I have a cocoa project, building a MacOS app. I won't distribute it on Apple store.
What should I use in Swift 3 to install a certificate in the login keychain, to be always trusted, like this command does ?
security add-trusted-cert -k ~/Library/Keychains/login.keychain-db ca-cert.cer
I already have my ca-cert.cer and ca-cert.pem created.
I know about the Authorization API and I saw in Apple documentation this method https://developer.apple.com/documentation/security/1401659-secitemadd and this doc https://developer.apple.com/documentation/security/certificate_key_and_trust_services/certificates/storing_a_certificate_in_the_keychain
First I create a der version of my pem with
openssl x509 -outform der -in ~/ca-cert.pem -out ~/ca-cert.der
Then The following code will successfully install certificate in login keychain but won't be trusted.
do {
let cerData = NSData(contentsOfFile: homeDirURL.path + "/ca-cert.der")
let certificate: SecCertificate? = SecCertificateCreateWithData(nil, cerData as! CFData)
let addquery: [String: Any] = [kSecClass as String: kSecClassCertificate,
kSecValueRef as String: certificate,
kSecAttrLabel as String: "My Certificate"]
let status = SecItemAdd(addquery as CFDictionary, nil)
guard status == errSecSuccess else {
print("error \(status) : " + (SecCopyErrorMessageString(status, nil) as! String))
return
}
}
catch let error as NSError {
print("Ooops! Something went wrong: \(error)")
}
What should I change for it to be always trusted ?
In objective c, you need to do the following steps.
//Your certificate have already been installed in login.keychain by using SecItemAdd
SecCertificateRef certificate; //use SecCertificateCreateWithData to get it.
NSDictionary *newTrustSettings = @{(id)kSecTrustSettingResult:[NSNumber numberWithInt:kSecTrustSettingsResultTrustRoot]};
SecTrustSettingsSetTrustSettings(certificate, kSecTrustSettingDomainUser, (__bridget CFTypeRef)newTrustSettings));
Note that i type this by hand, so check type errors by yourself.
I have tested it by myself, so what you need to do is you change it to swift code.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.