add detection for p12 without password

emissarman · Jan 16, 2017 · ff57680 · ff57680
1 parent 9b6770a
commit ff57680
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 1 deletion.
diff --git a/Classes/NWSecTools.m b/Classes/NWSecTools.m
@@ -249,7 +249,7 @@ + (NWKeyRef)keyWithIdentity:(NWIdentityRef)identity error:(NSError *__autoreleas
 
 + (NSArray *)allIdentitiesWithPKCS12Data:(NSData *)data password:(NSString *)password error:(NSError *__autoreleasing *)error
 {
-    NSDictionary *options = @{(__bridge id)kSecImportExportPassphrase: password};
+    NSDictionary *options = password ? @{(__bridge id)kSecImportExportPassphrase: password} : @{};
     CFArrayRef items = NULL;
     OSStatus status = data ? SecPKCS12Import((__bridge CFDataRef)data, (__bridge CFDictionaryRef)options, &items) : errSecParam;
     NSArray *dicts = CFBridgingRelease(items);
@@ -259,6 +259,7 @@ + (NSArray *)allIdentitiesWithPKCS12Data:(NSData *)data password:(NSString *)pas
             case errSecAuthFailed: return [NWErrorUtil nilWithErrorCode:kNWErrorPKCS12AuthFailed error:error];
 #if !TARGET_OS_IPHONE
             case errSecPkcs12VerifyFailure: return [NWErrorUtil nilWithErrorCode:kNWErrorPKCS12Password error:error];
+            case errSecPassphraseRequired: return [NWErrorUtil nilWithErrorCode:kNWErrorPKCS12PasswordRequired error:error];
 #endif
         }
         return [NWErrorUtil nilWithErrorCode:kNWErrorPKCS12Import reason:status error:error];

diff --git a/Classes/NWType.h b/Classes/NWType.h
@@ -151,6 +151,8 @@ typedef NS_ENUM(NSInteger, NWError) {
     kNWErrorPKCS12AuthFailed                   = -312,
     /** PKCS12 data wrong password. */
     kNWErrorPKCS12Password                     = -313,
+    /** PKCS12 data password required. */
+    kNWErrorPKCS12PasswordRequired             = -314,
     /** PKCS12 data contains no identities. */
     kNWErrorPKCS12NoItems                      = -307,
     /** PKCS12 data contains multiple identities. */

diff --git a/Classes/NWType.m b/Classes/NWType.m
@@ -102,6 +102,7 @@ + (NSString *)stringWithCode:(NWError)code
         case kNWErrorPKCS12Decode                      : return @"PKCS12 data cannot be read or is malformed";
         case kNWErrorPKCS12AuthFailed                  : return @"PKCS12 data password incorrect";
         case kNWErrorPKCS12Password                    : return @"PKCS12 data wrong password";
+        case kNWErrorPKCS12PasswordRequired            : return @"PKCS12 data password required";
         case kNWErrorPKCS12NoItems                     : return @"PKCS12 data contains no identities";
         case kNWErrorPKCS12MultipleItems               : return @"PKCS12 data contains multiple identities";
 

diff --git a/Mac/NWAppDelegate.m b/Mac/NWAppDelegate.m
@@ -206,6 +206,9 @@ - (void)importIdentity
             NSData *data = [NSData dataWithContentsOfURL:url];
             NSError *error = nil;
             NSArray *ids = [NWSecTools identitiesWithPKCS12Data:data password:password error:&error];
+            if (!ids && password.length == 0 && error.code == kNWErrorPKCS12Password) {
+                ids = [NWSecTools identitiesWithPKCS12Data:data password:nil error:&error];
+            }
             if (!ids) {
                 NWLogWarn(@"Unable to read p12 file: %@", error.localizedDescription);
                 return;