From 231cbb51a739e5ccbeafed887ee07050a5568ff2 Mon Sep 17 00:00:00 2001
From: Kevin Jones <kevin@vcsjones.com>
Date: Tue, 27 Aug 2024 12:00:45 -0400
Subject: [PATCH] Fix copying ephemeral keys to keychains. (#106973)

Starting on macOS Sequoia, at least in beta, SecKeychainitemCopyKeychain no longer returns errSecNoSuchKeychain for ephemeral keys.
Instead, it returns errSecInvalidItemRef.

This adds the error code in the handling logic for when we need to add an ephemeral key to the target keychain.
---
 .../System.Security.Cryptography.Native.Apple/pal_x509_macos.c  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/native/libs/System.Security.Cryptography.Native.Apple/pal_x509_macos.c b/src/native/libs/System.Security.Cryptography.Native.Apple/pal_x509_macos.c
index 41ba9648259c7..fc261117a1588 100644
--- a/src/native/libs/System.Security.Cryptography.Native.Apple/pal_x509_macos.c
+++ b/src/native/libs/System.Security.Cryptography.Native.Apple/pal_x509_macos.c
@@ -391,7 +391,7 @@ int32_t AppleCryptoNative_X509CopyWithPrivateKey(SecCertificateRef cert,
     SecKeychainItemRef itemCopy = NULL;
 
     // This only happens with an ephemeral key, so the keychain we're adding it to is temporary.
-    if (status == errSecNoSuchKeychain)
+    if (status == errSecNoSuchKeychain || status == errSecInvalidItemRef)
     {
         status = AddKeyToKeychain(privateKey, targetKeychain, NULL);
     }