(Objective-C) Find Certificate by Email Address

See more Cert Store Examples

In an X.509 certificate, an email address can typically be located in two places:

1. RFC822 Name (Subject Alternative Name extension) -
   • The certificate may include an email address in the Subject Alternative Name (SAN) extension under the RFC822 Name field. This is a modern and preferred method because it allows for flexibility and alignment with security best practices.
   • To find it, Chilkat inspects the SAN extension in the certificate details.
2. Subject (Common Name or Email Address attribute) -
   • Older certificates may store the email address directly in the Subject field, typically under the Email Address attribute ("emailAddress") or, less commonly, the Common Name (CN).
   • This method is less preferred in modern standards but can still be encountered in legacy implementations. Chilkat also searches here for the email address.

Note: Requires Chilkat v10.1.2 or later.

Chilkat Objective-C Library Downloads MAC OS X (Cocoa) Libs iOS Libs

#import <CkoCertStore.h>
#import <CkoJsonObject.h>
#import <NSString.h>
#import <CkoCert.h>

CkoCertStore *certStore = [[CkoCertStore alloc] init];

// This opens the Current User certificate store on Windows,
// On MacOS and iOS it opens the default Keychain.
BOOL readOnly = NO;
BOOL success = [certStore OpenCurrentUserStore: readOnly];
if (success == NO) {
    NSLog(@"%@",certStore.LastErrorText);
    return;
}

// Find the certificate having the specified email address in either the RFC822 Name or in the Subject.
CkoJsonObject *json = [[CkoJsonObject alloc] init];
NSString *email_address = @"joe@example.com";
[json UpdateString: @"email" value: email_address];

CkoCert *cert = [[CkoCert alloc] init];
success = [certStore FindCert: json cert: cert];
if (success == YES) {
    // Show the full distinguished name of the certificate.
    NSLog(@"%@%@",@"Found: ",cert.SubjectDN);
}
else {
    NSLog(@"%@",@"Not found.");
}