3

I have developed an SDK which can help application to sell it's in-app equipment. Because the SDK has billing feature, when my SDK be loaded by application, I need to ensure this application is authenticated, so I need to read the application's certificate information to verify it. I can find those API in android platform easy just like below:

pis = mContext.getPackageManager().getPackageInfo(packageName, PackageManager.GET_SIGNATURES);
Signature[] sigs = pis.signatures;

but I can not find same API in iOS. Any suggestion is appreciated.

Hossam Ghareeb
  • 7,063
  • 3
  • 53
  • 64
Chris Zhao
  • 63
  • 7

1 Answers1

1

Try this. The app bundle has a embedded.mobileprovision file which contains data including certificate and provisioning profile used to sign the app. You can parse the data to obtain the info you want 

NSString* bundleDirectory = [[NSBundle mainBundle] bundlePath];
NSString* db = [NSString stringWithFormat:@"%@/embedded.mobileprovision", bundleDirectory];
NSData* data = [NSData dataWithContentsOfFile:db];
Tony Vincent
  • 13,354
  • 7
  • 49
  • 68
  • Thanks, I will try it. – Chris Zhao Aug 31 '16 at 11:15
  • @ChrisZhao any luck ? – Tony Vincent Aug 31 '16 at 11:33
  • Yes, I have get embedded.mobileprovision file's data and in memory watch windows I even saw some certificate information, but I can not parse this file through IOS API, I am just research how to parse this file... – Chris Zhao Sep 01 '16 at 07:39
  • @ChrisZhao found this http://stackoverflow.com/questions/6398364/parsing-mobileprovision-files-in-bash – Tony Vincent Sep 01 '16 at 07:53
  • Yes, Vincent, After following your suggestion, Now I can parse embedded.provision file and get the developer certificate data. Unfortunately, It is seemed IOS open API was not provide enough interface to parse a X509 certificate but only can get a summary string about this certificate. I am not sure what the summary means exactly, It seemed the combined string of developer name and team string? – Chris Zhao Sep 05 '16 at 03:21
  • Anyway, I don't want to involve openssl in my project because my image has too large, and I think the summary string has give me enough information to verify developer. So I think I can say I have resulved this issue. Thank you very much for your kindly help. – Chris Zhao Sep 05 '16 at 03:21