Category Archives: OSX

Loading SecCertificateRef from PEM String

In order to load a PEM certificate, you’d probably wanna grab the PEM itself from your backend, right?.

You can do so, by means of this command:

openssl s_client -showcerts -host host.com -port 443

Once you’ve got the certificate, you should get rid of the Begin/End Certificate substrings.

Cocoa Snippet itself is quite easy:

[cc lang=”objc”]

NSData *rawCertificate = [[NSData alloc] initWithBase64Encoding:PlaintextCertificateString];
SecCertificateRef parsedCertificate = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)rawCertificate);
[/cc]

That’s it. Don’t forget about checking expiration dates. Unfortunately, Apple’s API to do so is private, and i personally refuse to build OpenSSL into my app, just to check that.

Codesign Check

Keychain access for iOS apps is tied up to the provisioning profile you use to sign the binary. So, what happens if you release a new build, signed using a different provisioning profile?.

Yes! your guess is accurate!. You loose access to anything you’ve stored in the keychain, resulting in (probably) deauthentication.

There is a command that allows you to verify the “Keychain Access Group” for a given executable. By means of this, you’ll be able to verify if your new release will have the same access than your previous build (assuming you also have that binary!).

Take notes…

codesign -d --entitlements - /path/AppName.OSX.1.0.2.xcarchive/Products/Applications/AppName.app/

Fixing ‘”A newer version of this app is already installed on this computer” Alert

I’ve just got a nice alert, while trying to install a Mac App from the AppStore, saying the following:

"A newer version of this app is already installed on this computer."

Solutions?

  1. Nuke the app’s Xcode build folder.

    Location: ~/Library/Developer/Xcode/DerivedData/

  2. Execute the following command:

    /System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister -kill -r -domain local -domain system -domain user

Now you should be good to go!