I have a .p12 file which contains two certificates, but no identities. When attempting to use SecPKCS12Import against it it returns a success code, but the CFArray is empty:
func testParsingCert() throws {
let bundle = Bundle(for: Self.self)
let certificateURL = bundle.url(forResource: TestConstants.SERVER_CERTIFICATE_NAME, withExtension: TestConstants.CERTIFICATE_FILE_EXTENSION)!
let certificateData = try! Data(contentsOf: certificateURL)
var importResult: CFArray? = nil
let err = SecPKCS12Import(
certificateData as NSData,
[kSecImportExportPassphrase as String: TestConstants.DEFAULT_CERT_PASSWORD] as NSDictionary,
&importResult
)
guard err == errSecSuccess else {
throw NSError(domain: NSOSStatusErrorDomain, code: Int(err), userInfo: nil)
}
let identityDictionaries = importResult as! [[String:Any]]
var chain: CFArray
chain = identityDictionaries[0][kSecImportItemCertChain as String] as! CFArray
print(chain)
}
Above code fails with
Test Case '-[TAKTrackerTests.CertificateSigningRequestTests testParsingCert]' started.
Swift/ContiguousArrayBuffer.swift:600: Fatal error: Index out of range
as the identityDictionaries result contains no results (nor does importResult)
The specific use case for this is that users can do Certificate Enrollment against a server with a self-signed certificate, so they need to be able to upload the trust store prior to connecting for identities.