Регистрация IOS8 SCEP завершается неудачно при второй установке
Процесс регистрации сертификата OTA работает на устройствах IOS7 столько раз, сколько необходимо.
соответствующий журнал IOS7 для установки второго сертификата на основе того же конфига / сертификата / подписи и т. д.:
profiled[1397] <Notice>: (Note ) MC: Retrieving profile from OTA Profile service...
profiled[1397] <Notice>: (Note ) MC: Received final profile: com.myConfig.profile
profiled[1397] <Notice>: (Note ) MC: Beginning profile installation...
<Notice>: (Note ) MC: Profile “com.myConfig.profile” is replacing an existing profile having the same identifier.
securityd[1349] <Error>: SecDbItemInsertOrReplace INSERT failed: The operation couldn’t be completed. (com.apple.utilities.sqlite3 error 19 - reset: [19] columns ctyp, issr, slnr, agrp, sync are not unique sql: INSERT INTO cert(rowid,cdat,mdat,ctyp,cenc,labl,alis,subj,issr,slnr,skid,pkhh,data,agrp,pdmn,sync,tomb,sha1)VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?))
securityd[1349] <Error>: securityd_xpc_dictionary_handler profiled[1397] add The operation couldn’t be completed. (OSStatus error -25299 - duplicate item O,cert,85233947,L,dku,apple,0,ctyp,cenc,labl,subj,issr,slnr,pkhh,v_Data,20150303054909.447036Z,CF75A17F)
profiled[1397] <Error>: SecOSStatusWith error:[-25299] The operation couldn’t be completed. (OSStatus error -25299 - Remote error : The operation couldn‚Äôt be completed. (OSStatus error -25299 - duplicate item O,cert,85233947,L,dku,apple,0,ctyp,cenc,labl,subj,issr,slnr,pkhh,v_Data,20150303054909.447036Z,CF75A17F))
profiled[1397] <Notice>: (Note ) MC: Attempting to retrieve issued certificate...
securityd[1349] <Error>: CFPropertyListReadFromFile file file:///Users/Library/Developer/CoreSimulator/Devices/9B6A7852-9C11-4FCC-8327-E1BD33EA7CF5/data/Library/Keychains/accountStatus.plist: The operation couldn’t be completed. (Cocoa error 260.)
<Notice>: (Note ) MC: Issued certificate received.
securityd[1349] <Error>: SecDbItemInsertOrReplace INSERT failed: The operation couldn’t be completed. (com.apple.utilities.sqlite3 error 19 - reset: [19] columns kcls, klbl, atag, crtr, type, bsiz, esiz, sdat, edat, agrp, sync are not unique sql: INSERT INTO keys(rowid,cdat,mdat,kcls,labl,alis,perm,priv,modi,klbl,atag,crtr,type,bsiz,esiz,sdat,edat,sens,asen,extr,next,encr,decr,drve,sign,vrfy,snrc,vyrc,wrap,unwp,data,agrp,pdmn,sync,tomb,sha1)VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?))
securityd[1349] <Error>: securityd_xpc_dictionary_handler profiled[1397] add The operation couldn’t be completed. (OSStatus error -25299 - duplicate item O,keys,0CC69ECD,L,dku,apple,0,kcls,labl,perm,priv,modi,klbl,atag,crtr,type,bsiz,esiz,sdat,edat,sens,asen,extr,next,encr,decr,drve,sign,vrfy,snrc,vyrc,wrap,unwp,v_Data,20150303054921.112843Z,344A0836)
<Error>: SecOSStatusWith error:[-25299] The operation couldn’t be completed. (OSStatus error -25299 - Remote error : The operation couldn‚Äôt be completed. (OSStatus error -25299 - duplicate item O,keys,0CC69ECD,L,dku,apple,0,kcls,labl,perm,priv,modi,klbl,atag,crtr,type,bsiz,esiz,sdat,edat,sens,asen,extr,next,encr,decr,drve,sign,vrfy,snrc,vyrc,wrap,unwp,v_Data,20150303054921.112843Z,344A0836))
profiled[1397] <Notice>: (Note ) MC: Profile “com.myConfig.profile” installed.
profiled[1397] <Notice>: (Note ) MC: Removing certificate with persistent ID 636572740000000000000005
securityd[1349] <Error>: CFPropertyListReadFromFile file file:///Users/Library/Developer/CoreSimulator/Devices/9B6A7852-9C11-4FCC-8327-E1BD33EA7CF5/data/Library/Keychains/accountStatus.plist: The operation couldn’t be completed. (Cocoa error 260.)
<Notice>: (Note ) MC: Removing certificate with persistent ID 69646e740000000000000006
profiled[1397] <Notice>: (Note ) MC: Removing certificate with persistent ID 69646e740000000000000007
profiled[1397] <Notice>: (Note ) MC: Removing certificate with persistent ID 69646e740000000000000001
profiled[1397] <Notice>: (Note ) MC: Removing certificate with persistent ID 69646e740000000000000004
Под IOS8 начальная регистрация и установка профиля работает. Однако при любых последующих зачислениях выдается следующая ошибка:
profiled[2253]: (Note ) MC: Checking for MDM installation...
profiled[2253]: (Note ) MC: ...finished checking for MDM installation.
profiled[2253]: (Note ) MC: Enrolling in OTA Profile service...
profiled[2253]: SecTrustEvaluate [leaf AnchorTrusted]
securityd[1617]: securityd_xpc_dictionary_handler profiled[2253] add The operation couldn’t be completed. (OSStatus error -25299 - duplicate item O,cert,688B8CB6,L,dku,com.apple.certificates,0,ctyp,cenc,labl,subj,issr,slnr,pkhh,v_Data,20150303080953.465563Z,6CDCA2CB)
profiled[2253]: SecOSStatusWith error:[-25299] The operation couldn’t be completed. (OSStatus error -25299 - Remote error : The operation couldn‚Äôt be completed. (OSStatus error -25299 - duplicate item O,cert,688B8CB6,L,dku,com.apple.certificates,0,ctyp,cenc,labl,subj,issr,slnr,pkhh,v_Data,20150303080953.465563Z,6CDCA2CB))
profiled[2253]: SecTrustEvaluate [leaf AnchorTrusted]
profiled[2253]: (Note ) MC: Attempting to retrieve issued certificate...
profiled[2253]: SecTrustEvaluate [leaf AnchorTrusted ValidLeaf ValidRoot]
profiled[2253]: (Note ) MC: Issued certificate received.
securityd[1617]: securityd_xpc_dictionary_handler profiled[2253] add The operation couldn’t be completed. (OSStatus error -25299 - duplicate item O,cert,B7CCBFFA,L,dku,com.apple.identities,0,ctyp,cenc,labl,subj,issr,slnr,pkhh,v_Data,20150303080954.973098Z,0A162218)
profiled[2253]: SecOSStatusWith error:[-25299] The operation couldn’t be completed. (OSStatus error -25299 - Remote error : The operation couldn‚Äôt be completed. (OSStatus error -25299 - duplicate item O,cert,B7CCBFFA,L,dku,com.apple.identities,0,ctyp,cenc,labl,subj,issr,slnr,pkhh,v_Data,20150303080954.973098Z,0A162218))
profiled[2253]: *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '*** setObjectForKey: key cannot be nil'
*** First throw call stack:
(
0 CoreFoundation 0x00000001057cff35 __exceptionPreprocess + 165
1 libobjc.A.dylib 0x0000000107deebb7 objc_exception_throw + 45
2 CoreFoundation 0x00000001056d6998 -[__NSDictionaryM setObject:forKey:] + 968
3 profiled 0x0000000105222227 profiled + 209447
4 profiled 0x000000010522297a profiled + 211322
5 libdispatch.dylib 0x0000000108554af4 _dispatch_client_callout + 8
6 libdispatch.dylib 0x000000010853eabb _dispatch_barrier_sync_f_invoke + 76
7 profiled 0x00000001052228f7 profiled + 211191
8 profiled 0x00000001052360e0 profiled + 291040
9 profiled 0x0000000105236a4d profiled + 293453
10 profiled 0x000000010523c60b profiled + 316939
11 profiled 0x00000001051f29ef profiled + 14831
12 libdispatch.dylib 0x000000010853aaf6 _dispatch_call_block_and_release + 12
13 libdispatch.dylib 0x0000000108554af4 _dispatch_client_callout + 8
14 libdispatch.dylib 0x000000010853f8cf _dispatch_queue_drain + 733
15 libdispatch.dylib 0x000000010853f494 _dispatch_queue_invoke + 217
16 libdispatch.dylib 0x00000001085413fa _dispatch_root_queue_drain + 479
17 libdispatch.dylib 0x00000001085422c9 _dispatch_worker_thread3 + 98
18 libsystem_pthread.dylib 0x00000001088d4637 _pthread_wqthread + 729
19 libsystem_pthread.dylib 0x00000001088d240d start_wqthread + 13
)
Ошибка возникает, когда сервер SCEP отправляет устройству IOS8 ответ на GetCaCert, который является статическим сертификатом, который не изменяется. Я также попытался удалить установленный профиль перед установкой снова, но это не меняет наблюдаемое поведение. Только сброс позволит установить профиль успешно.
У кого-нибудь есть идеи?