iOS Sample Code

This sample code illustrates importing the certificate and setting up login credentials, as well as other APIs related to certificate handling:

//// SSO certificate APIs
@try
{
SUPConnectionProfile *sp = [SAPSSOCertTest_SAPSSOCertTestDB getSynchronizationProfile];
[sp setDomainName:@"ssocert"];
// Get handle to the certificate store
SUPCertificateStore *cs = [SUPCertificateStore getDefault];

// Getting certificate from a file bundled with the app
NSString *certPath = [[NSBundle mainBundle] pathForResource:@"sybase101"
ofType:@"p12"];
SUPLoginCertificate *lc_resource = [cs getSignedCertificateFromFile:certPath withPassword:@"password"];
NSLog(@"Got certificate from resource file, subjectCN = %@",lc_resource.subjectCN);
[[LogInfo sharedInstance] testPassed:@"SAPSSOCertTest" :@"GetCertificateFromResourceFile"];

// Getting certificate from file in Documents directory
NSArray *arrayPaths = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory,
NSUserDomainMask,
YES);
NSString *docDir = [arrayPaths objectAtIndex:0];
certPath = [NSString stringWithFormat:@"%@/sybase101.p12",docDir];
SUPLoginCertificate *lc_doc = [cs getSignedCertificateFromFile:certPath withPassword:@"password"];
NSLog(@"Got certificate from documents directory file, subjectCN = %@",lc_doc.subjectCN);
[[LogInfo sharedInstance] testPassed:@"SAPSSOCertTest" :@"GetCertificateFromDocumentsFile"];

// Distinguished name property
NSLog(@"Test distinguished name property, should be null: DN = %@",lc_doc.distinguishedName);

// Import certificate from server
SUPLoginCertificate *lc = [cs getSignedCertificateFromServer:@"<ServerName>\\ssotest" withServerPassword:@"s1s2o3T4" withCertPassword:@"password"];
[[LogInfo sharedInstance] testPassed:@"SAPSSOCertTest" :@"GetCertificateFromServer"];
NSLog(@"Imported certificate from server: subjectCN = %@",lc.subjectCN);

// Storage and retrieval of certificate
if(![SUPDataVault vaultExists:@"vaultTest"])
vault = [SUPDataVault createVault:@"vaultTest" withPassword:@"vaultPassword" withSalt:@"vaultSalt"];
else
vault = [SUPDataVault getVault:@"vaultTest"];
[vault lock];
[vault unlock:@"vaultPassword" withSalt:@"vaultSalt"];
[lc save:@"test" withVault:vault];
[vault lock];
[vault unlock:@"vaultPassword" withSalt:@"vaultSalt"];
NSLog(@"Certificate stored. Now get the cert from the data vault....");
SUPLoginCertificate *lc2 = [SUPLoginCertificate load:@"test" withVault:vault];
[vault lock];
NSLog(@"Certificate retrieved successfully: subjectCN = %@",lc2.subjectCN);
if([lc2.subjectCN isEqualToString:lc.subjectCN])
[[LogInfo sharedInstance] testPassed:@"SAPSSOCertTest" :@"SaveAndLoadCertificate"];
else
[[LogInfo sharedInstance] testFailed:@"SAPSSOCertTest" :@"SaveAndLoadCertificate"];
[lc2 release];
NSLog(@"Test getting a nonexistent certificate from the vault, see if we get the right exception...");
BOOL noCertificatePass = NO;
@try
{
SUPLoginCertificate *lc_none = [SUPLoginCertificate load:@"bogus" withVault:vault];
} @catch(SUPDataVaultException* e)
{
noCertificatePass = YES;
NSLog(@"Got exception when trying to get nonexistent cert, exception is %@: %@",[e name],[e reason]);
}
if(noCertificatePass)
[[LogInfo sharedInstance] testPassed:@"SAPSSOCertTest" :@"NonExistentCertificate"];
else
[[LogInfo sharedInstance] testFailed:@"SAPSSOCertTest" :@"NonExistentCertificate"];

// Delete certificate
BOOL deletePass = YES;
// Try to get the deleted certificate, should get an exception:
SUPLoginCertificate *lc3 = nil;
[vault unlock:@"vaultPassword" withSalt:@"vaultSalt"];
@try
{
[SUPLoginCertificate delete:@"test" withVault:vault];
lc3 = [SUPLoginCertificate load:@"test" withVault:vault];
deletePass = NO;
} @catch(NSException* e)
{
NSLog(@"Exception getting deleted cert: %@: %@",[e name],[e reason]);
deletePass = YES;
}
NSLog(@"Retrieve cert that was deleted, should be null: lc3 = %@",lc3);
if(lc3 != nil) deletePass = NO;
if(deletePass)
[[LogInfo sharedInstance] testPassed:@"SAPSSOCertTest" :@"DeleteCertificate"];
else
[[LogInfo sharedInstance] testFailed:@"SAPSSOCertTest" :@"DeleteCertificate"];


// changeVaultPassword for LoginCertificate
[vault lock];
[vault unlock:@"vaultPassword" withSalt:@"vaultSalt"];
[vault changePassword:@"newPassword" withSalt:@"vaultSalt"];
[vault lock];
[vault unlock:@"newPassword" withSalt:@"vaultSalt"];
[lc save:@"test" withVault:vault];
[vault lock];
[vault unlock:@"newPassword" withSalt:@"vaultSalt"];
SUPLoginCertificate *lc4 = [SUPLoginCertificate load:@"test" withVault:vault];
[vault lock];
[vault unlock:@"newPassword" withSalt:@"vaultSalt"];

// Change password back so we can rerun the test
[vault changePassword:@"vaultPassword" withSalt:@"vaultSalt"];
[vault lock];
if([lc4.subjectCN isEqualToString:lc.subjectCN])
[[LogInfo sharedInstance] testPassed:@"SAPSSOCertTest" :@"ChangeVaultPassword"];
else
[[LogInfo sharedInstance] testFailed:@"SAPSSOCertTest" :@"ChangeVaultPassword"];
[lc4 release];

// Attach certificate to sync profile
sp.certificate = lc;
[lc release];
}
@catch(NSException *e)
{
MBOLogError(@"Exception in getting certificate");
MBOLogError(@"%@: %@",[e name],[e reason]);
[pool drain];
return;
}

// If package requires login first, use beginOnlineLogin API 
// which takes no parameters
while([SUPMessageClient status] != STATUS_START_CONNECTED)
[NSThread sleepForTimeInterval:0.2];
[CrmDatabase beginOnlineLogin];
Parent topic: Installing and Testing X.509 Certificates on iOS Clients