All geek questions in one place

Fast websites not accepting a client certificate

I am working on a project that requires support for a client certificate using websockets. I am currently using Starscream, but unfortunately without having read the documentation, it seems to have no information on supporting this. I looked through several other fast web socket libraries, but none of them mention support for this

Does anyone know of any libraries that support this functionality?

Any information would be greatly appreciated!

Edit:

So I am currently using Starscream to try this. I have a certificate setup. here is the code I'm trying so far

public struct IdentityAndTrust {
    public var identityRef:SecIdentity
    public var trust:SecTrust
    public var certData : Data
}




 var socket = WebSocket(url: URL(string: "\(ConstantKeys.ipAddress)")!, protocols: [])
    var identityTest : IdentityAndTrust?

 func createTrust()
{
    do
    {
        let urlPath     = Bundle.main.path(forResource: "client", ofType: "p12")
        let url         = NSURL.fileURL(withPath: urlPath!)
        let certificateData = try Data(contentsOf: url)

        identityTest = extractTrustAndIdentity(certData: certificateData, certPassword: ConstantKeys.password)
    }
    catch
    {
        print(error)
    }
}

func extractTrustAndIdentity(certData:Data, certPassword:String) -> IdentityAndTrust
{
    var identityAndTrust:IdentityAndTrust!
    var securityError:OSStatus = errSecSuccess

    var items: CFArray?
    let certOptions: Dictionary = [ kSecImportExportPassphrase as String : certPassword ];
    // import certificate to read its entries
    securityError = SecPKCS12Import(certData as CFData, certOptions as CFDictionary, &items);
    if securityError == errSecSuccess {

        let certItems:CFArray = items as CFArray!;
        let certItemsArray:Array = certItems as Array
        let dict:AnyObject? = certItemsArray.first;

        if let certEntry:Dictionary = dict as? Dictionary<String, AnyObject> {

            // grab the identity
            let identityPointer:AnyObject? = certEntry["identity"];
            let secIdentityRef:SecIdentity = identityPointer as! SecIdentity!;

            // grab the trust
            let trustPointer:AnyObject? = certEntry["trust"];
            let trustRef:SecTrust = trustPointer as! SecTrust;

            // grab the certificate chain
            var certRef: SecCertificate?
            SecIdentityCopyCertificate(secIdentityRef, &certRef);
            let certArray:NSMutableArray = NSMutableArray();
            certArray.add(certRef as SecCertificate!);

            identityAndTrust = IdentityAndTrust(identityRef: secIdentityRef, trust: trustRef, certData : certData);
        }
    }
    return identityAndTrust
}

Then I connect the socket this way

let key = SecTrustCopyPublicKey(identityTest!.trust)!;
    let ssl =  SSLCert(key: key)

    socket.security = SSLSecurity(certs: [ssl], usePublicKeys: false)
    socket.enabledSSLCipherSuites = [TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
    socket.delegate = self
    socket.connect()

But I got the following error message

CFNetwork SSLHandshake Error (-9807)

TCP Conn 0x604000173980 SSLHandshake (-9807) websocket : . ( OSStatus -9807.)

, , https-, . - , ? - , ?

+4

Source: https://habr.com/ru/post/1687784/

More articles:


All Articles