在 iOS 上查找证书
请注意,这个问题是在 2001 年提出的。现在情况已经发生了变化。
我有一台需要访问 Junos VPN 的 iOS 设备。 Junos 管理员的不透明指示表明我必须检索已使用 Apple IPCU 为设备配置的证书。我知道证书位于设备上(我可以在“设置”中看到它),并且我可以通过 Mail、Safari 和 Junos 应用程序访问 VPN。
苹果文档指出,每个应用程序都有自己的钥匙串,但所有这三个应用程序都可以看到证书。 Jusos 可以访问 IPCU 提供的证书这一事实意味着任何应用程序都可以访问此证书。然而,当我尝试找到它时:
CFTypeRef certificateRef = NULL; // will hold a ref to the cert we're trying to retrieve
const char *certLabelString = "myCertificateName"; // c string of the certificate we're searching for.
CFStringRef certLabel = CFStringCreateWithCString( NULL, certLabelString, kCFStringEncodingUTF8); // the search we need - a string match for a UTF8 String.
const void *keys[] = { kSecClass, kSecAttrLabel, kSecReturnRef };
const void *values[] = { kSecClassCertificate, certLabel, kCFBooleanTrue };
CFDictionaryRef dict = CFDictionaryCreate(NULL, keys, values, 3, NULL, NULL); // set up a search to retrieve this certificate.
OSStatus status = SecItemCopyMatching(dict, &certificateRef); // Search the keychain, returning in dict
if(status != errSecSuccess)
NSLog(@"keychain find returned %ld", status);
if(dict)
CFRelease(dict);
它失败了。我的问题:
这段代码正确吗?其实我知道 这不是因为
SecItemCopyMatching返回errSecItemNotFound我应该使用什么值
certLabelString- 我假设 人类可读的名称显示在 设置。
在“设置”中,证书看起来像这样(遗憾的是混淆得要死),我指定的搜索文本正是设置中显示的文本。
交叉发布到 Apple 开发者论坛
Note this question is was asked in 2001. Things have changed.
I have an iOS device that needs to access a Junos VPN. The opaque instructions from the Junos admin say that I have to retrieve a certificate that has been provisioned to the device using the Apple IPCU. I know that the cert is on the device (I can see it in Settings) and I can access the VPN though Mail, Safari and the Junos App.
The Apple docs state that each app has its own keychain and yet all three of these apps can see the cert. The fact that Jusos can access a cert provisioned by IPCU implies that any app can access this certificate. However when I try to locate it:
CFTypeRef certificateRef = NULL; // will hold a ref to the cert we're trying to retrieve
const char *certLabelString = "myCertificateName"; // c string of the certificate we're searching for.
CFStringRef certLabel = CFStringCreateWithCString( NULL, certLabelString, kCFStringEncodingUTF8); // the search we need - a string match for a UTF8 String.
const void *keys[] = { kSecClass, kSecAttrLabel, kSecReturnRef };
const void *values[] = { kSecClassCertificate, certLabel, kCFBooleanTrue };
CFDictionaryRef dict = CFDictionaryCreate(NULL, keys, values, 3, NULL, NULL); // set up a search to retrieve this certificate.
OSStatus status = SecItemCopyMatching(dict, &certificateRef); // Search the keychain, returning in dict
if(status != errSecSuccess)
NSLog(@"keychain find returned %ld", status);
if(dict)
CFRelease(dict);
It fails. My questions:
Is this code correct? Actually I know
it isn't becauseSecItemCopyMatchingreturnserrSecItemNotFoundWhat value should I use for
certLabelString- I am assuming the
human readable name shown in
Settings.
In Settings, the cert looks like this (sadly obfuscated to death) the search text I specify is exactly the text shown in settings.
Cross posted to Apple developer forums
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
所以答案(在 Apple 论坛上)是 mail.app 和 Safari.app 共享 Apple钥匙串标识符,这是您可以使用 Apple MDM 工具将证书推送到的唯一钥匙串。任何其他遇到此问题的人都应该提交缺陷,以鼓励 Apple 做正确的事情。
So the answer (on the Apple forums) is that mail.app and Safari.app share the Apple keychain identifier and this is the only keychain that you can push certificates to using the Apple MDM tool. Anyone else who comes up against this should file a defect in order to encourage Apple to do the right thing.
自 2015 年中期以来,现在有了
Safari Services 框架(在WKWebView和UIWebView旁边,我们现在有了SFSafariViewController代码>)。SFSafariViewController能够访问苹果钥匙串,因此可以使用所有身份:) 非常好。https://developer.apple.com/videos/play/wwdc2015/504/
https ://developer.apple.com/library/ios/documentation/SafariServices/Reference/SafariServicesFramework_Ref/index.html#//apple_ref/doc/uid/TP40016218
Since middle of 2015, there is now the
Safari Services framework(next toWKWebViewandUIWebView, we now have aSFSafariViewController).SFSafariViewControllerhas the ability to access the apple keychain and therefore can use all identities :) Very nice.https://developer.apple.com/videos/play/wwdc2015/504/
https://developer.apple.com/library/ios/documentation/SafariServices/Reference/SafariServicesFramework_Ref/index.html#//apple_ref/doc/uid/TP40016218