CODEWITHSUNDEEP
iosobjective-ccertificate
MeGaPk
MeGaPk

Reputation: 149

Detect installed certificate on iOS 11 device

I have iOS 11 and this code doesn't detect my installed custom certificate:

- (BOOL)IsMobileConfigInstalled {
    NSString *certPath = [[NSBundle mainBundle] pathForResource:@"cert" ofType:@"der"];
    NSData *certData = [NSData dataWithContentsOfFile:certPath];
    SecCertificateRef cert = NULL;
    if ([certData length]) {
         cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef) certData);
        if (cert != NULL) {
            CFStringRef certSummary = SecCertificateCopySubjectSummary(cert);
            NSString *summaryString = [[NSString alloc] initWithString:(__bridge NSString *) certSummary];
            CFRelease(certSummary);
        }
    }
    SecPolicyRef policy = SecPolicyCreateBasicX509();
    SecTrustRef trust;
    OSStatus err = SecTrustCreateWithCertificates((__bridge CFArrayRef) @[
            (__bridge id) cert
    ], policy, &trust);
    SecTrustResultType trustResult = (SecTrustResultType) -1;
    err = SecTrustEvaluate(trust, &trustResult);
    CFRelease(trust);
    CFRelease(policy);
    CFRelease(cert);
    return kSecTrustResultUnspecified == trustResult;
}

What is the problem?

Upvotes: 0

Views: 676

Answers (1)

MeGaPk
MeGaPk

Reputation: 149

Problem solved. Apple just "fixed" result in trustResult.

So, now corrent answer: kSecTrustResultProceed

My fixed code version: Work on ios 10 and 11.

- (BOOL)IsMobileConfigInstalled {
    NSString *certPath = [[NSBundle mainBundle] pathForResource:@"cert" ofType:@"der"];
    NSData *certData = [NSData dataWithContentsOfFile:certPath];
    SecCertificateRef cert = NULL;
    if ([certData length]) {
        cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef) certData);
        if (cert != NULL) {
            CFStringRef certSummary = SecCertificateCopySubjectSummary(cert);
            NSString *summaryString = [[NSString alloc] initWithString:(__bridge NSString *) certSummary];
            CFRelease(certSummary);
        }
    }
    SecPolicyRef policy = SecPolicyCreateBasicX509();
    SecTrustRef trust;
    OSStatus err = SecTrustCreateWithCertificates((__bridge CFArrayRef) @[
            (__bridge id) cert
    ], policy, &trust);
    SecTrustResultType trustResult = (SecTrustResultType) -1;
    err = SecTrustEvaluate(trust, &trustResult);
    CFRelease(trust);
    CFRelease(policy);
    CFRelease(cert);
    NSString *ver = [[UIDevice currentDevice] systemVersion];
    float ver_float = [ver floatValue];
    if (ver_float >= 11)
        return kSecTrustResultProceed == trustResult;
    return kSecTrustResultUnspecified == trustResult;
}

Upvotes: 1

Related Questions