EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElAppleCertStore

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#36504
Posted: 04/16/2016 13:30:47
by Luis Pardo (Basic support level)
Joined: 03/23/2016
Posts: 17

Hi,

I am testing eldos C++ library for Windows and Mac. I can get XadesSignature in windows Platform getting TelX509Certificate from TelWinCertStore and passing this certificate to Signer class. But If I test the same code getting the same certificate with TElAppleCertStore I get the following error:

EElXMLSecurityError(Message: 'RSA key data expected.', ErrorCode: 0x000b130d)

I couldn't find any sample in the mac library distribution to check if I am doing something wrong. Is there any difference in the TElAppleCertStore so I have to do something different from TELWinCertStore usage???

Thanks
Luis
#36505
Posted: 04/16/2016 13:34:08
by Eugene Mayevski (EldoS Corp.)

Yes, TElAppleCertStore is a completely different class, specific to MacOS, so it's possible that something doesn't work out of the box.

First of all, please check whether PrivateKeyExists and PrivateKeyExtractable properties of the certificate, which you take from TElAppleCertStore, are true. PrivateKeyExists should be true, while PrivateKeyExtractable can be either true or false.


Sincerely yours
Eugene Mayevski
#36506
Posted: 04/16/2016 13:55:04
by Luis Pardo (Basic support level)
Joined: 03/23/2016
Posts: 17

OK. I have installed a pfx with cert and key, but get_PrivateKeyExists returns false. I don't have very much experience as mac user, but I think I have imported this pfx correctly. I can find the certificate entry in the keychain app, and this entry has its key installed.
#36507
Posted: 04/16/2016 14:07:14
by Luis Pardo (Basic support level)
Joined: 03/23/2016
Posts: 17

I have extracted this code from IOSKeyChain example and modify to try to sign with any certificate found with private key. All certificates in the keychain get false from get_PublicKeyAlgorithm (I have other IOS developer certificates and the installed pfx).
Code
TElStringList *KeychainNames = new TElStringList();
(new TElAppleCertStorage(NULL))->GetOpenedKeychains(KeychainNames);

for (int i = 0; i < KeychainNames->get_Count(); i++) {
    TElAppleCertStorage *keychain = new TElAppleCertStorage(NULL);
    std::string kname;
    KeychainNames->get_Strings(i, kname);
    keychain->get_Keychains()->Add(kname);
    if (keychain->get_Count() > 0) {
        for (int j = 0; j < keychain->get_Count(); j++) {
            TElX509Certificate *cert = keychain->get_Certificates(j);
            if (cert->get_PrivateKeyExists()/* && (cert->get_PublicKeyAlgorithm()==SB_CERT_ALGORITHM_ID_RSA_ENCRYPTION)*/){
              obj->doSign(*cert,FXMLDocument);

              TMemoryStream stream;
              //std::string utf8("utf8");
              FXMLDocument.SaveToStream(stream, xcmNone,"utf8");
              stream.set_Position(0);
              std::string s;
              StreamToStr(stream, s);

              
              args.GetReturnValue().Set(String::NewFromUtf8(isolate, s.c_str()));
              return;
              
            }

        }

    }
    isolate->ThrowException(Exception::TypeError(
        String::NewFromUtf8(isolate, "ERROR!!!!")));
    return;
}
#36508
Posted: 04/16/2016 14:14:30
by Eugene Mayevski (EldoS Corp.)

Thank you for the details.

I welcome you to continue the investigation in the Helpdesk ( https://www.eldos.com/helpdesk/ ).

Helpdesk is our easy-to-use individual support system that allows communicating and exchanging sample data with our support personnel privately. You will also get e-mail notifications about updates of your support request.


Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.

Reply

Statistics

Topic viewed 1492 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!