通过 API 检索签名身份列表

Question

这与 macOS 有关。

我需要使用本地 Mac 应用程序内部的 API 检索导入并在 Keychain 上可用的签名身份列表（证书 + 私钥）。我可以运行以下命令行并解析结果：

> /usr/bin/security find-identity -v -p codesigning
> 
>  1) 0123456789ABCDEF0123456789ABCDEF01234567 "iPhone Developer: John Doe (GTHESFW12)"
>  2) 0123456789ABCDEF0123456789ABCDEF01234567 "iPhone Distribution: ABC Inc (12356DGEWS)"
> 2 valid identities found

但我正在寻找一种通过本机安全 API 执行此操作的方法。有没有办法做到这一点？

Answer 1

@JamesBucanek，比你的链接！这是使用 Keychain Services API 生成的代码。可能对其他人有用：

let query: [String: Any] = [
    kSecClass as String: kSecClassIdentity,
    kSecReturnRef as String: kCFBooleanTrue,
    kSecMatchLimit as String: kSecMatchLimitAll
]
var items: CFTypeRef?

// Get list of all SecIdentity from Keychain without limiting search and without any filtering applied
guard SecItemCopyMatching(query as CFDictionary, &items) == errSecSuccess, let array = items as? NSArray else {
    return
}

for item in array {
    let identity = item as! SecIdentity
    var certificate: SecCertificate?

    // Get SecCertificate out of SecIdentity object (it contains both SecCertificate and SecKey
    if SecIdentityCopyCertificate(identity, &certificate) == errSecSuccess {

        var commonName: CFString?
        // Print name for each certificate
        if SecCertificateCopyCommonName(certificate!, &commonName) == errSecSuccess {
            print(commonName! as String)
        }
    }
}