Objective-C / C pulling private key (modulus) from SecKeyRef

Question

I need a clean way to pull out my servers public key and compare it to local data in order to defend against expiring / renewed keys in the future, but I can\'t seem to get

Answer 1

I solved this by having a copy of the .der locally and pinning just it's public key.

-(BOOL)trustCertFromChallenge:(NSURLAuthenticationChallenge *)challenge
{
    SecTrustResultType trustResult;
    SecTrustRef trust = challenge.protectionSpace.serverTrust;
    OSStatus status = SecTrustEvaluate(trust, &trustResult);

    //DLog(@"Failed: %@",error.localizedDescription);
    //DLog(@"Status: %li | Trust: %@ - %li",(long)status,trust,(long)trustResult);

    if (status == 0 && (trustResult == kSecTrustResultUnspecified || trustResult == kSecTrustResultProceed)) {

        SecKeyRef serverKey = SecTrustCopyPublicKey(trust);

        NSString *certPath = [[NSBundle mainBundle] pathForResource:@"MYCert" ofType:@"der"];
        NSData *certData = [NSData dataWithContentsOfFile:certPath];
        SecCertificateRef localCertificate = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);

        SecKeyRef localKey = NULL;
        SecTrustRef localTrust = NULL;
        SecCertificateRef certRefs[1] = {localCertificate};
        CFArrayRef certArray = CFArrayCreate(kCFAllocatorDefault, (void *)certRefs, 1, NULL);
        SecPolicyRef policy = SecPolicyCreateBasicX509();
        OSStatus status = SecTrustCreateWithCertificates(certArray, policy, &localTrust);

        if (status == errSecSuccess)
            localKey = SecTrustCopyPublicKey(localTrust);

        CFRelease(localTrust);
        CFRelease(policy);
        CFRelease(certArray);

         if (serverKey != NULL && localKey != NULL && [(__bridge id)serverKey isEqual:(__bridge id)localKey])
            return YES;
        else
            return NO;
    }

    //DLog(@"Failed: %@",error.localizedDescription);

    return NO;
}