The KeyStoreChain type on macOS only supports key/certificate management but not signature signing/verification. If you look at https://docs.oracle.com/javase/9/security/oracleproviders.htm, the Apple provider only implements KeyStore. If you need to use a key in client auth, it needs to extract that key and use another provider (SunRsaSign or SunEC) to use it.

If the key was created (or imported) as "non-extractable", then it cannot be used.