How do I register my own root CA in Swift?
How do I add my own Root Certification Authority (CA) file to the Root CA list in the Swift list?
I'm trying to convert the Objective-C code below to Swift, but I don't know how to properly write a dictionary for this scenario.
Swift:
let rootCertPath = NSBundle.mainBundle().pathForResource("server", ofType: "crt")!
let rootCertData = NSData(contentsOfFile: rootCertPath)
let rootCert = SecCertificateCreateWithData(kCFAllocatorDefault, rootCertData)
// Error: '_' is not convertible to 'CFStringRef'
let dict =
[
kSecClass: kSecClassCertificate,
kSecValueRef: rootCert
] as CFDictionaryRef
error = SecItemAdd(dict, result)
Objective-C:
NSString *rootCertPath = [[NSBundle mainBundle] pathForResource:@"server" ofType:@"crt"];
NSData *rootCertData = [NSData dataWithContentsOfFile:rootCertPath];
OSStatus err = noErr;
SecCertificateRef rootCert = SecCertificateCreateWithData(kCFAllocatorDefault, (CFDataRef) rootCertData);
CFTypeRef result;
NSDictionary* dict = [NSDictionary dictionaryWithObjectsAndKeys:
(id)kSecClassCertificate, kSecClass,
rootCert, kSecValueRef,
nil];
err = SecItemAdd((CFDictionaryRef)dict, &result);
if( err == noErr) {
NSLog(@"Install root certificate success");
} else if( err == errSecDuplicateItem ) {
NSLog(@"duplicate root certificate entry");
} else {
NSLog(@"install root certificate failure");
}
+3
source to share
1 answer
I found a solution that works, but I'm not entirely sure if this is the correct method. Please correct me if I am wrong.
I first needed to convert the certificate from * .crt to * .der because it kept generating nel SecCertificate.
openssl x509 -in server.crt -out server.der -outform DER
My code:
func installRootCertificate() -> Bool
{
var result: UnsafeMutablePointer<Unmanaged<AnyObject>?> = nil
var error = noErr
let rootCertPath = NSBundle.mainBundle().pathForResource("server", ofType: "der")!
let rootCertData = NSData(contentsOfFile: rootCertPath)!
let rootCert = SecCertificateCreateWithData(kCFAllocatorDefault, rootCertData)
let kSecClassValue = NSString(format: kSecClass)
let kSecClassCertificateValue = NSString(format: kSecClassCertificate)
let kSecValueRefValue = NSString(format: kSecValueRef)
let dict =
[
kSecClassValue: kSecClassCertificateValue,
kSecValueRefValue: rootCert.takeRetainedValue()
] as CFDictionaryRef
error = SecItemAdd(dict, result)
if(error == noErr)
{
println("Installed root certificate successfully");
return true
}
else if(error == errSecDuplicateItem)
{
println("Duplicate root certificate entry");
}
else
{
println("Install root certificate failure")
}
return false
}
+1
source to share