How to validate in a webview using the certificate of a cryptographic card

Programming Languages Swift
diegocidm4 OP
Created Mar ’23
Replies 1
Boosts 0
Views 725
Participants 1

I am working on a project that allows access to certificates from a cryptographic card that supports communication via NFC with the mobile device. At this point, I am able to read the data from the card (public certificate and root certificate) and am able to send data (a hash) to the card and have it sign it with the private certificate. On the other hand, with the following code I can validate a user while browsing using a webview when the server needs authentication with a digital certificate.

func sendClientCertificate(for challenge: URLAuthenticationChallenge, via completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {

    guard let data = try? Data(contentsOf: URL(fileURLWithPath: certificado!)),
    let credential = credential(from: data, withPassword: password ?? "") else {

     challenge.sender?.cancel(challenge)
     return completionHandler(.rejectProtectionSpace, .none)
   }

   return completionHandler(.useCredential, credential);
  }
   
  func credential(from data: Data, withPassword password: String) -> URLCredential? {

    guard let security = security(from: data, withPassword: password) else {
     return .none
    }

    return URLCredential(
     identity: security.identity,
     certificates: security.certificates,
     persistence: .permanent
    )
   }

   func security(from data: Data, withPassword password: String) -> (identity: SecIdentity, trust: SecTrust, certificates: [SecCertificate])? {

    var _items: CFArray?

    let securityError = SecPKCS12Import(data as NSData,
                      [ kSecImportExportPassphrase as String : password ] as CFDictionary,
                      &_items);

    guard let items = _items as? [Any],
     let dict = items.first as? [String:Any],
     securityError == errSecSuccess else {
      return .none
    }

    let identity = dict["identity"] as! SecIdentity

    let trust = dict["trust"] as! SecTrust;

    // Certificate chain
    var certificate: SecCertificate!
    SecIdentityCopyCertificate(identity, &certificate);

    return (identity, trust, [certificate]);
   }

What classes should I delegate to be able to control the communication at a low level and be able to send the data that the server needs to sign to the card?

Replies  1
Boosts  0
Views  725
Participants  1
diegocidm4 OP
Mar ’23

I extend this post with the method that I override of the webview, and that is missing in the previous code:

func webView(_ webView: WKWebView, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {

   let method = challenge.protectionSpace.authenticationMethod

   switch method {

   case NSURLAuthenticationMethodClientCertificate:
       sendClientCertificate(for: challenge, via: completionHandler)
   default:
    completionHandler(.performDefaultHandling, .none)
   }
  }
0
How to validate in a webview using the certificate of a cryptographic card
First post date Last post date
 
 
Q