XCode import public key file generated with Java Security -
i have java generator public key this:
final keypairgenerator keygen = keypairgenerator.getinstance("rsa"); keygen.initialize(1024); final keypair key = keygen.generatekeypair(); publickey pubkey = key.getpublic(); byte[] key = pubkey .getencoded(); fileoutputstream keyfos = new fileoutputstream("publickey.der"); keyfos.write(key); keyfos.close(); and on hand, have xcode,that use publickey.der encrypt data:
nsstring *publickeypath = [[nsbundle mainbundle] pathforresource:@"public_key" oftype:@"der"]; if (publickeypath == nil) { nslog(@"can not find public_key.der"); return nil; } nsdate *publickeyfilecontent = [nsdata datawithcontentsoffile:publickeypath]; if (publickeyfilecontent == nil) { nslog(@"can not read public_key.der"); return nil; } certificate = seccertificatecreatewithdata(kcfallocatordefault, ( __bridge cfdataref)publickeyfilecontent); if (certificate == nil) { nslog(@"can not read certificate public_key.der"); return nil; } policy = secpolicycreatebasicx509(); osstatus returncode = sectrustcreatewithcertificates(certificate, policy, &trust); if (returncode != 0) { nslog(@"sectrustcreatewithcertificates fail. error code: %ld", returncode); return nil; } sectrustresulttype trustresulttype; returncode = sectrustevaluate(trust, &trustresulttype); if (returncode != 0) { nslog(@"sectrustevaluate fail. error code: %ld", returncode); return nil; } publickey = sectrustcopypublickey(trust); if (publickey == nil) { nslog(@"sectrustcopypublickey fail"); return nil; } but said me can not read certificate public_key.der.
well, if use openssl public_key works. why? difference openssl keypairgenerator between.
thanks.
your java code not create real certificate. generated public key. how publickeyref java generated public key described in this post. can read public key in xcode file, need additional stuff.
- (nsdata *) extractpublickeyfromrawformattedkey: (nsdata *) rawformattedkey { /* strip uncessary asn encoding guff @ start */ unsigned char * bytes = (unsigned char *)[rawformattedkey bytes]; size_t byteslen = [rawformattedkey length]; /* strip initial stuff */ size_t = 0; if (bytes[i++] != 0x30) return false; /* skip size bytes */ if (bytes[i] > 0x80) += bytes[i] - 0x80 + 1; else i++; if (i >= byteslen) return false; if (bytes[i] != 0x30) return false; /* skip oid */ += 15; if (i >= byteslen - 2) return false; if (bytes[i++] != 0x03) return false; /* skip length , null */ if (bytes[i] > 0x80) += bytes[i] - 0x80 + 1; else i++; if (i >= byteslen) return false; if (bytes[i++] != 0x00) return false; if (i >= byteslen) return false; /* here go! */ nsdata * extractedkey = [nsdata datawithbytes:&bytes[i] length:byteslen - i]; return extractedkey; }
then using method apple example
- (seckeyref)addpeerpublickey:(nsstring *)peername keybits:(nsdata *)publickey { osstatus sanitycheck = noerr; seckeyref peerkeyref = null; cftyperef persistpeer = null; logging_facility( peername != nil, @"peer name parameter nil." ); logging_facility( publickey != nil, @"public key parameter nil." ); nsdata * peertag = [[nsdata alloc] initwithbytes:(const void *)[peername utf8string] length:[peername length]]; nsmutabledictionary * peerpublickeyattr = [[nsmutabledictionary alloc] init]; [peerpublickeyattr setobject:(id)ksecclasskey forkey:(id)ksecclass]; [peerpublickeyattr setobject:(id)ksecattrkeytypersa forkey:(id)ksecattrkeytype]; [peerpublickeyattr setobject:peertag forkey:(id)ksecattrapplicationtag]; [peerpublickeyattr setobject:publickey forkey:(id)ksecvaluedata]; [peerpublickeyattr setobject:[nsnumber numberwithbool:yes] forkey:(id)ksecreturnpersistentref]; sanitycheck = secitemadd((cfdictionaryref) peerpublickeyattr, (cftyperef *)&persistpeer); // nice thing persistent references can write value out disk , // use them later. don't here can make sense other situations // don't want have keep building dictionaries of attributes reference. // // take @ seckeywrapper's methods (cftyperef)getpersistentkeyrefwithkeyref:(seckeyref)key // & (seckeyref)getkeyrefwithpersistentkeyref:(cftyperef)persistentref. logging_facility1( sanitycheck == noerr || sanitycheck == errsecduplicateitem, @"problem adding peer public key keychain, osstatus == %d.", sanitycheck ); if (persistpeer) { peerkeyref = [self getkeyrefwithpersistentkeyref:persistpeer]; } else { [peerpublickeyattr removeobjectforkey:(id)ksecvaluedata]; [peerpublickeyattr setobject:[nsnumber numberwithbool:yes] forkey:(id)ksecreturnref]; // let's retry different way. sanitycheck = secitemcopymatching((cfdictionaryref) peerpublickeyattr, (cftyperef *)&peerkeyref); } logging_facility1( sanitycheck == noerr && peerkeyref != null, @"problem acquiring reference public key, osstatus == %d.", sanitycheck ); [peertag release]; [peerpublickeyattr release]; if (persistpeer) cfrelease(persistpeer); return peerkeyref; }
you can generate public key
- (void)generatepublickeybyfile { nsstring *publickeypath = [[nsbundle mainbundle] pathforresource:@"public_key" oftype:@"der"]; nsdata *publickeyfilecontent = [nsdata datawithcontentsoffile:publickeypath]; nsdata *publickey = [self extractpublickeyfromrawformattedkey:publickeyfilecontent]; [[seckeywrapper sharedwrapper] removepeerpublickey:@"peername"]; //remove public key if added. seckeyref publickeyref = [[seckeywrapper sharedwrapper]addpeerpublickey:@"peername" keybits:publickey]; //our goal. } 
Comments
Post a Comment