Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

iOS app with HTTPS server - Will Apple reject the in appstore approval? #190

Open
nbaity opened this issue Feb 9, 2018 · 5 comments
Open

iOS app with HTTPS server - Will Apple reject the in appstore approval? #190

nbaity opened this issue Feb 9, 2018 · 5 comments

Comments

@nbaity
Copy link

nbaity commented Feb 9, 2018
edited

I was able to create an HTTPS server using https://github.com/robbiehanson/CocoaHTTPServer/tree/master/Samples/iPhoneHTTPServer

I faced the certificate issue while setting up HTTP'S' in iOS and I have resolved as below but I want to know it will not be rejected in the Appstore.

  1. Created an SSL certificate using keychain access

  2. That is successfully added in the keychain

  3. I explicitly marked that certificate as trusted one fro this account so I can see the plus symbol on that certificate

  4. I exported this certificate from keychain and named as TestCertificate.p12 and included in the app’s bundle

  5. I have made the changes in the code as below to mentioned this as secured server

  6. Changed the method to provide the certificate

  • Note: In order to support secure connections, the sslIdentityAndCertificates method must be implemented.
    **/
- (BOOL)isSecureServer
{
	HTTPLogTrace();
	
	// Override me to create an https server...
	
	return YES;
}

  1. Changed this method to provide the certificate for the secured connection which is available in the app’s bundle named “TestCertificate”

  2. When the HTTPS server is started the certificate will be used as below

- (NSArray *)sslIdentityAndCertificates
{
    SecIdentityRef identityRef = NULL;
    SecCertificateRef certificateRef = NULL;
    SecTrustRef trustRef = NULL;
    
    NSString *thePath = [[NSBundle mainBundle] pathForResource:@"TestCertificate" ofType:@"p12"];
    NSData *PKCS12Data = [[NSData alloc] initWithContentsOfFile:thePath];
    CFDataRef inPKCS12Data = (CFDataRef)CFBridgingRetain(PKCS12Data);
    CFStringRef password = CFSTR("test123");
    const void *keys[] = { kSecImportExportPassphrase };
    const void *values[] = { password };
    CFDictionaryRef optionsDictionary = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL);
    CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
    
    OSStatus securityError = errSecSuccess;
    securityError =  SecPKCS12Import(inPKCS12Data, optionsDictionary, &items);
    if (securityError == 0) {
        CFDictionaryRef myIdentityAndTrust = CFArrayGetValueAtIndex (items, 0);
        const void *tempIdentity = NULL;
        tempIdentity = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemIdentity);
        identityRef = (SecIdentityRef)tempIdentity;
        const void *tempTrust = NULL;
        tempTrust = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemTrust);
        trustRef = (SecTrustRef)tempTrust;
    } else {
        NSLog(@"Failed with error code %d",(int)securityError);
        return nil;
    }
    
    SecIdentityCopyCertificate(identityRef, &certificateRef);
    NSArray *result = [[NSArray alloc] initWithObjects:(id)CFBridgingRelease(identityRef), (id)CFBridgingRelease(certificateRef), nil];
    
    return result;
}
  1. Server started successfully and when I start the request from web view to my local HTTPS server I received the authentication challenge I resolved this as below
- (void)webView:(WKWebView *)webView didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential))completionHandler
{
    //NSLog(@"Allow all");
    SecTrustRef serverTrust = challenge.protectionSpace.serverTrust;
    CFDataRef exceptions = SecTrustCopyExceptions (serverTrust);
    SecTrustSetExceptions (serverTrust, exceptions);
    CFRelease (exceptions);
    completionHandler (NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:serverTrust]);
}
  1. My questions are below

     > Does Apple reject the app which runs an HTTPS server inside of the application?

     > If Apple doesn’t reject then can I use the COCOAHTTPServer library

     > In the above implementation,  Whether the SSL certificate enough for production?

     > If not, then can I use any development/ Appstore certificate created from member centre?

  If not then how can I get a certificate in order to run the HTTPS server on the iPhone?
 
@Srinivasp
Copy link

Anyone have the answer for this.

@asinghxav
Copy link

did anyone get the answer for this ??

@hjailani-pk
Copy link

Yes. The sample app which uses the above method to set up HTTP server in the mobile side got approved in the appstore review process.

@asinghxav
Copy link

just curious to know if other device on other network can communicate with ios app with https server ??

@flemingm
Copy link

flemingm commented Jan 17, 2019 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@flemingm @Srinivasp @hjailani-pk @asinghxav @nbaity and others