Merge pull request #63 from outfoxx/feature/seckeypair-asyn-matches

Add async version of SecKeyPair.matchesCertificate
outfoxx · Feb 23, 2023 · 7f360a5 · 7f360a5
2 parents cd12d1c + 2aff177
commit 7f360a5
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 0 deletions.
diff --git a/Sources/ShieldSecurity/SecKeyPair.swift b/Sources/ShieldSecurity/SecKeyPair.swift
@@ -268,6 +268,29 @@ public struct SecKeyPair {
     return try encodedPublicKey() == keyData
   }
 
+#if swift(>=5.5)
+  /// Check if the public key of the key pair matches the public key in a certificate.
+  ///
+  /// The certificate is first validated as a trusted certificate and then the key pair
+  /// is checked against the public key of the key pair.
+  ///
+  /// - Parameters:
+  ///   - certificate: Certificate to check for equality with the key pair's public key.
+  ///   - trustedCertificates: Any certificates needed to complete the "chain-of-trust" for `certificate`.
+  /// - Returns: True if the public key of `certificate` and the key pair match.
+  ///
+  public func matchesCertificate(
+    certificate: SecCertificate,
+    trustedCertificates: [SecCertificate]
+  ) async throws -> Bool {
+
+    let keyData =
+      try await certificate.publicKeyValidated(trustedCertificates: trustedCertificates).encode()
+
+    return try encodedPublicKey() == keyData
+  }
+#endif
+
 
   /// Structure representing keys exported using ``export(password:derivedKeyLength:keyDerivationTiming:)``.
   ///

diff --git a/Tests/SecKeyPairTests.swift b/Tests/SecKeyPairTests.swift
@@ -141,6 +141,27 @@ class SecKeyPairTests: XCTestCase {
     waitForExpectations(timeout: 10.0)
   }
 
+#if swift(>=5.5)
+  func testCertificateMatchingAsync() async throws {
+
+    let name = try NameBuilder().add("Unit Testing", forTypeName: "CN").name
+
+    let certData =
+      try Certificate.Builder()
+        .subject(name: name)
+        .issuer(name: name)
+        .publicKey(keyPair: rsaKeyPair, usage: [.keyEncipherment])
+        .valid(for: 86400 * 5)
+        .build(signingKey: rsaKeyPair.privateKey, digestAlgorithm: .sha256)
+        .encoded()
+
+    let cert = SecCertificateCreateWithData(nil, certData as CFData)!
+
+    let result = try await self.rsaKeyPair.matchesCertificate(certificate: cert, trustedCertificates: [cert])
+    XCTAssertTrue(result)
+  }
+#endif
+
   func testImportExport() throws {
 
     let exportedKeyData = try rsaKeyPair.export(password: "123")