Swift 4:kSecMatchIssuers钥匙串搜索查询未能匹配X.509证书 [英] Swift 4: kSecMatchIssuers keychain search query failing to match X.509 certificate

问题描述

我有一个查询设计用来在钥匙串中搜索身份，因此可以从我的快捷应用程序中将其删除.我需要能够由发布者匹配它，因此我在搜索查询中使用了kSecMatchIssuers键.苹果开发人员门户网站声明了与kSecMatchIssuers匹配的条件:

I have a query designed to search for an identity in my keychain so I can delete it from within my swift application. I need to be able to match it by the issuer so I'm making use of the kSecMatchIssuers key in the search query. The apple developer portal states this for matching with kSecMatchIssuers:

对应的值为CFArray类型，其中该数组由CFData类型的X.500名称组成.如果提供的话，返回的证书或身份仅限于其证书链包含此列表中提供的颁发者之一的那些人.

The corresponding value is of type CFArray, where the array consists of X.500 names of type CFData. If provided, returned certificates or identities are limited to those whose certificate chain contains one of the issuers provided in this list.

我相信我正在遵循这些准则，但是即使我将x.500名称简化为"o = myOrg"的准系统，我仍然无法匹配该身份.

I believe I am following these guidelines, but am still failing to match the identity, even when I reduce the x.500 name to its barebones at "o=myOrg".

 let x500Name = "o=myOrg"

 let nameAsData = x500Name.data(using: .utf8)! as CFData


 let query: [String: Any] = [kSecClass as String: kSecClassIdentity,
                                 kSecMatchCaseInsensitive as String: true,
                                 kSecMatchLimit as String: kSecMatchLimitAll,
                                 kSecMatchIssuers as String: [nameAsData] as CFArray]

将查询作为CFDictionary放入SecItemCopyMatching时，返回值是一个代码，指出未找到匹配的值.只需删除kSecMatchIssuers即可确保一切正常运行，并且可以在我的钥匙串中找到所有身份.我对这里输入的错误不知所措，因为钥匙串中肯定包含带有"o = myOrg"的身份.

When putting the query into SecItemCopyMatching as a CFDictionary, the return value is a code stating no matching values found. Simply removing the kSecMatchIssuers ensures everything runs and it finds all identities in my keychain. I'm at a bit of a loss as to what I'm passing in incorrectly here, as the keychain definitely contains identities with "o=myOrg".

感谢您的帮助.

推荐答案

ASN.1 DER编码

发行人名称必须以 ASN.1 DER 编码格式提供.

请注意，kSecMatchIssuers仅从macOS 10.13开始有效.

Be aware that kSecMatchIssuers is only works since macOS 10.13.

这篇关于Swift 4:kSecMatchIssuers钥匙串搜索查询未能匹配X.509证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！