iOS证书状态检测之P12内容和状态读取
2020-09-24 本文已影响0人
even_cheng
导入头文件
#include "pkcs12.h"
#include "p12checker.h"
- (void)readP12:(NSString *)p12_path pwd:(NSString *)pwd {
PKCS12 *p12 = NULL;
X509* usrCert = NULL;
EVP_PKEY* pkey = NULL;
STACK_OF(X509)* ca = NULL;
char* password = (char*)[pwd cStringUsingEncoding:NSUTF8StringEncoding];
BIO*bio = NULL;
char* p = NULL;
bio = BIO_new_file([p12_path UTF8String], "r");
p12 = d2i_PKCS12_bio(bio, NULL); //得到p12结构
BIO_free_all(bio);
PKCS12_parse(p12, password, &pkey, &usrCert, &ca); //得到x509结构
if (usrCert)
{
fprintf(stdout, "Subject:");
p = X509_NAME_oneline(X509_get_subject_name(usrCert), NULL, 0);
//读取证书内容
NSDictionary* subject = [self readSubjectFormX509:p];
NSString* country = subject[@"U"];
NSString* name = subject[@"CN"];
NSString* organization = subject[@"O"];
NSString* organization_unit = subject[@"OU"];
NSString* user_ID = subject[@"UID"];
NSString* country = subject[@"C"];
ASN1_TIME* before = X509_get_notBefore(usrCert);
long start_time = [self readRealTimeForX509:(char *)before->data];
ASN1_TIME* after = X509_get_notAfter(usrCert);
long expire_time = [self readRealTimeForX509:(char *)after->data];
dispatch_async(dispatch_get_global_queue(0, 0), ^{
//9月之后苹果新增G3类型的根证书,这里需要区分
bool g3 = [self isG3ForX509:usrCert];
bool revoked = isP12Revoked(usrCert, g3);
});
}
- (long )readRealTimeForX509:(char *)x509data{
NSString* x509TimeString = [NSString stringWithUTF8String:x509data];
if (x509TimeString.length<12) {
return 0;
}
NSString* start_time = [NSString stringWithFormat:@"20%@-%@-%@ %@:%@:%@",[x509TimeString substringWithRange:NSMakeRange(0, 2)], [x509TimeString substringWithRange:NSMakeRange(2, 2)], [x509TimeString substringWithRange:NSMakeRange(4, 2)], [x509TimeString substringWithRange:NSMakeRange(6, 2)], [x509TimeString substringWithRange:NSMakeRange(8, 2)], [x509TimeString substringWithRange:NSMakeRange(10, 2)]];
long timeLong = [NSDate getDateLongWithDateStr:start_time];
return timeLong+8*60*60;
}
- (NSDictionary *)readSubjectFormX509:(char *)x509data{
NSMutableDictionary* mdic = [NSMutableDictionary dictionary];
NSString* x509String = [NSString stringWithUTF8String:x509data];
NSArray* objs = [x509String componentsSeparatedByString:@"/"];
for (NSString* obj in objs) {
NSArray* content = [obj componentsSeparatedByString:@"="];
if (content.count == 2) {
NSDictionary* dic = @{content.firstObject:content.lastObject};
[mdic addEntriesFromDictionary:dic];
}
}
return mdic.copy;
}
- (bool)isG3ForX509:(X509 *)x509;{
X509* usrCert = x509;
X509_NAME* name = X509_get_issuer_name(usrCert);
char* x509Data = X509_NAME_oneline(name, NULL, 0);
NSDictionary* subject = [self readSubjectFormX509:x509Data];
NSString* ou = [subject objectForKey:@"OU"];
BOOL G3 = ou && [ou isEqualToString:@"G3"];
return G3;
}
