From c9d7f08885935207d8d612d5dc58df1a81c9568e Mon Sep 17 00:00:00 2001 From: magicrobotmonkey Date: Sat, 1 Oct 2022 07:46:37 -0400 Subject: [PATCH] add support for SecCertificateCopyKey, which replaces deprecated SecCertificateCopyPublicKey since MacOS 10.14 (#63) Co-authored-by: Aaron Bassett --- oscrypto/_mac/_security_cffi.py | 1 + oscrypto/_mac/_security_ctypes.py | 5 +++++ oscrypto/_mac/asymmetric.py | 9 ++++++--- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/oscrypto/_mac/_security_cffi.py b/oscrypto/_mac/_security_cffi.py index 32152f9..f2606b2 100644 --- a/oscrypto/_mac/_security_cffi.py +++ b/oscrypto/_mac/_security_cffi.py @@ -103,6 +103,7 @@ SecTransformRef SecSignTransformCreate(SecKeyRef key, CFErrorRef *error); SecCertificateRef SecCertificateCreateWithData(CFAllocatorRef allocator, CFDataRef data); OSStatus SecCertificateCopyPublicKey(SecCertificateRef certificate, SecKeyRef *key); + SecKeyRef SecCertificateCopyKey(SecCertificateRef certificate); CFStringRef SecCopyErrorMessageString(OSStatus status, void *reserved); OSStatus SecTrustCopyAnchorCertificates(CFArrayRef *anchors); CFDataRef SecCertificateCopyData(SecCertificateRef certificate); diff --git a/oscrypto/_mac/_security_ctypes.py b/oscrypto/_mac/_security_ctypes.py index ad24161..8f4cda7 100644 --- a/oscrypto/_mac/_security_ctypes.py +++ b/oscrypto/_mac/_security_ctypes.py @@ -199,6 +199,11 @@ class SecItemImportExportKeyParameters(Structure): ] Security.SecCertificateCreateWithData.restype = SecCertificateRef + Security.SecCertificateCopyKey.argtypes = [ + SecCertificateRef, + ] + Security.SecCertificateCopyKey.restype = SecKeyRef + Security.SecCertificateCopyPublicKey.argtypes = [ SecCertificateRef, POINTER(SecKeyRef) diff --git a/oscrypto/_mac/asymmetric.py b/oscrypto/_mac/asymmetric.py index 131197b..85cad34 100644 --- a/oscrypto/_mac/asymmetric.py +++ b/oscrypto/_mac/asymmetric.py @@ -261,9 +261,12 @@ def public_key(self): sec_cert_ref = self.sec_certificate_ref sec_public_key_ref_pointer = new(Security, 'SecKeyRef *') - res = Security.SecCertificateCopyPublicKey(sec_cert_ref, sec_public_key_ref_pointer) - handle_sec_error(res) - sec_public_key_ref = unwrap(sec_public_key_ref_pointer) + if osx_version_info >= (10, 14): + sec_public_key_ref = Security.SecCertificateCopyKey(sec_cert_ref) + else: + res = Security.SecCertificateCopyPublicKey(sec_cert_ref, sec_public_key_ref_pointer) + handle_sec_error(res) + sec_public_key_ref = unwrap(sec_public_key_ref_pointer) self._public_key = PublicKey(sec_public_key_ref, self.asn1['tbs_certificate']['subject_public_key_info']) return self._public_key