I have been searching all over the apple documentation, including these forums, yet was not able to retrieve a certificate from a configuration profile that I had created and installed on my iPhone.
More specifically:
Using the iPhone Configuration Utility, I created a simple configuration profile that contains a certificate under the Credentials tab.
I am now trying to retrieve this certificate using my iPhone app but without any luck of coming across useful documentation/examples.
I know how to extract PKCS12 data - I just don't know where to find the certificate data to begin with.
Is there a path to the certificate data or to an NSDictionary of configuration profile values?
It seems it is not possible currently to read a profile. See https://devforums.apple.com/message/533356 (requires login).
Was looking for the same thing, to authenticate user as an enterprise employee.
Related
Now,I have a big question.I'm doing iOS dynamically compiled function, I want to use an iOS project, compile several different ipa file, use the Enterprise so that these items can be installed to the phone, I use xcodebuild command. But I do not know how to dynamically generate .mobileprovision file. I do not want every time manually generated from the Apple Developer Center
.mobileprovision files comply with RFC 3852 "Cryptographic Message Syntax (CMS)". In addition to the plain-text signing identities, app identifiers, entitlements, permitted test device UDIDs, and other related metadata, these files are cryptographically signed by Apple at the time they are generated on the Certificates, Identities, and Profiles tool. As only Apple holds the cryptographic keys that protect these documents, you will not be able to dynamically alter these files yourself -- you will have to work with the Certificates, Identities, and Profiles tool to be able to generate, request, download, and install profiles Apple generates.
Alternatively, the Certificates, Identities, and Profiles tool permits you to define what is called a Wildcard App ID (ex: com.mycompany.apps.*) that would allow you to use that one provisioning profile with apps under that app id tree:
com.mycompany.apps.myfirstapp
com.mycompany.apps.yetanotherapp
would both work, while:
com.mycompany.someotherapp
would require a different provisioning profile. Use of Wildcard App Ids also limits the kinds of entitlement based services you are permitted to use -- notably things like Push Notifications, Apple Pay, In-App Purchases, and Game Center are specifically disallowed under wildcard provisioning. If your app template requires use of these restricted entitlement based services, wildcard provisioning is not a viable solution and you will have to fall back to interacting with the Certificates, Profiles, and Identities tool.
The first time i uploaded an app to the app store i followed a youtube tutorial. Now i want to upload my second app. I have a lot of trouble understanding the process to upload an app. I've create a Provisioning profile, A certificate and a Distribution profile for my first app, am i supposed to use those again? Do i need to create a new provisioning profile, a new certificate and a new distribution profile? It's really confusing since i've been coding for less then 2 months.
Some step-by-step information would be very helpful. Thanks in advance.
The process is not as complicated as it seems
You need one developer certificate for testing and one distribution certificate for deployment (ad hoc or AppStore). If you have a valid certificate (given that you submitted an app already), then make sure you have it in your keychain (with the private key).
For a new app, you need to create a new appID. Remember that it should match the bundle identifier in your Xcode project.
With the distribution certificate and the appID, you can create a new distribution provisioning profile that needs to be downloaded to your machine. And should be used for the code signing in Xcode.
So, short answer. Use you current (valid) distribution certificate, add a new appID (matching your bundle identifier) to create a new Distribution Provisioning Profile. Use the profile to code signe your project.
Good luck... enrique
Definitely you need another provisioning profile connected to new APP ID for your second app
You dont need a new certificate though you need separate Appstore distribution provision profile.
Before creation of provision profile, you need to create APP ID.
After new APP ID you need to create new provision profile, you would be asked for select distribution certificate and you can select previous one there and also would be asked for APP ID and there you need to select your second app id (not older one).
Please check Apple Distribution Guide. It has clear instruction to do so.
And you can also checkout this tutorial. It may help you.
I'm creating a launcher for a game I'm making. To gain access to the launcher's menu the user has to first create an account on the game's site, buy the game using it, and then login to the launcher using his credentials. I've set up a php script on the server which accepts a username and password MD5 hash parameter (in the URL), checks to see if the account is in the database and returns relevant information to the launcher.
Since I'm transferring sensitive (albeit encrypted) information over the Internet I've figured that using SSL would be the best way to go about doing this. Since I can't quite afford a legit third party signed certificate I've signed one myself. It's bundled in the launcher and added to the trust store programmatically so that I can use it to connect to that php script and login without any problems.
Now this whole system I've described works just fine, but I've heard from someone that using a self signed SSL certificate without the user's consent is illegal in some countries (namely Denmark, maybe others). I've tried looking this up to see whether I should add some sort of confirmation dialog to the launcher but I couldn't find anything.
I'm located (and developing the program) in Israel, the server is in the Netherlands.
Does anyone know what laws my friend was talking about, and what I should do to avoid breaking them, as well as online sources where I can read more about them?
Some countries have laws against using encryption. Check out Crypto Law Survey for details on each countries' restrictions. The Netherlands appears to have some restrictions, if so, you might want to consider moving your server.
I've a iOS app and I would like my users to upload images to S3 directly.
I need UserX to be able to upload folders to __MY_BUCKET__/UserX/* Only. So that each one of my users have their own folder and only they can modify content in them.
Given that scenario I need to create dynamic permissions to my S3 bucket
Is that possible?
If it is... maybe I am in the right path or not....
What I've done so far is
I am using this guide to create Elastic Beanstalk with a Token Vending Machine. Then I used this other guide to configure the TVM.
Now my issue with that in none of the guides it shows an example of how to register a dynamic user (my app user) or how get the token from the TVM or how to say "Hey TVM, this userID needs upload access to __BUCKET_/ThiUserID/*" from a iOS app.
So I guess what I wonder, is how do I fill the gaps if what I am trying to achieve is possible?
I'm one of the maintainers of the AWS Mobile SDKs. The page you linked to includes projects for both iOS and Android that show how to integrate the customized TVM code in a mobile application. I suggest you look there and if you need further clarification, please update your with specific questions about the code.
You may also want to look at our web identity federation sample which is included with the SDKs. In combination with IAM policy variables, you can generate dynamic policies without the use of a Token Vending Machine.
I've developed application which communicates with my own server over HTTPS. And I use .p12 certificate for mutual authorization. The problem is that after I send first request on server I receive OSX's dialog message:
I know that need to make code sign but:
Can I make some workaround/hack/trick to prevent it? Please note that my app is not going to go on Mac Store. So I could use any private API.
If we can't prevent this dialog then what should I do:
1. Code sign my application via Mac Developer Program?
2. Or make trusted my p12 certificate?
If need to make some of these items above please provide a quote as proof from Apple's documentation.
I use OSX 10.8 an later.
Code signing your application is the most straightforward way to avoid this dialog. When importing the certificate and private key your signed application and future versions that match its designated requirement will be given access to the key for all purposes. See Mac OS X Code Signing In Depth and the Code Signing Guide for more information.
On your development systems that have already imported the key into the keychain you may see the authorization prompt one additional time, on systems that do not yet have the key in the keychain the prompt shouldn't appear at all.