Connect to Wi-Fi via EAP-TTLS and EAP-PEAP

Question

Ningdun Tech Author

Level 1

4 points

Connect to Wi-Fi via EAP-TTLS and EAP-PEAP

Hi guys!

I will briefly explain to you what problem I'm having.

I spent a lot of time to find the solution but without any positive result.

So I hope that you can help me.

Our app is used to connect to a secure network via NEHotspotConfiguration.

NEHotspotConfiguration *configuration = [[NEHotspotConfiguration alloc] initWithSSID:networkName eapSettings:settings];

I configured NEHotspotEAPSettings with: username, password, outerIdentity, identity, supportedEAPTypes (NEHotspotConfigurationEAPTypeEAPTTLS and NEHotspotConfigurationEAPTypeEAPPEAP), trustedServerNames and trustedServerCertificates (client.cer and rootCA.cer).

Those certificates were generated by the guys from the server side and are incorporated in the iOS project via xcode.

I have checked if those certificates are valid. For example, in the debuger logs I can see the expiration date.

In the final step when the alert message appears that the app wants to join the secure network, after pressing the join button we see the message "Unable to join the network".

In the debuger logs I see the following:

NEHotspotEAPSettings failed to find persistent reference for identity. status = -25300

NEHotspotEAPSettings failed to find persistent reference for trusted server certificate. status = -25300

NEHotspotEAPSettings found nil persistent reference for identity

Do you have any ideas on how to fix it or what is wrong?

Thank you in advance!

iPhone 13 专业版

Posted on Jan 4, 2023 3:15 AM

Reply

Answer 1

Jan 4, 2023 10:10 AM in response to Ningdun Tech

You’re likely going to need to open a technical support request directly with the Apple Developer folks, as this issue just reeks of something that will require digging in your source code and quite possibly also the Apple folks digging in their Apple source code.

Reply

Answer 2

Ningdun Tech Author

Level 1

4 points

Jan 4, 2023 5:03 PM in response to Ningdun Tech

This is the code for successful authentication

    NEHotspotEAPSettings *eapSettings = [[NEHotspotEAPSettings alloc] init];
    eapSettings.username = @"username";
    eapSettings.password = @"password";
    eapSettings.supportedEAPTypes = [NSArray arrayWithObjects:[NSNumber numberWithInteger:NEHotspotConfigurationEAPTypeEAPPEAP], nil];
    eapSettings.outerIdentity = @"";
    eapSettings.trustedServerNames = @[@"xxx.xxx.com"];
    NEHotspotConfiguration *hotspotConfig = [[NEHotspotConfiguration alloc]initWithSSID:@"ssidName" eapSettings:eapSettings];
    [[NEHotspotConfigurationManager sharedManager] applyConfiguration:hotspotConfig completionHandler:^(NSError * _Nullable error) {
    	NSLog(@"success");
    }];

This is the code for authentication failure

    NSString *caCertificatePath = [[NSBundle mainBundle] pathForResource:@"caCertificate" ofType:@"cer"];
    NSData *caCertificateData = [[NSData alloc] initWithContentsOfFile:caCertificatePath];
    SecCertificateRef caCertificateRef = SecCertificateCreateWithData(kCFAllocatorDefault, (__bridge CFDataRef)caCertificateData);
    
    SecCertificateRef userCertificate = nil;
    NSString *thePath = [[NSBundle mainBundle] pathForResource:@"userCertificate" ofType:@"cer"];
    NSData *PKCS12Data = [[NSData alloc] initWithContentsOfFile:thePath];
    CFDataRef inPKCS12Data = (__bridge CFDataRef)PKCS12Data;
    CFStringRef password = CFSTR("password");
    const void *keys[] = { kSecImportExportPassphrase }; };
    const void *values[] = { password };
    CFDictionaryRef options = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL);
    CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
    OSStatus securityError = SecPKCS12Import(inPKCS12Data, options, &items);
    CFRelease(options);
    CFRelease(password);
    if (securityError == errSecSuccess) {
    NSLog(@"Success opening p12 certificate. Items: %ld", CFArrayGetCount(items));
    CFDictionaryRef identityDict = CFArrayGetValueAtIndex(items, 0);
        userCertificate = (SecIdentityRef)CFDictionaryGetValue(identityDict, kSecImportItemIdentity);
        NEHotspotEAPSettings *eapSettings = [[NEHotspotEAPSettings alloc] init];
        eapSettings.tlsClientCertificateRequired = YES;
        eapSettings.trustedServerNames = @[@"xxx",@"xxx.xxx.com"];
        eapSettings.supportedEAPTypes = [NSArray arrayWithObjects:[NSNumber numberWithInteger:NEHotspotConfigurationEAPTypeEAPTLS], nil];
        eapSettings.outerIdentity = @"xxxx";
        [eapSettings setTrustedServerCertificates:@[(__bridge id)caCertificateRef]];
        [eapSettings setIdentity: userCertificate];
    	NEHotspotConfiguration *hotspotConfig = [[NEHotspotConfiguration alloc]initWithSSID:@"ssidName" eapSettings:eapSettings];
	    [[NEHotspotConfigurationManager sharedManager] applyConfiguration:hotspotConfig completionHandler:^(NSError * _Nullable error) {
	    	NSLog(@"failure");//NEHotspotEAPSettings failed to find persistent reference for identity. status = -25300
	    }];
    } else {
        NSLog(@"Error opening Certificate.");
    }

The difference between the two is that I want to use certificate authentication not username password authentication

Reply

Connect to Wi-Fi via EAP-TTLS and EAP-PEAP

Similar questions