在通过 CN 删除证书的简单方法中(证书之前已由 SecItemAdd 从 PKCS12 导入中放在那里);我收到错误消息:
属性列表对格式无效:200(属性列表不能包含“SecIdentity”类型的对象)
基于https://developer.apple.com/documentation/security/1395547-secitemdelete我认为我正在遵循说明:
要删除由瞬态引用标识的项目,请指定 kSecMatchItemList 搜索关键字,并在之前调用 SecItemCopyMatching 或 SecItemAdd 函数时使用 kSecReturnRef 返回类型关键字返回引用。
信。下面的代码:
NSDictionary * attributes;
NSString * cnString = @"/CN=foo";
attributes = [NSDictionary dictionaryWithObjectsAndKeys:
(__bridge id)(kSecClassIdentity), kSecClass,
cnString, kSecMatchSubjectContains,
kSecMatchLimitAll, kSecMatchLimit,
kCFBooleanTrue, kSecReturnRef,
nil];
CFArrayRef result;
status = SecItemCopyMatching((__bridge CFDictionaryRef)(attributes),
(CFTypeRef *)&result);
if (status == noErr) {
for(int i = 0; i < CFArrayGetCount(result); i++) {
SecIdentityRef item = (SecIdentityRef) CFArrayGetValueAtIndex(result, i);
NSLog(@"Item #%d: %@", i, item);
attributes = [NSDictionary dictionaryWithObjectsAndKeys:
(__bridge id)(kSecClassIdentity), kSecClass,
[NSArray arrayWithObject:(__bridge id)item], kSecMatchItemList,
kSecMatchLimitOne, kSecMatchLimit,
nil];
status = SecItemDelete((__bridge CFDictionaryRef)(attributes));
if (status != noErr || status != errSecItemNotFound)
NSLog(@"Delete %d/%@failed: %ld (ignored)", i,item, status);
};
};
控制台上的输出是:
Item #0: <SecIdentityRef: 0xc7359ff0>
直接在找到之后(如果搜索范围扩大,我们会得到一个数组)。
然后从 Security.dylib 的深处:
属性列表对格式无效:200(属性列表不能包含“SecIdentity”类型的对象)
最终保释:
Delete 0/<SecIdentityRef: 0xc7359ff0>failed: -50 (ignored)
我究竟做错了什么?