java - SSL realization for NSURLSession -

java - SSL realization for NSURLSession -

i have big problem in app. had java implementation, need same ios app using security.framework nsurlsession, , dont know how. great if u help me.

java:

// our trusted ca resources certificatefactory certificatefactory = certificatefactory.getinstance("x.509"); int caresid = context.getresources().getidentifier("cert_ca", "raw", context.getpackagename()); x509certificate cert = (x509certificate)certificatefactory.generatecertificate(context.getresources().openrawresource(caresid)); string alias = cert.getsubjectx500principal().getname(); // create empty trust store our ca keystore truststore = keystore.getinstance(keystore.getdefaulttype()); truststore.load(null); truststore.setcertificateentry(alias, cert); // create trustmanagers based on our trust store trustmanagerfactory tmf = trustmanagerfactory.getinstance("x509"); tmf.init(truststore); trustmanager[] trustmanagers = tmf.gettrustmanagers(); // our client certificate resources keystore keystore = keystore.getinstance("pkcs12"); string pass = context.getresources().getstring(r.string.pass); int clientresid = context.getresources().getidentifier("cert_client", "raw", context.getpackagename()); keystore.load(context.getresources().openrawresource(clientresid), pass.tochararray()); // create keymanagers based on our key store keymanagerfactory kmf = keymanagerfactory.getinstance("x509"); kmf.init(keystore, pass.tochararray()); keymanager[] keymanagers = kmf.getkeymanagers(); // create ssl context sslcontext sslcontext = sslcontext.getinstance("tls"); sslcontext.init(keymanagers, trustmanagers, null); url requestedurl = new url(url); httpsurlconnection urlconnection = (httpsurlconnection)requestedurl.openconnection(); urlconnection.setsslsocketfactory(sslcontext.getsocketfactory()); urlconnection.setrequestmethod("get"); urlconnection.setconnecttimeout(1500); // ? urlconnection.setreadtimeout(1500); // ? int responsecode = urlconnection.getresponsecode(); string responsemessage = urlconnection.getresponsemessage(); urlconnection.disconnect();

solve next code (it can helpful someone):

-(void)urlsession:(nsurlsession *)session didreceivechallenge:(nsurlauthenticationchallenge *)challenge completionhandler:(void (^)(nsurlsessionauthchallengedisposition, nsurlcredential *))completionhandler{ if ([self shouldtrustprotectionspace:challenge.protectionspace]) { [challenge.sender usecredential:[nsurlcredential credentialfortrust:challenge.protectionspace.servertrust] forauthenticationchallenge:challenge]; } else { nsstring *path = [[nsbundle mainbundle] pathforresource:@"mobile_client (1)" oftype:@"pfx"]; nsdata *p12data = [nsdata datawithcontentsoffile:path]; cfdataref inp12data = (__bridge cfdataref)p12data; secidentityref myidentity; sectrustref mytrust; extractidentityandtrust(inp12data, &myidentity, &mytrust); seccertificateref mycertificate; secidentitycopycertificate(myidentity, &mycertificate); const void *certs[] = { mycertificate }; cfarrayref certsarray = cfarraycreate(null, certs, 1, null); nsurlcredential *credential = [nsurlcredential credentialwithidentity:myidentity certificates:(__bridge nsarray*)certsarray persistence:nsurlcredentialpersistenceforsession]; [[challenge sender] usecredential:credential forauthenticationchallenge:challenge]; completionhandler(nsurlsessionauthchallengeusecredential, credential); } } osstatus extractidentityandtrust(cfdataref inp12data, secidentityref *identity, sectrustref *trust) { osstatus securityerror = errsecsuccess; cfstringref password = cfstr("123"); const void *keys[] = { ksecimportexportpassphrase }; const void *values[] = { password }; cfdictionaryref options = cfdictionarycreate(null, keys, values, 1, null, null); cfarrayref items = cfarraycreate(null, 0, 0, null); securityerror = secpkcs12import(inp12data, options, &items); if (securityerror == 0) { cfdictionaryref myidentityandtrust = cfarraygetvalueatindex(items, 0); const void *tempidentity = null; tempidentity = cfdictionarygetvalue(myidentityandtrust, ksecimportitemidentity); *identity = (secidentityref)tempidentity; const void *temptrust = null; temptrust = cfdictionarygetvalue(myidentityandtrust, ksecimportitemtrust); *trust = (sectrustref)temptrust; } if (options) { cfrelease(options); } homecoming securityerror; } - (bool)shouldtrustprotectionspace:(nsurlprotectionspace *)protectionspace { // load bundled certificate. nsstring *certpath = [[nsbundle mainbundle] pathforresource:@"mobile_ca" oftype:@"der"]; nsdata *certdata = [[nsdata alloc] initwithcontentsoffile:certpath]; seccertificateref cert = seccertificatecreatewithdata(null, (__bridge cfdataref)(certdata)); sectrustref servertrust = protectionspace.servertrust; cfarrayref certarrayref = cfarraycreate(null, (void *)&cert, 1, null); sectrustsetanchorcertificates(servertrust, certarrayref); sectrustresulttype trustresult; sectrustevaluate(servertrust, &trustresult); homecoming trustresult == ksectrustresultunspecified;}

java android ios security ssl