Our old app uses MKNetworkKit and MKNetworkOperation.
Now under iOS 7 kSecTrustResultConfirm is deprecated.
In MKNetworkOperation, there is this code:
else if(result == kSecTrustResultConfirm) { // DEPRECATED
if(self.shouldContinueWithInvalidCertificate) {
// Cert not trusted, but user is OK with that
DLog(#"Certificate is not trusted, but self.shouldContinueWithInvalidCertificate is YES");
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
} else {
DLog(#"Certificate is not trusted, continuing without credentials. Might result in 401 Unauthorized");
[challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}
}
is there replacement for kSecTrustResultConfirm?
If you can't update MKNetworkKit for whatever reason, check out this commit: https://github.com/MugunthKumar/MKNetworkKit/commit/c28959805991bb8f0e99ede9c822e985b41f6fc9 . You'll see that the kSecTrustResultConfirm conditional has been deleted completely, and you should be able to do the same.
Related
I'm writing a Lync MSPL application using a manifest and a windows service. In my manifest.am I have the following code:
<?xml version="1.0"?>
<r:applicationManifest
r:appUri="http://www.company.no/LyncServerFilter"
xmlns:r="http://schemas.microsoft.com/lcs/2006/05">
<r:requestFilter methodNames="ALL"
strictRoute="true"
domainSupported="false"/>
<r:responseFilter reasonCodes="ALL"/>
<r:proxyByDefault action="true" />
<r:allowRegistrationBeforeUserServices action="true" />
<r:splScript>
<![CDATA[
callId = GetHeaderValues("Call-ID");
cseq = GetHeaderValues("CSeq");
content = "";
sstate = GetHeaderValues("subscription-state");
xevent = GetHeaderValues("Event");
xdir = GetHeaderValues("Direction");
xexp = GetHeaderValues("Session-Expires");
referto = GetHeaderValues("Refer-To");
if (sipRequest)
{
if (sipRequest.Method == "INVITE") {
if (ContainsString(sipRequest.Content, "m=audio", true)) {
content = "audio";
}
else if (ContainsString(sipRequest.Content, "m=video", true)) {
content = "video";
}
else if (ContainsString(sipRequest.Content, "m=message", true)) {
content = "message";
}
else if (ContainsString(sipRequest.Content, "m=application", true)) {
content = "application";
}
else {
content = "unknown";
}
}
else if (sipRequest.Method == "NOTIFY" || sipRequest.Method == "BENOTIFY") {
content = sipRequest.Content;
}
DispatchNotification("OnRequest", sipRequest.Method, sipMessage.From, sipMessage.To, callId, cseq, content, xdir, xevent, sstate, xexp, referto);
if (sipRequest) {
ProxyRequest();
}
}
else if(sipResponse) {
DispatchNotification("OnResponse", sipResponse.StatusCode, sipResponse.StatusReasonPhrase, sipMessage.From, sipMessage.To, callId, cseq, content, xdir, xevent, sstate, xexp, referto);
ProxyResponse();
}
]]></r:splScript>
</r:applicationManifest>
I'm getting the following errormessage in Eventlog on Lync Front End server:
Lync Server application MSPL script execution aborted because of an error
Application Uri at 'http://www.company.no/LyncServerFilter', at line 60
Error: 0x80070057 - The parameter is incorrect
Additional information: ProxyRequest only valid for sipRequest
Line 60 is where I call ProxyRequest:
if (sipRequest) {
ProxyRequest();
}
Questions:
Why does the errormessage say that ProxyRequest is only valid for a sipRequest? I'm checking that it is a sipMessage right?
Can I remove my call to ProxyRequest() since I have set proxyByDefault=true? Does the DistpathNotification-method "handle" the method (swallow it), or will the message be proxied by default? The code "works" when I remove the call to ProxyRequest(), but I'm not sure what the consequences are...
The ProxyRequest method takes a argument of the uri, which is why you are getting the compile error message.
So you should be calling it like:
ProxyRequest(""); // send to the URI specified in the request itself
Removing it effectivity does the same thing as per your proxyByDefault setting being set to true:
If true, the server automatically proxies any messages that are not handled by the application. If false, the message is dropped and applications that follow this application in the application execution order will not receive it. The default value is true.
As a side-note, you can use compilespl.exe, which comes as part of the Lync Server SDK to verify that your MSPL script is correct before trying to start it on the lync server.
Check out this link in the 'Compile the MSPL application separately' section.
I'm trying to use oauth2 to get data from 23 and me, but keep getting "bad request" codes. This is my first time working with OAuth2 and I'm not sure what I'm doing wrong.
When I use AFOAuth2Client, I get error code 400:
AFOAuth2Client* oauthClient = [AFOAuth2Client clientWithBaseURL:[NSURL URLWithString:#"https://api.23andme.com/"] clientID:clientIDString secret:secretString];
[oauthClient authenticateUsingOAuthWithPath:#"/token/"
code:#"zzz"
redirectURI:#"myapp://callback/oauth"
scope:#"analyses"
success:^(AFOAuthCredential *credential)
{
NSLog(#"I have a token! %#", credential.accessToken);
[AFOAuthCredential storeCredential:credential withIdentifier:oauthClient.serviceProviderIdentifier];
}
failure:^(NSError *error) {
NSLog(#"Error: %#", error);
}];
The error block is hit with this message:
Error: Error Domain=com.alamofire.networking.error Code=-1011 "Expected status code in (200-299), got 400" UserInfo=0x1fda4f80 {NSErrorFailingURLKey=https://api.23andme.com/token/, NSLocalizedDescription=Expected status code in (200-299), got 400}
When I try GTMOauth2Sample, I get invalid_client error after the authorization screen dismisses.
What am I doing wrong?
You can try to use this client from 23andme https://github.com/23andMe/OAuth2Client (forked from https://github.com/nxtbgthng/OAuth2Client ) .
This is an OAuth2 library for Mac OS X & iOS (Cocoa & Cocoa touch).
Actually OAuth2.0 is a standard level protocol and most companies' OAuth2.0 service interface is standard too .
I am using following code
- (void)linkedInEngineAccessToken:(RDLinkedInEngine *)engine setAccessToken:(OAToken *)token {
if( token ) {
[token rd_storeInUserDefaultsWithServiceProviderName:#"LinkedIn" prefix:#"My app name"];
}
else {
[OAToken rd_clearUserDefaultsUsingServiceProviderName:#"LinkedIn" prefix:#"My App name"];
}
}
- (OAToken *)linkedInEngineAccessToken:(RDLinkedInEngine *)engine {
return [OAToken rd_tokenWithUserDefaultsUsingServiceProviderName:#"LinkedIn" prefix:#"My app name"];
}
- (void)linkedInEngine:(RDLinkedInEngine *)engine requestSucceeded:(RDLinkedInConnectionID *)identifier withResults:(id)results {
NSLog(#"++ LinkedIn engine reports success for connection %#\n%#", identifier, results);
if( identifier == self.fetchConnection ) {
// NSDictionary* profile = results;
}
}
- (void)linkedInEngine:(RDLinkedInEngine *)engine requestFailed:(RDLinkedInConnectionID *)identifier withError:(NSError *)error {
NSLog(#"++ LinkedIn engine reports failure for connection %#\n%#", identifier, [error localizedDescription]);
}
- (void)fetchProfile {
self.fetchConnection = [self.engine profileForCurrentUser];
[self.engine updateStatus:#"Download app from the #Apple #AppStore and #Android #GooglePlay market."];
[self dismissModalViewControllerAnimated:YES];
}
#pragma mark - RDLinkedInAuthorizationControllerDelegate
- (void)linkedInAuthorizationControllerSucceeded:(RDLinkedInAuthorizationController *)controller {
[self fetchProfile];
}
- (void)linkedInAuthorizationControllerFailed:(RDLinkedInAuthorizationController *)controller {
}
- (void)linkedInAuthorizationControllerCanceled:(RDLinkedInAuthorizationController *)controller {
}
#end
I have set up things correctly. It takes me to linkedIn login page and after login to give permissions I get this error
Failed to load page Error Domain=NSURLErrorDomain Code=-1003 "A
server with the specified hostname could not be found."
UserInfo=0x81e2250
{NSErrorFailingURLStringKey=http://www.devbee.ca/?oauth_token=MY_TOKEN&oauth_verifier=VERIFIER,
NSErrorFailingURLKey=MY_REDIRECT_URL/?oauth_token=MY_OAUTH_TOKEN&oauth_verifier=MY_VERIFIER,
NSLocalizedDescription=A server with the specified hostname could not
be found., NSUnderlyingError=0x810ddc0 "A server with the specified
hostname could not be found."}
What is wrong?
Is it because of
- (OAToken *)linkedInEngineAccessToken:(RDLinkedInEngine *)engine {
return [OAToken rd_tokenWithUserDefaultsUsingServiceProviderName:#"LinkedIn" prefix:#"My app name"];
}
The problem is coming from the fact that http://www.devbee.ca is not up and running. I don't know what point in your code or configuration you are referring to http://www.devbee.ca, but that's where there error lies.
I am guessing that in the configuration for your LinkedIn App, you have set the OAuth Accept Redirect URL to http://www.devbee.ca, which is a non-existant URL. But that's just a guess, you need to dig around to figure out why LinkedIn is redirecting you to http://www.devbee.ca.
Update
It seems that you need to set this OAuth Accept Redirect URL to http://linkedin_oauth/success in your app's configuration. It states this in the How To on the GitHub project:
Most importantly, the OAuth Redirect URL must be set to:
http://linkedin_oauth/success for the web view's delegate to be
notified
Due to URL connection error it is a problem with your redirect url.
Look, the error says: "A server with the specified hostname could not be found". That means that you haven't got internet connection or your server hostname is not found in DNS list of your provider or your server url is wrong.
What you could try. The error specifies the error url: "NSErrorFailingURLKey=MY_REDIRECT_URL/?oauth_token=MY_OAUTH_TOKEN&oauth_verifier=MY_VERIFIER". You could try to open in Safari/Chrome/etc on your Mac the specified url "MY_REDIRECT_URL/?oauth_token=MY_OAUTH_TOKEN&oauth_verifier=MY_VERIFIER" and look what will happen. If you see the same error that you should double check your redirect URL. If it successfully is opened that there is a problem with iOS app.
I am creating an image from my Facebook application. I am getting the following error from Facebook.
CurlException: 56: SSL read: error:00000000:lib(0):func(0):reason(0),
errno 104
Is there anything wrong in my code?
Without looking at your code, or knowing if there is an actual issue w/ your SSL certificate (which you should NOT ignore), try something like this as a workaround:
<?php
$retry=False;
do {
try {
//your code goes here
$retry=False;
}
catch (Exception $e) {
echo $e->getMessage(), "\n";
$retry=True;
}
}
while ($retry);
?>
I have been asked to check the public key against a known value in canAuthenticateAgainstProtectionSpace ( a delegate callback of NSURLConnection )
This is what I have so far:
- (BOOL)connection:(NSURLConnection *)connection
canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
{
SecKeyRef publicKey = SecTrustCopyPublicKey([protectionSpace serverTrust]);
NSLog(#"%#",SecTrustCopyPublicKey([protectionSpace serverTrust]));
return YES;
}
How can I compare the public key against a known value?
The NSLog produces: <SecKeyRef: 0x687c000> which isn't vary useful.
Incase anyone cares, the solution was to check the certificatie byte for byte with a certificate saved on the bundle.
- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
{
SecTrustRef trust = [protectionSpace serverTrust];
SecCertificateRef certificate = SecTrustGetCertificateAtIndex(trust, 0);
NSData* ServerCertificateData = (NSData*) SecCertificateCopyData(certificate);
// Check if the certificate returned from the server is identical to the saved certificate in
// the main bundle
BOOL areCertificatesEqual = ([ServerCertificateData
isEqualToData:[MyClass getCertificate]]);
[ServerCertificateData release];
if (!areCertificatesEqual)
{
NSLog(#"Bad Certificate, canceling request");
[connection cancel];
}
// If the certificates are not equal we should not talk to the server;
return areCertificatesEqual;
}
Note that SecCertificateCopyData returns the certificate in it's "DER" form, Distinguished Encoding Rules. So you need to incorporate the certificate in your App in that form, and not as a pem or whatever format. To convert a certificate to DER with openssl use the command: openssl x509 -in server.crt -out server.der -outform DER