How to delete a certificate from Mac Keychain through code?_问答_开发者

How to delete a certificate from Mac Keychain through code?

开发者 https://www.devze.com 2023-04-06 04:57 出处：网络

I\'ve looked into Apple\'s Certificate reference, and I don\'t see anything about removing certificates from the Keychain.

I've looked into Apple's Certificate reference, and I don't see anything about removing certificates from the Keychain.

Is it allowed?

If so, how? If no开发者_运维百科t, why not?

Certificates are a subtype of keychain items, so you can use SecKeychainItemDelete to remove them. To prevent compiler warnings, you'll need to explicitly cast the SecCertificateRef to a SecKeychainItemRef — plain C doesn't have language support for subclasses.

SecCertificateRef certificate = ...;
OSStatus status = SecKeychainItemDelete((SecKeychainItemRef)certificate);
if (status) {
    // Handle error
}

If you target Mac OS 10.6 or later, you can also use the newer SecItemDelete API. It doesn't provide any advantages in the simplest case, but you can change the query argument to delete multiple certificates at once, or delete certificates without having direct references to them.

SecCertificateRef certificate = ...;
NSDictionary *query = [NSDictionary dictionaryWithObjectsAndKeys:
                       kSecClassCertificate, kSecClass,
                       [NSArray arrayWithObject:(id)certificate], kSecMatchItemList,
                       kSecMatchLimitOne, kSecMatchLimit,
                       nil];    
OSStatus status = SecItemDelete((CFDictionaryRef)query);
if (status) {
    // Handle error
}