首先，我想说，如果您真的很重视安全性，请为它投入适当的时间和资源，并像对待您的一等公民一样对待它功能列表.不要只是打开 SSL"并假装事情是安全的.我不是建议你这样做或不这样做，但我只是觉得我必须在继续之前说出来.

For starters, I'd say if you are really serious about security please dedicate the proper time and resources to it and treat it like a first class citizen in your feature list. Don't just "turn on SSL" and pretend things are secure. I'm not suggesting you are doing this or not doing this, but I just feel like I have to say it before proceeding.

也就是说，您可能已经知道 WS-* 都是建立在 http 请求之上的，并且任何时候您处理大量 http 请求时，您都可能会发现 ASIHTTPRequest 在 iPhone 上非常有用.但是，这不会让您 100% 成功.

That said, you probably already know that WS-* is all built on top of http requests, and any time you are doing loads of http requests, you'll probably find ASIHTTPRequest very helpful on the iPhone. However, that will not get you 100% of the way there.

从 iPhone 的角度来看，您有:

From the iPhone's perspective you have:

1. URL 加载系统，这是一个用于处理任何类型网络资源的高级 API
2. CFNetwork C API，它是较低级别的，允许您以任何您认为合适的方式更好地控制加密流和网络流量
3. 证书、密钥和信任服务 完成繁重的工作，更具体地说是 X509 信任策略

1. The URL loading system, which is a high level API for dealing with network resources of any kind
2. The CFNetwork C API which is lower-level and allows you a great deal more control of encrypting streams and network traffic any way you see fit
3. The Certificate, Key, and Trust Services that do the heavy lifting, and more specifically the X509 trust policies

在 Mac 上，您可以使用安全传输，但据我所知，他们尚未将其移植到设备上，因此除非您打算将其带到桌面或只是想学习一切:)

On Macs you get to use Secure Transport, but as far as I know they haven't ported that to the device so I wouldn't get too distracted reading up on that unless you are planning on bringing this to the desktop or are just in the mood to learn everything :)

如果您使用 WCF 进行任何安全操作，您可能意识到的第一件事是 您可以使用许多选项，但都归结为以下简短列表:

If you are doing any security with WCF, the first thing you probably realized is that there are many options available to you, but it all boils down to this short list:

1. 具有明文消息 (xml/json/...) 的传输层安全性 (https)
2. 基于开放传输 (http) 的消息层安全性(加密消息正文)
3. 通过安全传输保护消息

我上次使用 WCF 时(大约一年前)，由于在尝试保护传输时引入了防火墙/可访问性问题，Microsoft 的一般建议似乎是开放传输上的消息层安全性.但是，这种方法假定所有相关方都具有 .NET/WCF 能力.我相信如果它是 HTTPS 传输级别的安全性，并且具有清晰的 XML 或 JSON 消息正文，那么在设备上使用它会更容易.这样，您就可以利用 Apple 已经完成的 CFNetwork 和 NSHTTPRequest 中的所有内容.

The last time I was doing WCF (about a year ago) the general recommendation from Microsoft seemed to be Message layer security over an open transport because of firewall / accessibility issues introduced when trying to secure the transport. However, this approach assumed that all parties involved were .NET / WCF capable. I believe it would be easier to consume on the device if it were an HTTPS transport level security, with clear XML or JSON message bodies. That way you can take advantage of all the stuff baked into CFNetwork and NSHTTPRequest that Apple has done.

一旦你开始工作，你会想要参考企业部署指南，特别是有关无线注册的文档，以便您可以在设备上安装证书.请记住，一切皆有可能，不要害怕使用该程序随附的 Apple 支持票之一:)

Once you get something working, you'll want to refer to the Enterprise Deployment Guide, and specifically the documentation on Over-the-Air Enrollment so that you can install the certificates on the devices. Remember, anything is possible, and don't be afraid to use one of those Apple support tickets that come with the program :)

我完全忘记提及 GenericKeychain 和 CryptoExcercise 示例

I completely forgot to mention the GenericKeychain and CryptoExcercise examples

编辑 2:

在我无缘无故被否决后，我重新阅读了我的回复，并意识到我在没有真正回答您关于如何在设备上打开 p12 文件的问题的情况下说得太多了.您应该能够简单地[[UIApplication sharedApplication] openURL:urlToP12FileEitherLocalOrRemote]] 并将其踢出到操作系统进行安装过程.

After I got downvoted for no apparent reason I re-read my response and realized I rambled a bit too much without actually answering your question about how to open a p12 file on the device. You ought to be able to simply [[UIApplication sharedApplication] openURL:urlToP12FileEitherLocalOrRemote]] and have it kick out to the OS for the installation procedure.