Secure sockets layer (SSL) is a protocol that governs certificate authentication. It exchanges the certificate information. SSL also encrypts all information that flows between a client and a server.
In single SSL connection, the client needs to trust the server certificate. This can be done one of the three ways:
In mutual SSL connection, two parties authenticate each other through verifying the provided digital certificate (P12), so that both parties are assured of the others' identity.
For the mutual SSL to be established, the server sends the certificate that is accepted on the client side in the -(void) onCertificateChallenge:(NSString*)certInfo delegate. The client sends the user certificate that should be authenticated by the server using onClientCertificateChallenge callback.
ODPUserManager *manager = [ODPUserManager getInstance:<applicationID>];
[ODPUserManager enableHTTPS:YES];
NSError *error=nil;
[manager setConnectionProfileWithHost:<relayserverhost> port:<relayport>
farm:<relayserverfarmID> error:&error];
[ODPClientListeners setHTTPSClientCertificateChallengeListenerDelegate:self];
[ODPClientListeners setCertificateChallengeListenerDelegate:self];
[ODPClientListeners setHTTPAuthChallengeListenerDelegate:self];
BOOL flag = [manager registerUser:<username>
securityConfig:<securityconfiguration> password:<password> error:nil
isSyncFlag:YES];
//Call back for the certificate challenge sent from the server
-(void) onCertificateChallenge:(NSString*)certInfo
{
@try
{
NSLog(@"Cert Info is: %@", certInfo);
[ODPClientListeners certificateChallengeResult:YES]; // Certificate is accepted
}
@catch (NSException *exc)
{
NSLog(@"exception is %@",[exc description]);
}
}
- (void) onClientCertificateChallenge
{
SecIdentityRef outIdentity;
outIdentity =[MutualSSLOverIMO getClientCertificate];
[ODPClientListeners httpsClientCertificateChallengeResult:outIdentity];
}
-(void)onClientCertificateChallengeResult:(SecIdentityRef) identity
{
NSLog(@" came for on client certificate challanege result");
}
-(void) onHTTPError:(int)code errorMessage:(NSString*)message httpHeaders:(NSDictionary*)headers
{
NSError *error;
//Handle error scenario
}
//Read the contents of the certificates
+(SecIdentityRef)getClientCertificate
{
identityApp = nil;
NSString *thePath = [[NSBundle mainBundle]
pathForResource:<clientcertificate>ofType:@"p12"];
NSData *PKCS12Data = [[NSData alloc]
initWithContentsOfFile:thePath];
CFDataRef inPKCS12Data = (__bridge CFDataRef)PKCS12Data;
CFStringRef password = CFSTR(“<p12certificatepassword>”);
const void *keys[] = { kSecImportExportPassphrase };
const void *values[] = { password };
CFDictionaryRef options = CFDictionaryCreate(NULL, keys, values, 1,
NULL, NULL);
CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
OSStatus securityError = SecPKCS12Import(inPKCS12Data, options,
&items);
CFRelease(options);
CFRelease(password);
if (securityError == errSecSuccess) {
NSLog(@"Success opening p12 certificate. Items: %ld",
CFArrayGetCount(items));
CFDictionaryRef identityDict = CFArrayGetValueAtIndex(items, 0);
identityApp =
(SecIdentityRef)CFDictionaryGetValue(identityDict,
kSecImportItemIdentity);
} else {
NSLog(@"Error opening Certificate.");
}
return identityApp;
}