xcode – OSStatus Code -1009,com.apple.LocalAuthentication
发布时间:2020-12-14 19:05:45 所属栏目:百科 来源:网络整理
导读:我正在尝试使用iOS钥匙串测试加密. Domain=com.apple.LocalAuthentication Code=-1009 "ACL operation is not allowed: 'od'" UserInfo={NSLocalizedDescription=ACL operation is not allowed: 'od'} 这是我的测试代码: func testEncrpytKeychain() { let
我正在尝试使用iOS钥匙串测试加密.
Domain=com.apple.LocalAuthentication Code=-1009 "ACL operation is not allowed: 'od'" UserInfo={NSLocalizedDescription=ACL operation is not allowed: 'od'} 这是我的测试代码: func testEncrpytKeychain() { let promise = expectation(description: "Unlock") let data: Data! = self.sampleData let text: String! = self.sampleText wait(for: [promise],timeout: 30) let chain = Keychain(account: "tester",serviceName: "testing2",access: .whenPasscodeSetThisDeviceOnly,accessGroup: nil) chain.unlockChain { reply,error in defer { promise.fulfill() } guard error == nil else { // ** FAILS ON THIS LINE WITH OSSTATUS ERROR ** XCTAssert(false,"Error: (String(describing: error))") return } guard let cipherData = try? chain.encrypt(data) else { XCTAssert(false,"Cipher Data not created") return } XCTAssertNotEqual(cipherData,data) guard let clearData = try? chain.decrypt(cipherData) else { XCTAssert(false,"Clear Data not decrypted") return } XCTAssertEqual(clearData,data) let clearText = String(data: clearData,encoding: .utf8) XCTAssertEqual(clearText,text) } } 这是底层的异步unlockChain代码: // context is a LAContext func unlockChain(_ callback: @escaping (Bool,Error?) -> Void) { var error: NSError? = nil guard context.canEvaluatePolicy(.deviceOwnerAuthentication,error: &error) else { callback(false,error) return } context.evaluateAccessControl(control,operation: .createItem,localizedReason: "Access your Account") { (reply,error) in self.context.evaluateAccessControl(self.control,operation: .useItem,error) in self.unlocked = reply callback(reply,error) } } } 以下是上下文和控件对象的制作方法 init(account: String,serviceName: String = (Bundle.main.bundleIdentifier ?? ""),access: Accessibility = .whenUnlocked,accessGroup: String? = nil) { self.account = account self.serviceName = serviceName self.accessGroup = accessGroup self.access = access var error: Unmanaged<CFError>? = nil self.control = SecAccessControlCreateWithFlags(kCFAllocatorDefault,access.attrValue,[.privateKeyUsage],&error) if let e: Error = error?.takeRetainedValue() { Log.error(e) } self.context = LAContext() } 我找不到有关此错误的一点信息: Domain=com.apple.LocalAuthentication Code=-1009 OSStatus Code site doesn’t contain anything for it either 任何帮助表示赞赏,谢谢. 解决方法
我在创建新私钥之前删除了以前的私钥,解决了同样的问题.
我猜想在iOS10上(11没有显示错误),当你使用相同的标签/大小而不是相同的访问设置的SecKeyCreateRandomKey(…)时,它只会返回true而是使用旧的(感觉很奇怪)但谁知道)? 这是一个懒惰的C函数我刚刚删除它(只记得设置你的ApplicationPrivateKeyTag: void deletePrivateKey() { CFStringRef ApplicationPrivateKeyTag = CFSTR("your tag here"); const void* keys[] = { kSecAttrApplicationTag,kSecClass,kSecAttrKeyClass,kSecReturnRef,}; const void* values[] = { ApplicationPrivateKeyTag,kSecClassKey,kSecAttrKeyClassPrivate,kCFBooleanTrue,}; CFDictionaryRef params = CFDictionaryCreate(kCFAllocatorDefault,keys,values,(sizeof(keys)/sizeof(void*)),NULL,NULL); OSStatus status = SecItemDelete(params); if (params) CFRelease(params); if (ApplicationPrivateKeyTag) CFRelease(ApplicationPrivateKeyTag); if (status == errSecSuccess) return true; return false; } FWIW:看起来苹果更新了their doc about the Security Framework and the SecureEnclave,现在更容易理解了. (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |