API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 8th, 2012
1,740
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.90 KB | None | 0 0
raw download clone embed print report
  1. SecCertificateRef: How to get the certificate information?
  2. Version: 3 (0x2)
  3. Serial Number: 1 (0x1)
  4. Signature Algorithm: md5WithRSAEncryption
  5. Issuer: C=XY, ST=Austria, L=Graz, O=TrustMe Ltd, OU=Certificate Authority, CN=CA/Email=ca@trustme.dom
  6. Validity
  7. Not Before: Oct 29 17:39:10 2000 GMT
  8. Not After : Oct 29 17:39:10 2001 GMT
  9. Subject: C=DE, ST=Austria, L=Vienna, O=Home, OU=Web Lab, CN=anywhere.com/Email=xyz@anywhere.com
  10. Subject Public Key Info:
  11. Public Key Algorithm: rsaEncryption
  12. RSA Public Key: (1024 bit)
  13. Modulus (1024 bit):
  14. 00:c4:40:4c:6e:14:1b:61:36:84:24:b2:61:c0:b5:
  15. d7:e4:7a:a5:4b:94:ef:d9:5e:43:7f:c1:64:80:fd:
  16. 9f:50:41:6b:70:73:80:48:90:f3:58:bf:f0:4c:b9:
  17. 90:32:81:59:18:16:3f:19:f4:5f:11:68:36:85:f6:
  18. 1c:a9:af:fa:a9:a8:7b:44:85:79:b5:f1:20:d3:25:
  19. 7d:1c:de:68:15:0c:b6:bc:59:46:0a:d8:99:4e:07:
  20. 50:0a:5d:83:61:d4:db:c9:7d:c3:2e:eb:0a:8f:62:
  21. 8f:7e:00:e1:37:67:3f:36:d5:04:38:44:44:77:e9:
  22. f0:b4:95:f5:f9:34:9f:f8:43
  23. Exponent: 65537 (0x10001)
  24. X509v3 extensions:
  25. X509v3 Subject Alternative Name:
  26. email:xyz@anywhere.com
  27. Netscape Comment:
  28. mod_ssl generated test server certificate
  29. Netscape Cert Type:
  30. SSL Server
  31. Signature Algorithm: md5WithRSAEncryption
  32. 12:ed:f7:b3:5e:a0:93:3f:a0:1d:60:cb:47:19:7d:15:59:9b:
  33. 3b:2c:a8:a3:6a:03:43:d0:85:d3:86:86:2f:e3:aa:79:39:e7:
  34. 82:20:ed:f4:11:85:a3:41:5e:5c:8d:36:a2:71:b6:6a:08:f9:
  35. cc:1e:da:c4:78:05:75:8f:9b:10:f0:15:f0:9e:67:a0:4e:a1:
  36. 4d:3f:16:4c:9b:19:56:6a:f2:af:89:54:52:4a:06:34:42:0d:
  37. d5:40:25:6b:b0:c0:a2:03:18:cd:d1:07:20:b6:e5:c5:1e:21:
  38. 44:e7:c5:09:d2:d5:94:9d:6c:13:07:2f:3b:7c:4c:64:90:bf:
  39. ff:8e
  40.  
  41. #import <openssl/x509.h>
  42.  
  43. // ...
  44.  
  45. NSData *certificateData = (NSData *) SecCertificateCopyData(certificate);
  46.  
  47. const unsigned char *certificateDataBytes = (const unsigned char *)[certificateData bytes];
  48. X509 *certificateX509 = d2i_X509(NULL, &certificateDataBytes, [certificateData length]);
  49.  
  50. NSString *issuer = CertificateGetIssuerName(certificateX509);
  51. NSDate *expiryDate = CertificateGetExpiryDate(certificateX509);
  52.  
  53. static NSString * CertificateGetIssuerName(X509 *certificateX509)
  54. {
  55. NSString *issuer = nil;
  56. if (certificateX509 != NULL) {
  57. X509_NAME *issuerX509Name = X509_get_issuer_name(certificateX509);
  58.  
  59. if (issuerX509Name != NULL) {
  60. int nid = OBJ_txt2nid("O"); // organization
  61. int index = X509_NAME_get_index_by_NID(issuerX509Name, nid, -1);
  62.  
  63. X509_NAME_ENTRY *issuerNameEntry = X509_NAME_get_entry(issuerX509Name, index);
  64.  
  65. if (issuerNameEntry) {
  66. ASN1_STRING *issuerNameASN1 = X509_NAME_ENTRY_get_data(issuerNameEntry);
  67.  
  68. if (issuerNameASN1 != NULL) {
  69. unsigned char *issuerName = ASN1_STRING_data(issuerNameASN1);
  70. issuer = [NSString stringWithUTF8String:(char *)issuerName];
  71. }
  72. }
  73. }
  74. }
  75.  
  76. return issuer;
  77. }
  78.  
  79. static NSDate *CertificateGetExpiryDate(X509 *certificateX509)
  80. {
  81. NSDate *expiryDate = nil;
  82.  
  83. if (certificateX509 != NULL) {
  84. ASN1_TIME *certificateExpiryASN1 = X509_get_notAfter(certificateX509);
  85. if (certificateExpiryASN1 != NULL) {
  86. ASN1_GENERALIZEDTIME *certificateExpiryASN1Generalized = ASN1_TIME_to_generalizedtime(certificateExpiryASN1, NULL);
  87. if (certificateExpiryASN1Generalized != NULL) {
  88. unsigned char *certificateExpiryData = ASN1_STRING_data(certificateExpiryASN1Generalized);
  89.  
  90. // ASN1 generalized times look like this: "20131114230046Z"
  91. // format: YYYYMMDDHHMMSS
  92. // indices: 01234567890123
  93. // 1111
  94. // There are other formats (e.g. specifying partial seconds or
  95. // time zones) but this is good enough for our purposes since
  96. // we only use the date and not the time.
  97. //
  98. // (Source: http://www.obj-sys.com/asn1tutorial/node14.html)
  99.  
  100. NSString *expiryTimeStr = [NSString stringWithUTF8String:(char *)certificateExpiryData];
  101. NSDateComponents *expiryDateComponents = [[NSDateComponents alloc] init];
  102.  
  103. expiryDateComponents.year = [[expiryTimeStr substringWithRange:NSMakeRange(0, 4)] intValue];
  104. expiryDateComponents.month = [[expiryTimeStr substringWithRange:NSMakeRange(4, 2)] intValue];
  105. expiryDateComponents.day = [[expiryTimeStr substringWithRange:NSMakeRange(6, 2)] intValue];
  106. expiryDateComponents.hour = [[expiryTimeStr substringWithRange:NSMakeRange(8, 2)] intValue];
  107. expiryDateComponents.minute = [[expiryTimeStr substringWithRange:NSMakeRange(10, 2)] intValue];
  108. expiryDateComponents.second = [[expiryTimeStr substringWithRange:NSMakeRange(12, 2)] intValue];
  109.  
  110. NSCalendar *calendar = [NSCalendar currentCalendar];
  111. expiryDate = [calendar dateFromComponents:expiryDateComponents];
  112.  
  113. [expiryDateComponents release];
  114. }
  115. }
  116. }
  117.  
  118. return expiryDate;
  119. }
  120.  
  121. NSURLAuthenticationChallenge *challenge;
  122. SecTrustResultType trustResult;
  123. SecTrustRef trust = challenge.protectionSpace.serverTrust;
  124. OSStatus err = SecTrustEvaluate(trust, &trustResult);
  125. SecCertificateRef certificate = SecGetLeafCertificate(trust); // See Apple docs for implementation of SecGetLeafCertificate
  126.  
  127. +(NSString*)stringFromCerificateWithLongwindedDescription:(SecCertificateRef) certificateRef {
  128. if (certificateRef == NULL)
  129. return @"";
  130.  
  131. CFStringRef commonNameRef;
  132. OSStatus status;
  133. if ((status=SecCertificateCopyCommonName(certificateRef, &commonNameRef)) != errSecSuccess) {
  134. NSLog(@"Could not extract name from cert: %@",
  135. SecCopyErrorMessageString(status, NULL));
  136. return @"Unreadable cert";
  137. };
  138.  
  139. CFStringRef summaryRef = SecCertificateCopySubjectSummary(certificateRef);
  140. if (summaryRef == NULL)
  141. summaryRef = CFRetain(commonNameRef);
  142.  
  143. CFErrorRef error;
  144.  
  145. const void *keys[] = { kSecOIDX509V1SubjectName, kSecOIDX509V1IssuerName };
  146. const void *labels[] = { "Subject", "Issuer" };
  147. CFArrayRef keySelection = CFArrayCreate(NULL, keys , sizeof(keys)/sizeof(keys[0]), &kCFTypeArrayCallBacks);
  148.  
  149. CFDictionaryRef vals = SecCertificateCopyValues(certificateRef, keySelection,&error);
  150. NSMutableString *longDesc = [[NSMutableString alloc] init];
  151.  
  152. for(int i = 0; i < sizeof(keys)/sizeof(keys[0]); i++) {
  153. CFDictionaryRef dict = CFDictionaryGetValue(vals, keys[i]);
  154. CFArrayRef values = CFDictionaryGetValue(dict, kSecPropertyKeyValue);
  155. if (values == NULL)
  156. continue;
  157. [longDesc appendFormat:@"%s:%@nn", labels[i], [NSString stringFromDNwithSubjectName:values]];
  158. }
  159.  
  160. CFRelease(vals);
  161. CFRelease(summaryRef);
  162. CFRelease(commonNameRef);
  163.  
  164. return longDesc;
  165. }
  166.  
  167. +(NSString *)stringFromDNwithSubjectName:(CFArrayRef)array {
  168. NSMutableString * out = [[NSMutableString alloc] init];
  169. const void *keys[] = { kSecOIDCommonName, kSecOIDEmailAddress, kSecOIDOrganizationalUnitName, kSecOIDOrganizationName, kSecOIDLocalityName, kSecOIDStateProvinceName, kSecOIDCountryName };
  170. const void *labels[] = { "CN", "E", "OU", "O", "L", "S", "C", "E" };
  171.  
  172. for(int i = 0; i < NVOID(keys); i++) {
  173. for (CFIndex n = 0 ; n < CFArrayGetCount(array); n++) {
  174. CFDictionaryRef dict = CFArrayGetValueAtIndex(array, n);
  175. if (CFGetTypeID(dict) != CFDictionaryGetTypeID())
  176. continue;
  177. CFTypeRef dictkey = CFDictionaryGetValue(dict, kSecPropertyKeyLabel);
  178. if (!CFEqual(dictkey, keys[i]))
  179. continue;
  180. CFStringRef str = (CFStringRef) CFDictionaryGetValue(dict, kSecPropertyKeyValue);
  181. [out appendFormat:@"%s=%@ ", labels[i], (__bridge NSString*)str];
  182. }
  183. }
  184. return [NSString stringWithString:out];
  185. }
  186.  
  187. public void Show (SecCertificate sc)
  188. {
  189. // get the SecCertificate "raw", i.e. ASN.1 encoded, data
  190. byte[] data = sc.DerData.ToArray<byte> ();
  191. // the build the managed X509Certificate2 from it
  192. X509Certificate2 cer = new X509Certificate2 (data);
  193. // to get all properties / methods available in .NET (pretty exhaustive)
  194. Console.WriteLine ("SubjectName: {0}", cer.Subject);
  195. Console.WriteLine ("IssuerName: {0}", cer.Issuer);
  196. Console.WriteLine ("NotBefore: {0}", cer.NotBefore);
  197. Console.WriteLine ("NotAfter: {0}", cer.NotAfter);
  198. Console.WriteLine ("SerialNumber: {0}", cer.SerialNumber);
  199. // ...
  200. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!