I have a cocoa project, building a MacOS app. I won't distribute it on Apple store.
我有一个可可项目,构建一个MacOS应用程序。我不会在Apple商店分发它。
What should I use in Swift 3 to install a certificate in the login keychain, to be always trusted, like this command does ?
我应该在Swift 3中使用什么来在登录密钥链中安装证书,总是可信任,就像这个命令一样?
security add-trusted-cert -k ~/Library/Keychains/login.keychain-db ca-cert.cer
I already have my ca-cert.cer and ca-cert.pem created.
我已经创建了ca-cert.cer和ca-cert.pem。
I know about the Authorization API and I saw in Apple documentation this method https://developer.apple.com/documentation/security/1401659-secitemadd and this doc https://developer.apple.com/documentation/security/certificate_key_and_trust_services/certificates/storing_a_certificate_in_the_keychain
我知道授权API,我在Apple文档中看到了这个方法https://developer.apple.com/documentation/security/1401659-secitemadd和这个文档https://developer.apple.com/documentation/security/certificate_key_and_trust_services/证书/ storing_a_certificate_in_the_keychain
First I create a der version of my pem with
首先,我创建了我的pem版本
openssl x509 -outform der -in ~/ca-cert.pem -out ~/ca-cert.der
Then The following code will successfully install certificate in login keychain but won't be trusted.
然后,以下代码将成功在登录密钥链中安装证书,但不会受信任。
do {
let cerData = NSData(contentsOfFile: homeDirURL.path + "/ca-cert.der")
let certificate: SecCertificate? = SecCertificateCreateWithData(nil, cerData as! CFData)
let addquery: [String: Any] = [kSecClass as String: kSecClassCertificate,
kSecValueRef as String: certificate,
kSecAttrLabel as String: "My Certificate"]
let status = SecItemAdd(addquery as CFDictionary, nil)
guard status == errSecSuccess else {
print("error \(status) : " + (SecCopyErrorMessageString(status, nil) as! String))
return
}
}
catch let error as NSError {
print("Ooops! Something went wrong: \(error)")
}
What should I change for it to be always trusted ?
我应该改变什么才能永远被信任?
1 个解决方案
#1
1
In objective c, you need to do the following steps.
在目标c中,您需要执行以下步骤。
//Your certificate have already been installed in login.keychain by using SecItemAdd
//使用SecItemAdd已在login.keychain中安装了您的证书
SecCertificateRef certificate; //use SecCertificateCreateWithData to get it.
NSDictionary *newTrustSettings = @{(id)kSecTrustSettingResult:[NSNumber numberWithInt:kSecTrustSettingsResultTrustRoot]};
SecTrustSettingsSetTrustSettings(certificate, kSecTrustSettingDomainUser, (__bridget CFTypeRef)newTrustSettings));
Note that i type this by hand, so check type errors by yourself.
请注意,我手动输入,因此请自行检查类型错误。
I have tested it by myself, so what you need to do is you change it to swift code.
我自己测试过,所以你需要做的就是把它改成快速的代码。
#1
1
In objective c, you need to do the following steps.
在目标c中,您需要执行以下步骤。
//Your certificate have already been installed in login.keychain by using SecItemAdd
//使用SecItemAdd已在login.keychain中安装了您的证书
SecCertificateRef certificate; //use SecCertificateCreateWithData to get it.
NSDictionary *newTrustSettings = @{(id)kSecTrustSettingResult:[NSNumber numberWithInt:kSecTrustSettingsResultTrustRoot]};
SecTrustSettingsSetTrustSettings(certificate, kSecTrustSettingDomainUser, (__bridget CFTypeRef)newTrustSettings));
Note that i type this by hand, so check type errors by yourself.
请注意,我手动输入,因此请自行检查类型错误。
I have tested it by myself, so what you need to do is you change it to swift code.
我自己测试过,所以你需要做的就是把它改成快速的代码。