Need help regarding Certificate Trust Setting Api

podejo · 2023-03-05T17:57:14.411Z

Need help regarding whether my RootCA have full access or not in Certificate Trust Setting.

I wanted to check whether my rootCA is installed on user phone Certificate Trust Setting or not. which I'm able to do with piece of code.

let bundle = Bundle(for: type(of: self))
        let rootCAName = "RootCA"
        guard let filePath = bundle.path(forResource: rootCAName, ofType: "der"),
              let data = try? Data(contentsOf: URL(fileURLWithPath: filePath)),
              let certificate = SecCertificateCreateWithData(nil, data as CFData)
        else {
            return
        }

        // Check
        var secTrust: SecTrust?
        if SecTrustCreateWithCertificates(certificate, SecPolicyCreateBasicX509(), &secTrust) == errSecSuccess, let trust = secTrust {
            SecTrustEvaluateAsyncWithError(trust, .global()) { trust, result, error in
                print( "Cert => \(result ? "installed" : "not installed")")
            }
        }

I wanted to know that user have given my RootCA full access or not in Certificate Trust Setting. and I'm unable to find any api for that.
You can see in the image that one CA have full access and other not.
Anyone know any api or any source that can help me with this.

Question750×1334 60.4 KB

lukasa · 2023-03-06T09:22:36.440Z

This doesn't appear to be related to SwiftNIO. This question seems to be more about Apple's Security framework. That is best handled by asking your question on the Apple Developer Forums.

podejo · 2023-03-06T09:29:22.147Z

Thanks lukasa.
will do that now.

eskimo · 2023-03-06T21:48:10.024Z

will do that now.

Cool.

If you haven’t created your DevForums yet, please tag it with Security so that I see if. If you’ve already created it and didn’t tag it that way, send me the link.

Share and Enjoy

Quinn “The Eskimo!” @ DTS @ Apple

podejo · 2023-03-07T13:55:13.788Z

Here is the link.
https://discussions.apple.com/thread/254690717?page=1

eskimo · 2023-03-07T14:21:05.033Z

You’ve asked your question on Apple Support Communities, run by Apple Support. Please repost on Apple Developer Forums, run by my group (Worldwide Developer Relations, of which DTS, Developer Technical Support, is a part).

Share and Enjoy

Quinn “The Eskimo!” @ DTS @ Apple

podejo · 2023-03-07T16:32:09.571Z

ok i'm doing it rightnow

i have posted and is being reviewed and will be published if approved.

podejo · 2023-03-07T19:45:58.408Z

Here is the link for the post
{Certificate trust settings to chec… | Apple Developer Forums}

podejo · 2023-04-18T17:02:57.841Z

@eskimo can you check the thread again on apple developer forums.
thanks