我刚刚从一家客户的现场回来,他们正在使用MobileIron并希望实现这一点。MobileIron开发支持向我们提供了这个代码片段,它通过MobileIron的Core Config技术导入了AppConnect Wrapper提供的证书。
虽然它看起来不太美观,但由于是他们提供的,所以我不能修改它。不过它确实有效!您可以将其插入到您的AppDelegate.h文件中:
- (NSString *)appConnectConfigChangedTo:(NSDictionary *)newConfig;
在AppDelegate.m中加入以下内容,放在之前提到的pragma mark之后:
#pragma mark UIApplicationDelegate implementation
- (NSString *)appConnectConfigChangedTo:(NSDictionary *)newConfig{
NSLog(@"New config retrieved");
NSString *certStr = [newConfig valueForKey:@"kUserCert"];
NSString *certPassword = [newConfig valueForKey:@"kUserCert_MI_CERT_PW"];
NSData *cert = [[NSData alloc] initWithBase64EncodedString:certStr options:0];
CFDataRef pkcs12Data = (__bridge CFDataRef)cert;
CFStringRef password = (__bridge CFStringRef)certPassword;
SecIdentityRef myIdentity = nil;
SecCertificateRef myCertificate = nil;
OSStatus status = extractIdentityAndTrust(pkcs12Data, password, &myIdentity, nil);
if (status != errSecSuccess || myIdentity == nil) { NSLog(@"Failed to extract identity and trust: %ld", status);}
else { SecIdentityCopyCertificate(myIdentity, &myCertificate); }
const void *certs[] = { myCertificate };
CFArrayRef certsArray = CFArrayCreate(NULL, certs, 1, NULL);
NSURLCredential *credential = [NSURLCredential credentialWithIdentity:myIdentity certificates:(__bridge NSArray*)certsArray persistence:NSURLCredentialPersistencePermanent];
NSMutableDictionary *secIdentityParams = [[NSMutableDictionary alloc] init];
[secIdentityParams setObject:(__bridge id)myIdentity forKey:(__bridge id)kSecValueRef];
OSStatus certInstallStatus = SecItemAdd((__bridge CFDictionaryRef) secIdentityParams, NULL);
if (myIdentity) CFRelease(myIdentity);
if (certsArray) CFRelease(certsArray);
if (myCertificate) CFRelease(myCertificate);
return nil;
}
OSStatus extractIdentityAndTrust(CFDataRef inP12data, CFStringRef password, SecIdentityRef *identity, SecTrustRef *trust){
OSStatus securityError = errSecSuccess;
const void *keys[] = { kSecImportExportPassphrase };
const void *values[] = { password };
CFDictionaryRef options = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL);
CFArrayRef items = nil;
securityError = SecPKCS12Import(inP12data, options, &items);
if (securityError == errSecSuccess) {
CFDictionaryRef myIdentityAndTrust = CFArrayGetValueAtIndex(items, 0);
if (identity && CFDictionaryGetValueIfPresent(myIdentityAndTrust, kSecImportItemIdentity, (const void **)identity)) {
CFRetain(*identity);
}
if (trust && CFDictionaryGetValueIfPresent(myIdentityAndTrust, kSecImportItemTrust, (const void **)trust)) {
CFRetain(*trust);
}
}
if (options) {CFRelease(options);}
if (items) {CFRelease(items);}
return securityError;
}
一旦您构建了应用程序,请要求MobileIron管理员“包装”该应用程序,以便它可以使用AppConnect。完成此操作并通过MobileIron部署包装的应用程序到测试用户后,设置一个核心配置,该配置需要获取针对已配置用户的用户证书并将其推送到已配置设备上的核心配置密钥“kUserCert”下。