we have valid, not expired, trusted wildcard certificate in keychain with both Subject Alternative Names ( 2.5.29.17 ):
DNS Name *.example.com
DNS Name example.com
our query does not match against example.com, it matches only against *.example.com.
let exactHostname = "example.com"
let keychainQuery = [
kSecClass : kSecClassCertificate,
//kSecAttrLabel: exactHostname,//keychain label name, should not be used to query hostname
//kSecAttrSubject: exactHostname, //also does not work
kSecMatchSubjectWholeString: exactHostname,
kSecMatchValidOnDate: kCFNull!,//date, kCFNull - current date
kSecReturnRef: true] as NSDictionary
var item : CFTypeRef?
var identity: SecIdentity?
let status = SecItemCopyMatching(keychainQuery as CFDictionary, &item)
XCTAssert(status == errSecSuccess, "Failed to get certificate: \(status)")
how to query against Subject Alternative Name DNS name ?
We're developing HTTP server which server multiple hostnames, thus we need to presenting certificates according to requested names.
It all should be handled on same listening port(443).
What are options to analyze client's TLS requested ServerName Identifier(SNI) and present certificate accordingly ?
So far we were successful when using single certificate but all this is done when before starting listener.
let parameters = NWParameters(tls: tlsOptions, tcp: tcpOptions )
if let secIdentity = getSecIdentity(), let identity = sec_identity_create(secIdentity) {
sec_protocol_options_set_min_tls_protocol_version(tlsOptions.securityProtocolOptions, .TLSv13)
sec_protocol_options_set_local_identity(tlsOptions.securityProtocolOptions, identity)
sec_protocol_options_append_tls_ciphersuite( tlsOptions.securityProtocolOptions, tls_ciphersuite_t(rawValue: UInt16(TLS_AES_128_GCM_SHA256))! )
}
}
let listener = try NWListener(using: parameters, on: 443)
Post not yet marked as solved
How do we pass launchd socket to NWListener or there is other ways to integrate ?If CFSocket to be deprecated, what are the alternatives for launchd daemons ?
My big project started throwing errors:
Type 'ToggleStyle' has no member 'switch'
Made new test project:
struct ContentView: View {
@State var isOn = false
var body: some View {
Text("Hello, world!")
.padding()
Toggle(isOn: $isOn) {
Text("IPv6")
}
.toggleStyle(.switch)
}
}
struct ContentView_Previews: PreviewProvider {
static var previews: some View {
ContentView()
}
}
Throws the same error:
Type 'ToggleStyle' has no member 'switch'
what's wrong with this code ?
Post not yet marked as solved
As documentation states"Tokens are physical devices that can be built in to the system, located on attached hardware (like a smart card), or accessible through a network connection"We'd like to make token that would acquire TKTokenKeychainContents(certificates) through network(without smart card reader).What's would be the best approach for this ?What should we set for com.apple.ctk.token-type in Info.plist ?The only possible value i found is "smartcard".I have not found any documentation regarding other options.The only extension target that Xcode gives is "Smart Card Token Extension"
Post not yet marked as solved
I aim to create custom Encoder based on Codable API and itend to give a lot of funcionalityfor free by relying on default encode(to: ) implementation and not requiring to create custom implementation.It works as expected for structures, but with class instances which use inheritance i stumbledon behaviour which would encode only superclass keys.Here's the test function i'm testing:func testNestedClassWCodingKeys() {
class L1: Codable {
init() {
L1_A_KEY="AAAA"
L1_B_KEY=222
L1_D_KEY=4.4
}
var L1_A_KEY: String
var L1_B_KEY: Int
var L1_C_KEY: Int = 2
var L1_D_KEY: Float
}
class L2:L1 {
override init() {
L2_A_KEY="L2222"
L2_B_KEY=222333
L2_C_KEY=L3(L3_A_KEY: "L3333", L3_B_KEY: 333)
super.init()
}
required init(from decoder: Decoder) throws {
fatalError("init(from:) has not been implemented")
try super.init(from: decoder)
}
var L2_A_KEY: String
var L2_B_KEY: Int
struct L3: Codable {
var L3_A_KEY: String
var L3_B_KEY: Int
}
var L2_C_KEY: L3
}
let t = L2()
debugPrint(t)
let encoder = TDGBinaryEncoder()
XCTAssertNoThrow( try encoder.encode(t))
}As you see we don't use any custom encode(to:) implementations.The first thing our encoder do when in encode()(line 44) is called is to respect Encodable encode(to: ) implementaion and call it.func encode(_ encodable: Encodable) throws {
//respecting default and custom implementations
debugPrint("request for encoding",encodable)
try encodable.encode(to: self)
}then as expected, default encode(to:) implementation tries to encode super keys for L1.here's the debug output:"line 38: creating keyed container"
"line 74: encoding L1_A_KEY"
"line 74: encoding L1_B_KEY"
"line 74: encoding L1_C_KEY"
"line 74: encoding L1_D_KEY"And then it stops...But we expected default encoding implementation to call nested keyed container on L2Could You please comment why it's not encoding L2 keys ?P.S. We can send whole project for investigation
ElenaS.