I'm able to query device information, get list of profiles installed on the device etc, but am unable to install a profile onto the device.
I've configured a restrictions profile. When I host it on my server and download it via Safari, it installs. But when I encode it as base64 (as per MDM requirements) and try installing it, I get the following error.
DM: Attempting to perform MDM request: InstallProfile
Oct 10 10:25:32 iPhone-4 mdmd[516] <Notice>: (Error) MC: Failed to parse profile data. Error: NSError:
Desc : Invalid Profile
US Desc: Invalid Profile
Domain : MCProfileErrorDomain
Code : 1000
Type : MCFatalError
Oct 10 10:25:32 iPhone-4 mdmd[516] <Notice>: (Error) MDM: Command Status: Error
Error: NSError:
Desc : Invalid Profile
US Desc: Invalid Profile
Domain : MCProfileErrorDomain
Code : 1000
Type : MCFatalError
Below is the Base64 encoded data of the profile I'm trying to install. I generated the below data based on the suggestions here and here
PHBsaXN0IHZlcnNpb249IjEuMCI+CjxkaWN0PgoJPGtleT5QYXlsb2FkQ29udGVudDwva2V5PgoJ
PGFycmF5PgoJCTxkaWN0PgoJCQk8a2V5PlBheWxvYWREZXNjcmlwdGlvbjwva2V5PgoJCQk8c3Ry
aW5nPjwvc3RyaW5nPgoJCQk8a2V5PlBheWxvYWREaXNwbGF5TmFtZTwva2V5PgoJCQk8c3RyaW5n
PlJlc3RyaWN0aW9uczwvc3RyaW5nPgoJCQk8a2V5PlBheWxvYWRJZGVudGlmaWVyPC9rZXk+CgkJ
CTxzdHJpbmc+Y28ubXltZG0ucmVzdHJpY3Rpb25zLnJlc3RyaWN0aW9uczE8L3N0cmluZz4KCQkJ
PGtleT5QYXlsb2FkT3JnYW5pemF0aW9uPC9rZXk+CgkJCTxzdHJpbmc+PC9zdHJpbmc+CgkJCTxr
ZXk+UGF5bG9hZFR5cGU8L2tleT4KCQkJPHN0cmluZz5jb20uYXBwbGUuYXBwbGljYXRpb25hY2Nl
c3M8L3N0cmluZz4KCQkJPGtleT5QYXlsb2FkVVVJRDwva2V5PgoJCQk8c3RyaW5nPjg0MzA2NThB
LUY1MDQtNDA2MC1BOTUyLTc2MkUwMzg3NjY5Nzwvc3RyaW5nPgoJCQk8a2V5PlBheWxvYWRWZXJz
aW9uPC9rZXk+CgkJCTxpbnRlZ2VyPjE8L2ludGVnZXI+CgkJCTxrZXk+YWxsb3dBZGRpbmdHYW1l
Q2VudGVyRnJpZW5kczwva2V5PgoJCQk8dHJ1ZS8+CgkJCTxrZXk+YWxsb3dBcHBJbnN0YWxsYXRp
b248L2tleT4KCQkJPGZhbHNlLz4KCQkJPGtleT5hbGxvd0Fzc2lzdGFudDwva2V5PgoJCQk8dHJ1
ZS8+CgkJCTxrZXk+YWxsb3dBc3Npc3RhbnRXaGlsZUxvY2tlZDwva2V5PgoJCQk8dHJ1ZS8+CgkJ
CTxrZXk+YWxsb3dDYW1lcmE8L2tleT4KCQkJPHRydWUvPgoJCQk8a2V5PmFsbG93Q2xvdWRCYWNr
dXA8L2tleT4KCQkJPHRydWUvPgoJCQk8a2V5PmFsbG93Q2xvdWREb2N1bWVudFN5bmM8L2tleT4K
CQkJPHRydWUvPgoJCQk8a2V5PmFsbG93RGlhZ25vc3RpY1N1Ym1pc3Npb248L2tleT4KCQkJPHRy
dWUvPgoJCQk8a2V5PmFsbG93RXhwbGljaXRDb250ZW50PC9rZXk+CgkJCTx0cnVlLz4KCQkJPGtl
eT5hbGxvd0dsb2JhbEJhY2tncm91bmRGZXRjaFdoZW5Sb2FtaW5nPC9rZXk+CgkJCTx0cnVlLz4K
CQkJPGtleT5hbGxvd0luQXBwUHVyY2hhc2VzPC9rZXk+CgkJCTx0cnVlLz4KCQkJPGtleT5hbGxv
d011bHRpcGxheWVyR2FtaW5nPC9rZXk+CgkJCTx0cnVlLz4KCQkJPGtleT5hbGxvd1Bob3RvU3Ry
ZWFtPC9rZXk+CgkJCTx0cnVlLz4KCQkJPGtleT5hbGxvd1NhZmFyaTwva2V5PgoJCQk8dHJ1ZS8+
CgkJCTxrZXk+YWxsb3dTY3JlZW5TaG90PC9rZXk+CgkJCTx0cnVlLz4KCQkJPGtleT5hbGxvd1Vu
dHJ1c3RlZFRMU1Byb21wdDwva2V5PgoJCQk8dHJ1ZS8+CgkJCTxrZXk+YWxsb3dWaWRlb0NvbmZl
cmVuY2luZzwva2V5PgoJCQk8dHJ1ZS8+CgkJCTxrZXk+YWxsb3dWb2ljZURpYWxpbmc8L2tleT4K
CQkJPHRydWUvPgoJCQk8a2V5PmFsbG93WW91VHViZTwva2V5PgoJCQk8dHJ1ZS8+CgkJCTxrZXk+
YWxsb3dpVHVuZXM8L2tleT4KCQkJPHRydWUvPgoJCQk8a2V5PmZvcmNlRW5jcnlwdGVkQmFja3Vw
PC9rZXk+CgkJCTxmYWxzZS8+CgkJCTxrZXk+Zm9yY2VJVHVuZXNTdG9yZVBhc3N3b3JkRW50cnk8
L2tleT4KCQkJPGZhbHNlLz4KCQkJPGtleT5yYXRpbmdBcHBzPC9rZXk+CgkJCTxpbnRlZ2VyPjEw
MDA8L2ludGVnZXI+CgkJCTxrZXk+cmF0aW5nTW92aWVzPC9rZXk+CgkJCTxpbnRlZ2VyPjEwMDA8
L2ludGVnZXI+CgkJCTxrZXk+cmF0aW5nUmVnaW9uPC9rZXk+CgkJCTxzdHJpbmc+dXM8L3N0cmlu
Zz4KCQkJPGtleT5yYXRpbmdUVlNob3dzPC9rZXk+CgkJCTxpbnRlZ2VyPjEwMDA8L2ludGVnZXI+
CgkJCTxrZXk+c2FmYXJpQWNjZXB0Q29va2llczwva2V5PgoJCQk8aW50ZWdlcj4yPC9pbnRlZ2Vy
PgoJCQk8a2V5PnNhZmFyaUFsbG93QXV0b0ZpbGw8L2tleT4KCQkJPHRydWUvPgoJCQk8a2V5PnNh
ZmFyaUFsbG93SmF2YVNjcmlwdDwva2V5PgoJCQk8dHJ1ZS8+CgkJCTxrZXk+c2FmYXJpQWxsb3dQ
b3B1cHM8L2tleT4KCQkJPHRydWUvPgoJCQk8a2V5PnNhZmFyaUZvcmNlRnJhdWRXYXJuaW5nPC9r
ZXk+CgkJCTxmYWxzZS8+CgkJPC9kaWN0PgoJPC9hcnJheT4KCTxrZXk+UGF5bG9hZERlc2NyaXB0
aW9uPC9rZXk+Cgk8c3RyaW5nPlByb2ZpbGUgZGVzY3JpcHRpb24uPC9zdHJpbmc+Cgk8a2V5PlBh
eWxvYWREaXNwbGF5TmFtZTwva2V5PgoJPHN0cmluZz5HZW5lcmFsPC9zdHJpbmc+Cgk8a2V5PlBh
eWxvYWRJZGVudGlmaWVyPC9rZXk+Cgk8c3RyaW5nPmNvLm15bWRtLnJlc3RyaWN0aW9uczwvc3Ry
aW5nPgoJPGtleT5QYXlsb2FkT3JnYW5pemF0aW9uPC9rZXk+Cgk8c3RyaW5nPjwvc3RyaW5nPgoJ
PGtleT5QYXlsb2FkUmVtb3ZhbERpc2FsbG93ZWQ8L2tleT4KCTxmYWxzZS8+Cgk8a2V5PlBheWxv
YWRUeXBlPC9rZXk+Cgk8c3RyaW5nPkNvbmZpZ3VyYXRpb248L3N0cmluZz4KCTxrZXk+UGF5bG9h
ZFVVSUQ8L2tleT4KCTxzdHJpbmc+MUU4MjY0NEEtQjRCRi00RkM0LTgxQTgtNTdCRTFDOTg4MTg1
PC9zdHJpbmc+Cgk8a2V5PlBheWxvYWRWZXJzaW9uPC9rZXk+Cgk8aW50ZWdlcj4xPC9pbnRlZ2Vy
Pgo8L2RpY3Q+CjwvcGxpc3Q+Cg==
I have enabled profile installation in the MDM payload. Please help me in figuring out the problem.
You are missing the XML Declaration and the plist doctype. Add the following two lines to the top of the profile (before base64 encoding it):
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
The problem is solved. Just out of annoyance I removed the extra spaces between the XML tags of the .mobileConfig. See below...
Changed
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDescription</key>
<string></string>
<key>PayloadDisplayName</key>
<string>Restrictions</string>
..........
</dict>
to
<dict><key>PayloadContent</key><array><dict><key>PayloadDescription</key><string></string><key>PayloadDisplayName</key><string>Restrictions</string>..........</dict>
I used this site to encode it into base64. (for testing only)
For future viewers, you need to start from the <dict> tag
Related
I am new to iOS/SwiftUI development but am trying to develop an app and webapis on my MacBook Pro. I am using VSCode and C# on the backend and calling the webapis from the iPhone simulator.
I have a localhost certificate in my Keychain with a Subject Alternative Name of the ip for my local machine (10.0.0.5). I have this working with Android using 10.0.2.2 (emulator localhost for computer hosting the emulator), so I know it does work.
I can also run the API from the browser using 10.0.0.5 and get the results.
When I run from the simulator I get these error:
2022-01-15 18:05:03.352411-0500 TestApp[24757:274897] [Unknown process
name] copy_read_only: vm_copy failed: status 1. calling loadData...
loading data... 2022-01-15 18:05:06.008842-0500 TestApp[24757:274902]
Connection 1: default TLS Trust evaluation failed(-9807) 2022-01-15
18:05:06.009049-0500 TestApp[24757:274902] Connection 1: TLS Trust
encountered error 3:-9807 2022-01-15 18:05:06.009148-0500
TestApp[24757:274902] Connection 1: encountered error(3:-9807)
2022-01-15 18:05:06.010008-0500 TestApp[24757:274902] Task
<17311174-24FF-403A-AA1B-4894D097FB41>.<1> HTTP load failed, 0/0 bytes
(error code: -1202 [3:-9807]) 2022-01-15 18:05:06.013874-0500
TestApp[24757:274896] Task <17311174-24FF-403A-AA1B-4894D097FB41>.<1>
finished with error [-1202] Error Domain=NSURLErrorDomain Code=-1202
"The certificate for this server is invalid. You might be connecting
to a server that is pretending to be “10.0.0.5” which could put your
confidential information at risk."
UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to
the server anyway?, _kCFStreamErrorDomainKey=3,
NSErrorPeerCertificateChainKey=(
"<cert(0x7fbef400f200) s: localhost i: localhost>" ), NSErrorClientCertificateStateKey=0,
NSErrorFailingURLKey=https://10.0.0.5:5001/WeatherForecast,
NSErrorFailingURLStringKey=https://10.0.0.5:5001/WeatherForecast,
NSUnderlyingError=0x6000023c6490 {Error Domain=kCFErrorDomainCFNetwork
Code=-1202 "(null)"
UserInfo={_kCFStreamPropertySSLClientCertificateState=0,
kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x600001c58500>,
_kCFNetworkCFStreamSSLErrorOriginalValue=-9807, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9807, kCFStreamPropertySSLPeerCertificates=(
"<cert(0x7fbef400f200) s: localhost i: localhost>" )}}, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask <17311174-24FF-403A-AA1B-4894D097FB41>.<1>" ), _kCFStreamErrorCodeKey=-9807, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <17311174-24FF-403A-AA1B-4894D097FB41>.<1>,
NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x600001c58500>,
NSLocalizedDescription=The certificate for this server is invalid. You
might be connecting to a server that is pretending to be “10.0.0.5”
which could put your confidential information at risk.} Invalid data
I followed the instructions from this post to put the NSExceptionDomain I am using. I am having trouble digesting the Overriding TLS Chain Validation Correctly. I followed this thread on Swift 5.1 UIWebView Does not View URL because of untrusted Certificate as well. Also, iOS app ignoring NSAppTransportSecurity.
My Info.plist has this in it:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>https://10.0.0.5:5001/WeatherForecast</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>
</dict>
I tried a variety of combinations for the key from 10.0.0.5 to https://10.0.0.5:5001/WeatherForecast.
UPDATE
I tried this Domain=NSURLErrorDomain Code 1202 as well, exporting the .cer from keychain and installing it on the emulator, but I still get the same error:
I'm trying to make a request for an http domain, and despite having
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSAllowsArbitraryLoadsInWebContent</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>my-private-domain.kubernetes.intranet%2f:9090</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
at my info.plist for the app target, XCode 12.5.1 keeps me showing the error
Task <C5F9EA01-9790-43ED-89B0-EE07341B4D84>.<4> finished with error [-1022] Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.
I needed to perform this request after updating to 12.5.1 and also tried Clean Build Folder and removing-reinstalling the app. Does someone knows if it's a policy change? (maybe only HTTPS are now allowed even in non-production targets?). The answers I found here only cites NSAllowsArbitraryLoads, NSExceptionDomains, NSExceptionMinimumTLSVersion/NSTemporaryExceptionMinimumTLSVersion and NSThirdPartyExceptionRequiresForwardSecrecy. There's something more?
Because your info.plist includes the NSAllowsArbitraryLoadsInWebContent key, the NSAllowsArbitraryLoads is ignored and treated as false. So removing the NSAllowsArbitraryLoadsInWebContent should allow all arbitrary loads.
Relevant section from Apple docs:
In iOS 10 and later and macOS 10.12 and later, the value of the
NSAllowsArbitraryLoads key is ignored—and the default value of NO used
instead—if any of the following keys are present in your app’s
Information Property List file:
NSAllowsArbitraryLoadsForMedia
NSAllowsArbitraryLoadsInWebContent
NSAllowsLocalNetworking
Configuration: developing a macOS application, macOS High Sierra 10.13.1, and Xcode version 9.1 (9B55).
Alright, I've looked all over the place for a possible solution, tried several things, and nothing's worked so far.
I have a Web service running under Spring Boot, so it uses Apache Tomcat underneath and I've configured it to use the last stable release of Java 8 (1.8u152).
Because I configured my service to use HTTPS, I created a self-signed certificate. I've read that Swift doesn't really like this, but there are things you are supposed to be able to do to mitigate that until your app is ready for production.
So I created my certificate using keytool, tested it in the browser, got the usual "Your connection is not private" warning, which I expected since it was self-signed. But after allowing the exception, it works and all HTTP requests redirect to HTTPS like I programmed it to.
Now, when I try to make a POST request in Swift, I get this group of errors:
2017-11-27 22:15:35.963123-0500 MyApp[2885:4510057] TIC SSL Trust Error [1:0x600000168c40]: 3:0
2017-11-27 22:15:35.971297-0500 MyApp[2885:4510057] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
2017-11-27 22:15:35.971344-0500 MyApp[2885:4510057] Task <1ADE665F-B044-4678-8291-BF63E579CCDE>.<1> HTTP load failed (error code: -1202 [3:-9813])
2017-11-27 22:15:35.971456-0500 MyApp[2885:4510056] Task <1ADE665F-B044-4678-8291-BF63E579CCDE>.<1> finished with error - code: -1202
Upon researching this further, I made the following additions to my Info.plist file:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>localhost</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
I tried doing this in raw source code and via the plist editor. No luck either way.
Here is the code that attempts the POST request:
let url = Constants.SERVICE_URL + "account/post"
let body: [String : Any] =
["firstName": txtFirstName.stringValue,
"lastName": txtLastName.stringValue,
"email": txtEmail.stringValue,
"password": txtPassword.stringValue];
let req = Request.create(urlExtension: url, httpVerb: Constants.HTTP_POST, jsonBody: body)
let task = URLSession.shared.dataTask(with: req) { data, response, err in
guard let data = data, err == nil else {
reply(false)
return
}
do {
let resp = try JSONSerialization.jsonObject(with: data)
reply(resp)
} catch {
print("Error: " + error.localizedDescription)
reply(false)
}
}
task.resume()
I'm at a loss now... does anyone know what to do about this?
I fixed it! Since my certificate was self-signed, my Mac did not trust it by default (which makes sense). I followed the instructions at macOS Sierra: If your certificate isn’t being accepted and it worked.
Make sure to add the certificate to the System keychain.
I was wondering should I put a s behind the http in this url, because I keep getting an error.
Here is the code.
("http://query.yahooapis.com/v1/public/yql?q=select
Yes, you should prefer the HTTPS version if possible.
However, I believe the error you are getting is not because of HTTPS, it's actually an error with your request
<?xml version="1.0" encoding="UTF-8"?>
<error xmlns:yahoo="http://www.yahooapis.com/v1/base.rng" yahoo:lang="en-US"><description>Query syntax error(s) [line 1:6 expecting fields_or_star got ' ']</description></error>
Apple has made the change that you have to use HTTPS or enter an exception in your info.plist.
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
This allows all http traffic, but I would suggest strongly to only do this for testing.
See this Apple document.
I'm having a problem getting Sparkle to read my appcast which is in my website's root:
<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0" xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" xmlns:dc="http://purl.org/dc/elements/1.1/">
<channel>
<title>myApp</title>
<link>http://www.myWebSite.net/appcast.xml</link>
<description>
Generate docs.
</description>
<language>en</language>
<item>
<title>Version 6.2 (1 new feature)</title>
<sparkle:releaseNotesLink>http://myWebSite.net/myApp.shtml</sparkle:releaseNotesLink>
<pubDate>Sun, 28 Jun 2015 19:20:11 +0000</pubDate>
<enclosure url="http://yWebSite.net/downloads/myApp.zip" sparkle:version=“6.2” length=“1500000” type="application/octet-stream" />
<sparkle:minimumSystemVersion>10.10</sparkle:minimumSystemVersion>
</item>
</channel>
</rss>
In my app I've added a user preference:
[prefs setObject:#"http://www.myWebSite.net/appcast.xml" forKey:#"SUFeedURL"];
[prefs synchronize];
When I select my 'Check for updates' menu item Sparkle reports it doesn't seem to like the feed and logs:
Sparkle: Error: An error occurred in retrieving update information. Please try again later. An error occurred while parsing the update feed.
I've seen this post but it's solution doesn't seem to have helped (although Sparkle did work ok when I used the sample appcast). Presumably my appcast is wrong. I'd appreciate some help in correcting it.
Make sure the sparkle feed is being served on HTTPS or mark 'Allow Arbitrary Loads' to YES in your Info.plist
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
you may also try this hassle-free build server
http://amtourky.me/2016/01/20/mac-os-x-continuous-delivery-sparkler-the-missing-build-server-for-sparkle/