Post

Replies

Boosts

Views

Activity

How do you programatically retrieve a list of SecKeychainRef / keychains?
I need to programmatically add an item to a keychain using SecItemAdd. I am told to use kSecUseKeychain to specify which keychain. I also need to programmatically retrieve items from a keychain using SecItemCopyMatching, and I am told I need kSecMatchSearchList to do this. Where I am stuck is I need to be nice to the end user and allow them to choose a keychain using a friendly name. The document https://developer.apple.com/documentation/technotes/tn3137-on-mac-keychains mentions that SecKeychainRef's are needed, but not where they come from. What calls do I need to use to enumerate the keychains on MacOS? Most specifically, what calls do I need to use to programmatically retrieve the following list, containing "login", "iCloud", "System" and "System Roots". I am aware that some functions are deprecated.
5
0
881
Nov ’23
Given a SecKeyRef, how do I return the Key Class Values?
Given a SecKeyRef such as the example below, how do I get the class? "<SecCDSAKeyRef 0x600000d37030: algorithm id: 1, class=1, algorithm=2a, usage=800001ff attrs=39>", The possible values kSecAttrKeyClassPublic, kSecAttrKeyClassPrivate and kSecAttrKeyClassSymmetric are documented below, but the function used to retrieve those values seems missing. https://developer.apple.com/documentation/security/ksecattrkeyclasspublic?language=objc
4
0
562
Oct ’23
Given an X509 certificate not in keychain, how do I detect a corresponding private key in keychain?
I have a DER encoded digital certificate that comes from outside a keychain. I am trying to search the keychain for a matching private key. I am able to parse the DER certificate and show all the values as follows: CFErrorRef error = NULL; CFDataRef data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, cert->der, cert->len, kCFAllocatorNull); SecCertificateRef certref = SecCertificateCreateWithData(kCFAllocatorDefault, data); CFDictionaryRef values = SecCertificateCopyValues(certref, NULL, &error); CFShow(values); I am able to search for keys in the keychain as follows: CFTypeRef keys = NULL; CFIndex count; CFIndex i; CFStringRef dictkeys[] = { kSecClass, kSecMatchLimit, kSecReturnRef, kSecReturnAttributes }; CFTypeRef dictvalues[] = { kSecClassKey, kSecMatchLimitAll, kCFBooleanTrue, kCFBooleanTrue }; CFDictionaryRef query = CFDictionaryCreate( NULL, (const void **) dictkeys, dictvalues, sizeof(dictkeys) / sizeof(dictkeys[0]), &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks ); OSStatus err = SecItemCopyMatching(query, &keys); Where I am stuck is how to join the two together. What value from the certificate should I be extracting to allow a lookup for a link to the private key? What parameter do I pass into SecItemCopyMatching to search for a matching private key?
3
0
723
Oct ’23
SecKeyCopyPublicKey asks to unlock keychain for every key - how do I get it to ask once?
I am trying to read public keys from the keychain APIs in C code, and have got very close. I am however receiving a message asking me to unlock the keychain to access the private key - over and over again, once for each key. How do I extract public keys (not private keys) from the keychain without triggering a terrible user experience? Unlocking the keychain once is fine. CFTypeRef keys = NULL; CFIndex count; CFIndex i; CFStringRef dictkeys[] = { kSecClass, kSecMatchLimit, kSecReturnRef }; CFTypeRef dictvalues[] = { kSecClassKey, kSecMatchLimitAll, kCFBooleanTrue }; CFDictionaryRef query = CFDictionaryCreate( NULL, (const void **) dictkeys, dictvalues, sizeof(dictkeys) / sizeof(dictkeys[0]), &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks ); OSStatus err = SecItemCopyMatching(query, &keys); if (err != errSecSuccess) { [snip] } // we see our keys here no problem CFShow(keys); count = CFArrayGetCount(keys); for (i = 0; i < count; i++) { CFErrorRef err = NULL; SecKeyRef kref = (SecKeyRef) CFArrayGetValueAtIndex(keys, i); // on this line we're asked to unlock the keychain, over and over SecKeyRef pref = SecKeyCopyPublicKey(kref); if (!pref) { continue; } CFDataRef der = SecKeyCopyExternalRepresentation(pref, &err); [snip] } CFRelease(keys);
0
0
375
Oct ’23
How do I add a UI to a Safari Web Extension?
I have a Safari Web Extension that successfully receives a message from a webpage and returns a response. I now want to add a user interface to the Safari Web Extension. How do I do this? I have modified the default template code as follow to add an NSAlert for testing. The modal runs, but no alert ever appears, and the code remains stuck at runModal. What is the correct way to add a UI to a webextension? - (void)beginRequestWithExtensionContext:(NSExtensionContext *)context {     id message = [context.inputItems.firstObject userInfo][SFExtensionMessageKey];     NSLog(@"Received message from browser.runtime.sendNativeMessage: %@", message);     NSAlert* alert = [[NSAlert alloc]init];     [alert setMessageText:message[@"request"]];     [alert setInformativeText:@"Hello"];     [alert runModal];     NSExtensionItem *response = [[NSExtensionItem alloc] init];     response.userInfo = @{ SFExtensionMessageKey: @{ @"id": message[@"id"], @"uuid": message[@"uuid"], @"contentType": message[@"contentType"], @"response": message[@"request"] } };     [context completeRequestReturningItems:@[ response ] completionHandler:nil]; } @end
2
0
1k
Sep ’21
Safari Web Extension: How do I avoid "this extension can read and alter web pages"?
I have a web extension that I want to send data to, and receive a response containing modified data. My understanding is that the native app is only contactable by a background script. How does a webpage contact the background script? One answer is by adding a content script, which is able to communicate with the background script using browser.native.sendMessage(). Unfortunately this triggers a warning that "this extension can read and alter web pages". I do not want to read and alter web pages, nor do I want users to be concerned about a permission the app doesn't need. I just want to receive data, and then return a response. What API should I be using to achieve this?
0
0
616
Aug ’21
Safari Extensions for iOS - where is it?
According to https://developer.apple.com/safari/extensions/ I can "Enhance and customize the web browsing experience on Mac, iPhone, and iPad with Safari Extensions". Sounds great so far. I am looking for information on how I can can create a Safari Extension on iOS, and I have come up blank. All the docs make no mention of iOS, just MacOS. The sample code at https://developer.apple.com/documentation/safariservices/safari_web_extensions/messaging_a_web_extension_s_native_app?language=objc is for MacOS only. Xcode project templates list "Safari Extension App", but only under MacOS. I'm lost, are WebExtentions / Safari Extensions supported on iOS, and if so, how? There are apps in the iPhone App Store that claim to integrate with Safari. What technology are they using?
0
0
700
Mar ’21
lldb fails to launch process: "Not allowed to attach to process"
Xcode 12.4 on Big Sur, a very basic attempt to launch and debug a process. Little-Net:host-osx minfrin$ lldb ./tmp_firefox/Library/Google/Chrome/NativeMessagingHosts/chrome-token-signing.app/Contents/MacOS/chrome-token-signing (lldb) target create "./tmp_firefox/Library/Google/Chrome/NativeMessagingHosts/chrome-token-signing.app/Contents/MacOS/chrome-token-signing" Current executable set to '/Users/minfrin/src/redwax/open-eid/chrome-token-signing-trunk/host-osx/tmp_firefox/Library/Google/Chrome/NativeMessagingHosts/chrome-token-signing.app/Contents/MacOS/chrome-token-signing' (x86_64). (lldb) process launch -i cert.native  error: process exited with status -1 (attach failed (Not allowed to attach to process.  Look in the console messages (Console.app), near the debugserver entries when the attached failed.  The subsystem that denied the attach permission will likely have logged an informative message about why it was denied.)) Why would lldb, running as my local user, be unable to launch a process also running as my local user? Is there any way to convince lldb to log error messages instead of referring me to the console, which contains a continuous stream of noise?
6
0
8.6k
Mar ’21
Xcode User Interface Builder "Add Missing Constraints" adds random constraints
Is the "Add Missing Constraints" function in the Xcode User Interface Builder known to work properly, or should this functionality be avoided? Conceptually, constraints make perfect sense. Each element is declared as having a behaviour relative to other elements, allowing the layout to be calculated automatically. In my case I have a number of elements, and each element needs to be rendered below the previous one. So far makes sense. In practice, adding constraints is very hit and miss. No matter how carefully I add the constraints by hand, I get warnings "height is ambiguous" or "vertical position is ambiguous", but none of these messages are ever specific enough to explain what's actually wrong. Eventually you select the "Add Missing Constraints" option, and at this point chaos is unleashed. Constraints are added between elements that have no obvious relation to one another. The third element down immediately gains a constraint relative to the top of the window, for no obvious reason. Constraints suddenly have constants added, none of which make any sense. Elements are now off the screen, with no obvious explanation. At this point the constraints are wrecked, and the UI has to be redeveloped from scratch. My question is this: Is there a specific technique that should be used to handle constraints when building a UI? Is there a special order things should be done in? Should the UI be avoided and all constraints be declared programmatically? The user interface is supposed to be the Mac's core strength. I can't see how any user interface gets developed with tools this unfinished. Can anyone shed any light of how to approach practical UI design on the Mac?
4
0
1.1k
Feb ’21