SecItemAdd 和 SecItemCopyMatching 返回错误代码 -34018 (errSecMissingEntitlement) [英] SecItemAdd and SecItemCopyMatching returns error code -34018 (errSecMissingEntitlement)

问题描述

有时当我从 Xcode 在设备上运行应用程序时，我会尝试访问钥匙串，但由于错误 -34018 而失败.这与任何记录在案的钥匙串错误代码都不匹配，并且无法始终如一地重现.(可能发生 30% 的时间，我不清楚为什么会发生).使调试这个问题变得非常困难的原因是完全缺乏文档.知道是什么原因造成的以及如何解决吗?我正在使用 Xcode 5 并在设备上运行 iOS 7.0.4.

这里有一个悬而未决的问题:https://github.com/soffes/sskeychain/issues/52

为每个请求添加钥匙串访问代码

我正在使用 SSKeychain 库与钥匙串进行交互.这是片段.

#define SERVICE @"default"@implementation SSKeychain (EXT)+ (void)setValue:(NSString *)value forKey:(NSString *)key {NSError *error = nil;BOOL 成功 = 否；如果(值){成功 = [self setPassword:value forService:SERVICE account:key error:&error];} 别的 {成功 = [self deletePasswordForService:SERVICE account:key error:&error];}NSAssert(success, @"Unable to set keychain value %@ for key %@ error %@", value, key, error);如果(！成功){LogError(@"无法将值设置为钥匙串 %@", error);}LogTrace(@"将设置钥匙串帐户 %@. 是否为零?%d", key, value == nil);如果(值 == 零)LogWarn(@"设置钥匙串 %@ 为 nil!!!", key);}+ (NSString *)valueForKey:(NSString *)key {NSError *error = nil;NSString *value = [self passwordForService:SERVICE account:key error:&error];如果(错误&& error.code ！= errSecItemNotFound){NSAssert(!error, @"无法检索密钥 %@ 的钥匙串值错误 %@", key, error);LogError(@"无法检索密钥%@错误%@的钥匙串值", key, error);}返回值；}+ (BOOL)removeAllValues {LogInfo(@"完全重置钥匙串");return [[self accountsForService:SERVICE] all:^BOOL(NSDictionary *accountInfo) {return [self deletePasswordForService:SERVICE account:accountInfo[@"acct"]];}];}@结尾

大部分时间都很好.有时我会遇到断言失败，我无法写入或读取钥匙串，从而导致严重的断言失败.

解决方案

iOS 10/XCode 8 修复:

添加 KeyChain 授权，转到项目设置->功能->钥匙串共享->添加钥匙串组+开启

这里的答案，来自 Apple:

<块引用>

更新:我们终于能够在 iOS 上重现 -34018 错误8.3.这是确定根本原因然后提出解决方案的第一步.

像往常一样，我们无法承诺发布时间表，但这已经影响了许多开发者，我们真的很想解决这个问题.

早些时候我建议在应用程序:didFinishLaunchingWithOptions 和applicationDidBecomeActive:在访问钥匙串之前解决方法.然而，这实际上似乎没有帮助.这意味着除了重新启动之外，目前没有已知的解决方法应用程序.

该问题似乎与内存压力有关，因此可能是更积极地处理内存警告可能会缓解问题

https://forums.developer.apple.com/thread/4743#14441

更新

<块引用>

好的，这是最新的.
这是一个复杂的问题，涉及多个可能的原因:

• 问题的某些实例是由不正确的应用程序签名.您可以轻松区分这种情况，因为问题是 100% 可重复的.
• 该问题的某些实例是由iOS 如何支持应用程序开发的错误 (r. 23,991,853).调试由于操作系统中的另一个错误(r.23,770,418) 掩盖了它的影响，这意味着问题才突然出现当设备处于内存压力下时.我们相信这些问题已在 iOS 9.3 中解决.
• 我们怀疑可能还有更多原因这个问题.

因此，如果您在用户设备(一个Xcode 没有与之交谈)运行 iOS 9.3 或更高版本的，请提交有关它的错误报告.尝试包含设备系统登录您的错误报告(我意识到当处理客户设备；一种选择是要求客户安装 Apple Configurator，让他们查看系统日志).和如果您确实提交了错误，请发布您的错误编号，仅供参考记录.

我代表 Apple 感谢大家努力帮助追踪这个相当可怕的问题.分享和享受

https://forums.developer.apple.com/thread/4743#126088

Sometimes when I run an application on device from Xcode I would try to access the keychain but fail due to error -34018. This doesn't match any of the documented keychain error codes and can't be consistently reproduced. (happens maybe 30% of the time, and it's not clear to me why it happens). What makes debugging this problem very difficult is the total lack of documentation. Any idea what causes this and how to fix it? I'm using Xcode 5 and running iOS 7.0.4 on device.

There is an open issue about this here: https://github.com/soffes/sskeychain/issues/52

EDIT: Adding keychain access code per request

I'm using the SSKeychain library for interfacing with keychain. Here's the snippet.

#define SERVICE @"default"

@implementation SSKeychain (EXT)

+ (void)setValue:(NSString *)value forKey:(NSString *)key {
    NSError *error = nil;
    BOOL success = NO;
    if (value) {
        success = [self setPassword:value forService:SERVICE account:key error:&error];
    } else {
        success = [self deletePasswordForService:SERVICE account:key error:&error];
    }
    NSAssert(success, @"Unable to set keychain value %@ for key %@ error %@", value, key, error);
    if (!success) {
        LogError(@"Unable to set value to keychain %@", error);
    }
    LogTrace(@"Will set keychain account %@. is to nil? %d", key, value == nil);
    if (value == nil)
        LogWarn(@"Setting keychain %@ to nil!!!", key);
}

+ (NSString *)valueForKey:(NSString *)key {
    NSError *error = nil;
    NSString *value = [self passwordForService:SERVICE account:key error:&error];
    if (error && error.code != errSecItemNotFound) {
        NSAssert(!error, @"Unable to retrieve keychain value for key %@ error %@", key, error);
        LogError(@"Unable to retrieve keychain value for key %@ error %@", key, error);
    }
    return value;
}

+ (BOOL)removeAllValues {
    LogInfo(@"Completely Reseting Keychain");
    return [[self accountsForService:SERVICE] all:^BOOL(NSDictionary *accountInfo) {
        return [self deletePasswordForService:SERVICE account:accountInfo[@"acct"]];
    }];
}

@end

Vast majority of the time it's just fine. Sometimes I'll hit the assertion failures where I'm unable to either write to or read from keychain, causing critical assertion failure.

解决方案

iOS 10 / XCode 8 Fix:

Add KeyChain Entitlement, Go to project settings->Capabilities->Keychain Sharing->Add Keychain Groups+Turn On

An answer here, from Apple:

UPDATE: We have finally been able to reproduce the -34018 error on iOS 8.3. This is the first step in identifying the root cause and then coming up with a fix.

As usual, we can't commit to a release timeframe, but this has affected many developers and we really want to get this resolved.

Earlier I suggested adding a small delay in application:didFinishLaunchingWithOptions and applicationDidBecomeActive: before accessing the keychain as a workaround. However, that doesn't actually appear to help. That means that there's no known workaround at this time other than relaunching the app.

The issue appears to be related to memory pressure, so perhaps being more aggressive in handling memory warnings may alleviate the problem

https://forums.developer.apple.com/thread/4743#14441

UPDATE

OK, here’s the latest.
This is a complex problem with multiple possible causes:

• Some instances of the problem are caused by incorrect app signing. You can easily distinguish this case because the problem is 100% reproducible.
• Some instances of the problem are caused by a bug in how iOS supports app development (r. 23,991,853). Debugging this was complicated by the fact that another bug in the OS (r. 23,770,418) masked its effect, meaning the problem only cropped up when the device was under memory pressure. We believe these problems were resolved in iOS 9.3.
• We suspect that there may be yet more causes of this problem.

So, if you see this problem on a user device (one that hasn’t been talked to by Xcode) that’s running iOS 9.3 or later, please do file a bug report about it. Try to include the device system log in your bug report (I realise that can be tricky when dealing with customer devices; one option is to ask the customer to install Apple Configurator, which lets them view the system log). And if you do file a bug, please post your bug number, just for the record.

On behalf of Apple I’d like to thank everyone for their efforts in helping to track down this rather horrid issue. Share and Enjoy

https://forums.developer.apple.com/thread/4743#126088

这篇关于SecItemAdd 和 SecItemCopyMatching 返回错误代码 -34018 (errSecMissingEntitlement)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！