从您自己的基于 Swift 的客户端和服务器应用程序向/从 ca-server 发送 CSR 并检索证书。Certificatable 允许任何对象支持证书,而 ParseCertificatable 允许来自 Parse-Swift 的任何 ParseObject。ParseCertificateAuthority 通过简化证书锁定、身份验证/验证、加密/解密以及使用密钥/证书交换的安全设备到设备离线通信,帮助开发人员为其应用程序增加额外的安全层。
- ca-server - 一个证书颁发机构 (CA),可以将 CSR 转换为证书
- CertificateSigningRequest - 在 Swift 客户端和服务器上生成 CSR,这些 CSR 稍后可以由
ca-server签名 - Parse-Swift - 用 Swift 编写 Parse 客户端应用程序。当与 ParseCertificateAuthority 和 CertificateSigningRequest 结合使用时,为生成 CSR、向/从
ca-server发送/接收证书提供了完整的客户端堆栈 - ParseServerSwift - 用 Swift 编写 Parse Server Cloud Code 应用程序。当与 ParseCertificateAuthority、CertificateSigningRequest 和 Parse-Swift 结合使用时,为生成 CSR、向/从
ca-server发送/接收证书提供了完整的服务器端堆栈
按照 说明 在 macOS 或 linux 上安装和设置您的项目,从而设置一个 Vapor 项目。
在您的 Package.swift 文件中,将 ParseCertificateAuthority 添加到 dependencies
// swift-tools-version:5.5.2
import PackageDescription
let package = Package(
name: "YOUR_PROJECT_NAME",
dependencies: [
.package(url: "https://github.com/netreconlab/ParseCertificateAuthority", .upToNextMajor(from: "0.1.0")),
]
)
import ParseCertificateAuthority
// Innitialize ParseCertificateAuthority
let caConfiguration = try ParseCertificateAuthorityConfiguration(caURLString: "http://certificate-authority:3000", // The url for `ca-server`.
caRootCertificatePath: "/ca_certificate", // The root certificate path on `ca-server`.
caCertificatesPath: "/certificates/", // The certificates path on `ca-server`.
caUsersPath: "/appusers/") // The user path on `ca-server`.
initialize(configuration: caConfiguration)
以下是如果您正在使用 Parse-Swift 时,符合 ParseCertificatable 的示例。如果您未使用 Parse-Swift,则过程类似,除了您符合 Certificatable 并使用相关方法。您的 ParseObject 模型中至少需要有一个符合 ParseCertificatable。一个好的候选模型是已经符合 ParseInstallatiion 的模型,因为这对于每个设备上的每个安装都是唯一的。
// Conform to `ParseCertificatable`. If not using Parse-Swift, conform to `Certificatable` instead.
struct Installation: ParseInstallation, ParseCertificatable {
var rootCertificate: String?
var certificate: String?
var csr: String?
var certificateId: String? {
installationId
}
...
}
一旦您从 CertificateSigningRequest 等软件包获得 CSR,您就可以自动为当前 ParseUser 创建一个帐户,并通过执行以下操作将 CSR 发送到 ca-server
do {
let user = User.current // Some user type that conforms to `ParseUser`.
var installation = Installation.current
let (certificate, rootCertificate) = try await installation.getCertificates(user)
if installation.certificate != certificate || installation.rootCertificate != rootCertificate {
installation.certificate = certificate
installation.rootCertificate = rootCertificate
try await installation.save()
// Notify the user their object has been updated with the certificates
}
} catch {
// Handle error
}
当证书过期时,为 CSR 创建新证书可能很有用。要生成新证书,请执行以下操作
do {
let user = User.current // Some user type that conforms to `ParseUser`.
var installation = Installation.current
let (certificate, rootCertificate) = try await installation.requestNewCertificates(user)
guard let certificate = certificate,
let rootCertificate = rootCertificate else {
let error = ParseError(code: .otherCause,
message: "Could not get new certificates")
return
}
installation.certificate = certificate
installation.rootCertificate = rootCertificate
try await installation.save()
// Notify the user their object has been updated with the certificates
} catch {
// Handle error
}