4

I've an app which prompts the user to download and install a Configuration Profile. The profile contains a Root CA embedded inside it. I want to check if the Configuration Profile is installed on the device, after it got downloaded.

After going through the Apple Developer Forums, I realised that one way to do this is to check if the Certificate embedded in the profile is installed and trusted by the user. If it is, it would implicitly mean (with exceptions) that the Configuration profile was installed by the user.

I went through this link where the OP had similar requirement but apparently it is not able to detect if the certificate is already installed.

Does anybody have experience doing this?

Mahendra Liya
  • 12,912
  • 14
  • 88
  • 114
  • I can only upvote and comment that checking cert trust is a rather roundabout way. I've tried to see if you can use the `payloadIdentifier` but came up straws; Apple documentation is as sketchy as I would expect (but then again, this is not my expertise). I would at least upvote the other Q/A, by the way. – Maarten Bodewes Nov 08 '20 at 15:01
  • If objc sample code is your answer just convert it to Swift – iUrii Nov 12 '20 at 09:01
  • @iUrii The Objective-C doesn't work either! – Mahendra Liya Nov 12 '20 at 10:26

1 Answers1

0

You cant use SecTrustEvaluateAsyncWithError to recognise whether the certificate is installed(trusted) on not e.g.:

// Load cert
guard let filePath = Bundle.main.path(forResource: "your_cert", ofType: "crt"),
      let data = try? Data(contentsOf: URL(fileURLWithPath: filePath)),
      let certificate = SecCertificateCreateWithData(nil, data as CFData)
else {
    return
}

// Check
var secTrust: SecTrust?
if SecTrustCreateWithCertificates(certificate, SecPolicyCreateBasicX509(), &secTrust) == errSecSuccess, let trust = secTrust {
    SecTrustEvaluateAsyncWithError(trust, .main) { trust, result, error in
        print("Cert is", result ? "installed" : "not installed")
    }
}
iUrii
  • 11,742
  • 1
  • 33
  • 48