xcode – OSStatus Code -1009,com.apple.LocalAuthentication
发布时间:2020-12-14 19:05:45 所属栏目:百科 来源:网络整理
导读:我正在尝试使用iOS钥匙串测试加密. Domain=com.apple.LocalAuthentication Code=-1009 "ACL operation is not allowed: 'od'" UserInfo={NSLocalizedDescription=ACL operation is not allowed: 'od'} 这是我的测试代码: func testEncrpytKeychain() { let
|
我正在尝试使用iOS钥匙串测试加密.
Domain=com.apple.LocalAuthentication Code=-1009 "ACL operation is not allowed: 'od'" UserInfo={NSLocalizedDescription=ACL operation is not allowed: 'od'}
这是我的测试代码: func testEncrpytKeychain() {
let promise = expectation(description: "Unlock")
let data: Data! = self.sampleData
let text: String! = self.sampleText
wait(for: [promise],timeout: 30)
let chain = Keychain(account: "tester",serviceName: "testing2",access: .whenPasscodeSetThisDeviceOnly,accessGroup: nil)
chain.unlockChain { reply,error in
defer {
promise.fulfill()
}
guard error == nil else {
// ** FAILS ON THIS LINE WITH OSSTATUS ERROR **
XCTAssert(false,"Error: (String(describing: error))")
return
}
guard let cipherData = try? chain.encrypt(data) else {
XCTAssert(false,"Cipher Data not created")
return
}
XCTAssertNotEqual(cipherData,data)
guard let clearData = try? chain.decrypt(cipherData) else {
XCTAssert(false,"Clear Data not decrypted")
return
}
XCTAssertEqual(clearData,data)
let clearText = String(data: clearData,encoding: .utf8)
XCTAssertEqual(clearText,text)
}
}
这是底层的异步unlockChain代码: // context is a LAContext
func unlockChain(_ callback: @escaping (Bool,Error?) -> Void) {
var error: NSError? = nil
guard context.canEvaluatePolicy(.deviceOwnerAuthentication,error: &error) else {
callback(false,error)
return
}
context.evaluateAccessControl(control,operation: .createItem,localizedReason: "Access your Account") { (reply,error) in
self.context.evaluateAccessControl(self.control,operation: .useItem,error) in
self.unlocked = reply
callback(reply,error)
}
}
}
以下是上下文和控件对象的制作方法 init(account: String,serviceName: String = (Bundle.main.bundleIdentifier ?? ""),access: Accessibility = .whenUnlocked,accessGroup: String? = nil) {
self.account = account
self.serviceName = serviceName
self.accessGroup = accessGroup
self.access = access
var error: Unmanaged<CFError>? = nil
self.control = SecAccessControlCreateWithFlags(kCFAllocatorDefault,access.attrValue,[.privateKeyUsage],&error)
if let e: Error = error?.takeRetainedValue() {
Log.error(e)
}
self.context = LAContext()
}
我找不到有关此错误的一点信息: Domain=com.apple.LocalAuthentication Code=-1009 OSStatus Code site doesn’t contain anything for it either 任何帮助表示赞赏,谢谢. 解决方法
我在创建新私钥之前删除了以前的私钥,解决了同样的问题.
我猜想在iOS10上(11没有显示错误),当你使用相同的标签/大小而不是相同的访问设置的SecKeyCreateRandomKey(…)时,它只会返回true而是使用旧的(感觉很奇怪)但谁知道)? 这是一个懒惰的C函数我刚刚删除它(只记得设置你的ApplicationPrivateKeyTag: void deletePrivateKey()
{
CFStringRef ApplicationPrivateKeyTag = CFSTR("your tag here");
const void* keys[] = {
kSecAttrApplicationTag,kSecClass,kSecAttrKeyClass,kSecReturnRef,};
const void* values[] = {
ApplicationPrivateKeyTag,kSecClassKey,kSecAttrKeyClassPrivate,kCFBooleanTrue,};
CFDictionaryRef params = CFDictionaryCreate(kCFAllocatorDefault,keys,values,(sizeof(keys)/sizeof(void*)),NULL,NULL);
OSStatus status = SecItemDelete(params);
if (params) CFRelease(params);
if (ApplicationPrivateKeyTag) CFRelease(ApplicationPrivateKeyTag);
if (status == errSecSuccess)
return true;
return false;
}
FWIW:看起来苹果更新了their doc about the Security Framework and the SecureEnclave,现在更容易理解了. (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |