检测iOS 11设备上安装的证书

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了检测iOS 11设备上安装的证书相关的知识,希望对你有一定的参考价值。

我有ios 11,这段代码没有检测到我安装的自定义证书:

- (BOOL)IsMobileConfigInstalled {
    NSString *certPath = [[NSBundle mainBundle] pathForResource:@"cert" ofType:@"der"];
    NSData *certData = [NSData dataWithContentsOfFile:certPath];
    SecCertificateRef cert = NULL;
    if ([certData length]) {
         cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef) certData);
        if (cert != NULL) {
            CFStringRef certSummary = SecCertificateCopySubjectSummary(cert);
            NSString *summaryString = [[NSString alloc] initWithString:(__bridge NSString *) certSummary];
            CFRelease(certSummary);
        }
    }
    SecPolicyRef policy = SecPolicyCreateBasicX509();
    SecTrustRef trust;
    OSStatus err = SecTrustCreateWithCertificates((__bridge CFArrayRef) @[
            (__bridge id) cert
    ], policy, &trust);
    SecTrustResultType trustResult = (SecTrustResultType) -1;
    err = SecTrustEvaluate(trust, &trustResult);
    CFRelease(trust);
    CFRelease(policy);
    CFRelease(cert);
    return kSecTrustResultUnspecified == trustResult;
}

问题是什么?

答案

问题解决了。 Apple刚刚“修复”了trustResult的结果。

所以,现在正确回答:kSecTrustResultProceed

我的固定代码版本:在ios 10和11上工作。

- (BOOL)IsMobileConfigInstalled {
    NSString *certPath = [[NSBundle mainBundle] pathForResource:@"cert" ofType:@"der"];
    NSData *certData = [NSData dataWithContentsOfFile:certPath];
    SecCertificateRef cert = NULL;
    if ([certData length]) {
        cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef) certData);
        if (cert != NULL) {
            CFStringRef certSummary = SecCertificateCopySubjectSummary(cert);
            NSString *summaryString = [[NSString alloc] initWithString:(__bridge NSString *) certSummary];
            CFRelease(certSummary);
        }
    }
    SecPolicyRef policy = SecPolicyCreateBasicX509();
    SecTrustRef trust;
    OSStatus err = SecTrustCreateWithCertificates((__bridge CFArrayRef) @[
            (__bridge id) cert
    ], policy, &trust);
    SecTrustResultType trustResult = (SecTrustResultType) -1;
    err = SecTrustEvaluate(trust, &trustResult);
    CFRelease(trust);
    CFRelease(policy);
    CFRelease(cert);
    NSString *ver = [[UIDevice currentDevice] systemVersion];
    float ver_float = [ver floatValue];
    if (ver_float >= 11)
        return kSecTrustResultProceed == trustResult;
    return kSecTrustResultUnspecified == trustResult;
}

以上是关于检测iOS 11设备上安装的证书的主要内容,如果未能解决你的问题,请参考以下文章