Illustrates importing the certificate and setting up login credentials, as well as other APIs related to certificate handling:
//// SSO certificate APIs @try { SUPConnectionProfile *sp = [SMP101SMP101DB getSynchronizationProfile]; [sp setDomainName:@"ssocert"]; // Get handle to the certificate store SUPCertificateStore *cs = [SUPCertificateStore getDefault]; // Getting certificate from a file bundled with the app NSString *certPath = [[NSBundle mainBundle] pathForResource:@"sap101" ofType:@"p12"]; SUPLoginCertificate *lc_resource = [cs getSignedCertificateFromFile:certPath withPassword:@"password"]; NSLog(@"Got certificate from resource file, subjectCN = %@",lc_resource.subjectCN); [[LogInfo sharedInstance] testPassed:@"SAPSSOCertTest" :@"GetCertificateFromResourceFile"]; // Getting certificate from file in Documents directory NSArray *arrayPaths = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES); NSString *docDir = [arrayPaths objectAtIndex:0]; certPath = [NSString stringWithFormat:@"%@/sap101.p12",docDir]; SUPLoginCertificate *lc_doc = [cs getSignedCertificateFromFile:certPath withPassword:@"password"]; NSLog(@"Got certificate from documents directory file, subjectCN = %@",lc_doc.subjectCN); [[LogInfo sharedInstance] testPassed:@"SAPSSOCertTest" :@"GetCertificateFromDocumentsFile"]; // Distinguished name property NSLog(@"Test distinguished name property, should be null: DN = %@",lc_doc.distinguishedName); // Import certificate from server SUPLoginCertificate *lc = [cs getSignedCertificateFromServer:@"<ServerName>\\ssotest" withServerPassword:@"s1s2o3T4" withCertPassword:@"password"]; [[LogInfo sharedInstance] testPassed:@"SAPSSOCertTest" :@"GetCertificateFromServer"]; NSLog(@"Imported certificate from server: subjectCN = %@",lc.subjectCN); // Storage and retrieval of certificate if(![SUPDataVault vaultExists:@"vaultTest"]) vault = [SUPDataVault createVault:@"vaultTest" withPassword:@"vaultPassword" withSalt:@"vaultSalt"]; else vault = [SUPDataVault getVault:@"vaultTest"]; [vault lock]; [vault unlock:@"vaultPassword" withSalt:@"vaultSalt"]; [lc save:@"test" withVault:vault]; [vault lock]; [vault unlock:@"vaultPassword" withSalt:@"vaultSalt"]; NSLog(@"Certificate stored. Now get the cert from the data vault...."); SUPLoginCertificate *lc2 = [SUPLoginCertificate load:@"test" withVault:vault]; [vault lock]; NSLog(@"Certificate retrieved successfully: subjectCN = %@",lc2.subjectCN); if([lc2.subjectCN isEqualToString:lc.subjectCN]) [[LogInfo sharedInstance] testPassed:@"SAPSSOCertTest" :@"SaveAndLoadCertificate"]; else [[LogInfo sharedInstance] testFailed:@"SAPSSOCertTest" :@"SaveAndLoadCertificate"]; [lc2 release]; NSLog(@"Test getting a nonexistent certificate from the vault, see if we get the right exception..."); BOOL noCertificatePass = NO; @try { SUPLoginCertificate *lc_none = [SUPLoginCertificate load:@"bogus" withVault:vault]; } @catch(SUPDataVaultException* e) { noCertificatePass = YES; NSLog(@"Got exception when trying to get nonexistent cert, exception is %@: %@",[e name],[e reason]); } if(noCertificatePass) [[LogInfo sharedInstance] testPassed:@"SAPSSOCertTest" :@"NonExistentCertificate"]; else [[LogInfo sharedInstance] testFailed:@"SAPSSOCertTest" :@"NonExistentCertificate"]; // Delete certificate BOOL deletePass = YES; // Try to get the deleted certificate, should get an exception: SUPLoginCertificate *lc3 = nil; [vault unlock:@"vaultPassword" withSalt:@"vaultSalt"]; @try { [SUPLoginCertificate delete:@"test" withVault:vault]; lc3 = [SUPLoginCertificate load:@"test" withVault:vault]; deletePass = NO; } @catch(NSException* e) { NSLog(@"Exception getting deleted cert: %@: %@",[e name],[e reason]); deletePass = YES; } NSLog(@"Retrieve cert that was deleted, should be null: lc3 = %@",lc3); if(lc3 != nil) deletePass = NO; if(deletePass) [[LogInfo sharedInstance] testPassed:@"SAPSSOCertTest" :@"DeleteCertificate"]; else [[LogInfo sharedInstance] testFailed:@"SAPSSOCertTest" :@"DeleteCertificate"]; // changeVaultPassword for LoginCertificate [vault lock]; [vault unlock:@"vaultPassword" withSalt:@"vaultSalt"]; [vault changePassword:@"newPassword" withSalt:@"vaultSalt"]; [vault lock]; [vault unlock:@"newPassword" withSalt:@"vaultSalt"]; [lc save:@"test" withVault:vault]; [vault lock]; [vault unlock:@"newPassword" withSalt:@"vaultSalt"]; SUPLoginCertificate *lc4 = [SUPLoginCertificate load:@"test" withVault:vault]; [vault lock]; [vault unlock:@"newPassword" withSalt:@"vaultSalt"]; // Change password back so we can rerun the test [vault changePassword:@"vaultPassword" withSalt:@"vaultSalt"]; [vault lock]; if([lc4.subjectCN isEqualToString:lc.subjectCN]) [[LogInfo sharedInstance] testPassed:@"SAPSSOCertTest" :@"ChangeVaultPassword"]; else [[LogInfo sharedInstance] testFailed:@"SAPSSOCertTest" :@"ChangeVaultPassword"]; [lc4 release]; // Attach certificate to sync profile sp.certificate = lc; [lc release]; } @catch(NSException *e) { MBOLogError(@"Exception in getting certificate"); MBOLogError(@"%@: %@",[e name],[e reason]); [pool drain]; return; } // If package requires login first, use beginOnlineLogin API // which takes no parameters while ([SUPApplication connectionStatus] != SUPConnectionStatus_CONNECTED) { NSLog(@"waiting to connect..."); sleep(2); } [CrmDatabase beginOnlineLogin];