问题
I have a query designed to search for an identity in my keychain so I can delete it from within my swift application. I need to be able to match it by the issuer so I'm making use of the kSecMatchIssuers key in the search query. The apple developer portal states this for matching with kSecMatchIssuers:
The corresponding value is of type CFArray, where the array consists of X.500 names of type CFData. If provided, returned certificates or identities are limited to those whose certificate chain contains one of the issuers provided in this list.
I believe I am following these guidelines, but am still failing to match the identity, even when I reduce the x.500 name to its barebones at "o=myOrg".
let x500Name = "o=myOrg"
let nameAsData = x500Name.data(using: .utf8)! as CFData
let query: [String: Any] = [kSecClass as String: kSecClassIdentity,
kSecMatchCaseInsensitive as String: true,
kSecMatchLimit as String: kSecMatchLimitAll,
kSecMatchIssuers as String: [nameAsData] as CFArray]
When putting the query into SecItemCopyMatching as a CFDictionary, the return value is a code stating no matching values found. Simply removing the kSecMatchIssuers ensures everything runs and it finds all identities in my keychain. I'm at a bit of a loss as to what I'm passing in incorrectly here, as the keychain definitely contains identities with "o=myOrg".
Any help is appreciated.
回答1:
ASN.1 DER Encoded
The issuer names must be provided in ASN.1 DER encoded format.
Be aware that kSecMatchIssuers is only works since macOS 10.13.
来源:https://stackoverflow.com/questions/51386434/swift-4-ksecmatchissuers-keychain-search-query-failing-to-match-x-509-certifica