I've been following the documentation in "Storing a Certificate in the Keychain" and I ran into an issue when calling SecItemUpdate, not SecItemAdd.
So, for the add, I create the query as follows and it succeeeds:
NSMutableDictionary *query = [NSMutableDictionary dictionaryWithDictionary:@{
(__bridge NSString *)kSecClass : self.type,
(__bridge NSString *)kSecAttrLabel : self.identifier,
(__bridge NSString *)kSecAttrAccessible : self.accessibilityFlag,
(__bridge NSString *)kSecValueRef : (__bridge id)certificate
}];
#if !(TARGET_IPHONE_SIMULATOR)
if (self.accessGroup) {
query[(__bridge NSString *)kSecAttrAccessGroup] = self.accessGroup;
}
#endif
However, when I create the update query, it fails (-25303) when I use kSecValueRef:
NSMutableDictionary *query = [NSMutableDictionary dictionaryWithDictionary:@{
(__bridge NSString *)kSecClass : self.type,
(__bridge NSString *)kSecAttrLabel : self.identifier,
(__bridge NSString *)kSecAttrAccessible : self.accessibilityFlag
}];
#if !(TARGET_IPHONE_SIMULATOR)
if (self.accessGroup) {
query[(__bridge NSString *)kSecAttrAccessGroup] = self.accessGroup;
}
#endif
NSDictionary *changes = @{(__bridge NSString *)kSecValueRef : (__bridge id)certificate};
I can get the update operation to succeed if I change the update to be kSecValueData instead:
NSDictionary *changes = @{(__bridge NSString *)kSecValueData : (__bridge_transfer NSData *)SecCertificateCopyData(certificate)};
Is this the correct way of updating the certificate in the keychain? I ask since I would like to avoid the data conversion operation.