Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save kevinmcampos/3c8c9ebf88e4531d1e93dbbca3718f42 to your computer and use it in GitHub Desktop.
Save kevinmcampos/3c8c9ebf88e4531d1e93dbbca3718f42 to your computer and use it in GitHub Desktop.
Install CA on Keychain
+ (void)installAuthServerCredentials {
if (![[NSUserDefaults standardUserDefaults] boolForKey:kCertificatesInstalled] || [self certificateIsOutadated]) {
[NKKeyChain clearCertificates];
[NKKeyChain clearIdentities];
NSString *certificatePath = [[NSBundle mainBundle] pathForResource:AUTH_SERVER_CERTIFICATE ofType:@"der"];
NSData *certificateData = [[NSFileManager defaultManager] contentsAtPath:certificatePath];
BOOL isServerCertificateImported = [NKKeyChain importCertificateWithData:certificateData];
if (isServerCertificateImported) {
NSString *identityPath = [[NSBundle mainBundle] pathForResource:AUTH_SERVER_CLIENT_IDENTITY ofType:@"p12"];
NSData *identityData = [[NSData alloc] initWithContentsOfFile:identityPath];
BOOL isClientIdentityImported = [NKKeyChain importIdentityWithData:identityData password:AUTH_SERVER_CLIENT_IDENTITY_PASSWD];
if (isClientIdentityImported) {
[[NSUserDefaults standardUserDefaults] setBool:YES forKey:kCertificatesInstalled];
[[NSUserDefaults standardUserDefaults] synchronize];
}
}
}
if (![[NSUserDefaults standardUserDefaults] boolForKey:kCertificatesInstalled]) {
[NKAlert showAlertWithTitle:@"" message:NSLocalizedString(@"MSG_CREDENTIALS_IMPORT_ERROR", nil) andDismissButtonText:@"OK"];
}
}
+ (BOOL)importCertificateWithData:(NSData *)data {
OSStatus err;
SecCertificateRef cert;
cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)data);
if (cert != NULL) {
err = SecItemAdd(
(__bridge CFDictionaryRef) [NSDictionary dictionaryWithObjectsAndKeys:
(__bridge id)kSecClassCertificate, kSecClass,
(__bridge id)cert, kSecValueRef,
nil
],
NULL
);
if ( (err == errSecSuccess) || (err == errSecDuplicateItem) ) {
return YES;
}
}
return NO;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment