api - How do I use `SFCertificateTrustPanel` in swift? -


i working on test application connects service using https. certificate of connection using custom root certificate. implemented delegate `nsurlsessiondelegate' , implemented this:

func urlsession(session: nsurlsession, didreceivechallenge challenge: nsurlauthenticationchallenge, completionhandler: (nsurlsessionauthchallengedisposition, nsurlcredential?) -> void) {     if challenge.protectionspace.authenticationmethod == nsurlauthenticationmethodservertrust {         let trust: sectrustref = challenge.protectionspace.servertrust!         var secresult: sectrustresulttype = sectrustresulttype(ksectrustresultinvalid)         if sectrustevaluate(trust, &secresult) == errsecsuccess {             switch (int(secresult)) {             case ksectrustresultunspecified:                 break             case ksectrustresultproceed:                 let credential = nsurlcredential(fortrust: trust)                 completionhandler(.usecredential, credential)                 return             default:                 print("default")             }         }     }     completionhandler(.cancelauthenticationchallenge, nil) }

i case ksectrustresultproceed, code shown here results in endless loop. run error:

nsurlsession/nsurlconnection http load failed (kcfstreamerrordomainssl, -9802)

i suspect because certificate not trusted user, read sfcertificatetrustpanel user can accept trust certificate. yet method seems not available swift.

how use sfcertificatetrustpanel in swift?

is there way how can trust certificate, e.g. based on fingerprint?

i don't know reason couldn't use sfcertificatetrustpanel swift, assuming you're on os x. said, doesn't can't within app.

what need modify protection space allow specific tls certificate. recommend reading apple's article "overriding tls chain validation correctly". you'll need load tls certificate nsdata object, convert seccertificateref, , add sectrustref object. (but not all) of steps covered in document linked above.

if you're going using different certificates on different servers, right way handle make connection fail when see new cert, show dialog asking user whether trust cert (e.g. giving fingerprint). if user says yes, export cert nsdata object (e.g. in der form) , store in array of trusted certs in nsuserdefaults or something, , add every item in array of certs trust object in custom trust evaluation function.

one final note: ios versions of various tls libraries have bunch of methods make easier read keys , certs files on disk, iirc, , easier convert between nsdata representations , actual certs or rsa keys. these methods available on os x, despite documentation says, necessary ios simulator function. :-)


Comments

Post a Comment

Popular posts from this blog

jOOQ update returning clause with Oracle -

according http://www.jooq.org/doc/3.8/manual/sql-building/sql-statements/update-statement/ jooq doesn't support returning clause in update statements databases except firebird , postgres. does know, still correct oracle jooq? according oracle's documentation, oracle db supports returning clase delete, insert, or update statements. incorrect manual you're right - manual wrong , should fixed: https://github.com/jooq/jooq/issues/5470 single row update returning jooq 3.8 added support single row update .. returning statements. internally, uses callablestatement , pl/sql block of form: begin update "my_table" set "my_table"."column" = 'xyz' "my_table"."id" = 1 returning "my_table"."id", "my_table"."column" ?, ?; ? := sql%rowcount; end; the relevant issue is: https://github.com/jooq/jooq/issues/5190 multi row update returning a...
Read more

java - Warning equals/hashCode on @Data annotation lombok with inheritance -

i have entity inherits other. on other hand, i'm using lombok project reduce boilerplate code, put @data annotation. annotation @data inheritance produces next warning: generating equals/hashcode implementation without call superclass, though class not extend java.lang.object. if intentional, add '@equalsandhashcode(callsuper=false)' type. is advisable add annotation @equalsandhashcode (callsuper = true) or @equalsandhashcode (callsuper = false) ? if not added, 1 callsuper=false or callsuper=true ? the default value false . 1 if don't specify , ignore warning. yes, recommended add @equalsandhashcode annotation on @data annotated classes extend else object. cannot tell if need true or false , depends on class hierarchy, , need examined on case-by-case basis. however, project or package, can configure in lombok.config call super methods if not direct subclass of object. lombok.equalsandhashcode.callsuper = call for configuration system ...
Read more

java - BasicPathUsageException: Cannot join to attribute of basic type -

i using java 8 jpa (hibernate 5.2.1). have clause works perfectly, until introduce clause make use foreign key table values too. i getting following error: basicpathusageexception: cannot join attribute of basic type i think problem related fact have join table, , not sure how create join using join table. employee - employee_category - category model (employee.java): @manytomany(cascade = cascadetype.all, fetch=fetchtype.eager) @jointable ( name="employee_category", joincolumns={ @joincolumn(name="emp_id", referencedcolumnname="id") }, inversejoincolumns={ @joincolumn(name="cat_id", referencedcolumnname="id") } ) private set<category> categories; model (category.java): @id private string id; jpa when introduce following code, fails error above (i think problem new piece of code): join<t, category> category = from.join("id"); predicates.add(criteriabuilder.like(category....
Read more