Need help regarding Certificate Trust Setting Api

podejo · March 5, 2023, 5:57pm

Need help regarding whether my RootCA have full access or not in Certificate Trust Setting.

I wanted to check whether my rootCA is installed on user phone Certificate Trust Setting or not. which I'm able to do with piece of code.

let bundle = Bundle(for: type(of: self))
        let rootCAName = "RootCA"
        guard let filePath = bundle.path(forResource: rootCAName, ofType: "der"),
              let data = try? Data(contentsOf: URL(fileURLWithPath: filePath)),
              let certificate = SecCertificateCreateWithData(nil, data as CFData)
        else {
            return
        }

        // Check
        var secTrust: SecTrust?
        if SecTrustCreateWithCertificates(certificate, SecPolicyCreateBasicX509(), &secTrust) == errSecSuccess, let trust = secTrust {
            SecTrustEvaluateAsyncWithError(trust, .global()) { trust, result, error in
                print( "Cert => \(result ? "installed" : "not installed")")
            }
        }

I wanted to know that user have given my RootCA full access or not in Certificate Trust Setting. and I'm unable to find any api for that.
You can see in the image that one CA have full access and other not.
Anyone know any api or any source that can help me with this.

Question750×1334 60.4 KB

lukasa · March 6, 2023, 9:22am

This doesn't appear to be related to SwiftNIO. This question seems to be more about Apple's Security framework. That is best handled by asking your question on the Apple Developer Forums.

podejo · March 6, 2023, 9:29am

Thanks lukasa.
will do that now.

eskimo · March 6, 2023, 9:48pm

will do that now.

Cool.

If you haven’t created your DevForums yet, please tag it with Security so that I see if. If you’ve already created it and didn’t tag it that way, send me the link.

Share and Enjoy

Quinn “The Eskimo!” @ DTS @ Apple

podejo · March 7, 2023, 1:55pm

Here is the link.
https://discussions.apple.com/thread/254690717?page=1

eskimo · March 7, 2023, 2:21pm

You’ve asked your question on Apple Support Communities, run by Apple Support. Please repost on Apple Developer Forums, run by my group (Worldwide Developer Relations, of which DTS, Developer Technical Support, is a part).

Share and Enjoy

Quinn “The Eskimo!” @ DTS @ Apple

podejo · March 7, 2023, 4:32pm

ok i'm doing it rightnow

i have posted and is being reviewed and will be published if approved.

podejo · March 7, 2023, 7:45pm

Here is the link for the post
{Certificate trust settings to chec… | Apple Developer Forums}

podejo · April 18, 2023, 5:02pm

@eskimo can you check the thread again on apple developer forums.
thanks