How do I register my own root CA in Swift?

Question

How do I register my own root CA in Swift?

How do I add my own Root Certification Authority (CA) file to the Root CA list in the Swift list?

I'm trying to convert the Objective-C code below to Swift, but I don't know how to properly write a dictionary for this scenario.

Swift:

let rootCertPath = NSBundle.mainBundle().pathForResource("server", ofType: "crt")!
let rootCertData = NSData(contentsOfFile: rootCertPath)
let rootCert     = SecCertificateCreateWithData(kCFAllocatorDefault, rootCertData)

// Error: '_' is not convertible to 'CFStringRef'
let dict =
[
    kSecClass:    kSecClassCertificate,
    kSecValueRef: rootCert
] as CFDictionaryRef

error = SecItemAdd(dict, result)

Objective-C:

NSString *rootCertPath = [[NSBundle mainBundle] pathForResource:@"server" ofType:@"crt"];
NSData *rootCertData = [NSData dataWithContentsOfFile:rootCertPath];

OSStatus err = noErr;
SecCertificateRef rootCert = SecCertificateCreateWithData(kCFAllocatorDefault, (CFDataRef) rootCertData);

CFTypeRef result;

NSDictionary* dict = [NSDictionary dictionaryWithObjectsAndKeys:
(id)kSecClassCertificate, kSecClass,
rootCert, kSecValueRef,
nil];

err = SecItemAdd((CFDictionaryRef)dict, &result);

if( err == noErr) {
    NSLog(@"Install root certificate success");
} else if( err == errSecDuplicateItem ) {
    NSLog(@"duplicate root certificate entry");
} else {
    NSLog(@"install root certificate failure");
}

Source: iOS - Install SSL Certificate Programmatically

+3

ios objective-c certificate swift

Christopher markieta May 19 '15 at 22:35

source to share

1 answer

Christopher markieta · Accepted Answer · 2015-05-21T03:10:23+0000

I found a solution that works, but I'm not entirely sure if this is the correct method. Please correct me if I am wrong.

I first needed to convert the certificate from * .crt to * .der because it kept generating nel SecCertificate.

openssl x509 -in server.crt -out server.der -outform DER

My code:

func installRootCertificate() -> Bool
{
    var result: UnsafeMutablePointer<Unmanaged<AnyObject>?> = nil
    var error = noErr

    let rootCertPath = NSBundle.mainBundle().pathForResource("server", ofType: "der")!
    let rootCertData = NSData(contentsOfFile: rootCertPath)!
    let rootCert     = SecCertificateCreateWithData(kCFAllocatorDefault, rootCertData)

    let kSecClassValue            = NSString(format: kSecClass)
    let kSecClassCertificateValue = NSString(format: kSecClassCertificate)
    let kSecValueRefValue         = NSString(format: kSecValueRef)

    let dict =
    [
        kSecClassValue:    kSecClassCertificateValue,
        kSecValueRefValue: rootCert.takeRetainedValue()
    ] as CFDictionaryRef

    error = SecItemAdd(dict, result)

    if(error == noErr)
    {
        println("Installed root certificate successfully");

        return true
    }
    else if(error == errSecDuplicateItem)
    {
        println("Duplicate root certificate entry");
    }
    else
    {
        println("Install root certificate failure")
    }

    return false
}

How do I register my own root CA in Swift?

More articles: