So I'm trying to add support for OS X's CDSA API to a tool that uses client-side certificates for identification and authentication.
I've figured out how to get the SecCertificateRef
pointers to certificates that the current user has stored in the Keychain using SecIdentitySearchCreate()/SecIdentitySearchCopyNext()/SecIdentityCopyCertificate()
, but I need to limit my results to the Digital Signature certificates. Specifying CSSM_KEYUSE_SIGN
in my search didn't seem to narrow the search sufficiently.
Using Keychain.app, I can see that the desired certificates have a "Key Usage" extension with a value of "Digital Signature". So I'm trying to get at that extension information programmatically.
From reading through the source (x509defs.h
), it seems like the extension data would be stored in a CSSM_X509_EXTENSIONS
variable. How can I drill down to this data from a SecCertificateRef
?
According to SecCertificateGetType()
, the certificate is of type CSSM_CERT_X_509v1
. I can get a pointer to the raw data using SecCertificateGetData()
, but I'm unsure how to cast the returned pointer
in order to get a CSSM_<WHATEVER>
pointer.
Failing a direct answer, a pointer to another place to get help with this would be useful too.