Hi there,
I'm trying to obtain the correct persistent keychain reference, but need some help. The following code crashes, but I guess this is because the NEVPNProtocolIKEv2 protocol expects something else (although it would seem logical at first to do it like this):
NSData *data = [[NSData alloc] initWithContentsOfURL: ikecertificatepath];
NSDictionary* options = @{ (id)kSecImportExportPassphrase : password };
CFArrayRef rawItems = NULL;
OSStatus status = SecPKCS12Import((__bridge CFDataRef)data, (__bridge CFDictionaryRef)options, &rawItems);
NSArray* items = (NSArray*)CFBridgingRelease(rawItems);
NSDictionary* firstItem = nil;
if ((status == errSecSuccess) && ([items count]>0)) {
firstItem = items[0];
CFTypeRef identity = (SecIdentityRef)CFBridgingRetain(firstItem[(id)kSecImportItemIdentity]);
p.identityReference = (__bridge NSData * _Nullable)(identity); <= NSCFType copyWithZone crash here
As macOS SecPKCS12Import adds the identity to the keychain, I tried reading it back like this and assign it to the protocol, is that how it is supposed to work?
NSMutableDictionary* query = [@{(__bridge id)kSecClass:(__bridge id)kSecClassIdentity,(__bridge id)kSecImportItemIdentity : (__bridge id)identity,} mutableCopy];
query[(__bridge id)kSecReturnPersistentRef] = @YES;
__block OSStatus status;
CFTypeRef results = nil;
status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &results);
if (results != nil) {
p.identityReference = (__bridge NSData * _Nullable)(results);
NSLog(@"New P12 reference");
} else {
NSLog(@"Unable to create P12 reference");
}
Any pointers in the right direction are welcome!