TLSIdentity

public class TLSIdentity

ENTERPRISE EDITION ONLY.

TLSIdentity provides TLS Identity information including a key pair and X.509 certificate chain used for configuring TLS communication to the listener.

  • The certificate chain as an array of SecCertificate object.

    Declaration

    Swift

    public var certs: [SecCertificate] { get }

  • The identity expiration date which is the expiration date of the first certificate in the chain.

    Declaration

    Swift

    public var expiration: Date { get }

  • Get an identity from the Keychain with the given label.

    Declaration

    Swift

    public static func identity(withLabel label: String) throws -> TLSIdentity?

  • Get an identity with a SecIdentity object. Any intermediate or root certificates required to identify the certificate but not present in the system wide set of trusted anchor certificates need to be specified in the optional certs parameter. In additon, the specified SecIdenetity object is required to be present in the KeyChain, otherwise an exception will be thrown.

    Declaration

    Swift

    public static func identity(withIdentity identity: SecIdentity,
                            certs: [SecCertificate]?) throws -> TLSIdentity

  • Generates a self-signed TLS identity and stores it in the Keychain with the given label.

    The attributes must include a common name (CN); otherwise an error will be thrown.

    If no the expiration date is specified, the default validity of one year will be applied.

    Declaration

    Swift

    public static func createIdentity(for keyUsages: KeyUsages,
                                  attributes: [String: String],
                                  expiration: Date? = nil,
                                  label: String) throws -> TLSIdentity

  • Generate a TLS identity, signed by the provided key, and stores it in the Keychain with the given label.

    The attributes must include a common name (CN); otherwise an error will be thrown.

    If no the expiration date is specified, the default validity of one year will be applied.

    This should only be used in secured environments where the CA key and certificate are securely stored and managed.

    Declaration

    Swift

    public static func createSignedIdentityInsecure(for keyUsages: KeyUsages,
                                                attributes: [String: String],
                                                expiration: Date? = nil,
                                                caKey: Data,
                                                caCertificate: Data,
                                                label: String) throws -> TLSIdentity

  • Creates a self-signed identity and persist the identity in the Keychain with the given label. Note that the Common Name (certAttrCommonName) attribute is required. If the Common Name attribute is not included, an error will be returned.

    Declaration

    Swift

    @available(*, deprecated, message: "Use TLSIdentity.createIdentity(for:attributes:expiration:label:﹚ instead.")
public static func createIdentity(forServer server: Bool,
                                  attributes: [String: String],
                                  expiration: Date?,
                                  label: String) throws -> TLSIdentity

  • Imports and creates a identity from the given PKCS12 Data. The imported identity will be stored in the Keychain with the given label.

    Declaration

    Swift

    public static func importIdentity(withData data: Data,
                                  password: String?,
                                  label: String) throws -> TLSIdentity

  • Delete the identity in the Keychain with the given label.

    Declaration

    Swift

    public static func deleteIdentity(withLabel label: String) throws