检测iOS 11设备上安装的证书

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了检测iOS 11设备上安装的证书相关的知识,希望对你有一定的参考价值。

我有ios 11,这段代码没有检测到我安装的自定义证书:

- (BOOL)IsMobileConfigInstalled {
    NSString *certPath = [[NSBundle mainBundle] pathForResource:@"cert" ofType:@"der"];
    NSData *certData = [NSData dataWithContentsOfFile:certPath];
    SecCertificateRef cert = NULL;
    if ([certData length]) {
         cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef) certData);
        if (cert != NULL) {
            CFStringRef certSummary = SecCertificateCopySubjectSummary(cert);
            NSString *summaryString = [[NSString alloc] initWithString:(__bridge NSString *) certSummary];
            CFRelease(certSummary);
        }
    }
    SecPolicyRef policy = SecPolicyCreateBasicX509();
    SecTrustRef trust;
    OSStatus err = SecTrustCreateWithCertificates((__bridge CFArrayRef) @[
            (__bridge id) cert
    ], policy, &trust);
    SecTrustResultType trustResult = (SecTrustResultType) -1;
    err = SecTrustEvaluate(trust, &trustResult);
    CFRelease(trust);
    CFRelease(policy);
    CFRelease(cert);
    return kSecTrustResultUnspecified == trustResult;
}

问题是什么?

答案

问题解决了。 Apple刚刚“修复”了trustResult的结果。

所以,现在正确回答:kSecTrustResultProceed

我的固定代码版本:在ios 10和11上工作。

- (BOOL)IsMobileConfigInstalled {
    NSString *certPath = [[NSBundle mainBundle] pathForResource:@"cert" ofType:@"der"];
    NSData *certData = [NSData dataWithContentsOfFile:certPath];
    SecCertificateRef cert = NULL;
    if ([certData length]) {
        cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef) certData);
        if (cert != NULL) {
            CFStringRef certSummary = SecCertificateCopySubjectSummary(cert);
            NSString *summaryString = [[NSString alloc] initWithString:(__bridge NSString *) certSummary];
            CFRelease(certSummary);
        }
    }
    SecPolicyRef policy = SecPolicyCreateBasicX509();
    SecTrustRef trust;
    OSStatus err = SecTrustCreateWithCertificates((__bridge CFArrayRef) @[
            (__bridge id) cert
    ], policy, &trust);
    SecTrustResultType trustResult = (SecTrustResultType) -1;
    err = SecTrustEvaluate(trust, &trustResult);
    CFRelease(trust);
    CFRelease(policy);
    CFRelease(cert);
    NSString *ver = [[UIDevice currentDevice] systemVersion];
    float ver_float = [ver floatValue];
    if (ver_float >= 11)
        return kSecTrustResultProceed == trustResult;
    return kSecTrustResultUnspecified == trustResult;
}

以上是关于检测iOS 11设备上安装的证书的主要内容,如果未能解决你的问题,请参考以下文章

如何在设备上安装配置证书以使用企业 iOS 帐户进行 OTA(无线)应用程序分发

iOS MDM 服务器 SSL 证书不受设备信任

ios 用xCode开发,怎么打包ipa包,在未越狱的iPhone上可以直接安装

iOS检测手机是否越狱了,GDB防护,自建https证书

无法在工作资料上的 Android 11 上安装 CA 证书

iOS:检测我的 SDK 是不是安装在设备上的其他应用程序上