Random crap
Alex Kremer's blog

Checking whether a configuration profile is installed on iOS

Configuration profiles are XML (plist) files which control the iOS device’s settings in one or another way.
Imagine that some iOS project depends on a configuration profile. Moreover it’s a requirement that the application wont allow certain actions unless the device has the correct configuration profile installed.

Now to the fun part. There is no official API to check whether a profile is installed or not ( :) ).. however, there is a very clever workaround which I found somewhere on the internet and I’m glad to share.

The idea is to create a CA Root certificate and a second certificate which will be signed by that CA Root. In order to verify and validate the second certificate one would need to install the Root certificate into the system.

We can bundle Certificates with our configuration profile and they will get installed on the iOS device so that’s how we get the CA Root certificate on board.
The second part is a bit trickier and requires some programming effort. First of all, bundle the second certificate with your application – drag&drop to Resources folder in Xcode.

And now you can use the following code to validate the target certificate and thus know whether your configuration profile is already installed or not:

  1. NSString * certPath = [[NSBundle mainBundle]
  2.        pathForResource:@"target" ofType:@"cer"];
  3. NSData * certData = [NSData dataWithContentsOfFile:certPath];
  4. SecCertificateRef cert = SecCertificateCreateWithData(
  5.        NULL, (CFDataRef) certData);
  6. SecPolicyRef policy = SecPolicyCreateBasicX509();
  7. OSStatus err = SecTrustCreateWithCertificates(
  8.        (CFArrayRef) [NSArray arrayWithObject:(id)cert],
  9.        policy, &trust);
  10.  
  11. SecTrustRef trust;
  12. SecTrustResultType  trustResult = -1;
  13. err = SecTrustEvaluate(trust, &trustResult);
  14.    
  15. CFRelease(trust);
  16. CFRelease(policy);
  17. CFRelease(cert);
  18.  
  19. if(trustResult == 4)
  20. {
  21.     // Profile is installed
  22. }
  23. else
  24. {
  25.     // Profile not installed
  26. }

Cheers.

Tags: , , , ,

4 Responses to “Checking whether a configuration profile is installed on iOS”

  1. AlName Says:

    Thanks for that Alex. Useful Info. One more thing, is there any way we can select a particular profile? Like if I have 5 different configuration profiles, and I want to activate any one of them, how can I do that?

  2. godexsoft Says:

    Hi AIName,

    If I understand you correctly you are looking for some API to work with the profiles. This post describes a workaround to the problem that there is no such API.. You can’t programatically do anything with the profiles, nor can you query for their existence. The only way I found was this SSL check which is a workaround, not a real API usage.

    HTH,
    Alex

  3. Ridan Says:

    Hi,

    I’m new to iOS development, i’m writing a phonegap plugin for iOS that handles the installation of certificates. I’m struggling with CA root certificate installation for my app.

    What is a configuration profile ? And how do you manage to include the root certificate inside ?

    Thanks in advance,

  4. Ridan Says:

    Hi again,

    Here is my problem: http://stackoverflow.com/questions/12798950/ios-install-ssl-certificate-programatically

    Any help will be much appreciated,

Leave a Comment