I'm trying to test code that reads and alters the keychain using the basic SenTest framework on Xcode. The code works fine on device, but when I start the test I get these errors every time I want to touch the keychain with SecItemDelete
/SecItemAdd
/etc.
The operation couldn’t be completed. (OSStatus error -34018 - client has neither application-identifier nor keychain-access-groups entitlements)
I have matching wildcard provisioning profiles (iOS Team Provisioning Profile: *
) for both the build target and the test target.
These (unconfirmed) stack overflow answers:
Read from keychain results in errSecItemNotFound 25300
say that I need a provisioning profile matching my app identifier every time I use the keychain, but that can't be right, or I'd get the same errors outside of the test target.
Digging deeper, the (unconfirmed) answers here:
SecItemAdd and SecItemCopyMatching returns error code -34018 (errSecMissingEntitlement)
imply that there might be a bug within keychain and more generally Security.framework
, which is frankly terrifying.
My question is; has anyone hit OSStatus error -34018 only when they were on a test-target? That appears to be the behavior I am seeing.
EDIT: Adding this answer that JorgeDeCorte used in his answer below.
This thread seems to contain the solution if the problem exits in your unit-test target.
https://devforums.apple.com/message/917498#917498
Basically you have to codesign your .xcttest folder by adding the following as a run script in your test target.
codesign --verify --force --sign "$CODE_SIGN_IDENTITY" "$CODESIGNING_FOLDER_PATH"
I got a lot of -34018 errors when testing my keychain on the device and this managed to fix it.
If the problem does not exist in your test target this is probably not the solution.
So I guess the solution is: force sign your test target.