Newbie seeks code review
I'm a brand-new Cocoa programmer, and I've just finished the first demo-able version of my first app: it uploads conversation files from the corporate version of Mac Messenger to a user's Conversation History folder in their Exchange Server mailbox. So, not exactly mass market, but certainly useful for folks who are in that boat. In line with http://www.osnews.com/images/comics/wtfm.jpg, I'd like to have more experienced eyes go over this code. No doubt there are a lot of things I've done that aren't in line with Cocoa best practices. If any of you are willing to take a look at the code, and are willing to give me constructive feedback, (e.g. not just n00bs suck), I'll send you a zip of the code. Thanks in advance- I find the discussion and information on this list super valuable even though much of it is over my head. Cheers, -Paul ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [EMAIL PROTECTED]
NSURLConnection didReceiveAuthenticationChallenge weirdness
I'm trying to properly respond to authentication challenges by overriding didReceiveAuthenticationChallenge. In the init method of my custom object, I take the user name and password passed in and create a NSURLCredential: EWScreds = [NSURLCredential credentialWithUser: inUserName password: inPassword persistence:NSURLCredentialPersistenceForSession]; When I get an authentication challenge, I answer it with the stored credential: -(void)connection:(MyURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge { if ([challenge previousFailureCount] == 0) { [[challenge sender] useCredential:EWScreds forAuthenticationChallenge:challenge]; } else NSLog(@Authentication failed on attempt %d, [challenge previousFailureCount]); } This fails 100% of the time, even though the user name and password are correct. If I create a new credential using literal strings for the user name and password, like below, the auth challenge succeeds. NSURLCredential *newCreds = nil; newCreds = [NSURLCredential credentialWithUser: @[EMAIL PROTECTED] password: @AGreatPassword persistence:NSURLCredentialPersistenceNone]; [[challenge sender] useCredential:newCreds forAuthenticationChallenge: challenge]; I’ve verified that the password and user names match in both credentials (by using the user and password accessors on the credential objects). They appear to match. I’d appreciate any suggestions on what I might be doing wrong with this. Thanks in advance! Cheers, _Paul ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [EMAIL PROTECTED]
Authentication and NSURLConnection sendSynchronousRequest
I¹m writing a simple demo application showing how to use some Exchange Web Services (EWS) features in Cocoa. I am a total Cocoa n00b but have most of the app and UI working, thanks to a lot of google-fu and my now-worn copy of Hillegas' 3rd ed. I¹m having trouble authenticating to the actual EWS server, though. For simplicity¹s sake, I want to use sendSynchronousRequest. The docs say that it has OEminimal support¹ for authentication. I¹m letting the user provide their credentials, then storing them in an NSURLCredential. I then add the NSURLCredential to the shared credential storage and define an NSURLProtectionSpace with the FQDN of the EWS server. When I actually call sendSynchronousRequest, I get an error if the EWS server is using a self-signed certificate (as most probably will be). I did some digging and it looks like one way to fix this is to override allowsAnyHTTPSCertificateForHost so that it allows any certificate. I know this is a bad idea from a security standpoint, but I'm OK with it in demo code, suitably flagged. However, I'm doing something wrong when I override. If I just stick this code @implementation NSURLRequest(NSHTTPURLRequest) + (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host { return YES; } @end At the end of one of my .m files, the code builds, though I get warnings that some other methods aren't implemented. The program then gives me an NSURLDomainError -1203, the description for which doesn't tell me anything useful. So, the actual questions: 1. Is there a safer or better-supported way for me to get a look at the returned certificate besides overriding allowsAnyHTTPSCertificateForHost? 2. What am I doing wrong in my override attempt? 3. What does -1203 really *mean*? Cheers, -Paul ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [EMAIL PROTECTED]
Re: Authentication and NSURLConnection sendSynchronousRequest
On 6/12/08 12:44 PM, Jens Alfke [EMAIL PROTECTED] wrote: On 12 Jun '08, at 8:35 AM, Paul E. Robichaux wrote: @implementation NSURLRequest(NSHTTPURLRequest) + (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host { return YES; } @end At the end of one of my .m files, the code builds, though I get warnings that some other methods aren't implemented. The program then gives me an NSURLDomainError -1203 I'm suspicious of that technique, since category methods really aren't allowed to override existing methods; I think the effects are undefined. It's the kind of thing that I could imagine breaking under the rewritten Obj-C runtime in 10.5. Calling it a technique is being very generous :) I was suspicious of it as well. I'm still at the try-things-without-knowing-what-they-actually-do stage of my Cocoa career, so I decided to give it a whirl. 1. Is there a safer or better-supported way for me to get a look at the returned certificate besides overriding allowsAnyHTTPSCertificateForHost? Well, this message from Marcel Borsten http://www.cocoabuilder.com/archive/message/cocoa/2008/3/4/200382 mentions another method: + (void)setAllowsAnyHTTPSCertificate:(BOOL)fp8 forHost:(id)fp12; So it looks as though you could just call [NSURLConnection setAllowsAnyHTTPSCertificate: YES forHost: myHost]; After doing that, I now get a compiler warning that there's a duplicate interface defined for NSURLRequest(NSHTTPURLRequest), and at runtime when I call the routine I get errors in my log: +[NSURLConnection setAllowsAnyHTTPSCertificate:forHost:]: unrecognized selector sent to class 0xa02645a0 A better solution is to insert the cert into the keychain and mark it as trusted; but that isn't easy. If the user can get a .cer file of the server's cert, s/he can double-click it to add it to the keychain, then locate it in Keychain Access and mark it as trusted. Programmatically, it involves some twisty little APIs; I'd recommend using the higher-level wrappers in the open-source Keychain.framework (it's on sourceforge.) For the purpose of this sample, this approach is overkill. You're right, though, that this would be a much better solution. 3. What does -1203 really *mean*? From NSURLError.h: NSURLErrorServerCertificateHasUnknownRoot = -1203, Aha! Thanks for the pointer. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [EMAIL PROTECTED]
Re: Authentication and NSURLConnection sendSynchronousRequest
On 6/12/08 2:18 PM, Jens Alfke [EMAIL PROTECTED] wrote: On 12 Jun '08, at 10:35 AM, Paul E. Robichaux wrote: After doing that, I now get a compiler warning that there's a duplicate interface defined for NSURLRequest(NSHTTPURLRequest), You can get around that by changing the category name (the part in parentheses) to anything different. So *that's* what that's for. Thanks! and at runtime when I call the routine I get errors in my log: +[NSURLConnection setAllowsAnyHTTPSCertificate:forHost:]: unrecognized selector sent to class 0xa02645a0 Hm, that means that method isn't actually implemented in NSURLConnection. A little further digging revealed http://www.cocoabuilder.com/archive/message/cocoa/2007/5/19/183405, which claims that the method's implemented on NSURLRequest. Sure enough, when I define it there, my app is now failing with NSURLErrorUserCancelledAuthentication, which is a step in the right direction :) ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [EMAIL PROTECTED]