Here's the thing..
Scenario:
I got a ipa file which I get as a result of an Archive + Share process
using XCode. The ipa file is signed using ad hoc distribution certificates and
it can be installed without any problems.
The application saves some information in the keychain
which is accessed without any problems using the build I just made.
After that, I re-sign the application using the codesign command with Enterprise
distribution certificate after making some changes in the applicaction.app package.
This changes includes changing the name of the application and bundle id from the
info.plist file, and of course, replace the embedded mobile provisioning profile with
the one that matches the new certificate.
The Problem:
After resigning every seems to be all right, installation and functionality seems to work ok.... BUT! when I enter the information
that is saved in the keychain, the data seems not to load or be wiped from
the keychain every time I close the app.
Ideas of why is this happening?
Ok, here's the solution that worked for us.
Since this was an Enterprise build, it required us to change the Entitlements.plist/dist.plist file so that the app id matched what was entered on Apple's site. The Entitlements file can be provided on the codesign utility.
Use these instructions but verify the Entitlements file matches the full app id. This includes the seed id + bundle id.
Re-sign IPA (iPhone)
The app would install fine without it, but this ensures the keystore is being accessed with the proper authority.
I have searched hours for this problem... This is the solution, how the app resigning worked with our app. We got an IPA file from a customer and resigned it with our certificate. Accessing the Keychain works. The bundle.id was not changed in our case.
Which files you need:
- MyApp.ipa
- MyApp_EnterpriseDistribution.mobileprovision (Enterprise Distribution Provisioning Profil)
- Entitlements.plist
All files are in the same directory. If the files were located in different folders, you have to change the path in the code
First, we create an "Entitlements.plist". Create a txt file and put in the following code. Put in your application identifier.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>application-identifier</key>
<string>GBA9L2EABG.com.your.bundle.id.MyApp</string>
<key>get-task-allow</key>
<false/>
</dict>
</plist>
Save this file and rename it to: "Entitlements.plist"
Open the terminal, move to the folder and execute this codes, replace "MyApp" with your Appname and "NAME OF YOUR..." with the name of your certificate and "MyApp_EnterpriseDistribution" to your provisioning file:
unzip MyApp.ipa
//we didn't used the following, maybe necessary...
//rm -r "Payload/MyApp.app/_CodeSignature" "Payload/MyApp.app/CodeResources" 2> /dev/null | true
cp MyApp_EnterpriseDistribution.mobileprovision Payload/MyApp.app/embedded.mobileprovision
codesign -f -s "iPhone Distribution: NAME OF YOUR DISTRIBUTION CERTIFICATE" --resource-rules Payload/MyApp.app/ResourceRules.plist --entitlements Entitlements.plist Payload/MyApp.app
zip -qr MyApp-resigned.ipa Payload/
And now you have an Ipa with your certificate.
hint: the certificate with this name should be unique in your keychain...