swift-certificates icon indicating copy to clipboard operation
swift-certificates copied to clipboard
verified publisher icon apple

Request: Make CMS-related objects public

Open TheGeekPharaoh opened this issue 5 months ago • 4 comments

Request: Make the CMS-related objects public

This would be useful in validating and generating CMS signatures without extremely messy workarounds, particularly on non-Apple platforms like, Linux.

Sample usecases:

  • Server-side validation of appstore receipts
  • Validating signatures on MDM requests in an MDM written in Swift

TheGeekPharaoh avatar Nov 20 '25 14:11 TheGeekPharaoh

Thanks for filing this issue, I believe that the API is public and available to use, just behind SPI - is that correct? At the moment there are SPI guards because we don't consider the API surface to be as well considered as we'd like, so they are not final. Unfortunately I don't think we have a timeline for when these will be finalized at the moment.

rnro avatar Nov 21 '25 11:11 rnro

Yes, I am able to perform signature generation and validation behind SPI.  However, I am now trying to extract the certificates and the underlying signed payload from an attached signature, and those data objects seem to be internal/private. On Friday, November 21, 2025 at 06:29:47 AM EST, Rick Newton-Rogers @.***> wrote:

rnro left a comment (apple/swift-certificates#285) Thanks for filing this issue, I believe that the API is public and available to use, just behind SPI - is that correct? At the moment there are SPI guards because we don't consider the API surface to be as well considered as we'd like, so they are not final. Unfortunately I don't think we have a timeline for when these will be finalized at the moment.

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>

TheGeekPharaoh avatar Nov 21 '25 13:11 TheGeekPharaoh

Which objects are you trying to access?

rnro avatar Nov 21 '25 14:11 rnro

CMSContentInfo, CMSSignedData, CMSEncapsulatedContentInfo, CMSSignerInfo...  Basically anything needed to extract the certificates used to sign the data and the underlying data itself. On Friday, November 21, 2025 at 09:11:57 AM EST, Rick Newton-Rogers @.***> wrote:

rnro left a comment (apple/swift-certificates#285) Which objects are you trying to access?

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>

TheGeekPharaoh avatar Nov 21 '25 15:11 TheGeekPharaoh

Thanks for sharing those details. I think we have a change coming soon to make those available behind SPI.

rnro avatar Nov 25 '25 14:11 rnro

Great!  Looking forward to it!

On Tuesday, November 25, 2025 at 09:50:51 AM EST, Rick Newton-Rogers ***@***.***> wrote:

rnro left a comment (apple/swift-certificates#285) Thanks for sharing those details. I think we have a change coming soon to make those available behind SPI.

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>

TheGeekPharaoh avatar Nov 26 '25 14:11 TheGeekPharaoh