Post

Replies

Boosts

Views

Activity

Reply to CryptoTokenKit extension accessing External Accessory
TKSmartCardTokenDriver is not supported on iOS. The Persistent Token Extension is available in Xcode 12.0.1 Your extension Info.plist should be configured with the accessory protocol strings by adding UISupportedExternalAccessoryProtocols. Your extension will only start when a request is made to use your token by an app like Safari. It won't start when attaching an accessory.
Oct ’20
Reply to RSA key for web client authentication
You can now create a Persistent Token extension on iOS 14 and implement the TKTokenDriver, TKToken and TKTokenSession objects you need. You put the extension in your app and it will get loaded even if your app has not launched. Apple's own apps will use your extension bu the UI is clumsy. A WKWebView in your own app will use your token, but not automatically. First, you need to add com.apple.token to your entitlements: <array> <string>com.apple.token</string> </array> You need to have your delegate handle webView(_ webView: WKWebView, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) and when you get challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodClientCertificate you should query for SecIdentities to use: var keychainItems = [[String:AnyObject]]() for tokenID in TKTokenWatcher().tokenIDs {             let query : [String:Any] = [kSecClass as String:kSecClassIdentity,                                         kSecAttrTokenID as String: tokenID,                                         kSecReturnAttributes as String: true,                                         kSecReturnRef as String: true,                                         kSecMatchLimit as String: kSecMatchLimitAll]                          var items : CFTypeRef?             status = SecItemCopyMatching(query as CFDictionary, &items)             if status == errSecSuccess && items != nil {                 statusOKs += 1                 if let found = items as? [[String:AnyObject]] {                     for item in found {                         keychainItems.append(item)                     }                 }             }         } If you have multiple identities, you should display a list for the user to choose from. Finally make a credential:         let cred = URLCredential(identity: identity, certificates: nil, persistence: .forSession) and return it through the callback handler from the call to your web view delegate.
Oct ’20