钥匙串

时间:2016-05-26 09:21:40

标签: objective-c swift macos networkextension

我正在尝试使用NetworkExtension框架在Mac OSX上实现IKEv2 vpn连接。每次我弹出一个输入我的vpn连接密码。根据NEVPNProtocol规范,可以通过提供存储在钥匙串中的密码的持久引用来提供密码。但它不起作用。我在iOS中尝试过相同的IKEv2配置代码,但效果很好。

我写了一个示例应用程序来演示我是如何做到的 - https://github.com/kestutisbalt/osx-ikev2-sample

如何在密钥链中存储密码: 

class func set(key: String, value: String) {

    let query: [NSObject: AnyObject] = [
        kSecValueData: value.dataUsingEncoding(NSUTF8StringEncoding)!,
        kSecClass: kSecClassGenericPassword,
        kSecAttrGeneric: key,
        kSecAttrAccount: key,
        kSecAttrAccessible: kSecAttrAccessibleAlways,
        kSecAttrService: NSBundle.mainBundle().bundleIdentifier!
    ]

    clear(key)
    SecItemAdd(query as CFDictionaryRef, nil)
}

如何从钥匙串中检索持久性参考: 

class func persistentRef(key: String) -> NSData? {
    let query: [NSObject: AnyObject] = [
        kSecClass: kSecClassGenericPassword,
        kSecAttrGeneric: key,
        kSecAttrAccount: key,
        kSecAttrAccessible: kSecAttrAccessibleAlways,
        kSecMatchLimit: kSecMatchLimitOne,
        kSecAttrService: NSBundle.mainBundle().bundleIdentifier!,
        kSecReturnPersistentRef: kCFBooleanTrue
    ]

    var secItem: AnyObject?
    let result = SecItemCopyMatching(query, &secItem)
    if result != errSecSuccess {
        return nil
    }

    return secItem as? NSData
}

IKEv2配置: 

private func createIKEv2Protocol(host: String,
    username: String, password: String) -> NEVPNProtocolIKEv2 {

    Keychain.set(username, value: password)
    let passwordRef = Keychain.persistentRef(username)
    if passwordRef == nil {
        log("Failed to query password persistent ref")
    }

    let config = NEVPNProtocolIKEv2()

    config.remoteIdentifier = host
    config.serverAddress = host
    config.useExtendedAuthentication = true
    config.username = username
    config.passwordReference = passwordRef

    return config
}

1 个答案:

答案 0 :(得分:2)

Apple开发人员支持回复了我的问题:

The issue with your code is that it’s attempting to set up VPN in an unsupported way. Specifically, IKEv2 VPN does not support password-based authentication. The options you have for IKEv2 are listed in the NEVPNIKEAuthenticationMethod enum,即.Certificate和.SharedSecret。

相关问题
最新问题