Hi there!
I am developing a PersistentToken Extension to work in iOS > 14.0. The goal is to bring Digital Certificates (Personal identities to authenticate and digital sign) to the iPhone from external HSM.
I Have created an iOS app that recover certificates from the device, insert them into the keychain
let tokenDriverConfiguration = TKTokenDriver.Configuration.driverConfigurations[TokenConfigurationName]
let tokenConfiguration:TKToken.Configuration! = tokenDriverConfiguration!.addTokenConfiguration(for: TokenName)
let elems: NSMutableArray = []
for (certid,certdata) in certs {
let certificate:SecCertificate = CreateCert(str: certdata.b64)!
let tokenKeychainCertificate:TKTokenKeychainCertificate! = TKTokenKeychainCertificate(certificate:certificate, objectID:certid)
tokenKeychainCertificate.setName(name: certdata.descr)
tokenKeychainCertificate.label=certdata.certname
elems.add(tokenKeychainCertificate!)
let tokenKeychainKey:TKTokenKeychainKey! = TKTokenKeychainKey(certificate:certificate, objectID:certid)
tokenKeychainKey.setName(name: certdata.descr)
tokenKeychainKey.canSign = true
tokenKeychainKey.label=certdata.certname
tokenKeychainKey.isSuitableForLogin = true
tokenKeychainKey.keyType = kSecAttrKeyTypeRSA as String
tokenKeychainKey.canDecrypt = true
tokenKeychainKey.canPerformKeyExchange = false
elems.add(tokenKeychainKey!)
}
tokenConfiguration.keychainItems = elems as! [TKTokenKeychainItem];
}
That present the certificates to other applications.
I also have created the Persistent Token Extension, but when trying to use the certificates to authenticate (in a webpage por example) the breakpoints set in xcode do not work.
I have set a logger that works in the application, but no log in the token section
In the entitlements, I have this:
<dict>
<key>keychain-access-groups</key>
<array>
<string>com.apple.token</string>
<string>com.company.test.Token</string>
</array>
</dict>
</plist>
When I try to debug with Safari, I get this error multiple times:
2022-08-12 13:14:50.616916+0200 MobileSafari[4092:8702247] [client] authentication failed repeatedly: tkid=com.company.test.Token:Token:Token, ac=<SecAccessControlRef: tkid(com.company.test.Token:Token);od(true);osgn(true)>, op=osgn
I also have readed the post https://developer.apple.com/forums/thread/705433 where you tells Aekold to use a test app, but I cannot find any example or guide on the web about how to do it, may be, you can guide me.
Thanks for all!