Hi,
I am building VPN client with Packet Tunnel Provider for macOS. The VPN profile configured by Apple Configurator 2 uses certificate p12 file as user authentication for connection, the profile installed on my Mac as well as the certificate was imported to keychain.
The VPN extension is called once I try to connect the vpn, but I am not able to retrieve the private key with persistent reference of my VPN keychain item which comes within NETunnelProviderProtocol object. Below are things I did.
1. Generate p12 file with certificate and RSA private key.
openssl pkcs12 -export -out client.p12 -inkey privateKey.key -in certificate.crt -certfile CACert.crt
2. Try to retrieve the private key with persistent reference in NETunnelProviderProtocol object in Packet Tunnel Provider extension.
SecIdentityRef identity_ref = NULL;
const void *keys[] = { kSecClass, kSecReturnRef, kSecValuePersistentRef };
const void *values[] = { kSecClassIdentity, kCFBooleanTrue, persistent_ref };
CFDictionaryRef dict = CFDictionaryCreate(NULL, keys, values, 3, NULL, NULL);
if ( SecItemCopyMatching(dict, &identity_ref) == errSecSuccess)
{
SecItemImportExportKeyParameters params = {};
params.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
params.flags = kSecKeySecurePassphrase;
params.passphrase = CFStringCreateWithCString(kCFAllocatorDefault, "", kCFStringEncodingASCII);
status = SecItemExport(identity, kSecFormatPKCS12,0, ¶ms, &exportResult);// error, not able to get the private key
}
Addictionly I try to use SecItemCopyMatching to retrieve the private key, I can get just only 96 bytes back, obviously, it is not correct.
There should be something wrong with my code, please give me help.
Thanks!
