在 iOS 11 台设备上检测安装的证书
Detect installed certificate on iOS 11 device
我有 iOS 11,此代码未检测到我安装的自定义证书:
- (BOOL)IsMobileConfigInstalled {
NSString *certPath = [[NSBundle mainBundle] pathForResource:@"cert" ofType:@"der"];
NSData *certData = [NSData dataWithContentsOfFile:certPath];
SecCertificateRef cert = NULL;
if ([certData length]) {
cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef) certData);
if (cert != NULL) {
CFStringRef certSummary = SecCertificateCopySubjectSummary(cert);
NSString *summaryString = [[NSString alloc] initWithString:(__bridge NSString *) certSummary];
CFRelease(certSummary);
}
}
SecPolicyRef policy = SecPolicyCreateBasicX509();
SecTrustRef trust;
OSStatus err = SecTrustCreateWithCertificates((__bridge CFArrayRef) @[
(__bridge id) cert
], policy, &trust);
SecTrustResultType trustResult = (SecTrustResultType) -1;
err = SecTrustEvaluate(trust, &trustResult);
CFRelease(trust);
CFRelease(policy);
CFRelease(cert);
return kSecTrustResultUnspecified == trustResult;
}
有什么问题?
问题已解决。
Apple 刚刚 "fixed" 结果信任结果。
那么,现在正确答案是:kSecTrustResultProceed
我的固定代码版本:
处理 ios 10 和 11。
- (BOOL)IsMobileConfigInstalled {
NSString *certPath = [[NSBundle mainBundle] pathForResource:@"cert" ofType:@"der"];
NSData *certData = [NSData dataWithContentsOfFile:certPath];
SecCertificateRef cert = NULL;
if ([certData length]) {
cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef) certData);
if (cert != NULL) {
CFStringRef certSummary = SecCertificateCopySubjectSummary(cert);
NSString *summaryString = [[NSString alloc] initWithString:(__bridge NSString *) certSummary];
CFRelease(certSummary);
}
}
SecPolicyRef policy = SecPolicyCreateBasicX509();
SecTrustRef trust;
OSStatus err = SecTrustCreateWithCertificates((__bridge CFArrayRef) @[
(__bridge id) cert
], policy, &trust);
SecTrustResultType trustResult = (SecTrustResultType) -1;
err = SecTrustEvaluate(trust, &trustResult);
CFRelease(trust);
CFRelease(policy);
CFRelease(cert);
NSString *ver = [[UIDevice currentDevice] systemVersion];
float ver_float = [ver floatValue];
if (ver_float >= 11)
return kSecTrustResultProceed == trustResult;
return kSecTrustResultUnspecified == trustResult;
}
我有 iOS 11,此代码未检测到我安装的自定义证书:
- (BOOL)IsMobileConfigInstalled {
NSString *certPath = [[NSBundle mainBundle] pathForResource:@"cert" ofType:@"der"];
NSData *certData = [NSData dataWithContentsOfFile:certPath];
SecCertificateRef cert = NULL;
if ([certData length]) {
cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef) certData);
if (cert != NULL) {
CFStringRef certSummary = SecCertificateCopySubjectSummary(cert);
NSString *summaryString = [[NSString alloc] initWithString:(__bridge NSString *) certSummary];
CFRelease(certSummary);
}
}
SecPolicyRef policy = SecPolicyCreateBasicX509();
SecTrustRef trust;
OSStatus err = SecTrustCreateWithCertificates((__bridge CFArrayRef) @[
(__bridge id) cert
], policy, &trust);
SecTrustResultType trustResult = (SecTrustResultType) -1;
err = SecTrustEvaluate(trust, &trustResult);
CFRelease(trust);
CFRelease(policy);
CFRelease(cert);
return kSecTrustResultUnspecified == trustResult;
}
有什么问题?
问题已解决。 Apple 刚刚 "fixed" 结果信任结果。
那么,现在正确答案是:kSecTrustResultProceed
我的固定代码版本: 处理 ios 10 和 11。
- (BOOL)IsMobileConfigInstalled {
NSString *certPath = [[NSBundle mainBundle] pathForResource:@"cert" ofType:@"der"];
NSData *certData = [NSData dataWithContentsOfFile:certPath];
SecCertificateRef cert = NULL;
if ([certData length]) {
cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef) certData);
if (cert != NULL) {
CFStringRef certSummary = SecCertificateCopySubjectSummary(cert);
NSString *summaryString = [[NSString alloc] initWithString:(__bridge NSString *) certSummary];
CFRelease(certSummary);
}
}
SecPolicyRef policy = SecPolicyCreateBasicX509();
SecTrustRef trust;
OSStatus err = SecTrustCreateWithCertificates((__bridge CFArrayRef) @[
(__bridge id) cert
], policy, &trust);
SecTrustResultType trustResult = (SecTrustResultType) -1;
err = SecTrustEvaluate(trust, &trustResult);
CFRelease(trust);
CFRelease(policy);
CFRelease(cert);
NSString *ver = [[UIDevice currentDevice] systemVersion];
float ver_float = [ver floatValue];
if (ver_float >= 11)
return kSecTrustResultProceed == trustResult;
return kSecTrustResultUnspecified == trustResult;
}