gistfile1.m

- (NSData *)signData:(NSData *)data withIndentity:(SecIdentityRef)identity
{
	// FIXME: cleanup cf leaks
	SecGroupTransformRef group = SecTransformCreateGroupTransform();
	CFReadStreamRef readStream = NULL;
	SecTransformRef readTransform = NULL;
	SecTransformRef signingTransform = NULL;
	CFErrorRef err = NULL;
	
	SecKeyRef privateKey;
	OSStatus ret = SecIdentityCopyPrivateKey(identity, &privateKey);
	if (ret) {
		NSLog(@"fail");
		return nil;
	}
	
	// Setup our input stream as well as an input transform
	readStream = CFReadStreamCreateWithBytesNoCopy(kCFAllocatorDefault, [data bytes], [data length], kCFAllocatorNull);
	
	readTransform = SecTransformCreateReadTransformWithReadStream(readStream);
	
	// Setup a signing transform
	signingTransform = SecSignTransformCreate(privateKey, &err);
	if (err) {
		NSLog(@"SecSignTransformCreate failed: %@", (__bridge NSError *)err);
		return nil;
	}
	SecTransformSetAttribute(signingTransform, kSecInputIsDigest, kCFBooleanTrue, &err);
	if (err) {
		NSLog(@"SecTransformSetAttribute:kSecInputIsDigest failed: %@", (__bridge NSError *)err);
		return nil;
	}
	SecTransformSetAttribute(signingTransform, kSecDigestTypeAttribute, kSecDigestSHA1, &err);
	if (err) {
		NSLog(@"SecTransformSetAttribute:kSecDigestTypeAttribute failed: %@", (__bridge NSError *)err);
		return nil;
	}
	
	// Connect read and signing transform; Have read pass its data to the signer
	SecTransformConnectTransforms(readTransform, kSecTransformOutputAttributeName,
								  signingTransform, kSecTransformInputAttributeName,
								  group, &err);
	if (err) {
		NSLog(@"SecTransformConnectTransforms failed: %@", (__bridge NSError *)err);
		return nil;
	}
	
	// Execute the sequence of transforms (group)
	// The last one in the connected sequence is the return value
	CFTypeRef cfRet = SecTransformExecute(group, &err);
	if (err) {
		NSLog(@"SecTransformExecute failed: %@", (__bridge NSError *)err);
		return nil;
	}
	return (__bridge_transfer NSData *)cfRet;
}