Related to this topic, our Sub Rosa product performs certificate based TLS authentication using a smart card. We use UIWebView and an NSURLProtocol subclass to implement our own HTTPS and TLS layers.
Our use case is this: we need to be able to deliver a certificate to WKWebView AND be able to provide the crypt result for the TLS Certificate Verify signature.
If we could implement a SecKey where our code handles the signature for TLS that would be a solution. I don't believe CryptoTokenKit is available on iOS even though the documentation says it is.
If we could use WKURLSchemeHandler that would be a solution, but WKURLSchemeHandler does not support redirection, and our app would need to re-write URL schemes and that may lead to security problems.
If we could create/extend a URLCredential that would contain the certificates and TLS signature similar to init(identity: SecIdentity, certificates: [Any]?, persistence: URLCredential.Persistence) that would be a solution (and one that we would prefer).
Post
Replies
Boosts
Views
Activity
The feedback assistant number for my issue is FB7760918 There is no adequate replacement for UIWebView and NSURLProtocol for custom TLS certificate authentication.
Got this working. Just had incorrect bundle IDs.
On MacOS, my extension is loaded and I am asked to make a TKSmartCardTokenDriver but the TKSmartCardSlot is created for me.
Do I need to create a TKSmartCardSlot object? If so, I don't see a way to do that.
Xcode 12.0.1 has a Persistent Token Extension template. Note that extensions are limited in size. The exact size varies but is 5-6Mb Be careful about the frameworks and libraries in your extension. If your extension is too big, an error will be logged.
There is enough logging in iOS to show when your extension loads and unloads. Your extension can't be too large or it will not load - and that is logged too.