[转]PKCS12 证书的生成及验证

[url=http://blog.csdn.net/kmyhy/article/details/6431609]http://blog.csdn.net/kmyhy/article/details/6431609[/url]


?

<span style="color: #ff0000;">本文首先感谢 Apple 开发者论坛的eskimo1,他是我见过的最热心肠的人,对任何人他都不吝于给予无私帮助。</span>


</span>

一、
</span>
<span style="">生成证书</span>


</span>

keytool -genkey -v
-alias root -keyalg RSA -storetype PKCS12 -keystore dlt.p12 -dname "CN=www.handtimes.com,OU=ipcc,O=云电同方,L=昆明,ST=云南,C=中国"
-storepass ipcc@95598 -keypass ipcc@95598</span>


keytool -genkey -v
-alias p12client -keyalg RSA -storetype PKCS12 -keystore dlt.p12 -dname
"CN=www.handtimes.com,OU=ipcc,O=云电同方,L=昆明,ST=云南,C=中国" -storepass ipcc@95598
-keypass 123456 -validity 1</span>


keytool -list -v
-alias p12client -keystore dlt.p12 -storepass ipcc@95598 -storetype PKCS12</span>


keytool -list -v
-keystore IPCCCA </span>
<span lang="EN-US">–</span>
<span style="" lang="EN-US">dlt.p12 ipcc@95598 -storetype PKCS12</span>


</span>

keytool -export
-alias p12client -keystore dlt.p12 -storetype PKCS12 -storepass ipcc@95598 -rfc
-file p12.cer</span>


</span>

keytool -printcert
-v -file /Users/kmyhy/Desktop/client.cer</span>


</span>

Keytool.exe
-importkeystore -srckeystore IPCCCA -srcstoretype jks -srcstorepass ipcc@95598 -srcalias
p12client?
-destkeystore dltclient.p12
-deststoretype pkcs12 -deststorepass ipcc@95598 -destkeypass 123456 </span>
<span lang="EN-US">–</span>
<span style="" lang="EN-US">validity 3</span>


</span>


</span>

重新输入密码<span lang="EN-US">123456,回车,将在用户主目录下生成dltclient.p12文件。</span>


</span>


</span>

keytool.exe -list
-keystore dltclient.p12 -storepass ipcc@95598 -storetype pkcs12</span>


?


<span style="" lang="EN-US"><img src="http://hi.csdn.net/attachment/201105/19/0_1305774857vB0C.gif" alt=""></span>

可以看到其中包含了证书和私钥<span lang="EN-US">,并且其认证指纹是和IPCCCA中的一模一样的。</span>


</span>

一、
</span>
<span style="">提供证书下载</span>


</span>


[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">class</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> GetP12Cert </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">extends</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> HttpServlet {</span>


</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">private</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">static</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">final</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">long</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> </span>
[i]<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">serialVersionUID</span>
[/i]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> = 1L;</span>

???
</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">private</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">static</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">final</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">int</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> </span>
[i]<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">max_days</span>
[/i]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">=1;??
</span>

???
</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f5fbf;' lang="EN-US">/**</span>

????
* </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f9fbf;' lang="EN-US">@see</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f5fbf;' lang="EN-US"> HttpServlet#HttpServlet()</span>

????
*/</span>

???
</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">public</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> GetP12Cert() {</span>

???????
</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">super</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">();</span>

???????
</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">// </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f9fbf;' lang="EN-US">TODO</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US"> Auto-generated constructor stub</span>

???
}</span>



</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f5fbf;' lang="EN-US">/**</span>


?
* </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f9fbf;' lang="EN-US">@see</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f5fbf;' lang="EN-US"> HttpServlet#doGet(HttpServletRequest
request, HttpServletResponse response)</span>


?
*/</span>


</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">protected</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">void</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> doGet(HttpServletRequest
request, HttpServletResponse response) </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">throws</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> ServletException, IOException {</span>



String filename=</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #2a00ff;' lang="EN-US">"C://Documents and
Settings//Administrator//dlt.cer"</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">;</span>



String pass=</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #2a00ff;' lang="EN-US">"ipcc@95598"</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">;</span>



Pkcs12Manager man=</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">null</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">;</span>



String alias=</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #2a00ff;' lang="EN-US">"p12client"</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">;</span>



String keypass=</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #2a00ff;' lang="EN-US">"123456"</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">;</span>



</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">try</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">{</span>




man=</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">new</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> Pkcs12Manager(</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">new</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> File(filename),pass);


</span>




man.updateExpiration(alias,
keypass,</span>
[i]<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">max_days</span>
[/i]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">);</span>




exportCert(man,alias,response);</span>

//


man.saveCert(alias,
"123456");</span>




</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">//man.saveCert(alias,
"123456");</span>




</span>



}</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">catch</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">(Exception e){</span>




e.printStackTrace();</span>



}</span>


}</span>



</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">// </span>
<span style="">导出证书</span>


</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">private</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">void</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> exportCert(Pkcs12Manager
man,String alias,HttpServletResponse response){</span>



OutputStream out=</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">null</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">;</span>



</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">try</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">{</span>



???
Certificate cert = man.</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">keyStore</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">.getCertificate(alias);</span>



???
</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">// </span>
<span style="">得到证书内容(以编码过的格式)</span>



???
</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">byte</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">[] buf = cert.getEncoded();</span>




</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">// </span>
<span style="">写证书文件</span>



???
response.setContentType(</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #2a00ff;' lang="EN-US">"application/x-download"</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">);??
</span>



???
response.addHeader(</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #2a00ff;' lang="EN-US">"Content-Disposition"</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">, </span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #2a00ff;' lang="EN-US">"attachment;filename="</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">?
</span>



???????????
+ man.</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">file</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">.getName());??
</span>



???
out= response.getOutputStream(); </span>



???
out.write(buf);

???
</span>



}</span>



</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">catch</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">(Exception e){e.printStackTrace();}</span>



</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">finally</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">{</span>




</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">try</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">{</span>





out.close();</span>




}</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">catch</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">(Exception e){



</span>




}</span>



}</span>


}</span>



</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f5fbf;' lang="EN-US">/**</span>


?
* </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f9fbf;' lang="EN-US">@see</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f5fbf;' lang="EN-US">
HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)</span>


?
*/</span>


</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">protected</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">void</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">
doPost(HttpServletRequest request, HttpServletResponse response) </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">throws</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> ServletException,
IOException {</span>



doGet(request,response);</span>


}</span>


</span>


[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">class</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> Pkcs12Manager {</span>

???
</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">public</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> File </span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">file</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">;</span>

???
</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">public</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> KeyStore </span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">keyStore</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">;</span>

???
</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">private</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">char</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">[] </span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">storePass</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">;</span>

???
</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">public</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> Pkcs12Manager(File file, String pass) </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">throws</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> IOException, Exception {</span>

???????
</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">this</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">.</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">file</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> = file;</span>

???????
</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">this</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">.</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">storePass</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">=pass.toCharArray();</span>

???????
getKeyStore();</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">// </span>
<span style="">加载</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">KeyStore</span>
<span style="">文件</span>

???
}</span>

???
</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">// </span>
<span style="">加载</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">KeyStore</span>
<span style="">文件</span>

???
</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">public</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">synchronized</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> KeyStore getKeyStore() </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">throws</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> IOException, Exception {</span>

???????
</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">if</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> (</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">keyStore</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> == </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">null</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">) {</span>

???????????
FileInputStream fin = </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">new</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> FileInputStream(</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">file</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">);</span>

???????????
KeyStore store = KeyStore.[i]getInstance[/i]
(</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #2a00ff;' lang="EN-US">"PKCS12"</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">);</span>

???????????
</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">try</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> {</span>

???????????????
store.load(fin,</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">storePass</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">);???????????????
</span>

???????????
} </span>

???????????
</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">finally</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> {</span>

???????????????
</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">try</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> {</span>

??????????????????
?
fin.close();</span>

???????????????
} </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">catch</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> (IOException e) { }</span>

???????????
}</span>

???????????
</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">keyStore</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> = store;</span>

???????
}</span>

???????
</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">return</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> </span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">keyStore</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">;</span>

???
}</span>

???
</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">// </span>
<span style="">读取</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">alias</span>
<span style="">指定的证书内容</span>


</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">public</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> X509CertInfo
getX509CertInfo(String alias)</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">throws</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> Exception {</span>



X509CertImpl cimp=getX509CertImpl(alias);</span>



</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">//</span>
<span style="">获取</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">X509CertInfo</span>
<span style="">对象</span>



</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">return</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> (X509CertInfo) cimp.get(X509CertImpl.</span>
[i]<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">NAME</span>
[/i]






+ </span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #2a00ff;' lang="EN-US">"."</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> + X509CertImpl.</span>
[i]<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">INFO</span>
[/i]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">);</span>


}</span>

???
</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">// </span>
<span style="">根据</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">alias</span>
<span style="">获取</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">X509CertImpl</span>
<span style="">对象</span>


</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">private</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> X509CertImpl
getX509CertImpl(String alias)</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">throws</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> Exception{</span>



Certificate c = </span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">keyStore</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">.getCertificate(alias);</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">// </span>
<span style="">读取证书</span>



</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">// </span>
<span style="">从待签发的证书中提取证书信息  </span>



</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">byte</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">[] enc = c.getEncoded();</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">//</span>
<span style="">获取</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;'> </span>
<span style="">证书内容(经过编码的字节)</span>



X509CertImpl cimp= </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">new</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> X509CertImpl(enc);</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">//</span>
<span style="">创建</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">X509CertImpl</span>
<span style="">象</span>



</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">return</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> cimp;</span>


}</span>


</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">// </span>
<span style="">修改证书过期时间</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">:</span>
<span style="">过期时间顺延</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">n</span>
<span style="">天</span>


</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">public</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">void</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> updateExpiration(String
alias,String keypass,</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">int</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> n)</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">throws</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> Exception{</span>



System.</span>
[i]<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">out</span>
[/i]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">.println(getExpiration(alias));</span>



X509CertInfo cinfo=getX509CertInfo(alias);
</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">// </span>
<span style="">获取</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">X509CertInfo</span>
<span style="">对象</span>



X509CertImpl cimp=getX509CertImpl(alias);
</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">// </span>
<span style="">获取</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">X509CertImpl</span>
<span style="">对象</span>



String sigAlgrithm=cimp.getSigAlgName();
</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">// </span>
<span style="">获取签名算法</span>



CertificateValidity
cv=(CertificateValidity)cinfo.get(X509CertInfo.</span>
[i]<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">VALIDITY</span>
[/i]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">);</span>



</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">// </span>
<span style="">有效期为当前日期后延</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">n</span>
<span style="">天</span>



Date d2 = </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">new</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> Date(</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">new</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> Date().getTime() + n * 24 * 60 * 60 *
1000L);</span>



System.</span>
[i]<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">out</span>
[/i]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">.println(</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #2a00ff;' lang="EN-US">"new date:"</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">+d2.toString());</span>



</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">// </span>
<span style="">创建有效期对象</span>



cv.set(CertificateValidity.</span>
[i]<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">NOT_AFTER</span>
[/i]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">, d2);</span>



cinfo.set(X509CertInfo.</span>
[i]<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">VALIDITY</span>
[/i]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">, cv);</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">//</span>
<span style="">设置有效期</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">
</span>



saveCert(alias,keypass,cinfo,sigAlgrithm);</span>



System.</span>
[i]<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">out</span>
[/i]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">.println(getExpiration(alias));</span>


}</span>


</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">//?
</span>
<span style="">读取证书过期时间</span>


</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">public</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> String
getExpiration(String alias)</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">throws</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> Exception{</span>



X509CertInfo cinfo=getX509CertInfo(alias);</span>



CertificateValidity
cv=(CertificateValidity)cinfo.get(X509CertInfo.</span>
[i]<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">VALIDITY</span>
[/i]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">);</span>



</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">// </span>
<span style="">创建有效期对象</span>



Date d=(Date)cv.get(CertificateValidity.</span>
[i]<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">NOT_AFTER</span>
[/i]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">);</span>



</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">return</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> d.toString();</span>


}</span>

//?
</span>
<span style="">存储证书</span>


</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">private</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">void</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> saveCert(String
alias,String keypass,</span>




X509CertInfo
cinfo,String algrithm) </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">throws</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> Exception{</span>



</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">// </span>
<span style="">从密钥库中读取</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">CA</span>
<span style="">的私钥</span>



PrivateKey pKey = (PrivateKey) </span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">keyStore</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">.getKey(alias,
keypass.toCharArray());</span>



X509CertImpl cert = </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">new</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> X509CertImpl(cinfo);</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">// </span>
<span style="">新建证书</span>




cert.sign(pKey,
algrithm); </span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">//</span>
<span style="">使用</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">CA</span>
<span style="">私钥对其签名</span>




</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">//</span>
<span style="">获取别名对应条目的证书链</span>




Certificate[]
chain = </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">new</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> Certificate[] { cert };</span>




</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">// </span>
<span style="">向密钥库中添加条目</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">,</span>
<span style="">使用已存在别名将覆盖已存在条目</span>




</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">keyStore</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">.setKeyEntry(alias, pKey,
keypass.toCharArray(), chain);</span>




</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">// </span>
<span style="">将</span>
<span style="text-decoration: underline;"><span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">keystore</span>
</span>
<span style="">存储至文件</span>




FileOutputStream
fOut = </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">new</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> FileOutputStream(</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">file</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">);</span>




</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">keyStore</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">.store(fOut, </span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">storePass</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">);</span>




fOut.close();</span>


}</span>


</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">// </span>
<span style="">获取签名算法</span>


</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">public</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> String
getSigAlgName(String alias)</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">throws</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> Exception{</span>



Certificate c = </span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #0000c0;' lang="EN-US">keyStore</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">.getCertificate(alias);</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">// </span>
<span style="">读取证书</span>



</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">// </span>
<span style="">获取</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;'> </span>
<span style="">证书内容(经过编码的字节)  </span>



</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">byte</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US">[] enc = c.getEncoded();</span>



</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">//</span>
<span style="">创建</span>
<span style='font-size: 10pt; font-family: "Courier New"; color: #3f7f5f;' lang="EN-US">X509CertImpl</span>
<span style="">对象</span>



X509CertImpl cimp2 = </span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">new</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> X509CertImpl(enc);</span>



String sigAlgrithm=cimp2.getSigAlgName();</span>



</span>
[b]<span style='font-size: 10pt; font-family: "Courier New"; color: #7f0055;' lang="EN-US">return</span>
[/b]
<span style='font-size: 10pt; font-family: "Courier New"; color: black;' lang="EN-US"> sigAlgrithm;</span>


}</span>


Servlet
和javabean 部署到服务器中。这样,通过访问<a href="http://localhost/GetP12Cert">http://localhost/GetP12Cert
</a>
就可以获得一个有效的证书dlt.cer。</span>
</span>

二、
</span>
<span style="">证书的验证</span>


</span>


<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">* path=[[</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">NSBundle</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">mainBundle</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">]</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">pathForResource</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">:</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #c41a16;' lang="EN-US">@"dlt.cer"</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">ofType</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">:</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">nil</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">];</span>


<span style="">参数为任意一个有效的日期(在证书有效期之内)</span>


<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">* myTrust=[[</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #3f6e74;' lang="EN-US">MyTrustService</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">alloc</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">]</span>


initWithFilename</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">:path </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #26474b;' lang="EN-US">EfficientDate</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">:</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #c41a16;' lang="EN-US">@"2011-05-10 0:0:0"</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">];</span>


<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> ret=[myTrust </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #26474b;' lang="EN-US">trustValuate</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">:[[</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">NSDate</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">alloc</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">]</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">init</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">]];</span>


<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> (ret) {</span>



</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">case</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #26474b;' lang="EN-US">ValuateResultOK</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">:</span>




</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">NSLog</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #c41a16;' lang="EN-US">@"</span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #c41a16;'>证书有效</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #c41a16;' lang="EN-US">"</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">);</span>




</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">break</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">;</span>



</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">case</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #26474b;' lang="EN-US">ValuateResultEXPIRED</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">:</span>




</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">NSLog</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #c41a16;' lang="EN-US">@"</span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #c41a16;'>证书已过期</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #c41a16;' lang="EN-US">"</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">);</span>




</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">break</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">;</span>



</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">default</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">:</span>




</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">NSLog</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #c41a16;' lang="EN-US">@"</span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #c41a16;'>证书校验失败</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #c41a16;' lang="EN-US">"</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">);</span>




</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">break</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">;</span>


<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">release</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">];</span>


</span>


<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #c41a16;' lang="EN-US"><Foundation/Foundation.h></span>


<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #c41a16;' lang="EN-US"><Security/Security.h></span>


<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">const</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">char</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> * </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #3f6e74;' lang="EN-US">kTrustNames</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">[</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #1c00cf;' lang="EN-US">8</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">] = {</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #c41a16;' lang="EN-US">"Invalid"</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">,</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #c41a16;' lang="EN-US">"Proceed"</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">,</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #c41a16;' lang="EN-US">"Confirm"</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">,</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #c41a16;' lang="EN-US">"Deny"</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">,</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #c41a16;' lang="EN-US">"Unspecified"</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">,</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #c41a16;' lang="EN-US">"RecoverableTrustFailure"</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">,</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #c41a16;' lang="EN-US">"FatalTrustFailure"</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">,</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #c41a16;' lang="EN-US">"OtherError"</span>


<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">enum</span>



</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #26474b;' lang="EN-US">ValuateResultINVALID</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> = </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #1c00cf;' lang="EN-US">0</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">,
</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US">// </span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #007400;'>评估结果无效,表明评估出错或未经过评估</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #26474b;' lang="EN-US">ValuateResultFAILED</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">,

</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US">// </span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #007400;'>证书签名无效</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #26474b;' lang="EN-US">ValuateResultEXPIRED</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">,

</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US">// </span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #007400;'>证书过期</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #26474b;' lang="EN-US">ValuateResultOK</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">



</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US">// </span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #007400;'>证书有效</span>


<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> MyTrustService :
NSObject {</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">NSString</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> *</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #3f6e74;' lang="EN-US">file</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">;
</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">NSDate</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">* </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #3f6e74;' lang="EN-US">efficientDate</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">;</span>


<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">id</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">)initWithFilename:(</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">NSString</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">*)filename EfficientDate:(</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">NSString</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">*)date;</span>


<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #3f6e74;' lang="EN-US">ValuateResult</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">)trustValuate:(</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">NSDate</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">*)date;</span>


<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #3f6e74;' lang="EN-US">ValuateResult</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">)valuate:(</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">SecCertificateRef</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">)cert Trust:(</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">SecTrustRef</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">)trust Date:(</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">NSDate</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">*)date;</span>


<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #c41a16;' lang="EN-US">"MyTrustService.h"</span>


<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> MyTrustService</span>


<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">id</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">)initWithFilename:(</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">NSString</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">*)filename
EfficientDate:(</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">NSString</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">*)date{</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">if</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> (</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">self</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">=[</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">super</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">init</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">]) {</span>



</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #3f6e74;' lang="EN-US">file</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">=filename;</span>



</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US">// </span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #007400;'>设置有效日期,注意,第</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US">2</span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #007400;'>个参数是一个有效的证书日期,只要这个日期对证书而言是有效的就行</span>



</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #3f6e74;' lang="EN-US">efficientDate</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">=[[</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">NSDate</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">alloc</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">]</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">initWithString</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">:date];

</span>


}</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">return</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">self</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">;</span>


<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #3f6e74;' lang="EN-US">ValuateResult</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">)trustValuate:(</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">NSDate</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">*)date{</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #3f6e74;' lang="EN-US">ValuateResult</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> ret;</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">OSStatus</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">???????????
err;</span>

???
</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">NSData</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> *???????????
certData;</span>

???
</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">SecCertificateRef</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">??
cert;</span>

???
</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">SecPolicyRef</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">???????
policy;</span>

???
</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">SecTrustRef</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">????????
trust;</span>

?

</span>

???
</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #643820;' lang="EN-US">assert</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #3f6e74;' lang="EN-US">file</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> != </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">nil</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">);</span>

???
</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #643820;' lang="EN-US">assert</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(date != </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">nil</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">);</span>


</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US">// </span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #007400;'>从文件获得</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US"> DER </span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #007400;'>数据</span>

???
certData = [</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">NSData</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">dataWithContentsOfFile</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">:</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #3f6e74;' lang="EN-US">file</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">];</span>

???
</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #643820;' lang="EN-US">assert</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(certData != </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">nil</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">);</span>


</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US">// </span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #007400;'>从</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US"> NSData </span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #007400;'>获得</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US"> Certificate </span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #007400;'>对象</span>

???
cert = </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">SecCertificateCreateWithData</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">NULL</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">, (</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">CFDataRef</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">) certData);</span>

???
</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #643820;' lang="EN-US">assert</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(cert != </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">NULL</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">);</span>


</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US">// </span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #007400;'>获得</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US"> x509 policy</span>

???
policy = </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">SecPolicyCreateBasicX509</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">();</span>

???
</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #643820;' lang="EN-US">assert</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(policy != </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">NULL</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">);</span>


</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US">// </span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #007400;'>获得</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US"> Trust </span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #007400;'>对象</span>

???
err = </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">SecTrustCreateWithCertificates</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(cert,
policy, &trust);</span>

???
</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #643820;' lang="EN-US">assert</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(err == </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">noErr</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">);</span>


</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US">// </span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #007400;'>由于是自签名证书,需要将锚证书设置为要验证的证书自己。注意,这样将使所有除了参数指定的锚证书之外的所有锚证书无效</span>

???
err = </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">SecTrustSetAnchorCertificates</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(trust,
(</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">CFArrayRef</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">) [</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">NSArray</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">arrayWithObject</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">:(</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">id</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">) cert]);</span>

???
</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #643820;' lang="EN-US">assert</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(err == </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">noErr</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">);</span>


</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US">// </span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #007400;'>调用</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US"> valuate </span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #007400;'>方法进行评估</span>


ret=[</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">self</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #26474b;' lang="EN-US">valuate</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">:cert </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #26474b;' lang="EN-US">Trust</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">:trust </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #26474b;' lang="EN-US">Date</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">:date];</span>


</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US">// </span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #007400;'>评估结束,把</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US">SecTrustSetAnchorCertificates</span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #007400;'>指定的锚证书失效,于是所有锚证书又可被信任了</span>

??

err=</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">SecTrustSetAnchorCertificatesOnly</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(trust,</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">NO</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">);</span>

???
</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">CFRelease</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(trust);</span>

???
</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">CFRelease</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(policy);</span>

???
</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">CFRelease</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(cert);</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">return</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> ret;</span>


<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #3f6e74;' lang="EN-US">ValuateResult</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">)valuate:(</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">SecCertificateRef</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">)cert Trust:(</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">SecTrustRef</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">)trust Date:(</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">NSDate</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">*)date{</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #3f6e74;' lang="EN-US">ValuateResult</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> ret;</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">OSStatus</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">???????????
err;</span>

???
</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">SecTrustResultType</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">?
result;</span>


</span>

???
err = </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">SecTrustSetVerifyDate</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(trust,
(</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">CFDateRef</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">) date);</span>

???
</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #643820;' lang="EN-US">assert</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(err == </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">noErr</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">);</span>


</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">CFAbsoluteTime</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">
trustTime;</span>


trustTime = </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">SecTrustGetVerifyTime</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(trust);</span>


</span>

???
err = </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">SecTrustEvaluate</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(trust,
&result);</span>

???
</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #643820;' lang="EN-US">assert</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(err == </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">noErr</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">);</span>


</span>

???
</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">if</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> (result < (</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">sizeof</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #3f6e74;' lang="EN-US">kTrustNames</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">) / </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">sizeof</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(*</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #3f6e74;' lang="EN-US">kTrustNames</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">))) {</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US">// if(result < 8)</span>

???????
</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">if</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> (result==</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #1c00cf;' lang="EN-US">5</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">) {</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US">// if result=RecoverableTrustFailure</span>




</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US">//
</span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #007400;'>设了个有效的日期,进行再次评估</span>




err=</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">SecTrustSetVerifyDate</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(trust, (</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">CFDateRef</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">)</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #3f6e74;' lang="EN-US">efficientDate</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">);</span>




</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #643820;' lang="EN-US">assert</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(err==</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">noErr</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">);</span>




err=</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">SecTrustEvaluate</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(trust, &result);</span>




</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #643820;' lang="EN-US">assert</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(err == </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">noErr</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">);</span>




</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">if</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> (result==</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #1c00cf;' lang="EN-US">4</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">) {</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US">// if result=Unspecified,</span>





</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US">// </span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #007400;'>返回证书已过期,这里我们假设把证书尚未生效的情况也算作过期</span>





ret= </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #26474b;' lang="EN-US">ValuateResultEXPIRED</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">;</span>




}</span>



}</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">else</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">if</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> (result==</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #1c00cf;' lang="EN-US">4</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">) {</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US">// </span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #007400;'>如果第</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US">1</span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #007400;'>次就通过评估,证书有效</span>




ret=</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #26474b;' lang="EN-US">ValuateResultOK</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">; </span>



}</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">else</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> {</span>




ret=</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #26474b;' lang="EN-US">ValuateResultFAILED</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">;</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;' lang="EN-US">//</span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #007400;'>证书</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #007400;'> </span>
<span style='font-size: 11pt; font-family: "Heiti SC Light"; color: #007400;'>无效</span>



}</span>




</span>

???
} </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">else</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> {</span>

???????
</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">NSLog</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">(</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #c41a16;' lang="EN-US">@"result = unknown (%zu)"</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">, (</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #5c2699;' lang="EN-US">size_t</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">) result);</span>

???
}</span>


</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">return</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> ret;</span>


<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">void</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">)dealloc{</span>


[</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #3f6e74;' lang="EN-US">efficientDate</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">release</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">];</span>


[</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #aa0d91;' lang="EN-US">super</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US"> </span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: #2e0d6e;' lang="EN-US">dealloc</span>
<span style='font-size: 11pt; font-family: "Menlo Regular"; color: black;' lang="EN-US">];</span>
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值