stackoom
  简体   繁体   中英

Install certificate in login keychain with swift 3 on MacOS

 原文  2017-07-25 19:02:49       swift/ macos/ certificate

Question

I have a cocoa project, building a MacOS app. I won't distribute it on Apple store.

What should I use in Swift 3 to install a certificate in the login keychain, to be always trusted, like this command does ? 

security add-trusted-cert -k ~/Library/Keychains/login.keychain-db ca-cert.cer

I already have my ca-cert.cer and ca-cert.pem created.

I know about the Authorization API and I saw in Apple documentation this method https://developer.apple.com/documentation/security/1401659-secitemadd and this doc https://developer.apple.com/documentation/security/certificate_key_and_trust_services/certificates/storing_a_certificate_in_the_keychain

First I create a der version of my pem with 

openssl x509 -outform der -in ~/ca-cert.pem -out ~/ca-cert.der

Then The following code will successfully install certificate in login keychain but won't be trusted. 

    do {
        let cerData = NSData(contentsOfFile: homeDirURL.path + "/ca-cert.der")
        let certificate: SecCertificate? = SecCertificateCreateWithData(nil, cerData as! CFData)
        let addquery: [String: Any] = [kSecClass as String: kSecClassCertificate,
                                       kSecValueRef as String: certificate,
                                       kSecAttrLabel as String: "My Certificate"]
        let status = SecItemAdd(addquery as CFDictionary, nil)
        guard status == errSecSuccess else {
            print("error \(status) : " + (SecCopyErrorMessageString(status, nil) as! String))
            return
        }

    }
    catch let error as NSError {
        print("Ooops! Something went wrong: \(error)")
    }

What should I change for it to be always trusted ?

1 answers

solution1
 1  2017-07-27 04:06:01

In objective c, you need to do the following steps.

//Your certificate have already been installed in login.keychain by using SecItemAdd 

SecCertificateRef certificate; //use SecCertificateCreateWithData to get it.

NSDictionary *newTrustSettings = @{(id)kSecTrustSettingResult:[NSNumber numberWithInt:kSecTrustSettingsResultTrustRoot]};

SecTrustSettingsSetTrustSettings(certificate, kSecTrustSettingDomainUser, (__bridget CFTypeRef)newTrustSettings));

Note that i type this by hand, so check type errors by yourself.

I have tested it by myself, so what you need to do is you change it to swift code.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ios swift parse: Saving to keychain and print out data from keychain and do a login Swift 4: kSecMatchIssuers keychain search query failing to match X.509 certificate PersistentRef of keychain item on macOS catalyst Swift Keychain Status -50 Swift keychain and provisioning profiles Swift Keychain cannot retrieve saved password from viewDidLoad for auto login feature macOS Swift: How to properly add application as Login Item macOS Keychain Sharing Bypass Password Dialog Error adding Key item to macOS keychain Generate keychain key with swift 2.0
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM