Enabling Single and Mutual SSL Authentication

Secure sockets layer (SSL) is a protocol that governs certificate authentication. It exchanges the certificate information. SSL also encrypts all information that flows between a client and a server. Mutual SSL authentication or certificate based mutual authentication refers to two parties authenticating each other through verifying the provided digital certificate, so that both parties are assured of the others' identity.

In single SSL connection:

The CA certificate should be installed on the device trust store which the application takes while connecting to the HTTPS URL. The SSL connection is established.

Registering the user through single SSL, use the code:

[SMPUserManager setDelegate:self];
l_clientconn = [SMPClientConnection initializeWithAppID:<applicationId> domain:<domain> secConfiguration:<securityconfiguration>];
      userManager = [SMPUserManager initializeWithConnection:l_clientconn];
//During onboarding with single SSL, add fully qualified domain name of the SAP Mobile Platform server. For example, vwxxx.dhcp.wdf.sap.corp.
[l_clientconn setConnectionProfileWithHost:<host> port:<port> farm:<farm> relayServerUrlTemplate:<relayserverURLtemplate> enableHTTP:NO];
    
[userManager registerUser:<backendusername> password:<backendpassword> error:&error isSyncFlag:NO];

After initializing the SMPClientConnection class, use the setClientIdentityCertificate method to set the client certificate.

Examples

Mutual SSL code: –

[SMPUserManagersetDelegate:self];
l_clientconn = [SMPClientConnectioninitializeWithAppID:applicationIddomain:@"default"secConfiguration:odp_cert_sc];
        
    userManager = [SMPUserManagerinitializeWithConnection:l_clientconn];
    
    NSError *error = nil;
    
    SecIdentityRef identityApp = nil;
    
    NSString *path = [[NSBundlemainBundle] pathForResource:@"Certificate"ofType:@"p12"];        /// This is your client certificate
    NSLog(@"path is %@",path);
    NSData *PKCS12Data = [[NSData alloc]initWithContentsOfFile:path];
    
    CFDataRef inPKCS12Data = (__bridge CFDataRef)PKCS12Data;
    CFStringRef password = CFSTR("mobile");
    /// Password of p12 certificate
    const void *key[] = { kSecImportExportPassphrase };//kSecImportExportPassphrase };
    const void *values[] = { password };
    CFDictionaryRef options = CFDictionaryCreate(NULL, key, values, 1, NULL, NULL);
    CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
    OSStatus securityError = SecPKCS12Import(inPKCS12Data, options, &items);
    CFRelease(options);
    CFRelease(password);
    if (securityError == errSecSuccess)
    {
        NSLog(@"Success opening p12 certificate. Items: %ld", CFArrayGetCount(items));
        CFDictionaryRef identityDict = CFArrayGetValueAtIndex(items, 0);
        identityApp = (SecIdentityRef)CFDictionaryGetValue(identityDict, kSecImportItemIdentity);
    } else
    {
        NSLog(@"Error opening Certificate.");
    }
    

    [l_clientconnsetClientIdentityCertificate:identityApp];
    
     //During onboarding with single SSL, add fully qualified domain name of the SAP Mobile Platform server. For example, vwxxx.dhcp.wdf.sap.corp.
     //If relay server is used, <host> is relay server host, <port> is relay server port, and <farm> is relay server farm ID, and provide the corresponding relay server URL template. If fully qualified domain name is used, the <host> is FQDN of SAP Mobile Platform server, <port> is 8002 for mutual SSL, and 8001 for single SSL, <farm> is 0, and <relayserverURLtemplate> is nil.
     [l_clientconn setConnectionProfileWithHost:<host> port:<port> farm:<farm> relayServerUrlTemplate:<relayserverURLtemplate> enableHTTP:NO];
      
      [userManager registerUser:<backendusername> password:<backendpassword> error:&error isSyncFlag:NO];