How to make a REST API request, with a certificate provided as String, in swift?

Question

I have to make a POST request to an endpoint, where that request should be included with the client certificate. The problem here is, I receive the client certificate cert-chain as a string(the format as below).

Note: The string is much bigger :)

I tried to convert the string to NSData object and create a PKCS12 object. But converting to NSData itself fails.

How I converted is

let dataDecoded = Data(base64Encoded: certChainString, options: .ignoreUnknownCharacters)

This returns empty data object as the size of dataDecoded is 0 bytes.

How can I send the POST request with the certificate when the certChainString is provided?

Use the proper library in your language to load certificates, it is not just Base64 data to decode. — Patrick Mevzek, Jan 31 '23 at 19:01
@PatrickMevzek yeah that's the issue, I don't get the certificate to load it directly, I just get the String value — Azeem Muzammil, Jan 31 '23 at 19:09

Swiftly · Accepted Answer · 2023-02-01T11:34:58.820

1

Are you trying to convert it while it still includes -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----?

It isn't valid base64 with those included, so remove them first.

let certChainString = """
-----BEGIN CERTIFICATE-----

...

-----END CERTIFICATE-----
"""
let certString = certChainString
                      .replacingOccurrences(of: "-----BEGIN CERTIFICATE-----", with: "")
                      .replacingOccurrences(of: "-----END CERTIFICATE-----", with: "")

let dataDecoded  = Data(base64Encoded: certString, options: .ignoreUnknownCharacters)

If the API request returns important data, please consider reading more on Security topic first or use frameworks.

Edit:

import Foundation

let certChainString = """
-----BEGIN CERTIFICATE-----

... cert here ...

-----END CERTIFICATE-----
"""
let certString = certChainString
                      .replacingOccurrences(of: "-----BEGIN CERTIFICATE-----", with: "")
                      .replacingOccurrences(of: "-----END CERTIFICATE-----", with: "")

private var key: SecKey?

if let dataDecoded  = Data(base64Encoded: certString, options: .ignoreUnknownCharacters),
   let certificate = SecCertificateCreateWithData(nil, dataDecoded as CFData)
{
    var trust: SecTrust?
    let policy = SecPolicyCreateBasicX509()
    let status = SecTrustCreateWithCertificates(certificate, policy, &trust)

    if status == errSecSuccess, let trust {
        key = SecTrustCopyKey(trust)
    }
}

print(key)

edited Feb 01 '23 at 11:34

answered Jan 31 '23 at 19:25

Swiftly

152
6

No, I have removed `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----`. Actually, I have reformed the certChainString this way, `let modifiedCert = certChainString.replacingOccurrences(of: "-----BEGIN CERTIFICATE-----", with: "").replacingOccurrences(of: "-----END CERTIFICATE-----", with: "").replacingOccurrences(of: "\n", with: "").trimmingCharacters(in: .whitespacesAndNewlines)` – Azeem Muzammil Jan 31 '23 at 19:34
@AzeemMuzammil Well I just tried in Playground, and dataDecoded is actually 106 bytes, not 0 – Swiftly Jan 31 '23 at 19:37
With which String you tried in the playground? Cuz, I receive the certChainString by scanning a QR code (A Json Object), then I extract the certChainString and do the modification. after that If I convert to Data it gives nil. – Azeem Muzammil Jan 31 '23 at 19:40
@AzeemMuzammil Have a look at [this](https://stackoverflow.com/questions/28808101/seckey-from-public-key-string-from-server-in-swift) too – Swiftly Jan 31 '23 at 19:40
I tried with a [valid certificate](https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.admin.doc/GUID-BBC4804F-AC54-4DD2-BF6B-ECD2F60083F6.html) string, and dataDecoded does contain the Data, so maybe take a look at the actual string you get and try with it. – Swiftly Jan 31 '23 at 19:44
now I can get the data, and get a SecCertficate object using `SecCertificateCreateWithData(_:_:)`. Now how can I use this certificate to authenticate my request from `urlSession(_:didReceive:completionHandler:)` – Azeem Muzammil Jan 31 '23 at 20:14
Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/251529/discussion-between-azeem-muzammil-and-swiftly). – Azeem Muzammil Jan 31 '23 at 20:24

How to make a REST API request, with a certificate provided as String, in swift?

1 Answers1

Edit: