keychain-developers Mailing List for Keychain Framework
Status: Abandoned
Brought to you by:
wadetregaskis
Menu
▾
▴
keychain-developers — Discussion for developers using the Keychain framework
You can subscribe to this list here.
| 2004 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(2) |
Sep
|
Oct
(2) |
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2005 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(1) |
Nov
(1) |
Dec
|
| 2006 |
Jan
|
Feb
|
Mar
(2) |
Apr
|
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(5) |
Oct
|
Nov
|
Dec
|
|
From: Etienne S. <sam...@gm...> - 2007-09-27 04:50:01
|
Le 26 sept. 07 =C3=A0 20:04, Wade Tregaskis a =C3=A9crit : >> Thanks for the quick fix on AccessControlList's ;-). Now that I >> updated to lastest CVS, I wanted to know if there is a special >> reason you're creating unit tests as executables instead of using >> the integrated SenTestingKit ? IMHO SenTestingKit is much more >> flexible, as the test are run each time you build. > > Well, I think when I first started writing them we didn't have unit > testing support in Xcode (or it could have been Project Builder, even, > back then). So, that was a pretty good reason at the time. :) > > Now, well, yeah, I probably should upgrade at least some of them. But > they can take a while to run, which is why I'm hesitant to run them > for every build. Generating keys and whatnot in particular is > expensive in terms of time... > >> Also, any plans on upgrading to subversion ;-) ? > > I'd really like to, 'cause I'm certainly no fan of cvs, but it means > either being lazy and losing all the existing revision info, or > playing with some scripts to carry that over and praying they work. > Again, one of those "should do" things that I haven't gotten around to > yet. :) Actually, I can handle this if you want ;-). I did it already for =20 some projects of mine, and I've turned quite proficient at writing =20 custom cvs2svn option files ;-). I just need access to both cvs and =20 subversion repositories. Then I'll take a look at the unit tests... BTW, what about some cleanup in the repository ? I like mine like this : build <- Xcode build folder, ignored *.xcodeproj Sources <- All the *.[hmc] files of the project Resources <- *.nibs, *.strings prefix_header.h Etienne Samson |
|
From: Wade T. <wad...@ma...> - 2007-09-26 18:04:41
|
> Thanks for the quick fix on AccessControlList's ;-). Now that I > updated to lastest CVS, I wanted to know if there is a special > reason you're creating unit tests as executables instead of using > the integrated SenTestingKit ? IMHO SenTestingKit is much more > flexible, as the test are run each time you build. Well, I think when I first started writing them we didn't have unit testing support in Xcode (or it could have been Project Builder, even, back then). So, that was a pretty good reason at the time. :) Now, well, yeah, I probably should upgrade at least some of them. But they can take a while to run, which is why I'm hesitant to run them for every build. Generating keys and whatnot in particular is expensive in terms of time... > Also, any plans on upgrading to subversion ;-) ? I'd really like to, 'cause I'm certainly no fan of cvs, but it means either being lazy and losing all the existing revision info, or playing with some scripts to carry that over and praying they work. Again, one of those "should do" things that I haven't gotten around to yet. :) Wade |
|
From: Etienne S. <sam...@gm...> - 2007-09-26 07:23:07
|
Hi list ! Thanks for the quick fix on AccessControlList's ;-). Now that I updated to lastest CVS, I wanted to know if there is a special reason you're creating unit tests as executables instead of using the integrated SenTestingKit ? IMHO SenTestingKit is much more flexible, as the test are run each time you build. Also, any plans on upgrading to subversion ;-) ? Again, a big heartful thank for the quick fix on my issue ! Etienne Samson |
|
From: Wade T. <wad...@ma...> - 2007-09-21 07:35:22
|
Just wanted to make a note that I have been poking at this (I emailed Etienne off-list earlier so he'd know I wasn't ignoring him), but haven't come up with anything yet. I've been fighting small fires in various areas, so I haven't been devoted to this, but I'm writing some unit tests as we speak to poke this area. (some of those aforementioned fires including getting searching working across the board, which is 99% of the way there and includes the ability to supply predicates for searching now - yay!) Etienne, do you have a standalone sample app I could test - that way I could debug the problem directly, without having to write the unit tests for it first, and get it resolved for you sooner? Wade |
|
From: Etienne S. <sam...@gm...> - 2007-09-18 06:03:46
|
Hi !
First, thanks for the review of my bug reports, (even if I turned
blind regarding the returned KeychainItems ;-)), I've updated my
source to lastest CVS, and added my modification to AccessControlList
(so I really get TrustedApplication back)...
So onto my problem :
I have a PreferencePane, and a Helper tool. I can set the account/
password from the PreferencePane, but as the KeychainItem is created
by SystemPreferences.app, my helper app triggers the 'give access to
keychain item', which I obviously don't want to happen... IMHO the
Keychain framework API has some shortcomings here, because I thought
I could add my Helper app to the list of allowed app easily, but
that's not easy, due to the way Security.framework is layed out.
Maybe we can have a [KeychainItem addTrustedApplication:
(TrustedApplication*) forAuthorization:(CSSM_ACL_AUTHORIZATION_TAG)
tag], or even hide away TrustedApps with NSStrings*...
Right now there is no easy way of doing this, because there is no
wrapper for SecACLGet/SetAuthorizations. If we can agree on an API
for this, I'll try to provide a patch or code, for addition to the
source.
I thus was forced to resort to a quick trip in C to make that work,
but this code crash ;-). If you can provide me with insight on this,
it will greatly help me, maybe I'm doing something wrong...
Here is what I'm currently doing :
mItem is initialized by getting an item from the keychain, and if
nonexistent, creating it...
// This is code to add our helper to the list of allowed
applications
Access *access = [mItem access];
NSArray *decryptACLs = [access accessControlListsForDecrypting];
CSSM_ACL_AUTHORIZATION_TAG tags[20];
uint32 tagCount;
NSString *helperPath = [[self bundle]
pathForResource:@"HelperTool"
ofType:@"app"];
TrustedApplication *app = [TrustedApplication
trustedApplicationWithPath:helperPath];
NSEnumerator *aclEnum = [decryptACLs objectEnumerator];
AccessControlList *ACL;
while ((ACL = [aclEnum nextObject]) != nil) {
OSStatus err;
AccessControlList *newACL;
err = SecACLGetAuthorizations ([ACL ACLRef], tags, &tagCount);
if (err != noErr) {
NSLog(@"Error Getting: %d", err);
return;
}
/* I'm forced to retrive information BEFORE deleting the item,
because this information becomes invalid,
and thus the -accessControlListNamed:... below fails */
NSArray *currentApps = [ACL applications];
NSString *currentName = [ACL name];
BOOL currentPass = [ACL requiresPassphrase];
[ACL deleteAccessControlList];
NSMutableArray *appArray = [NSMutableArray
arrayWithArray:currentApps];
[appArray addObject:app];
newACL = [AccessControlList accessControlListNamed:currentName
fromAccess:access
forApplications:appArray
requiringPassphrase:currentPass];
err = SecACLSetAuthorizations ([newACL ACLRef], tags,
tagCount);
if (err != noErr) {
NSLog(@"Error Setting: %d", err);
return;
}
}
/* Here is my crash, gdb stack trace below */
[mItem setAccess:access];
Here is the stack trace :
#0 0xffff0ee6 in ___memcpy at cpu_capabilities.h:228
#1 0x9127eac8 in Security::CssmOwnedData::copy<void>
#2 0x9127eb3e in Security::CssmOwnedData::copy
#3 0x91281fdf in
Security::CssmAutoData::CssmAutoData<Security::CssmData>
#4 0x9117b4fd in Security::ListElement::ListElement
#5 0x911c9c5a in Security::KeychainCore::TrustedApplication::makeSubject
#6 0x911d379c in Security::KeychainCore::ACL::makeSubject
#7 0x911d3982 in Security::KeychainCore::ACL::setAccess
#8 0x911d1ce1 in Security::KeychainCore::Access::editAccess
#9 0x911d1dba in Security::KeychainCore::Access::setAccess
#10 0x911c0e7d in SecKeychainItemSetAccess
#11 0x0e6cca12 in -[KeychainItem setAccess:] at KeychainItem.m:1015
Thanks for making such a great framework ! It makes it really easy to
use Keychains with it ;-)
Etienne Samson
|
|
From: Wade T. <wjt...@st...> - 2006-05-20 16:46:08
|
Just a note, the head of tree in CVS now builds! I'd prefer people move to that now than the older packaged releases. It's not mature yet, of course, but it's probably as good as any, and in any case is where I'll be fixing bugs, so it's your only chance for improvement. ;) Wade Tregaskis (AIM, Yahoo & Skype: wadetregaskis, ICQ: 40056898, MSN: wjt...@st..., Jabber: wad...@ja...) -- Sed quis custodiet ipsos custodes? |
|
From: Wade T. <wjt...@st...> - 2006-05-14 15:45:15
|
> Since the tarball for the Keychain Framework is 1) corrupted Wooah, hold up. Which one is this? None of the tarballs should be corrupt. > and 2) a > source distribution, I need to build the Framework. However, I'm not > an apple developer, and have never used Xcode, so what's obvious to > most of you probably isn't to me. So - is there a document somewhere > that tells how to build this Framework? What versions of what tools, > and what other things I'll need that aren't provided by apple? For > instance, after figuring out that I needed a new version of XCode, > clicking Build tells me that it can't find CompilerIndependence.h. The version in CVS doesn't currently build, sorry about that; I'm rewriting a bit of it. It's taking forever, as these things do... this is only a hobby of course, and I don't have much time for work let alone play these days (seems to be the story of my life :) ). I could bundle up a binary or tarball of the current (offline) source, but I can't vouch for it's functionality at this point. You're probably best off looking at the last packaged release. It shouldn't be corrupt; I can upload it again if that's the case. Wade Tregaskis (AIM, Yahoo & Skype: wadetregaskis, ICQ: 40056898, MSN: wjt...@st..., Jabber: wad...@ja...) -- Sed quis custodiet ipsos custodes? |
|
From: Mike M. <mwm...@mi...> - 2006-05-11 17:41:19
|
Since the tarball for the Keychain Framework is 1) corrupted and 2) a source distribution, I need to build the Framework. However, I'm not an apple developer, and have never used Xcode, so what's obvious to most of you probably isn't to me. So - is there a document somewhere that tells how to build this Framework? What versions of what tools, and what other things I'll need that aren't provided by apple? For instance, after figuring out that I needed a new version of XCode, clicking Build tells me that it can't find CompilerIndependence.h. Or is there a binary version available for 10.4 somewhere? Or maybe I should blow off the Framework, and simply popen security? Thanks, <mike -- Mike Meyer <mw...@mi...> http://www.mired.org/consulting.html Independent Network/Unix/Perforce consultant, email for more information. |
|
From: Wade T. <wjt...@st...> - 2006-03-17 01:34:56
|
> When opening the pbproj files under Panther, after translation to the > newer format, I get the following error: > > The variable aPlist is not defined. (-2753) > > Haven't tried this with Tiger yet, but will do so next week. Also > having a bit of trouble incorporating the framweork into the other app > projects (Certificate Tester, etc.) The keychain framework itself > fails building with 30 messages of the type: > > cc1obj: error: output filename specified twice > > in Keychain.m, etc. Any advice? Hmm... those are new to me. The version in CVS may not build; I think it's still missing some files. I can provide you with my current offline head as it stands, which I'm pretty sure builds, but it's in the middle of a big rejig, so I can't guarantee most of the functionality. I suspect these issues may be a lack of support for multiple architecture binaries... I presume you're using gcc 3.3... I don't know off hand what the state of things is for that, but, that's what it sounds like. I'm pretty certain you shouldn't see those errors under Tiger. If you do, then get back to me straight away so we can sort it out. Otherwise... try disabling either of Intel or PPC architecture targets, and see if that resolves the duplicate name error. If you send me the full transcript from the build, starting from a clean, I'll take a look at that and see if I can deduce anything further from it. Wade Tregaskis (AIM, Yahoo & Skype: wadetregaskis, ICQ: 40056898, MSN: wjt...@st..., Jabber: wad...@ja...) -- Sed quis custodiet ipsos custodes? |
|
From: Alan S. <Ala...@tt...> - 2006-03-15 17:31:12
|
When opening the pbproj files under Panther, after translation to the newer format, I get the following error: The variable aPlist is not defined. (-2753) Haven't tried this with Tiger yet, but will do so next week. Also having a bit of trouble incorporating the framweork into the other app projects (Certificate Tester, etc.) The keychain framework itself fails building with 30 messages of the type: cc1obj: error: output filename specified twice in Keychain.m, etc. Any advice? |
|
From: Denis M. <dm...@ta...> - 2005-11-23 09:52:17
|
Hi, I've tried to use the Keychain Framework (very well done) to encrypt/=20 decrypt data with RSA algorithm. But I need some help. My keychain =20 currently contains my certificate and my private key To encrypt data : I fetch the current Keychain, Identity, I get the =20 public key and I call the method -encryptedDataUsingKey:mode:padding =3D> no problem But to decrypt the data, I want to fetch the private key associated =20 with the identity. Thus I call privateKey on my Identity. It seems to =20= work but when I call with the private key decryptedDataUsingKey:mode:padding: I've got the following exception : 2005-11-23 10:47:52.682 testapp[15965] Unable to decrypt data because =20= of error #2147551505 - CSP invalid key reference - The CSSM_KEY =20 contains a reference that does not indicate a key in the CSP. Here is the desciption of my key : 2005-11-23 10:47:52.635 testapp[15965] Private Key : Format: Integer =20 (e.g. handle) Blob Format: Wrapped Algorithm: 42 Wrap Algorithm: 0 Class: Private key Logical Size: 2048 Attributes: Permanent, Sensitive, Always sensitive, Extractable Usage: Encrypt, Decrypt, Sign, Verify, Sign Recovery, Verify =20 Recovery, Wrap, Unwrap, Derive, Any Start Date: (null) End Date: (null) Wrap Mode: None Can someone help me ? Thanks -- Denis Muquardt t=E9l. +32498970482 TAKTIK - www.taktik.be Avenue du G=E9n=E9ral De Gaulle, 46 |
|
From: Wade T. <wjt...@st...> - 2005-10-04 07:26:27
|
Hmm... I don't know then. I guess I can only suggest at this point that you try posting on Apple's CDSA mailing list.. it seems to be a bug in their CDSA implementation; I can't see anything Keychain [framework] specific in any of your emails that might cause this sort of problem. Wade Tregaskis (AIM, Yahoo & Skype: wadetregaskis, ICQ: 40056898, MSN: wjt...@st..., Jabber: wad...@ja...) -- Sed quis custodiet ipsos custodes? |
|
From: Jon M. <jo...@ja...> - 2005-09-29 21:45:28
|
27 sep 2005 kl. 10.02 skrev Wade Tregaskis:
>> all looks good after completing step 4) (shows up as a proper
>> identity), but the identity is not usable. The CSP returns
>> "CSSM_SignData returned: 80010846" when for example signing a piece
>> of data.
>>
>
> 80010846 corresponds to CSP invalid data, indicating [most likely]
> the data
> you're trying to sign isn't "doing it" for the given CSP. I
> couldn't really
> say why that is in this case - without knowing exactly which
> version of the
> Keychain framework you're working with, it's hard to diagnose. I
> presume
> the latest packaged release (since the CVS head doesn't work at
> present),
> which hasn't been extensively tested in this regard. I'm presently
> working
> on getting the CVS head back into working order, and getting
> Certificates
> Tester (and friends) to pass all their tests. At that point I'll
> be able to
> say whether it's my fault or something else. 'till then, I would
> presume
> it's a bug in the framework somewhere, although...
I use the latest official from the sourceforge site.
>
>
>> A similar problem occurs when trying to export the identity out of
>> the keychain. If I try another PKCS12 it works fine.
>>
>
> I presume you're using Keychain Access for this?
Yes. Both keychain an my on Sec* code (i.e. using the Apple PKCS#12
code).
>
> So when you say you try another, do you mean you can't export is as
> PKCS10
> but you can as PKCS12, or did you mean you can export other
> (non-Keychain-framework-created) identities as PKCS10/12?
Using my genrated keys, I can create a valid PKCS#10 (certificate
request) and sign it with for example openssl in another computer
(to create a certificate). The certificate import (using Keychain
Access) also works (i.e. matching the certificate to the generated
private key). However I get the failure when using the created
Idenitity.
If I import a exernal PKCS#12 file, (i.e. certificate+key from
Netscape or my own home grown CA) into Keychain it works to sign with
this identity.
>
> I don't know all that much about PKCS-anything, but it may be that
> you're
> trying to export an invalid object for the given format. In any
> case, I
> wouldn't be able to confirm or deny that for you - your best bet
> along those
> lines is Apple's CDSA mailing list.
>
>
>> I needed to change the following in the Certificate Tester in order
>> for it to run with the latest Keychain...
>>
>> Replace this line
>>
>>> uint32 serialNumber = 0x76543210;
>>>
>>
>> with these lines...
>>
>>> const char bytes[] = { 0x33, 0x34, 0x35 };
>>> NSData* serialNumber = [NSData dataWithBytes:bytes length:sizeof
>>>
>> (bytes)];
>>
>
> Yeah, sorry about that - changed the API in the Keychain framework,
> since
> the serial really is just arbitrary data, so the previous API taking a
> uint32_t was unnecessarily restrictive.
>
> Wade Tregaskis (AIM, Yahoo & Skype: wadetregaskis, ICQ: 40056898, MSN:
> wjt...@st..., Jabber: wad...@ja...)
> -- Sed quis custodiet ipsos custodes?
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Power Architecture Resource Center: Free content, downloads,
> discussions,
> and more. http://solutions.newsforge.com/ibmarch.tmpl
> _______________________________________________
> Keychain-developers mailing list
> Key...@li...
> https://lists.sourceforge.net/lists/listinfo/keychain-developers
>
|
|
From: Wade T. <wjt...@st...> - 2005-09-29 06:43:03
|
> all looks good after completing step 4) (shows up as a proper
> identity), but the identity is not usable. The CSP returns
> "CSSM_SignData returned: 80010846" when for example signing a piece
> of data.
80010846 corresponds to CSP invalid data, indicating [most likely] the data
you're trying to sign isn't "doing it" for the given CSP. I couldn't really
say why that is in this case - without knowing exactly which version of the
Keychain framework you're working with, it's hard to diagnose. I presume
the latest packaged release (since the CVS head doesn't work at present),
which hasn't been extensively tested in this regard. I'm presently working
on getting the CVS head back into working order, and getting Certificates
Tester (and friends) to pass all their tests. At that point I'll be able to
say whether it's my fault or something else. 'till then, I would presume
it's a bug in the framework somewhere, although...
> A similar problem occurs when trying to export the identity out of
> the keychain. If I try another PKCS12 it works fine.
I presume you're using Keychain Access for this?
So when you say you try another, do you mean you can't export is as PKCS10
but you can as PKCS12, or did you mean you can export other
(non-Keychain-framework-created) identities as PKCS10/12?
I don't know all that much about PKCS-anything, but it may be that you're
trying to export an invalid object for the given format. In any case, I
wouldn't be able to confirm or deny that for you - your best bet along those
lines is Apple's CDSA mailing list.
> I needed to change the following in the Certificate Tester in order
> for it to run with the latest Keychain...
>
> Replace this line
>> uint32 serialNumber = 0x76543210;
>
> with these lines...
>> const char bytes[] = { 0x33, 0x34, 0x35 };
>> NSData* serialNumber = [NSData dataWithBytes:bytes length:sizeof
> (bytes)];
Yeah, sorry about that - changed the API in the Keychain framework, since
the serial really is just arbitrary data, so the previous API taking a
uint32_t was unnecessarily restrictive.
Wade Tregaskis (AIM, Yahoo & Skype: wadetregaskis, ICQ: 40056898, MSN:
wjt...@st..., Jabber: wad...@ja...)
-- Sed quis custodiet ipsos custodes?
|
|
From: Jon M. <jo...@ja...> - 2005-09-26 18:53:59
|
Hi,
I have been trying to create a keychain identity as follows:
0) Create an new empty keychain named MyToken
1) Generatring a RSA key-pair and adding it to this keychain,
setting pub key hash of private key etc.
2) Creating a PKCS#10 with the public key
3) Signing it with openssl to creata a cert
4) importing the cert into the keychain -> completing the identity
all looks good after completing step 4) (shows up as a proper
identity), but the identity is not usable. The CSP returns
"CSSM_SignData returned: 80010846" when for example signing a piece
of data.
A similar problem occurs when trying to export the identity out of
the keychain. If I try another PKCS12 it works fine.
In my quest to debug this I compiled the latest "Certificate Tester"
and tried to sign or export using the created identity, but it also
fails with the same error.
I needed to change the following in the Certificate Tester in order
for it to run with the latest Keychain...
Replace this line
> uint32 serialNumber = 0x76543210;
with these lines...
> const char bytes[] = { 0x33, 0x34, 0x35 };
> NSData* serialNumber = [NSData dataWithBytes:bytes length:sizeof
(bytes)];
What am I doing wrong?
Cheers
Jon
BTW: Keychain rocks!
|
|
From: Jon M. <jo...@ja...> - 2005-09-25 23:46:53
|
Hi,
I have been trying to create a keychain identity as follows:
0) Create an new empty keychain named MyToken
1) Generatring a RSA key-pair and adding it to this keychain,
setting pub key hash of private key etc.
2) Creating a PKCS#10 with the public key
3) Signing it with openssl to creata a cert
4) importing the cert into the keychain -> completing the identity
all looks good after completing step 4) (shows up as a proper
identity), but the identity is not usable. The CSP returns
"CSSM_SignData returned: 80010846" when for example signing a piece
of data.
A similar problem occurs when trying to export the identity out of
the keychain. If I try another PKCS12 it works fine.
In my quest to debug this I compiled the latest "Certificate Tester"
and tried to sign or export using the created identity, but it also
fails with the same error.
I needed to change the following in the Certificate Tester in order
for it to run with the latest Keychain...
Replace this line
> uint32 serialNumber = 0x76543210;
with these lines...
> const char bytes[] = { 0x33, 0x34, 0x35 };
> NSData* serialNumber = [NSData dataWithBytes:bytes length:sizeof
(bytes)];
What am I doing wrong?
Cheers
Jon
BTW: Keychain rocks!
|
|
From: Wade T. <wjt...@st...> - 2004-10-22 16:27:47
|
> I have problems using the keychain framework to list the DN of a cert. > I > want to retrieve the Subject, Issuer and other stuff from the cert as > strings. The following code crashed both on 10.3.5 and 10.4 DP. Just a note: I don't have access to 10.4, so anything's possible with it. >>>>>> crashes here when requsting subject, run inifinite when >>>>>> requesting > issuer. > NSLog(@"string %@", [dn description]); I assume you mean it crashes when you call [dn description]? The likely place is in the TypeValuePair description method - there was a bug in Apple's implementation where the structure of the pair differed from what it claimed to be. Unfortunately there's only one implementation in the code at the moment, and I can't remember whether it's the 10.2 or the 10.3 version... I presume the former, if it's crashing under later systems. Are you using the pre-packaged code (from the download section of the Sourceforge site) or code straight from the CVS repository? The latter is much more up to date.. ideally that would mean it works under 10.3, but again, I'm just not sure if I ever got time to do that. The bad news, ultimately, is that I can't do too much about it right at the moment; I'm about to start end of year exams, so spare time is an absolute premium. The good news is that I will be working on the framework as much as I can, within those limits, so if I do get some time I'll continue looking into it. From memory the correct code for both 10.2 and 10.3 was hashed out on the CDSA list a while back (when I first reported the problem), so if that is indeed what's causing the crash, it should be relatively simple to fix. So, in the mean time, any addition details or code you can provide would be most helpful. Wade Tregaskis (AIM, Yahoo & Skype: wadetregaskis, ICQ: 40056898, MSN & email: wjt...@st..., Jabber: wad...@ja... -- Sed quis custodiet ipsos custodes? |
|
From: Jon M. <jon...@ma...> - 2004-10-22 13:59:57
|
Hi,
I have problems using the keychain framework to list the DN of a cert. I
want to retrieve the Subject, Issuer and other stuff from the cert as
strings. The following code crashed both on 10.3.5 and 10.4 DP.
Keychain *theKeychain = [[Keychain defaultKeychain] retain];
NSArray* identities = [theKeychain identities];
Identity *curIdentity = nil;
NSEnumerator *enumerator = nil;
enumerator = [identities objectEnumerator];
while (curIdentity = (Identity*)[enumerator nextObject]) {
Certificate* certificate = [[curIdentity certificate] retain];
NameList* nl = [[certificate issuer] retain];
NameListEnumerator* enumerator = [NameListEnumerator
enumeratorForNameList:nl];
DistinguishedName* dn = [[enumerator nextObject] retain]; // get first
object only
BOOL classok = [dn isKindOfClass:[DistinguishedName class]];
>>>>> crashes here when requsting subject, run inifinite when requesting
issuer.
NSLog(@"string %@", [dn description]);
DistinguishedNameEnumerator* dnenumerator =
[DistinguishedNameEnumerator
enumeratorForDistinguishedName:dn];
TypeValuePair* tvp = nil;
while (tvp = [dnenumerator nextObject]) {
[tvp retain];
classok = [tvp isKindOfClass:[TypeValuePair class]];
NSString *d = [tvp description];
NSString *t = [tvp typeAsString];
NSLog(@"string %@", d);
NSLog(@"string %@", t);
}
}
}
Regards
Jon
|
|
From: Wade T. <wjt...@st...> - 2004-08-03 04:42:58
|
> Hi. Is there any documentation for the Keychain Framework?
All the documentation is in the header files. At present not that much
is documented; this will be improved in the next release (no expected
date yet).
> I am trying to use it in a simple Cocoa app but have been
> unsuccessful. What I am trying to do is, for a given service name,
> look up the keychain entry (the first one that matches would be fine),
> and get both the user name and password from it. Below is the code.
>
> Any help would be most welcome.
> Mark
>
>
> Keychain *keychain;
> KeychainItem *keychainItem;
> NSArray *keychainSearchResultsArray;
> NSString *accountName, *accountPassword;
>
> keychain = [Keychain defaultKeychain]; // get default keychain.
> keychainSearchResultsArray = [[[KeychainSearch
> keychainSearchWithKeychain:keychain] setService:hostName] retain];
> //*** This returns nil always!!! Why?
setService: is a void method, so it doesn't return anything. To obtain
the search results, you need to call one of the following:
- (NSArray*)anySearchResults;
- (NSArray*)genericSearchResults;
- (NSArray*)internetSearchResults;
- (NSArray*)appleShareSearchResults;
- (NSArray*)certificateSearchResults;
In your case it seems like you want genericSearchResults.
> if (keychainSearchResultsArray != nil) {
> keychainItem = [keychainSearchResultsArray objectAtIndex:0]; // get
> acct & pw from first item.
Not that the search may return an empty array, in which case the above
line will cause an exception. You need to check that
[keychainSearchResultsArray count] >= 1.
> accountName = [keychainItem account];
> NSLog(@"account name is %@",accountName);
> [loginUser setStringValue:accountName];
> [loginPassword setStringValue:[keychain
> passwordForGenericService:hostName forAccount:accountName]];
Note that the KeychainItem method "dataAsString" returns the password
for internet (and similar) items. It is referred to as "data"
generically as it also covers certificates and other types of keychain
items.
> NSLog(@"password is %@",[keychain passwordForGenericService:hostName
> forAccount:accountName]);
> }
As a final note, you can shorten all this to just a single line if you
use the Keychain instance method genericService:forAccount:. Just pass
nil for the second parameter to return the first match found. You need
only create a KeychainSearch if you actually want to handle more than
one result, which you in your above code are not doing anyway.
Wade Tregaskis (aim: wadetregaskis)
-- Sed quis custodiet ipsos custodes? |
|
From: Mark K. <ma...@bg...> - 2004-08-02 17:13:29
|
Hi. Is there any documentation for the Keychain Framework? I am trying
to use it in a simple Cocoa app but have been unsuccessful. What I am
trying to do is, for a given service name, look up the keychain entry
(the first one that matches would be fine), and get both the user name
and password from it. Below is the code.
Any help would be most welcome.
Mark
Keychain *keychain;
KeychainItem *keychainItem;
NSArray *keychainSearchResultsArray;
NSString *accountName, *accountPassword;
keychain = [Keychain defaultKeychain]; // get default keychain.
keychainSearchResultsArray = [[[KeychainSearch
keychainSearchWithKeychain:keychain] setService:hostName] retain];
//*** This returns nil always!!! Why?
if (keychainSearchResultsArray != nil) {
keychainItem = [keychainSearchResultsArray objectAtIndex:0]; // get
acct & pw from first item.
accountName = [keychainItem account];
NSLog(@"account name is %@",accountName);
[loginUser setStringValue:accountName];
[loginPassword setStringValue:[keychain
passwordForGenericService:hostName forAccount:accountName]];
NSLog(@"password is %@",[keychain passwordForGenericService:hostName
forAccount:accountName]);
}
|
