ZitiKeychain

public class ZitiKeychain : NSObject

This class manages access to the Keychain, creating and storing keys and certificates needed to access a Ziti network.

This is primarily an internally used class, though certain methods are marked public in order to support senarios where the enrollment is provided by an application other than the one that needs to access Ziti using this identity (which will require the end user to provide their credentials to configure the keychain to allow the application access to the keys and certificates).


                    
                    
                    init(tag:)

Initialize an instance of ZitiKeychain

Declaration

Swift

public init(tag: String)

Parameters

tag

a String used to identify the application in the keychain. This is usually set to the sub field of the one-time JWT used during enrollment


                    
                    
                    addTrustForCertificate(_:)

macOS only This method will prompt for user creds to access keychain to mark the provided certificate as Trusted

Declaration

Swift

public func addTrustForCertificate(_ certificate: SecCertificate) -> OSStatus

Parameters


                                certificate

The certificate for which to add trust


                    
                    
                    extractRootCa(_:)

Extract the Root CA certificate from the provided pool

Declaration

Swift

public func extractRootCa(_ caPool: String) -> SecCertificate?

Parameters


                                caPool

PEM-formatted pool of CA certificates

Return Value

the Root CA certificate, or nil if not found


                    
                    
                    addCaPool(_:)

Add the provided Root CA pool to the keychain

Declaration

Swift

public func addCaPool(_ caPool: String) -> Bool

Parameters


                                caPool

PEM-formatted pool of CA certificates

Return Value

true if the certificates are successfully added to the keychain, otherwise false


                    
                    
                    evalTrustForCertificates(_:_:_:)

Evaluates a trust object asynchronously on the specified dispatch queue.

You must call this method from the same dispatch queue that you specify as the queue parameter.

Declaration

Swift

public func evalTrustForCertificates(_ certificates:[SecCertificate],
                                     _ queue:DispatchQueue,
                                     _ result: @escaping SecTrustWithErrorCallback) -> OSStatus

Parameters

`certificates`	The certificate to be verified, plus any other certificates that might be useful for verifying the certificate.
`queue`	The dispatch queue on which the result block should execute. You must call the method from the same queue.
`result`	A closure that the method calls to report the result of trust evaluation.


                    
                    
                    extractCerts(_:)

Extract certificates from a PEM-formatted CA pool and return an array of SecCertificate objects

Declaration

Swift

public func extractCerts(_ caPool: String) -> [SecCertificate]

Parameters


                                caPool

PEM-formatted pool of CA certificates

Return Value

an array of SecCertificate objects