双向认证方法:
让后台生成 ca.crt 和 client.p12文件(client.p12文件由client.crt和client.key合成) 我使用的是自签证书
使用命令行把ca.crt转化为ca.der格式
openssl x509 -in ca.crt -out ca.der -outform der
client.crt,client.key合并成p12文件
openssl pkcs12 -export -in client.crt -inkey client.key -out certificate.p12 -name "certificate"
MQTTClient中的的session的双向认证方法:
MQTTSSLSecurityPolicyTransport *transport = [[MQTTSSLSecurityPolicyTransport alloc] init];
transport.host = @"192.168.1.19";
transport.port = 8000;
transport.tls = YES;
NSString *ca = [[NSBundle mainBundle] pathForResource:@"ca" ofType:@"der"];
NSString *client = [[NSBundle mainBundle] pathForResource:@"certificate" ofType:@"p12"];;//注意不可以用client命名,否则无法获取到文件路径
transport.certificates = [MQTTSSLSecurityPolicyTransport clientCertsFromP12:client passphrase:@"证书的密码"];
MQTTSSLSecurityPolicy *securityPolicy = [MQTTSSLSecurityPolicy policyWithPinningMode:MQTTSSLPinningModeCertificate];
securityPolicy.allowInvalidCertificates = YES;
securityPolicy.validatesDomainName = NO;
securityPolicy.validatesCertificateChain = NO;
securityPolicy.pinnedCertificates = @[[NSData dataWithContentsOfFile:ca]];
transport.securityPolicy = securityPolicy;
_session = [[MQTTSession alloc] init];
_session.transport = transport;
_session.delegate = self;
_session.willFlag = YES;
_session.userName = @"userName";
_session.password = @"password";
_session.willQoS = MQTTQosLevelAtLeastOnce;
_session.willRetainFlag = NO;
_session.cleanSessionFlag = YES;
_session.willTopic = @"/app/lastwill" ;
_session.certificates = [MQTTSSLSecurityPolicyTransport clientCertsFromP12:client passphrase:@"password"];
NSDictionary *dic = @{@"subject":@"disconnect"};
NSData *data1 = [NSJSONSerialization dataWithJSONObject:dic options:NSJSONWritingPrettyPrinted error:nil];
_session.willMsg = data1;
_session.clientId = @"ssid";
[_session connectAndWaitTimeout:30]; //this is part of the synchronous API
[_session subscribeToTopic:@"/topic/event" atLevel:1 subscribeHandler:^(NSError *error, NSArray<NSNumber *> *gQoss){
}];
网友评论