Authorizing a certificate for MCSession

Question

I have created a self signed certificate in keychain and i am using MultipeerConnectivity framework to transfer data between devices.

When we create a session we can pass securityIdentity when we invite peers in MCSession.

  - (instancetype)initWithPeer:(MCPeerID *)myPeerID securityIdentity:(NSArray *)identity encryptionPreference:(MCEncryptionPreference)encryptionPreference;

but securityIdentity is NSArray, how can we pass a certificate in NSArray and how can we authenticate it in

- (void)session:(MCSession *)session didReceiveCertificate:(NSArray *)certificate fromPeer:(MCPeerID *)peerID certificateHandler:(void(^)(BOOL accept))certificateHandler;

Answer 1

It is an array containing information that can be used to identify the local peer to other nearby peers.

The array contains objects that helps identify the peer to others. The first is a SecIdentityRef object that has a SecKeyRef object and the related SecCertificateRef object. (It is something like the apple developer certificate and the private key pair)

The other elements in the array can be SecCertificateRef objects representing intermediate certificates that may be needed for verifying the SecIdentityRef .

The receiving peer has to validate the identity represented by SecIdentityRef.

Below is the code to obtain SecIdentityRef from a p12 file

- (SecIdentityRef)getClientCertificate 
{
    SecIdentityRef identity = nil;
    NSArray *paths = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES);
    NSString *documentsDirectoryPath = [paths objectAtIndex:0];
    NSString *myFilePath = [documentsDirectoryPath stringByAppendingPathComponent:@"cert_key_pair.p12"]; 
    NSData *PKCS12Data = [NSData dataWithContentsOfFile:myFilePath];

    CFDataRef inPKCS12Data = (__bridge CFDataRef)PKCS12Data;
    CFStringRef password = CFSTR("password");
    const void *keys[] = { kSecImportExportPassphrase };//kSecImportExportPassphrase };
    const void *values[] = { password };
    CFDictionaryRef options = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL);
    CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
    OSStatus securityError = SecPKCS12Import(inPKCS12Data, options, &items);
    CFRelease(options);
    CFRelease(password);
    if (securityError == errSecSuccess) {
        NSLog(@"Success opening p12 certificate. Items: %ld", CFArrayGetCount(items));
        CFDictionaryRef identityDict = CFArrayGetValueAtIndex(items, 0);
        identity = (SecIdentityRef)CFDictionaryGetValue(identityDict, kSecImportItemIdentity);
    } else {
        NSLog(@"Error opening Certificate.");
    }

    return identity;
}

Obtaining a policy reference object and evaluating trust

- (void)session:(MCSession *)session didReceiveCertificate:(NSArray *)certificate fromPeer:     (MCPeerID *)peerID certificateHandler:(void (^)(BOOL accept))certificateHandler
{ 
    SecCertificateRef myCert;
    myCert = [certificate objectAtIndex:0];    // 1

    SecPolicyRef myPolicy = SecPolicyCreateBasicX509();         // 2

    SecCertificateRef certArray[1] = { myCert };
    CFArrayRef myCerts = CFArrayCreate(
                                   NULL, (void *)certArray,
                                   1, NULL);
    SecTrustRef myTrust;
    OSStatus status = SecTrustCreateWithCertificates(
                                                myCerts,
                                                myPolicy,
                                                &myTrust);  // 3

    SecTrustResultType trustResult;
    if (status == noErr) {
        status = SecTrustEvaluate(myTrust, &trustResult);       // 4
    }
    //...                                                             
    if (trustResult == kSecTrustResultConfirm || trustResult == kSecTrustResultProceed || trustResult == kSecTrustResultUnspecified)                           // 5
    {
        certificateHandler(YES);
    }

    // ...
    if (myPolicy)
    CFRelease(myPolicy);  
}