0

I am trying to parse all certificates from p7b string or PKCS7 string. I am using ASN1Decoder for this purpose. I tried to parse using PKCS7 method but i think it is not working properly and the certificate count is always 0. I tried with both base64Encoded data and CFData as well. Actually, do i need to transfer DER encoded data in parameter? I am thinking that CFData is DER encoded.

Is there any way to check my dotP7b string is well formatted? I checked with openssl but it throws error in load certificate. Though it is successfully installed in windows programmatically. What i am trying to do is to programmatically install certificate in Mac's login keychain. private key and public key are also exists in Mac's login keychain.

let str = dotP7b.removingPercentEncoding!
        do {
            var data = Data(base64Encoded: str, options: .ignoreUnknownCharacters)
            let pkcs7 = try PKCS7(data: (data! as CFData) as Data)
          //let pkcs7 = try PKCS7(data: data!)
            print(pkcs7.certificates.count)

        } catch {
            print(error)
        }

My p7b(PKCS7) string is like this MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIGaDCCBFCgAwIBAgIUIlzSTdhcezX3mqRlVx3wUmEwHGEwDQYJKoZIhvcNAQELBQAwdTELMAkGA1UEBhMCQkQxJDAiBgNVBAoTG0JhbmdsYWRlc2ggQ29tcHV0ZXIgQ291bmNpbDEPMA0GA1UECxMGU3ViLUNBMS8wLQYDVQQDEyZCQ0MgU3ViLUNBIGZvciBDbGFzcyAwIENlcnRpZmljYXRlcy1HMzAeFw0yMzA1MjkwODU4MTlaFw0yMzA2MjkwODU4MTlaMG8xCzAJBgNVBAYTAkJEMREwDwYDVQQKEwhwZXJzb25hbDENMAsGA1UEERMEMTIwNzEOMAwGA1UEBxMFRGhha2ExDjAMBgNVBAUTBTYzNjIzMR4wHAYDVQQDExVNVUhBTU1BRCBBSEFEIFVMIEFMQU0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjjWdk2wJSWYV5S88IVaZCDy2pKUeL1iA5wrD2YSIjVF52sRewg84CoBemBeVtc2hvCOJYPCar+qbC5KTwkyTZWSVRSHTAiL9njI/3Uu9SzPVRSBAIqtVnjWI/c2FN79FHHPntGtV5LmFvNumK7yr35sy/2MmDxin1fd9HrLYrApSDhSL9DOgKpmeRji8zF/8ZPapmBaTm0dN1f9JMYTLu4yJpRio5SpCiL5In/7Nw4JEflDZ9rvRh3MdLYY0+2TapqZbqD66WwIzji3Jvzk34aP8Dne0cuqAyaxm4JARrP6bFzKfhj3Uk19Vl5w5a4kMiCaEeZ2bVewZDGvIHW/knAgMBAAGjggH0MIIB8DAOBgNVHQ8BAf8EBAMCBsAwDAYDVR0TAQH/BAIwADB8BggrBgEFBQcBAQRwMG4wJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLmJjYy1jYS5nb3YuYmQwRQYIKwYBBQUHMAKGOWh0dHBzOi8vcmVwby5iY2MtY2EuZ292LmJkL2NlcnRzL0JDQy1TdWItQ0EtQ2xhc3MwLUczLmNlcjAfBgNVHSMEGDAWgBTshkJHBH6KdCqKN7jOKMcje5vW6TCB0QYDVR0gBIHJMIHGMIHDBgVgMgEFATCBuTAqBggrBgEFBQcCARYeaHR0cHM6Ly9yZXBvLmJjYy1jYS5nb3YuYmQvY3BzMIGKBggrBgEFBQcCAjB+DHxUZXN0IHB1cnBvc2UgY2VydGlmaWNhdGUgd2l0aCBubyBhc3N1cmFuY2UsIGlzc3VlZCB1bmRlciBCQ0MgUEtJLiBSZWZlciB0byBodHRwczovL3JlcG8uYmNjLWNhLmdvdi5iZCBmb3IgbW9yZSBpbmZvcm1hdGlvbi4gMD4GA1UdHwQ3MDUwM6AxoC+GLWh0dHA6Ly9jcmwuYmNjLWNhLmdvdi5iZC9jbGFzczBfc3ViX2NhX2czLmNybDAdBgNVHQ4EFgQU6d7mwEG0DpMv7cVXXQeAO+1FbNEwDQYJKoZIhvcNAQELBQADggIBAKuFp9JHoU6bK8S5LoGRa4FICBV3qfIKyOOd65vMzR/V3W27+YzMQBYdhI4wn26ZFu1akSyAZpCpdbN5X7Rv09XATCs521rWDw7RgMZZtLbxpPsNJwMTgI05GjhVGiGya8w0UVpCMx9FiQ6+s7ufirgnVTr8iLpc5u6j7Q04b28wd9m6DdpV4ZogGskZt92TW5O7FUtWWGZPY9N8aPGhDz8r4Hn9ztLmuVxaF/MB2CQ9ekTAgfbKdHZOLV/mBGBbWWAT+fJR0UKlXFRJbxRQN/NbaIt3q2JTuvVrRhpqWqWMGc3eOhoYz5C2NAPpDrZG08cRZl2PAzhwbUIVRmgsV3GwncgirQUfokuUcqyXOBopONu29uP73OsrfLEjdAY/ktSIqvvbrAyKO+I0VuMzrrdrSQ25Qr6+MugZjKEOYwEl15k9AeJ8Xn2XcXevZxbrJh4eg1Lzjwt+GktVoJKZXADXU7AthnwDKlcByb/J3j3zcIdVa9TJv/bs60GagBkNFvMzvgu7sUBxa1oT20REYzMh9Y/oYVWzK6up0j0rbxwsWQvSP2d1TIW7nNGmmScDJybnPCnTIvdXDOw+oak4+KkibIDJozVDsBUEwxGcoxhZYrTZUhrA3cBZpSlU0UUMotLs3XYmaDus4ywhkmQ+P9GjOVAYA6dM99Cs4YeQliWCMIIHhjCCBW6gAwIBAgIUKuURioWVs1OUl/VjMsWX6rw7NX8wDQYJKoZIhvcNAQELBQAwgeUxCzAJBgNVBAYTAkJEMSQwIgYDVQQKExtCYW5nbGFkZXNoIENvbXB1dGVyIENvdW5jaWwxHTAbBgNVBAsTFENlcnRpZnlpbmcgQXV0aG9yaXR5MS8wLQYDVQQDEyZCYW5nbGFkZXNoIENvbXB1dGVyIENvdW5jaWwgQ0EgMjAyMi1HMzEOMAwGA1UEBxMFRGhha2ExEjAQBgNVBDMTCUlDVCBUb3dlcjENMAsGA1UEERMEMTIwNzEtMCsGA1UECRMkRS0xNC9YIEFnYXJnYW9uLCBTaGVyLWUtQmFuZ2xhIE5hZ2FyMB4XDTIzMDEwMTEwMTA0MVoXDTI4MDEwMTEwMTA0MVowdTELMAkGA1UEBhMCQkQxJDAiBgNVBAoTG0JhbmdsYWRlc2ggQ29tcHV0ZXIgQ291bmNpbDEPMA0GA1UECxMGU3ViLUNBMS8wLQYDVQQDEyZCQ0MgU3ViLUNBIGZvciBDbGFzcyAwIENlcnRpZmljYXRlcy1HMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMC+BzET4ssVa9yXTaWpG1BKoiwpWXYIz5Zz3Ot2wZcs3fx2qQUSmW2v3TJfuzbgYy5oYRjt4a5WtFtkSCj3JYhYjFyJ6xTdJM/nNJqXiDtWsywjKBNcFwgcMXSZaOhDeOiGTM6M9ggPxfyo2WYku4w8ijWexjNiK738upwuQHJR24wUZVyMlmfHNuvaS8lmBz91U6XQQtavflTbdzUen5T1IBEclJy7uEat1jPtH9UyJLB7lw+87Dpe2E2Rai1Xjgy7BBu17oIIuXrFIyc2QOu08Ow9bTuFGlFEAttqcRHgAWu7vK3tAnBFe5vFEDzlwkCNtYyEMVQRB9OCoVMR2SuV+JSAl2nFe5MarU2zTe/EC/ttM9JPfPZrKNAET9++vKlxUIhZLv2FuH71HrxjkDcGhQSPgSxr/Td5Z/xKSga1xuwnPbDyS3aXsCMCM2tdsptlvrBpbpAfGuDiLctncV5ZwQxDB0x6AeO6PPm9f3vf9qeKQkV+2cREHCbA5mc+Eewn1cH2KLWD/5tLuKsY4SeoogTftcD2+pXznlbe1uvEoCs0OVOOSAP8hDBO8fqd7AuzpZdlb/Ku+NNVB25hdeQGlOpWohgPD/7AN07ClQRXOF9Bg+eyocpvs3yFvigCe3Y1Jgy7lWk01csZ4gpFAJGx15pvmje6exA1m3GxhXqzAgMBAAGjggGbMIIBlzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAfBgNVHSMEGDAWgBSgWd5eHp75DywEVXRRmA3ft6t3SzCBygYDVR0gBIHCMIG/MIG8BgVgMgEFATCBsjAqBggrBgEFBQcCARYeaHR0cHM6Ly9yZXBvLmJjYy1jYS5nb3YuYmQvY3BzMIGDBggrBgEFBQcCAjB3DHVJc3N1ZWQgdW5kZXIgQkNDIFBLSSBmb3IgaXNzdWluZyB0ZXN0IHB1cnBvc2UgY2VydGlmaWNhdGVzLiBSZWZlciB0byBodHRwczovL3JlcG8uYmNjLWNhLmdvdi5iZCBmb3IgbW9yZSBpbmZvcm1hdGlvbi4wOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5iY2MtY2EuZ292LmJkL0JDQ0NBMjAyMkczLmNybDApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRQkNDQ0FPbmxpbmU0MDk2LTEwHQYDVR0OBBYEFOyGQkcEfop0Koo3uM4oxyN7m9bpMA0GCSqGSIb3DQEBCwUAA4ICAQAx5f4caMIh3PFNIiZ/sN+U1SI1o78jhsu73SKSSurtvwYxx0frP7bjImF5dAhoOflaQ8Pe8OhMuBTqfjXl3kl5kQhpu0dhHF+F0+wY6fWeu1OIcb5FEPNUfcswIOvnQd98raqa2L33t7htejRWojuWFxQAEkN3b+WaxRdoqPrz9V3hd10VklLT11kr7/5dY33ELiW/tAJDaIWzcwMfxpHyy5oPAxDgJKUGo8JXnfu/py/oQ0MHIufsHDoTkai45SQpLJFhwmQ7sVzLKsih9mmoYygX0em8WK7tiBEQe3Ji2kdhk8qhuH3iOImS76dRAPKsm9eMYURZv/c5NAaQmaAv9xLt+PPnAEqL/jaueK0/hD64SNwFzqPwfzNhTGBxTLBKTcWUz/QTIYXawBGMtcZvW0mGAfS3TIw3D9d7/E/S7haCAZmr8EejXlp1+XvoMba8iCOcbeq3PBvTcUUgNt02rC286KU3V/DA0ZS/6dZVhC7UVZnEsv2YOMWG96FWl7GImVcHJ61H8e0MGanh/se31++TyeXVmZf6JYhER5lmOPEelgo1qAraSi8lLBzoPJevM10keHmkDt9CoW55+ziVK9F+SUHNbIKUUoGZlRqjgDhjl8E4U2lstI2+AJTjrxBadyLKOJt0PGY/3Drw3HrDzZ95gph3RwV4Ht3nitvnQgAAMQAAAAAAAAA=

ahad alam
  • 69
  • 7
  • 1
    What framework does `PKCS7` come from? – JeremyP May 29 '23 at 16:12
  • It's coming from ascertia's adss CA/PKI server. – ahad alam May 29 '23 at 16:22
  • 1
    No I mean what Apple or other framework provides the type `PKCS7` in your program. I can't find anything in the Apple docs about a `PKCS7` type. – JeremyP May 29 '23 at 16:26
  • I am using ASN1Decoder from this git repository.https://github.com/filom/ASN1Decoder/blob/master/ASN1Decoder/PKCS7.swift – ahad alam May 29 '23 at 17:06
  • You should put that information in the question. Note that I was able to reproduce your problem but I don't have an answer. – JeremyP May 31 '23 at 09:27
  • I think, I need to change the certificates fetching method in some way. I am able to get the total ASN1 informations of the certificate chain. But, how can i can extract only user's certificate from that? As, the text of decoded ASN1 informations are very long, i can't able to paste it here. – ahad alam May 31 '23 at 19:21
  • I have come up with a solution by manipulating ASN1Decoder from github source project. I can extract the x509Certificate using this. But, I can't able to get the certificate as data. I need the certificate data so that i can send the data to SecCertificateCreateWithData(data) to create SecCertificate reference. Actually the rawValue in ASN1Object is not same as certificate data. – ahad alam Jun 02 '23 at 06:40
  • were you able to fimd the solution for this issue, facing the same issue in swift – Sweety Bertilla Aug 09 '23 at 14:24
  • yes. I have changed some codes in ASN1Decoder. Then extracted only certificate data from p7b file. After that, I created Certificate using SecCertificateCreateWithData(data). Note: I had 2 certificates in the certificate chain or p7b file. It may vary in your case. – ahad alam Aug 10 '23 at 03:59

0 Answers0