Illustrates client configuration to support mutual authentication, as well as other APIs related to certificate handling:
Load all referenced certificates into the application Xcode project first.
//Step 1: Set up the CA certificates trusted by the client for mutual authentication.
//You need to do this only if your server certificate is NOT signed by the public CA
//the trusted certificate must be in DER format; the CN (common name) of the server certificate
//must match the server name, set via the connection properties in the step 3.
SUPApplication* app = [SUPApplication getInstance];
SUPConnectionProperties* props = app.connectionProperties;
//Load the trusted certificate
NSString *trustedCertPath = [[NSBundle mainBundle]
pathForResource:@"server_trusted" ofType:@"crt"];
NSData *trustedData = [NSData dataWithContentsOfFile:trustedCertPath];
SecCertificateRef trusted_cert = SecCertificateCreateWithData(NULL, (CFDataRef) trustedData);
//Create an array of SecCertificateRef objects
CFMutableArrayRef certs = CFArrayCreateMutable (NULL, 1, &kCFTypeArrayCallBacks);
CFArrayAppendValue (certs, (CFDataRef)trusted_cert);
//Set to SUPConnectionProperties
[props setTrustedCertificates:certs];
CFRelease(trusted_cert);
CFRelease(certs);
Step 2: //Get the client's login certificate; Client identity file must be in pkcs12 format;
//Client identity file must be encrypted with non-empty password;
NSString *certPath = [[NSBundle mainBundle] pathForResource:@"client_identity" ofType:@"p12"];
SUPCertificateStore *cs = [SUPCertificateStore getDefault];
SUPLoginCertificate *lc_resource = [cs getSignedCertificateFromFile:certPath withPassword:@"password"];
props.loginCertificate = lc_resource;
//Step 3: Register the application
[props setNetworkProtocol:SUPConnectionProperties_NETWORK_PROTOCOL_HTTPS];
[props setServerName:self.server];
[props setPortNumber:self.port];
[props setUrlSuffix:@""];
[props setFarmId:self.farmID];
props.activationCode = nil;
@try
{
if (app.registrationStatus != SUPRegistrationStatus_REGISTERED)
{
[app registerApplication:300];
}
else
{
[app startConnection:300];
}
}
@catch (NSException *exception)
{
NSLog(@"%@: %@",[exception name],[exception reason]);
}
//Step 4: Configure for data synchronization
SUPConnectionProfile *sp = [TestDB getSynchronizationProfile];
…
[sp setPortNumber:2482];
//specify trusted cert, and identity cert, and identity cert password;
// if the same identity cert is used with application registration, you don’t need to specify
// “identity” and “identity_password” here, otherwise, you need to specify them.
// specify server trusted CA cert; this could be different from the certificate used in step1
// depending on server configuration.
// In any case, server trusted CA needs to be specified for data synchronization in networkstreamparams.
[sp setNetworkStreamParams:@"trusted_certificates=server_trustedCA.crt;
identity=client_identity.p12;
identity_password=password"];
//Data synchronize
[TestDB synchronize];