Search code examples
iphoneobjective-copensslpemcsr

Creating .pem file programmatically in Objective-C?


I am trying to create a PEM file programmatically from a Certificate Signing Request using Objective-C and the OpenSSL library in an iPhone app. I have generated the CSR (of type X509_REQ *) by following Adria Navarro's answer to this question:

Generating an OpenSSL Certificate Signing Request in iOS with Keychain stored keys

I've confirmed that the CSR is valid by printing it out to the console.

Below is my code for creating the PEM file (CertificateSigningRequest.pem). It ends up creating a blank file (0 bytes and no text). Am I doing something wrong, such that it is not able to write to the file via PEM_write_X509_REQ? (Note that I'm checking the file by downloading the app folder via Organizer.)

Thanks in advance for any help you can provide, and let me know if I should provide additional info.

- (void)createPemFileWithCertificateSigningRequest:(X509_REQ *)certSigningRequest
{
    //delete existing PEM file if there is one
    [self deletePemFile];

    //create empty PEM file
    NSString *pemFilePath = [self pemFilePath];
    if (![[NSFileManager defaultManager] createFileAtPath:pemFilePath contents:nil attributes:nil])
    {
        NSLog(@"Error creating file for PEM");
        UIAlertView *alertView = [[UIAlertView alloc] initWithTitle:@"Error creating file for PEM" message:[NSString stringWithFormat:@"Could not create file at the following location:\n\n%@", pemFilePath] delegate:nil cancelButtonTitle:@"OK" otherButtonTitles:nil];
        [alertView show];
        return;
    }

    //get a FILE struct for the PEM file
    NSFileHandle *outputFileHandle = [NSFileHandle fileHandleForWritingAtPath:pemFilePath];
    FILE *pemFile = fdopen([outputFileHandle fileDescriptor], "w");

    //write the CSR to the PEM file
    PEM_write_X509_REQ(pemFile, certSigningRequest);
}

- (NSString *)pemFilePath
{
    NSString *documentsFolder = [NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES) objectAtIndex:0];
    return [documentsFolder stringByAppendingPathComponent:@"CertificateSigningRequest.pem"];
}

Solution

  • It turns out that my issue was that I wasn't closing the file after writing to it. Adding the final line to this method did the trick.

    - (void)createPemFileWithCertificateSigningRequest:(X509_REQ *)certSigningRequest
    {
        //...
    
        //write the CSR to the PEM file
        PEM_write_X509_REQ(pemFile, certSigningRequest);
    
        //close the file
        fclose(pemFile); //THIS MAKES EVERYTHING WORK =)
    }