我有两个证书:
signature.der和root.der
signature.der有时可以更改并且在这种情况下不再有效,我从后端下载了一个新的。
现在,当我下载新版本时,我需要检查它在root.der CA中是否有效,而且我似乎无法这样做。
SecTrustEvaluate总是返回unspecified,即使我编辑了signature.der并使其手动无效。
从代码角度来看,这是我迄今为止所拥有的:
func isPublicCertificateValid(publicKeyData: Data, rootKeyData: Data) -> Bool {
guard let publicKeyCert = SecCertificateCreateWithData(nil, publicKeyData as CFData) else { return false }
guard let rootCert = SecCertificateCreateWithData(nil, rootKeyData as CFData) else { return false }
let policy = SecPolicyCreateBasicX509()
var trust: SecTrust?
var status: OSStatus = SecTrustCreateWithCertificates([rootCert, publicKeyCert] as CFTypeRef, policy, &trust)
var trustResult: SecTrustResultType = SecTrustResultType(rawValue: 0)!
SecTrustSetAnchorCertificates(trust!, [rootCert, publicKeyCert] as CFArray)
SecTrustSetAnchorCertificatesOnly(trust!, false)
if status == noErr {
status = SecTrustEvaluate(trust!, &trustResult)
}
switch status {
case noErr:
return true
default:
return false
}
}