The if block skips the certificate if the authentication method is NSURLAuthenticationMethodServerTrust
. I'm not quite sure why you will do this - you will have to look at the source where you received this piece of code and see what these requirements are.
If the authentication method is something else, the else block binds the certificate.
The serverTrust
variable serverTrust
sent to the SSL transaction state from the server. The main thing here is that it has a chain of certificates that authenticate the server. The next line of certificate
sets the certificate of the sheet in the chain, that is, the server certificate.
remoteCertificateData
is essentially a large blob representing the information in a certificate. The CFBridgingRelease
call CFBridgingRelease
necessary for memory management (all CFxxx
functions are C / C ++ functions, not Objective-C, and memory management is a bit more complicated than usual).
localCertData
is the binary information code in the local copy of the certificate. Note that iOS apps (more or less) are a collection of files, including an executable, as well as various resources, etc. As part of the build process, you must arrange for a copy of the server certificate to be included in the collection ( NSBundle
) of files. The cerPath
variable cerPath
path to the file for the local copy of the certificate.
Finally, we check if two binary cells are equal. If not, then the certificate from the server is bogus, and we will not continue the request.
I'm not quite sure what you mean by "Need to send a multiplier certificate." Judging by the Java code that you are referencing, I assume that you mean that you want to compare the server certificate with several local certificates. In this case, something (approximately) similar to the following (note: unverified code):
SecTrustRef serverTrust = challenge.protectionSpace.serverTrust; SecCertificateRef certificate = SecTrustGetCertificateAtIndex(serverTrust, 0); NSData *remoteCertificateData = CFBridgingRelease(SecCertificateCopyData(certificate)); BOOL match = NO; NSURLCredential *credential; for (NSString *path in [[NSBundle mainBundle] pathsForResourcesOfType:@"cer" inDirectory:@"."]) { NSData *localCertData = [NSData dataWithContentsOfFile:path]; if ([remoteCertificateData isEqualToData:localCertData]) { credential = [NSURLCredential credentialForTrust:serverTrust]; match = YES; break; } } if (match) { [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge]; } else { [[challenge sender] cancelAuthenticationChallenge:challenge]; } completionHandler(NSURLSessionAuthChallengeUseCredential, credential); NSLog(@"Finished Challenge");