OTA 证书注册过程可根据需要多次在 IOS7 设备上运行。
基于相同 config/ca/signing cert 等的第二个证书安装的相关 IOS7 日志:
profiled[1397] <Notice>: (Note ) MC: Retrieving profile from OTA Profile service...
profiled[1397] <Notice>: (Note ) MC: Received final profile: com.myConfig.profile
profiled[1397] <Notice>: (Note ) MC: Beginning profile installation...
<Notice>: (Note ) MC: Profile “com.myConfig.profile” is replacing an existing profile having the same identifier.
securityd[1349] <Error>: SecDbItemInsertOrReplace INSERT failed: The operation couldn’t be completed. (com.apple.utilities.sqlite3 error 19 - reset: [19] columns ctyp, issr, slnr, agrp, sync are not unique sql: INSERT INTO cert(rowid,cdat,mdat,ctyp,cenc,labl,alis,subj,issr,slnr,skid,pkhh,data,agrp,pdmn,sync,tomb,sha1)VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?))
securityd[1349] <Error>: securityd_xpc_dictionary_handler profiled[1397] add The operation couldn’t be completed. (OSStatus error -25299 - duplicate item O,cert,85233947,L,dku,apple,0,ctyp,cenc,labl,subj,issr,slnr,pkhh,v_Data,20150303054909.447036Z,CF75A17F)
profiled[1397] <Error>: SecOSStatusWith error:[-25299] The operation couldn’t be completed. (OSStatus error -25299 - Remote error : The operation couldn‚Äôt be completed. (OSStatus error -25299 - duplicate item O,cert,85233947,L,dku,apple,0,ctyp,cenc,labl,subj,issr,slnr,pkhh,v_Data,20150303054909.447036Z,CF75A17F))
profiled[1397] <Notice>: (Note ) MC: Attempting to retrieve issued certificate...
securityd[1349] <Error>: CFPropertyListReadFromFile file file:///Users/Library/Developer/CoreSimulator/Devices/9B6A7852-9C11-4FCC-8327-E1BD33EA7CF5/data/Library/Keychains/accountStatus.plist: The operation couldn’t be completed. (Cocoa error 260.)
<Notice>: (Note ) MC: Issued certificate received.
securityd[1349] <Error>: SecDbItemInsertOrReplace INSERT failed: The operation couldn’t be completed. (com.apple.utilities.sqlite3 error 19 - reset: [19] columns kcls, klbl, atag, crtr, type, bsiz, esiz, sdat, edat, agrp, sync are not unique sql: INSERT INTO keys(rowid,cdat,mdat,kcls,labl,alis,perm,priv,modi,klbl,atag,crtr,type,bsiz,esiz,sdat,edat,sens,asen,extr,next,encr,decr,drve,sign,vrfy,snrc,vyrc,wrap,unwp,data,agrp,pdmn,sync,tomb,sha1)VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?))
securityd[1349] <Error>: securityd_xpc_dictionary_handler profiled[1397] add The operation couldn’t be completed. (OSStatus error -25299 - duplicate item O,keys,0CC69ECD,L,dku,apple,0,kcls,labl,perm,priv,modi,klbl,atag,crtr,type,bsiz,esiz,sdat,edat,sens,asen,extr,next,encr,decr,drve,sign,vrfy,snrc,vyrc,wrap,unwp,v_Data,20150303054921.112843Z,344A0836)
<Error>: SecOSStatusWith error:[-25299] The operation couldn’t be completed. (OSStatus error -25299 - Remote error : The operation couldn‚Äôt be completed. (OSStatus error -25299 - duplicate item O,keys,0CC69ECD,L,dku,apple,0,kcls,labl,perm,priv,modi,klbl,atag,crtr,type,bsiz,esiz,sdat,edat,sens,asen,extr,next,encr,decr,drve,sign,vrfy,snrc,vyrc,wrap,unwp,v_Data,20150303054921.112843Z,344A0836))
profiled[1397] <Notice>: (Note ) MC: Profile “com.myConfig.profile” installed.
profiled[1397] <Notice>: (Note ) MC: Removing certificate with persistent ID 636572740000000000000005
securityd[1349] <Error>: CFPropertyListReadFromFile file file:///Users/Library/Developer/CoreSimulator/Devices/9B6A7852-9C11-4FCC-8327-E1BD33EA7CF5/data/Library/Keychains/accountStatus.plist: The operation couldn’t be completed. (Cocoa error 260.)
<Notice>: (Note ) MC: Removing certificate with persistent ID 69646e740000000000000006
profiled[1397] <Notice>: (Note ) MC: Removing certificate with persistent ID 69646e740000000000000007
profiled[1397] <Notice>: (Note ) MC: Removing certificate with persistent ID 69646e740000000000000001
profiled[1397] <Notice>: (Note ) MC: Removing certificate with persistent ID 69646e740000000000000004
在 IOS8 下,初始注册和配置文件安装工作。但是,在任何后续注册中,都会引发以下错误:
profiled[2253]: (Note ) MC: Checking for MDM installation...
profiled[2253]: (Note ) MC: ...finished checking for MDM installation.
profiled[2253]: (Note ) MC: Enrolling in OTA Profile service...
profiled[2253]: SecTrustEvaluate [leaf AnchorTrusted]
securityd[1617]: securityd_xpc_dictionary_handler profiled[2253] add The operation couldn’t be completed. (OSStatus error -25299 - duplicate item O,cert,688B8CB6,L,dku,com.apple.certificates,0,ctyp,cenc,labl,subj,issr,slnr,pkhh,v_Data,20150303080953.465563Z,6CDCA2CB)
profiled[2253]: SecOSStatusWith error:[-25299] The operation couldn’t be completed. (OSStatus error -25299 - Remote error : The operation couldn‚Äôt be completed. (OSStatus error -25299 - duplicate item O,cert,688B8CB6,L,dku,com.apple.certificates,0,ctyp,cenc,labl,subj,issr,slnr,pkhh,v_Data,20150303080953.465563Z,6CDCA2CB))
profiled[2253]: SecTrustEvaluate [leaf AnchorTrusted]
profiled[2253]: (Note ) MC: Attempting to retrieve issued certificate...
profiled[2253]: SecTrustEvaluate [leaf AnchorTrusted ValidLeaf ValidRoot]
profiled[2253]: (Note ) MC: Issued certificate received.
securityd[1617]: securityd_xpc_dictionary_handler profiled[2253] add The operation couldn’t be completed. (OSStatus error -25299 - duplicate item O,cert,B7CCBFFA,L,dku,com.apple.identities,0,ctyp,cenc,labl,subj,issr,slnr,pkhh,v_Data,20150303080954.973098Z,0A162218)
profiled[2253]: SecOSStatusWith error:[-25299] The operation couldn’t be completed. (OSStatus error -25299 - Remote error : The operation couldn‚Äôt be completed. (OSStatus error -25299 - duplicate item O,cert,B7CCBFFA,L,dku,com.apple.identities,0,ctyp,cenc,labl,subj,issr,slnr,pkhh,v_Data,20150303080954.973098Z,0A162218))
profiled[2253]: *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '*** setObjectForKey: key cannot be nil'
*** First throw call stack:
(
0 CoreFoundation 0x00000001057cff35 __exceptionPreprocess + 165
1 libobjc.A.dylib 0x0000000107deebb7 objc_exception_throw + 45
2 CoreFoundation 0x00000001056d6998 -[__NSDictionaryM setObject:forKey:] + 968
3 profiled 0x0000000105222227 profiled + 209447
4 profiled 0x000000010522297a profiled + 211322
5 libdispatch.dylib 0x0000000108554af4 _dispatch_client_callout + 8
6 libdispatch.dylib 0x000000010853eabb _dispatch_barrier_sync_f_invoke + 76
7 profiled 0x00000001052228f7 profiled + 211191
8 profiled 0x00000001052360e0 profiled + 291040
9 profiled 0x0000000105236a4d profiled + 293453
10 profiled 0x000000010523c60b profiled + 316939
11 profiled 0x00000001051f29ef profiled + 14831
12 libdispatch.dylib 0x000000010853aaf6 _dispatch_call_block_and_release + 12
13 libdispatch.dylib 0x0000000108554af4 _dispatch_client_callout + 8
14 libdispatch.dylib 0x000000010853f8cf _dispatch_queue_drain + 733
15 libdispatch.dylib 0x000000010853f494 _dispatch_queue_invoke + 217
16 libdispatch.dylib 0x00000001085413fa _dispatch_root_queue_drain + 479
17 libdispatch.dylib 0x00000001085422c9 _dispatch_worker_thread3 + 98
18 libsystem_pthread.dylib 0x00000001088d4637 _pthread_wqthread + 729
19 libsystem_pthread.dylib 0x00000001088d240d start_wqthread + 13
)
当 SCEP 服务器向 IOS8 设备发送对 GetCaCert 的响应时发生错误,GetCaCert 是一个不会更改的静态 ca 证书。我还尝试在再次安装之前删除已安装的配置文件,但这不会改变观察到的行为。只有重置才能使配置文件安装成功。
有人有什么想法吗?