge]; 
    CFRelease(identity); 
    CFRelease(certificate); 
    CFRelease(certsArray); 
} 
else { 
    [challenge.sender cancelAuthenticationChallenge:challenge]; 
} 


} 

및 extractIdentityAndTrust 기능 :

OSStatus extractIdentityAndTrust(CFDataRef inPKCS12Data, SecIdentityRef *identity, SecTrustRef *trust){ 
OSStatus securityError = errSecSuccess; 


CFStringRef password = CFSTR("XXXXX"); 
const void *keys[] = { kSecImportExportPassphrase }; 
const void *values[] = { password }; 
CFDictionaryRef optionsDictionary = CFDictionaryCreate(
                 NULL, keys, 
                 values, 1, 
                 NULL, NULL); 
CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL); 
securityError = SecPKCS12Import(inPKCS12Data, 
           optionsDictionary, 
           &items); 

if (securityError == 0) { 
    CFDictionaryRef myIdentityAndTrust = CFArrayGetValueAtIndex (items, 0); 
    const void *tempIdentity = NULL; 
    tempIdentity = CFDictionaryGetValue (myIdentityAndTrust, 
             kSecImportItemIdentity); 
    *identity = (SecIdentityRef)tempIdentity; 
    const void *tempTrust = NULL; 
    tempTrust = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemTrust); 
    *trust = (SecTrustRef)tempTrust; 
} 

if (optionsDictionary) { 
    CFRelease(optionsDictionary); 
} 

return securityError; 
} 

Answer 1

그것은 인증서에 문제가 있었다 여기에 코드입니다. 구성 도우미 -> 기기 -> 현재 기기 -> 콘솔에서 콘솔을 살펴본 결과, 다음과 같이 나타났습니다.

Could not load download manifest with underlying error: Error Domain=NSURLErrorDomain Code=-1202 "Cannot connect to the Store" 

방금 ​​인증서를 설치했는데 모든 것이 정상적으로 작동합니다. 방법은 다음과 같습니다.

NSString *rootCertPath = [[NSBundle mainBundle] pathForResource:@"XXXXX" ofType:@"pem"]; 
NSData *rootCertData = [NSData dataWithContentsOfFile:rootCertPath]; 

OSStatus err = noErr; 
SecCertificateRef rootCert = SecCertificateCreateWithData(kCFAllocatorDefault, (CFDataRef) rootCertData); 

CFTypeRef result; 

NSDictionary* dict = [NSDictionary dictionaryWithObjectsAndKeys: 
(id)kSecClassCertificate, kSecClass, 
rootCert, kSecValueRef, 
nil]; 

err = SecItemAdd((CFDictionaryRef)dict, &result); 

if(err == noErr) { 
    NSLog(@"Install root certificate success"); 
} else if(err == errSecDuplicateItem) { 
    NSLog(@"duplicate root certificate entry"); 
} else { 
    NSLog(@"install root certificate failure"); 
}