CBLTLSIdentity Class Reference
CBLTLSIdentity
@interface CBLTLSIdentity : NSObjectENTERPRISE EDITION ONLY.
CBLTLSIdentity provides TLS Identity information including a key pair and X.509 certificate chain used for configuring TLS communication to the listener.
-
The certificate chain as an array of SecCertificateRef object.
Declaration
Objective-C
@property (nonatomic, readonly) NSArray *_Nonnull certs; -
The identity expiration date which is the expiration date of the first certificate in the chain.
Declaration
Objective-C
@property (nonatomic, readonly) NSDate *_Nonnull expiration; -
Unavailable
Not available.
Declaration
Objective-C
- (nonnull instancetype)init; -
Get an identity from the Keychain with the given label.
Declaration
Objective-C
+ (nullable CBLTLSIdentity *)identityWithLabel:(nonnull NSString *)label error:(NSError *_Nullable *_Nullable) error; -
Get an identity with a SecIdentity object. Any intermediate or root certificates required to identify the certificate but not present in the system wide set of trusted anchor certificates need to be specified in the optional certs parameter. In additon, the specified SecIdenetity object is required to be present in the KeyChain, otherwise an exception will be thrown.
Declaration
Objective-C
+ (nullable CBLTLSIdentity *) identityWithIdentity:(nonnull SecIdentityRef)identity certs:(nullable NSArray *)certs error:(NSError *_Nullable *_Nullable)error; -
Generate a TLS identity, either self-signed or signed by an issuer identity, and stores it in the Keychain with the given label.
The attributes must include a common name (CN); otherwise an error will be returned.
If no the expiration date is specified, the default validity of one year will be applied.
The certificate will be self-signed.
Declaration
Objective-C
+ (nullable CBLTLSIdentity *) createIdentityForKeyUsages:(CBLKeyUsages)keyUsages attributes:(nonnull NSDictionary<NSString *, NSString *> *) attributes expiration:(nullable NSDate *)expiration label:(nonnull NSString *)label error:(NSError *_Nullable *_Nullable)error; -
Generate a TLS identity, signed by the provided key, and stores it in the Keychain with the given label.
The attributes must include a common name (CN); otherwise an error will be returned.
If no the expiration date is specified, the default validity of one year will be applied.
This should only be used in secured environments where the CA key and certificate are securely stored and managed.
Declaration
Objective-C
+ (nullable CBLTLSIdentity *) createSignedIdentityInsecureForKeyUsages:(CBLKeyUsages)keyUsages attributes: (nonnull NSDictionary< NSString *, NSString *> *)attributes expiration:(nullable NSDate *)expiration caKey:(nonnull NSData *)key caCertificate:(nonnull NSData *)certificate label:(nonnull NSString *)label error: (NSError *_Nullable *_Nullable)error; -
Deprecated
Use [CBLTLSIdentity createIdentityForKeyUsages:attributes:expiration:label:error:] instead.
Creates a self-signed identity and persist the identity in the Keychain with the given label. Note that the Common Name (kCBLCertAttrCommonName) attribute is required. If the Common Name attribute is not included, an error will be returned.
Declaration
Objective-C
+ (nullable CBLTLSIdentity *) createIdentityForServer:(BOOL)server attributes: (nonnull NSDictionary<NSString *, NSString *> *)attributes expiration:(nullable NSDate *)expiration label:(nonnull NSString *)label error:(NSError *_Nullable *_Nullable)error; -
Imports and creates a identity from the given PKCS12 Data. The imported identity will be stored in the Keychain with the given label.
Declaration
Objective-C
+ (nullable CBLTLSIdentity *) importIdentityWithData:(nonnull NSData *)data password:(nullable NSString *)password label:(nonnull NSString *)label error:(NSError *_Nullable *_Nullable)error; -
Delete the identity in the Keychain with the given label.
Declaration
Objective-C
+ (BOOL)deleteIdentityWithLabel:(nonnull NSString *)label error:(NSError *_Nullable *_Nullable)error;