Xamarin.iOS 绑定库无法使用安全框架中的 SecKey API
Xamarin.iOS binding library cannot use the SecKey API from the Security framework
我从 objective-c 框架创建了一个绑定库。它可以工作,但不能在安全框架中使用 SecKey 的加密 api。库将其用于 api 请求。 Xamarin.iOS 是否不完全支持安全框架?还是在绑定库使用时不起作用?
注意:顺便说一下,我将此行添加到本机框架以进行依赖:
<Frameworks>Foundation CFNetwork CoreFoundation Security</Frameworks>
更新 1:
这是设备日志:
Trust evaluate failure: [leaf AnchorTrusted]
DemoX[10647]/1#-1 LF=22 add Error Domain=NSOSStatusErrorDomain Code=-34018 "Client has neither application-identifier nor keychain-access-groups entitlements" UserInfo={NSDescription=Client has neither application-identifier nor keychain-access-groups entitlements}
SecTaskLoadEntitlements failed error=22 cs_flags=200, pid=10438
SecTaskCopyDebugDescription: DemoX[10039]/0#-1 LF=0
nw_protocol_boringssl_signal_connected(728) [C13.1:2][0x7fbe21309f80] TLS connected [version(0x0303) ciphersuite(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) group(0x001d) signature_alg(0x0601) alpn(http/1.1) resumed(0) offered_ticket(0) false_started(0) ocsp_received(0) sct_received(0) connect_time(1811ms) flight_time(144ms) rtt(72ms) write_stalls(0) read_stalls(5)]
Trust evaluate failure: [leaf AnchorTrusted]
Trust evaluate failure: [leaf AnchorTrusted TemporalValidity]
更新 2:
当我 运行 带有 XCode 下面几行的框架出现时,但不在我的 Xamarin.iOS 应用程序中
inserted <keys,kcls=0,klbl=,atag=5253415574696C5F5075624B6579,
crtr=0,type=42,bsiz=0,esiz=0,sdat=2001-01-01 00:00:00 +0000,
edat=2001-01-01 00:00:00+0000,agrp=A7PT8PDBPQ.com.test.app,sync=0,
musr=,|otherAttr,tomb=0,rowid=9,cdat=2020-11-07 11:02:34 +0000,mdat=2020-11-07 11:02:34+0000,pdmn=ak,
sha1=24BB5BBEE125D6A051E08EA2CB72469A0C62042F,v_Data=<?>,
UUID=********-****-****-****-************,
persistref=,clip=0> from <SecDbConnection rw open>
和
deleted
<keys,kcls=0,klbl=,atag=5253415574696C5F5075624B6579,crtr=0,type=42,
bsi=,esiz=0,sdat=2001-01-01 00:00:00 +0000,edat=2001-01-01 00:00:00
+0000,agrp=A7PT8PDBPQ.com.test.app,sync=0,musr=,
|otherAttr,tomb=0,rowid=7,cdat=2020-11-07 11:01:55
+0000,mdat=2020-11-07 11:01:55 +0000,pdmn=ak,
sha1=F1A9A4EC0C5AC67D354C9D7602E118B8DF5EFAF5,
v_Data=<?>,accc=310C300A0C0470726F740C02616B,
UUID=********-****-****-****-************,
persistref=,clip=0> from <SecDbConnection rw open>
所以我会回答我自己的问题,因为我找到了解决方案。问题背后的原因是 SecKeyRef 使用 KeyChain 访问读写密钥,如官方文档所述:
A SecKeyRef instance that represents a key that is stored in a
keychain can be safely cast to a SecKeychainItemRef for manipulation
as a keychain item. On the other hand, if the key is not stored in a
keychain, casting the object to a SecKeychainItemRef and passing it to
Keychain Services functions returns errors.
在 Xcode 中使用 SecKeyRef 并不重要,但在 Visual Studio Mac 中需要使用 Entitlements.plist 来启用钥匙串访问。因此,如果您的绑定库使用了 SecKey API,您需要在 Entitlements.plist 中启用 KeyChain Access 并在项目中设置苹果开发者帐户。
<key>keychain-access-groups</key>
<array>
<string>$(AppIdentifierPrefix)com.company.yourapp</string>
</array>
我从 objective-c 框架创建了一个绑定库。它可以工作,但不能在安全框架中使用 SecKey 的加密 api。库将其用于 api 请求。 Xamarin.iOS 是否不完全支持安全框架?还是在绑定库使用时不起作用?
注意:顺便说一下,我将此行添加到本机框架以进行依赖:
<Frameworks>Foundation CFNetwork CoreFoundation Security</Frameworks>
更新 1:
这是设备日志:
Trust evaluate failure: [leaf AnchorTrusted]
DemoX[10647]/1#-1 LF=22 add Error Domain=NSOSStatusErrorDomain Code=-34018 "Client has neither application-identifier nor keychain-access-groups entitlements" UserInfo={NSDescription=Client has neither application-identifier nor keychain-access-groups entitlements}
SecTaskLoadEntitlements failed error=22 cs_flags=200, pid=10438
SecTaskCopyDebugDescription: DemoX[10039]/0#-1 LF=0
nw_protocol_boringssl_signal_connected(728) [C13.1:2][0x7fbe21309f80] TLS connected [version(0x0303) ciphersuite(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) group(0x001d) signature_alg(0x0601) alpn(http/1.1) resumed(0) offered_ticket(0) false_started(0) ocsp_received(0) sct_received(0) connect_time(1811ms) flight_time(144ms) rtt(72ms) write_stalls(0) read_stalls(5)]
Trust evaluate failure: [leaf AnchorTrusted]
Trust evaluate failure: [leaf AnchorTrusted TemporalValidity]
更新 2:
当我 运行 带有 XCode 下面几行的框架出现时,但不在我的 Xamarin.iOS 应用程序中
inserted <keys,kcls=0,klbl=,atag=5253415574696C5F5075624B6579,
crtr=0,type=42,bsiz=0,esiz=0,sdat=2001-01-01 00:00:00 +0000,
edat=2001-01-01 00:00:00+0000,agrp=A7PT8PDBPQ.com.test.app,sync=0,
musr=,|otherAttr,tomb=0,rowid=9,cdat=2020-11-07 11:02:34 +0000,mdat=2020-11-07 11:02:34+0000,pdmn=ak,
sha1=24BB5BBEE125D6A051E08EA2CB72469A0C62042F,v_Data=<?>,
UUID=********-****-****-****-************,
persistref=,clip=0> from <SecDbConnection rw open>
和
deleted
<keys,kcls=0,klbl=,atag=5253415574696C5F5075624B6579,crtr=0,type=42,
bsi=,esiz=0,sdat=2001-01-01 00:00:00 +0000,edat=2001-01-01 00:00:00
+0000,agrp=A7PT8PDBPQ.com.test.app,sync=0,musr=,
|otherAttr,tomb=0,rowid=7,cdat=2020-11-07 11:01:55
+0000,mdat=2020-11-07 11:01:55 +0000,pdmn=ak,
sha1=F1A9A4EC0C5AC67D354C9D7602E118B8DF5EFAF5,
v_Data=<?>,accc=310C300A0C0470726F740C02616B,
UUID=********-****-****-****-************,
persistref=,clip=0> from <SecDbConnection rw open>
所以我会回答我自己的问题,因为我找到了解决方案。问题背后的原因是 SecKeyRef 使用 KeyChain 访问读写密钥,如官方文档所述:
A SecKeyRef instance that represents a key that is stored in a keychain can be safely cast to a SecKeychainItemRef for manipulation as a keychain item. On the other hand, if the key is not stored in a keychain, casting the object to a SecKeychainItemRef and passing it to Keychain Services functions returns errors.
在 Xcode 中使用 SecKeyRef 并不重要,但在 Visual Studio Mac 中需要使用 Entitlements.plist 来启用钥匙串访问。因此,如果您的绑定库使用了 SecKey API,您需要在 Entitlements.plist 中启用 KeyChain Access 并在项目中设置苹果开发者帐户。
<key>keychain-access-groups</key>
<array>
<string>$(AppIdentifierPrefix)com.company.yourapp</string>
</array>