This function takes as an argument Base64 encoded PKCS#12 certificate string which is then decoded and passed to SecPKCS12Import function. After update to iOS 11 the SecPKCS12Import, yields different results. The securityError returns 0 on both OS versions.
let securityError: OSStatus = SecPKCS12Import(decodedData!, options, &items)
Returns list of 0 items. Whereas on iOS 10 I get 1 item in the array.
func certificateFromCertificate(certP12: String, psswd: String) -> SecCertificate {
    let decodedData = NSData(base64Encoded: certP12, options:NSData.Base64DecodingOptions(rawValue: 0))
    let keytmp : NSString = kSecImportExportPassphrase as NSString
    let options : NSDictionary = [keytmp : psswd]
    var certificateRef: SecCertificate? = nil
    var items : CFArray?
    let securityError: OSStatus = SecPKCS12Import(decodedData!, options, &items)
    let theArray: CFArray = items!
    if securityError == noErr && CFArrayGetCount(theArray) > 0 {
        let newArray = theArray as [AnyObject] as NSArray
        let dictionary = newArray.object(at: 0)
        let secIdentity = (dictionary as AnyObject)[kSecImportItemIdentity as String] as! SecIdentity
        let securityError = SecIdentityCopyCertificate(secIdentity , &certificateRef)
        if securityError != noErr {
            certificateRef = nil
        }
    }
    certificate = certificateRef
    return certificateRef!
}
The is a post on Apple Developer forum saying that SecPKCS12Import implemented automatic conversion from Base64. This would mean I should decode plain certificate prior passing it to the function. Can this be the issue?
I have submitted post to Apple Forum and also Technical Support incident.
Development environment:
Programming language: Swift 3
Debug device: Apple iPad mini Retina Wi-Fi 32GB ME280SL/A
Development device: iMAC mini Xcode version 9.0 9A235
Using Xcode Version 9.0.1 (9A1004) and Apple Swift version 4.0 (swiftlang-900.0.65.2 clang-900.0.37), I am able to get normal results from your function. Also works with Swift language set to 3.2.
In the post you referenced, @eskimo said (bolding mine):
Your options here are:
- File a compatibility bug against iOS 11 beta and hope that it gets fixed before GM
- Change your app to use SecPKCS12Import in the documented way, that is, undo the Base64 decoding
It appears that someone filed a bug, and the problem has been fixed (made to work as originally documented). There is no automatic decoding from Base64. You're right to provide the decoding.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With