1

I've created a REST API that goes through HTTPS and I've tested that the API works when I add the cert to the chrome browser, but I'm having difficulty implementing on my iOS app.

The following is the iOS code I used, which works for HTTP, but as I said I'm now using SSL and need to add the cert to my app. I've followed this tutorial which converted my .pem cert to .der extension and I added to the resourced folder. Here is my code when my REST API was utilized over plain HTTP:

NSURL *url = [NSURL URLWithString:@"http://123.456.789.012/iOSappName/RESTservice1"]; //enter URL
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:url]; // make the request

[request setHTTPMethod:@"POST"]; //add the HTTP method to the request
[request setValue:@"application/json; charset=utf-8" forHTTPHeaderField:@"Content-Type"]; //add the content type
[request setHTTPBody:[jsonFile dataUsingEncoding:NSUTF8StringEncoding]]; //add the body and the encoding

NSURLResponse *response; //declare a response
NSError *err; //declare an NSError
NSData *responseData = [NSURLConnection sendSynchronousRequest:request returningResponse:&response error:&err]; //send the requet and get a response

NSString* responseDataString = [[NSString alloc] initWithData:responseData encoding:NSUTF8StringEncoding];

I'm following this tutorial and I'm a bit confused how I can implement the code above with the aforementioned tutorial. Any suggestions, examples, or links that you know of that could assist me?

jww
  • 97,681
  • 90
  • 411
  • 885
ConfusedDeer
  • 3,335
  • 8
  • 44
  • 72
  • is it like you just enabled https on your server and need to just change the url or is it like evaluating it with some certificate which will be placed at resource bundle ? – thndrkiss Aug 13 '14 at 03:32
  • The latter, I will be evaluating it with a certificate that will be placed in the resource bundle. If I use just plain HTTP the server will not allow the connection to proceed if the client does not have the cert. – ConfusedDeer Aug 13 '14 at 03:35
  • instead of sendSynchronous request, can you implement the asynchronous version of nsurlconnection http://codewithchris.com/tutorial-how-to-use-ios-nsurlconnection-by-example/#asynchronous. and implement the method which you saw in your tutorial ? – thndrkiss Aug 13 '14 at 03:39
  • can you copy past this method alone shouldTrustProtectionSpace from your link in your existing code and see whether it gets called ? – thndrkiss Aug 13 '14 at 03:47
  • Use a `NSURLConnectionDelegate`. You're delegate will be called for `-connection:canAuthenticateAgainstProtectionSpace:` and `-connection:didReceiveAuthenticationChallenge:`. You accept the certificate you are carrying around in `didReceiveAuthenticationChallenge`. For a similar example, see OWASP's [Certificate and Public Key Pinning](https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning). Lots of other examples on Stack Overflow - search for `didReceiveAuthenticationChallenge`. – jww Aug 13 '14 at 03:58
  • This seems to be exactly what I'm looking to find. I'll give this a shot! – ConfusedDeer Aug 13 '14 at 04:00

0 Answers0