MercurialMYCrypto / diff
summary | shortlog | changelog | graph | tags | branches | files | changeset | file | latest | revisions | annotate | diff | raw
MYCertGen.m
changeset 19 f6c91b9da05b
parent 4 f4709533c816
child 21 2c300b15b381 
     1.1 --- a/MYCertGen.m	Thu Apr 09 21:36:21 2009 -0700
     1.2 +++ b/MYCertGen.m	Thu Jun 04 18:36:30 2009 -0700
     1.3 @@ -177,7 +177,7 @@
     1.4      // that's binary 111111000; see http://tools.ietf.org/html/rfc3280#section-4.2.1.3
     1.5      CSSM_X509_EXTENSION keyUsage = {
     1.6          CSSMOID_KeyUsage, 
     1.7 -        true, 
     1.8 +        false,      // non-critical
     1.9          CSSM_X509_DATAFORMAT_PARSED,
    1.10          {.parsedValue = &keyUsageBits}
    1.11      };
    1.12 @@ -187,11 +187,11 @@
    1.13          UInt32 count;
    1.14          const CSSM_OID *oids;
    1.15      };
    1.16 -    CSSM_OID usageOids[2] = {CSSMOID_ServerAuth, CSSMOID_ClientAuth};
    1.17 -    struct ExtendedUsageList extUsageBits = {2, usageOids};
    1.18 +    CSSM_OID usageOids[3] = {CSSMOID_ServerAuth, CSSMOID_ClientAuth, CSSMOID_ExtendedKeyUsageAny};
    1.19 +    struct ExtendedUsageList extUsageBits = {3, usageOids};
    1.20      CSSM_X509_EXTENSION extendedKeyUsage = {
    1.21          CSSMOID_ExtendedKeyUsage,
    1.22 -        true,
    1.23 +        false,      // non-critical
    1.24          CSSM_X509_DATAFORMAT_PARSED,
    1.25          {.parsedValue = &extUsageBits}
    1.26      };
    1.27 @@ -466,10 +466,9 @@
    1.28      Log(@"CSSM_CL_HANDLE = %p", cl);
    1.29      CAssert(cl);
    1.30      
    1.31 -    MYKeychain *keychain = [MYKeychain allKeychains];
    1.32 -    Log(@"Looking for a key pair...");
    1.33 -    MYPrivateKey *privateKey = [[keychain enumeratePrivateKeys] nextObject];
    1.34 -    Log(@"Using key pair { %@, %@ }", privateKey, privateKey.publicKey);
    1.35 +    Log(@"Generating a key pair...");
    1.36 +    MYPrivateKey *privateKey = [[MYKeychain defaultKeychain] generateRSAKeyPairOfSize: 2048];
    1.37 +    Log(@"Key-pair = { %@, %@ }", privateKey, privateKey.publicKey);
    1.38      
    1.39      Log(@"...creating cert...");
    1.40      
    1.41 @@ -483,6 +482,7 @@
    1.42                                                        ));
    1.43      Log(@"Cert = %@", cert);
    1.44      CAssert(cert);
    1.45 +    [cert.certificateData writeToFile: @"/tmp/MYCryptoTest.cer" atomically: NO];
    1.46      
    1.47      Log(@"Cert name = %@", cert.commonName);
    1.48      Log(@"Cert email = %@", cert.emailAddresses);
    1.49 @@ -491,5 +491,7 @@
    1.50      CAssertEqual(cert.emailAddresses, $array(@"waldo@example.com"));
    1.51      CAssertEqual(cert.publicKey.publicKeyDigest, privateKey.publicKeyDigest);
    1.52      
    1.53 -    [cert.certificateData writeToFile: @"/tmp/MYCryptoTest.cer" atomically: NO];
    1.54 +    CAssert([[MYKeychain defaultKeychain] addCertificate: cert]);
    1.55 +    
    1.56 +    CAssert([cert setUserTrust: kSecTrustResultProceed]);
    1.57  }
MYCrypto