Check if a mobileconfig profile is installed on iOS

前端 未结 1 1762
爱一瞬间的悲伤
爱一瞬间的悲伤 2021-02-06 07:12

Install mobileconfig file through (Installing a configuration profile on iPhone - programmatically) on iPhone Desktop.

How to check whether this config file is installed

相关标签:
1条回答
  • 2021-02-06 08:00

    I came across a the following approach to identify if the mobile config is installed or not,But I have not tested though so far.

    There is no direct API available to do this.But there is a workaround to achieve this by the means of certificate trust verification.

    If we attach a self-signed trust ca with mobile config and install it on the device we can check if the mobile config is installed by checking the trust level of the leaf certificate that is signed by the self-signed root ca.That is ,If leaf certificate's trust verification is failed in the app means the mobile config is not installed or else installed

    Steps:

    • Create a Self Signed Root CA you can do it either using Certificate Assistant or openssl in terminal.

    • Create another Certificate and get it Signed using the Self Signed Root CA

    • Attach the Signed Certificate that is created in previous step to the xcode

    • Attach the Self Signed Root CA as a part of the Mobile Config

      • Open your mobile config in the IPCU

      • Scroll down to Credentials

      • Press Configure on the right side

      • Select the Self Signed Root CA (make sure its in .cer format)

      • Export the Mobile Config now and signing it using Globally Trusted CA like GoDaddy.This step is optional if its is done the device will show the mobile config as verified or else it will show as unverified while installing mobile config.


    Code Snippet:

    -(BOOL)IsMobileConfigInstalled {
    
    NSString* certPath = [[NSBundle mainBundle] pathForResource:@"LeafCertificate" ofType:@"cer"];
    
    NSData* certData = [NSData dataWithContentsOfFile:certPath];
    
    SecCertificateRef cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef) certData);
    
    SecPolicyRef policy = SecPolicyCreateBasicX509();
    
    SecTrustRef trust;
    
    OSStatus err = SecTrustCreateWithCertificates((__bridge CFArrayRef) [NSArray arrayWithObject:(__bridge id)cert], policy, &trust);
    
    SecTrustResultType trustResult = -1;
    
    err = SecTrustEvaluate(trust, &trustResult);
    
    CFRelease(trust);
    
    CFRelease(policy);
    
    CFRelease(cert);
    
    if(trustResult == kSecTrustResultUnspecified)
        return YES;
    else
        return NO;
    }
    

    References:

    Here is the link to a technical discussion around the topic in apple developer forum

    Here is the link to a blog post that takes you step by step.

    Here are the links to stack overflow discussions about this topic Ref1, Ref22

    0 讨论(0)
提交回复
热议问题