Newbie seeks code review
I'm a brand-new Cocoa programmer, and I've just finished the first demo-able version of my first app: it uploads conversation files from the corporate version of Mac Messenger to a user's Conversation History folder in their Exchange Server mailbox. So, not exactly mass market, but certainly useful for folks who are in that boat. In line with http://www.osnews.com/images/comics/wtfm.jpg, I'd like to have more experienced eyes go over this code. No doubt there are a lot of things I've done that aren't in line with Cocoa best practices. If any of you are willing to take a look at the code, and are willing to give me constructive feedback, (e.g. not just n00bs suck), I'll send you a zip of the code. Thanks in advance- I find the discussion and information on this list super valuable even though much of it is over my head. Cheers, -Paul ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [EMAIL PROTECTED]
NSURLConnection didReceiveAuthenticationChallenge weirdness
I'm trying to properly respond to authentication challenges by overriding
didReceiveAuthenticationChallenge. In the init method of my custom object, I
take the user name and password passed in and create a NSURLCredential:
EWScreds = [NSURLCredential credentialWithUser: inUserName
password: inPassword
persistence:NSURLCredentialPersistenceForSession];
When I get an authentication challenge, I answer it with the stored credential:
-(void)connection:(MyURLConnection *)connection
didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge
*)challenge
{
if ([challenge previousFailureCount] == 0)
{
[[challenge sender] useCredential:EWScreds
forAuthenticationChallenge:challenge];
}
else
NSLog(@Authentication failed on attempt %d, [challenge
previousFailureCount]);
}
This fails 100% of the time, even though the user name and password are
correct. If I create a new credential using literal strings for the user name
and password, like below, the auth challenge succeeds.
NSURLCredential *newCreds = nil;
newCreds = [NSURLCredential credentialWithUser: @[EMAIL PROTECTED]
password: @AGreatPassword
persistence:NSURLCredentialPersistenceNone];
[[challenge sender] useCredential:newCreds forAuthenticationChallenge:
challenge];
I’ve verified that the password and user names match in both credentials (by
using the user and password accessors on the credential objects). They appear
to match. I’d appreciate any suggestions on what I might be doing wrong with
this. Thanks in advance!
Cheers,
_Paul
___
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to [EMAIL PROTECTED]
Authentication and NSURLConnection sendSynchronousRequest
I¹m writing a simple demo application showing how to use some Exchange Web
Services (EWS) features in Cocoa. I am a total Cocoa n00b but have most of
the app and UI working, thanks to a lot of google-fu and my now-worn copy of
Hillegas' 3rd ed. I¹m having trouble authenticating to the actual EWS
server, though.
For simplicity¹s sake, I want to use sendSynchronousRequest. The docs say
that it has OEminimal support¹ for authentication. I¹m letting the user
provide their credentials, then storing them in an NSURLCredential. I then
add the NSURLCredential to the shared credential storage and define an
NSURLProtectionSpace with the FQDN of the EWS server.
When I actually call sendSynchronousRequest, I get an error if the EWS
server is using a self-signed certificate (as most probably will be). I did
some digging and it looks like one way to fix this is to override
allowsAnyHTTPSCertificateForHost so that it allows any certificate. I know
this is a bad idea from a security standpoint, but I'm OK with it in demo
code, suitably flagged. However, I'm doing something wrong when I override.
If I just stick this code
@implementation NSURLRequest(NSHTTPURLRequest)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{
return YES;
}
@end
At the end of one of my .m files, the code builds, though I get warnings
that some other methods aren't implemented. The program then gives me an
NSURLDomainError -1203, the description for which doesn't tell me anything
useful.
So, the actual questions:
1. Is there a safer or better-supported way for me to get a look at the
returned certificate besides overriding allowsAnyHTTPSCertificateForHost?
2. What am I doing wrong in my override attempt?
3. What does -1203 really *mean*?
Cheers,
-Paul
___
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to [EMAIL PROTECTED]
Re: Authentication and NSURLConnection sendSynchronousRequest
On 6/12/08 12:44 PM, Jens Alfke [EMAIL PROTECTED] wrote:
On 12 Jun '08, at 8:35 AM, Paul E. Robichaux wrote:
@implementation NSURLRequest(NSHTTPURLRequest)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{
return YES;
}
@end
At the end of one of my .m files, the code builds, though I get
warnings
that some other methods aren't implemented. The program then gives
me an
NSURLDomainError -1203
I'm suspicious of that technique, since category methods really aren't
allowed to override existing methods; I think the effects are
undefined. It's the kind of thing that I could imagine breaking
under the rewritten Obj-C runtime in 10.5.
Calling it a technique is being very generous :) I was suspicious of it as
well. I'm still at the try-things-without-knowing-what-they-actually-do
stage of my Cocoa career, so I decided to give it a whirl.
1. Is there a safer or better-supported way for me to get a look at
the
returned certificate besides overriding
allowsAnyHTTPSCertificateForHost?
Well, this message from Marcel Borsten
http://www.cocoabuilder.com/archive/message/cocoa/2008/3/4/200382
mentions another method:
+ (void)setAllowsAnyHTTPSCertificate:(BOOL)fp8 forHost:(id)fp12;
So it looks as though you could just call
[NSURLConnection setAllowsAnyHTTPSCertificate: YES forHost: myHost];
After doing that, I now get a compiler warning that there's a duplicate
interface defined for NSURLRequest(NSHTTPURLRequest), and at runtime when I
call the routine I get errors in my log:
+[NSURLConnection setAllowsAnyHTTPSCertificate:forHost:]: unrecognized
selector sent to class 0xa02645a0
A better solution is to insert the cert into the keychain and mark it
as trusted; but that isn't easy. If the user can get a .cer file of
the server's cert, s/he can double-click it to add it to the keychain,
then locate it in Keychain Access and mark it as trusted.
Programmatically, it involves some twisty little APIs; I'd recommend
using the higher-level wrappers in the open-source Keychain.framework
(it's on sourceforge.)
For the purpose of this sample, this approach is overkill. You're right,
though, that this would be a much better solution.
3. What does -1203 really *mean*?
From NSURLError.h:
NSURLErrorServerCertificateHasUnknownRoot = -1203,
Aha! Thanks for the pointer.
___
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to [EMAIL PROTECTED]
Re: Authentication and NSURLConnection sendSynchronousRequest
On 6/12/08 2:18 PM, Jens Alfke [EMAIL PROTECTED] wrote: On 12 Jun '08, at 10:35 AM, Paul E. Robichaux wrote: After doing that, I now get a compiler warning that there's a duplicate interface defined for NSURLRequest(NSHTTPURLRequest), You can get around that by changing the category name (the part in parentheses) to anything different. So *that's* what that's for. Thanks! and at runtime when I call the routine I get errors in my log: +[NSURLConnection setAllowsAnyHTTPSCertificate:forHost:]: unrecognized selector sent to class 0xa02645a0 Hm, that means that method isn't actually implemented in NSURLConnection. A little further digging revealed http://www.cocoabuilder.com/archive/message/cocoa/2007/5/19/183405, which claims that the method's implemented on NSURLRequest. Sure enough, when I define it there, my app is now failing with NSURLErrorUserCancelledAuthentication, which is a step in the right direction :) ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [EMAIL PROTECTED]
