Can the rawValue from ASN1Object be used as a certificate Data?

[alam156]

I have modified this library to extract certificate chain from p7b string. I am able to get x509Certificate information using the method x509Certificate(). What i need to do is parse only this Certificate's Data. I tried this with rawValue but in vain. How can i extract only certificate data. In my p7b string, there is 2 certificate. I only need 1st certificate.

[alam156]

`var pkcs7 = try PKCS7(data: data!)
let cert = pkcs7.certificate

public init(data: Data) throws {
let asn1 = try ASN1DERDecoder.decode(data: data)

    guard let firstBlock = asn1.first,
        let mainBlock = firstBlock.sub(1)?.sub(0) else {
        throw PKCS7Error.parseError
    }

    self.mainBlock = mainBlock

    guard firstBlock.sub(0)?.value as? String == OID.pkcs7signedData.rawValue else {
        throw PKCS7Error.notSupported
    }
}

public var certificate: X509Certificate? {
return mainBlock.sub(1)?.sub(1)?.sub?.first.map { try? X509Certificate(asn1: $0) } ?? nil
}
`

I tried to get mainBlock.sub(1)?.sub(1)?.sub?.first.rawValue and use it as certificateData. But it doesn't work.
Note: The X509Certificate information perfectly extracted using this. I need only the Certificate Data

[filom]

P7B have a slightly different encoding, here a sample code to read all the certificates without modifications:

// P7B should be encoded as PEM, so it need to get converted as currently PKCS7 parse only DER data
guard var pemString = String(data: pemData, encoding: .utf8) else { return }
pemString = pemString.replacingOccurrences(of: "-----BEGIN PKCS7-----", with: "")
pemString = pemString.replacingOccurrences(of: "-----END PKCS7-----", with: "")
guard let derData = Data(base64Encoded: pemString, options: .ignoreUnknownCharacters) else { return }

var certificates: [X509Certificate] = []

let pkcs7 = try PKCS7(data: derData)
let certificateCount = pkcs7.mainBlock.sub(1)?.sub(1)?.subCount() ?? 0

for i in 0..<certificateCount {
    if let value = pkcs7.mainBlock.sub(1)?.sub(1)?.sub(i)?.rawValue, 
      let certificate = try? X509Certificate(data: value) {
        certificates.append(certificate)
    }
}

certificates contains the results

[RuslanMirosh]

@alam156 I'm trying to get and use certificateData. But it doesn't work. Please share your solution.
mainBlock.sub(3)?.sub?.first?.rawValue doestn work
X509Certificate object doesnt has "data" variable

[RuslanMirosh]

@filom I need to create SecCertificate from X509Certificate

[filom]

The rawValue needs a prefix, add derEncodedSequence, then you can create a SecCertificate:

let cer = pkcs7.mainBlock.sub(3)?.sub?.first?.rawValue?.derEncodedSequence
let secCer = SecCertificateCreateWithData(nil, cer as NSData)

[RuslanMirosh]

@filom thank you very much, can I convert X509Certificate to PEM data and create SecCertificate from X509Certificate, without pkcs7?

[filom]

To create a SecCertificate you need a certificate in DER format not a PEM.

[RuslanMirosh]

I have it. I need convert X509Cetrificate to SecSertificate

[RuslanMirosh]

Need get data from x509Certificate object

[filom]

If you have a X509Cetrificate object, you must have created it with DER or PEM data, so if you have either one of them you don't have to pass through a X509Cetrificate parser object to recompose it back to a DER object.
If you have a PEM data, then it's simple to convert it to DER and finally create a SecCertificate.