SecItemAdd和SecItemCopyMatching返回错误代码-34018（errSecMissingEntitlement） [英] SecItemAdd and SecItemCopyMatching returns error code -34018 (errSecMissingEntitlement)

问题描述

有时，当我从Xcode在设备上运行应用程序时，我会尝试访问钥匙串，但失败，由于错误-34018。这与任何记录的钥匙串错误代码不匹配，并且不能一致重现。 （发生也许30％的时间，我不清楚为什么会发生）。使调试这个问题非常困难的是完全缺乏文档。任何想法是什么导致这和如何解决它？我使用Xcode 5并在设备上运行iOS 7.0.4。

这里有一个开放的问题： https://github.com/soffes/sskeychain/issues/52

编辑：为每个请求添加钥匙串访问代码

我使用 SSKeychain 库与钥匙串连接。这是代码段。

  #define SERVICE @default
 
 @implementation SSKeychain b 
 $ b +（void）setValue：（NSString *）value forKey：（NSString *）key {
 NSError * error = nil; 
 BOOL success = NO; 
 if（value）{
 success = [self setPassword：value forService：SERVICE account：key error：& error]; 
} else {
 success = [self deletePasswordForService：SERVICE account：key error：& error]; 
} 
 NSAssert（success，@无法为密钥％@错误％@设置密钥链值％@，值，键，错误）; 
 if（！success）{
 LogError（@无法将值设为keychain％@，错误）; 
} 
 LogTrace（@Will set keychain account％@。is to nil？％d，key，value == nil）; 
 if（value == nil）
 LogWarn（@设置钥匙串％@到nil !!!，键）; 
} 
 
 +（NSString *）valueForKey：（NSString *）key {
 NSError * error = nil; 
 NSString * value = [self passwordForService：SERVICE account：key error：& error]; 
 if（error&& error.code！= errSecItemNotFound）{
 NSAssert（！error，@无法检索密钥％@错误％@的密钥链值，键，错误） 
 LogError（@无法检索键％@错误％@的钥匙串值，键，错误）; 
} 
返回值; 
} 
 
 +（BOOL）removeAllValues {
 LogInfo（@Completely Reseting Keychain）; 
 return [[self accountsForService：SERVICE] all：^ BOOL（NSDictionary * accountInfo）{
 return [self deletePasswordForService：SERVICE account：accountInfo [@acct]]]; 
}]; 
} 
 
 @end 
  

大部分时间正好。有时候我会打破断言失败，我不能写或从钥匙串读取，导致严重的断言失败。

解决方案

iOS 10 / XCode 8 Fix：

$ b b

添加KeyChain授权，转到项目
settings-> Capabilities-> Keychain Sharing-> Add Keychain Groups + Turn On

来自Apple的答案：

更新：我们终于能够在iOS上重现-34018错误
8.3。这是识别根本原因，然后提出修正的第一步。

像往常一样，我们不能提交发布时间框架，但这有$

早前我建议在
应用程序中添加一点延迟：didFinishLaunchingWithOptions和
applicationDidBecomeActive：在以
解决方法访问钥匙串之前。然而，这实际上似乎没有帮助。这意味着
，除了重新启动
应用程序之外，此时没有已知的解决方法。

问题似乎与内存压力相关，也许是
更积极处理内存警告可以缓解这个问题

https://forums.developer.apple.com/thread/4743#14441

更新

好的，这是最新的。

这是一个复杂的问题，多个
可能的原因： / p>

• 某些情况下的问题是由不正确的
  应用程式签署造成的。您可以很容易地区分这种情况，因为问题
  是100％可再现的。


• 这个问题的一些例子是由一个
  错误导致的，iOS支持应用程序开发（r。23,991,853）。调试
  这是复杂的事实，操作系统中的另一个错误（r。
  23,770,418）掩盖了它的效果，意味着当设备在内存压力下时，问题只出现了
  。我们相信这些问题
  在iOS 9.3中解决。


• 我们怀疑这个问题可能还有更多的原因
  。

所以，如果你在用户设备上看到这个问题（一个
没有被Xcode交谈过）运行iOS 9.3或更高版本，
请提交一个错误报告。尝试在您的错误报告中包括设备
系统日志（我意识到，当
处理客户设备时，一个选项是要求客户
安装Apple Configurator，它允许他们查看系统日志）。和
如果你提交一个错误，请发布您的错误号，只是为
记录。

代表苹果我要感谢大家的
努力，帮助追踪这个可怕的问题。分享和
享受

https://forums.developer.apple.com/thread/4743#126088

Sometimes when I run an application on device from Xcode I would try to access the keychain but fail due to error -34018. This doesn't match any of the documented keychain error codes and can't be consistently reproduced. (happens maybe 30% of the time, and it's not clear to me why it happens). What makes debugging this problem very difficult is the total lack of documentation. Any idea what causes this and how to fix it? I'm using Xcode 5 and running iOS 7.0.4 on device.

There is an open issue about this here: https://github.com/soffes/sskeychain/issues/52

EDIT: Adding keychain access code per request

I'm using the SSKeychain library for interfacing with keychain. Here's the snippet.

#define SERVICE @"default"

@implementation SSKeychain (EXT)

+ (void)setValue:(NSString *)value forKey:(NSString *)key {
    NSError *error = nil;
    BOOL success = NO;
    if (value) {
        success = [self setPassword:value forService:SERVICE account:key error:&error];
    } else {
        success = [self deletePasswordForService:SERVICE account:key error:&error];
    }
    NSAssert(success, @"Unable to set keychain value %@ for key %@ error %@", value, key, error);
    if (!success) {
        LogError(@"Unable to set value to keychain %@", error);
    }
    LogTrace(@"Will set keychain account %@. is to nil? %d", key, value == nil);
    if (value == nil)
        LogWarn(@"Setting keychain %@ to nil!!!", key);
}

+ (NSString *)valueForKey:(NSString *)key {
    NSError *error = nil;
    NSString *value = [self passwordForService:SERVICE account:key error:&error];
    if (error && error.code != errSecItemNotFound) {
        NSAssert(!error, @"Unable to retrieve keychain value for key %@ error %@", key, error);
        LogError(@"Unable to retrieve keychain value for key %@ error %@", key, error);
    }
    return value;
}

+ (BOOL)removeAllValues {
    LogInfo(@"Completely Reseting Keychain");
    return [[self accountsForService:SERVICE] all:^BOOL(NSDictionary *accountInfo) {
        return [self deletePasswordForService:SERVICE account:accountInfo[@"acct"]];
    }];
}

@end

Vast majority of the time it's just fine. Sometimes I'll hit the assertion failures where I'm unable to either write to or read from keychain, causing critical assertion failure.

解决方案

iOS 10 / XCode 8 Fix:

Add KeyChain Entitlement, Go to project settings->Capabilities->Keychain Sharing->Add Keychain Groups+Turn On

An answer here, from Apple:

UPDATE: We have finally been able to reproduce the -34018 error on iOS 8.3. This is the first step in identifying the root cause and then coming up with a fix.

As usual, we can't commit to a release timeframe, but this has affected many developers and we really want to get this resolved.

Earlier I suggested adding a small delay in application:didFinishLaunchingWithOptions and applicationDidBecomeActive: before accessing the keychain as a workaround. However, that doesn't actually appear to help. That means that there's no known workaround at this time other than relaunching the app.

The issue appears to be related to memory pressure, so perhaps being more aggressive in handling memory warnings may alleviate the problem

https://forums.developer.apple.com/thread/4743#14441

UPDATE

OK, here’s the latest.
This is a complex problem with multiple possible causes:

• Some instances of the problem are caused by incorrect app signing. You can easily distinguish this case because the problem is 100% reproducible.
• Some instances of the problem are caused by a bug in how iOS supports app development (r. 23,991,853). Debugging this was complicated by the fact that another bug in the OS (r. 23,770,418) masked its effect, meaning the problem only cropped up when the device was under memory pressure. We believe these problems were resolved in iOS 9.3.
• We suspect that there may be yet more causes of this problem.

So, if you see this problem on a user device (one that hasn’t been talked to by Xcode) that’s running iOS 9.3 or later, please do file a bug report about it. Try to include the device system log in your bug report (I realise that can be tricky when dealing with customer devices; one option is to ask the customer to install Apple Configurator, which lets them view the system log). And if you do file a bug, please post your bug number, just for the record.

On behalf of Apple I’d like to thank everyone for their efforts in helping to track down this rather horrid issue. Share and Enjoy

https://forums.developer.apple.com/thread/4743#126088

这篇关于SecItemAdd和SecItemCopyMatching返回错误代码-34018（errSecMissingEntitlement）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！