air 19 & iOs 9 App Transport Security - air

I had downloaded the new air 19 sdk for iOs9 compatibility.
I had found on internet that I need to add the follow code in info.plist:
<key>NSAppTransportSecurity</key> <dict> <key>NSExceptionDomains</key> <dict> <key>facebook.com</key> <dict> <key>NSIncludesSubdomains</key> <true/> <key>NSThirdPartyExceptionRequiresForwardSecrecy</key> <false/> </dict> <key>fbcdn.net</key> <dict> <key>NSIncludesSubdomains</key> <true/> <key>NSThirdPartyExceptionRequiresForwardSecrecy</key> <false/> </dict> <key>akamaihd.net</key> <dict> <key>NSIncludesSubdomains</key> <true/> <key>NSThirdPartyExceptionRequiresForwardSecrecy</key> <false/> </dict> </dict> </dict>
but, I don't any idea about this, info.plist, file in my project.
Everyones now where I may add this code?
I have found this on internet:
Preparing Your Facebook Apps for iOS 9 (Beta) - Documentation - Facebook for Developers
https://developer.apple.com/library/prerelease/ios/technotes/App-Transport-Security-Techno te/
but doesn't help me.
Thanks

you are correct. You have to add these lines to your app's descriptor:
<InfoAdditions>
<![CDATA[
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>yourapiurl.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>
]]>
</InfoAdditions>
This basically says you want to allow non-secure urls to be called within your app. iOS9 newly requests HTTPS for all api calls.
Full article here: http://htmlspank.tumblr.com/post/130674234457/ioerror-2032-ios9-adobe-air-and-ats

Related

IOS simulator - certificate .pem from cert bot not working - #apollo/client 61: Connection refused

When I try drag&drop my cert.pem generated with certbot then I get this error: One or more parameters passed to a function were not valid.
Simulator IOS 15.2.
Anyone already this problem?
I converted certificate from .pem to .der but this certificate is not displayed in simulator settings :/
I updated certbot certificate on the server API and now connection works without certificate on the simulator and device

firebase phone authentication failed ios

Domain=FIRAuthErrorDomain Code=17062 "{"error":{"code":403,"message":"Requests from this ios client application <empty> are blocked.","errors":[{"message":"Requests from this ios client application <empty> are blocked.","domain":"global","reason":"forbidden"}],"status":"PERMISSION_DENIED"}}" UserInfo={NSLocalizedDescription={"error":{"code":403,"message":"Requests from this ios client application <empty> are blocked.","errors":[{"message":"Requests from this ios client application <empty> are blocked.","domain":"global","reason":"forbidden"}],"status":"PERMISSION_DENIED"}}, FIRAuthErrorUserInfoNameKey=ERROR_WEB_INTERNAL_ERROR}
Add app transport security in info.plist, check below
<key>NSAppTransportSecurity</key> <dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>example.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict> </dict>

Could not fetch JSON URL and some error show below, App Transport Security has blocked a cleartext HTTP (http://)

ERROR##
2016-06-09 12:31:56.252 chamber_of_commerce[2202:69165] App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.
firstly project create on Xcode 5.2 and today reopen xcode7.2. this problem is not so?
I Used Xcode7.2 and used all methods but did not solve my problem. please help me how to use web services in my project. I'm trying many times but did not work any methods. please solve my problem.
I used non-lazy method, but it didn't work. Followings are my tries.
first,
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>www.edutimeapp.com</key>
<dict>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>
and second,
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>www.edutimeapp.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>
Finally, I used lazy method.
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
Try this.
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>www.edutimeapp.com</key>
<dict>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>
</dict>
Add,
<key>NSAllowsArbitraryLoads</key>
<false/>
NSAllowsArbitraryLoads must be false because it disallows all insecure connection, but exceptions list allows connection to some domains without https.

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802) in iOS 9?

I know this question is previously asked! But none of the solutions seems to work for me. I'm getting this error while playing an audio file via url.
Note: Server has been upgraded according to the Apple ATS and using https://. All the network call are updated (AFNetworking 3.0) to use and compatible to iOS 9. No work around have been made as handling exception in plist (see below).
I had to play video/audio file from below code snippet which throwing this error. NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)
How app play video/audio file:
//This is https url:
self.movieController = [[MPMoviePlayerController alloc] initWithContentURL:[NSURL URLWithString:self.browserMediaItem.mediaItem.media_item_hd_url]];
self.movieController.movieSourceType = MPMovieSourceTypeFile;
[self.movieController prepareToPlay];
[self.movieController.view setFrame:_photoImageView.frame];
[self addSubview:self.movieController.view];
[self.movieController play];
If I added <key>NSAllowsArbitraryLoads</key> line in the plist, it gives below error.
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9843)
Here is my .plist file:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>en</string>
<key>CFBundleDisplayName</key>
<string>AppName</string>
<key>CFBundleExecutable</key>
<string>${EXECUTABLE_NAME}</string>
<key>CFBundleIdentifier</key>
<string>domain.com</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>${PRODUCT_NAME}</string>
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
<string>2.2.2</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
<string>73</string>
<key>LSRequiresIPhoneOS</key>
<true/>
<key>UIAppFonts</key>
<array>
<string>OpenSans-Italic.ttf</string>
<string>FontAwesome.ttf</string>
<string>OpenSans-Semibold.ttf</string>
<string>OpenSans-Bold.ttf</string>
<string>OpenSans-Regular.ttf</string>
<string>OpenSans-Light.ttf</string>
</array>
<key>UIMainStoryboardFile</key>
<string>Main_iPhone</string>
<key>UIMainStoryboardFile~ipad</key>
<string>Main_iPad</string>
<key>UIRequiredDeviceCapabilities</key>
<array>
<string>armv7</string>
</array>
<key>UIStatusBarHidden</key>
<false/>
<key>UIStatusBarStyle</key>
<string>UIStatusBarStyleBlackTranslucent</string>
<key>UISupportedInterfaceOrientations</key>
<array>
<string>UIInterfaceOrientationPortrait</string>
</array>
<key>UISupportedInterfaceOrientations~ipad</key>
<array>
<string>UIInterfaceOrientationPortrait</string>
</array>
<key>UIViewControllerBasedStatusBarAppearance</key>
<false/>
<key>UIViewEdgeAntialiasing</key>
<true/>
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
</dict>
</plist>
Edited:
Output of curl -v your_url:
* Trying 40.146.243.53...
* Connected to t-mobi.name.school.nz (40.146.243.53) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: *.name.school.nz
* Server certificate: COMODO RSA Domain Validation Secure Server CA
* Server certificate: COMODO RSA Certification Authority
* Server certificate: AddTrust External CA Root
> GET /api/v2/users/bW9iaWxldGVzdA==/galleries/197/audios/27 HTTP/1.1
> Host: t-mobi.name.school.nz
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 302 Found
< Cache-Control: no-cache
< Pragma: no-cache
< Expires: -1
< Location: https://t.azure.name.school.nz//DataStore/Users/test/uSpace/Audio/mp3/0b27c797-5.mp3
< Server: Microsoft-IIS/8.5
< X-AspNet-Version: 4.0.30319
< X-Powered-By: ASP.NET
< Date: Mon, 22 Feb 2016 18:33:16 GMT
< Content-Length: 0
<
* Connection #0 to host t-mobi.name.school.nz left intact
Out put for : openssl s_client -connect your_host:your_port -showcerts:(i.e. openssl s_client -connect t-mobi.name.school.nz:443 -showcerts)
CONNECTED(00000003)
709:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59/src/ssl/s23_clnt.c:593:
Output for curl -vL url:
* Trying 40.146.243.53...
* Connected to t-mobi.name.school.nz (40.146.243.53) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: *.name.school.nz
* Server certificate: COMODO RSA Domain Validation Secure Server CA
* Server certificate: COMODO RSA Certification Authority
* Server certificate: AddTrust External CA Root
> GET /api/v2/users/bW9iaWxldGVzdA==/galleries/197/audios/27 HTTP/1.1
> Host: t-mobi.name.school.nz
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 302 Found
< Cache-Control: no-cache
< Pragma: no-cache
< Expires: -1
< Location: https://t.name.school.nz//DataStore/Users/mobiletest/uSpace/Audio/mp3/0b27c797-5.mp3
< Server: Microsoft-IIS/8.5
< X-AspNet-Version: 4.0.30319
< X-Powered-By: ASP.NET
< Date: Tue, 23 Feb 2016 03:50:12 GMT
< Content-Length: 0
<
* Connection #0 to host t-mobi.name.school.nz left intact
* Issue another request to this URL: 'https://t.name.school.nz//DataStore/Users/mobiletest/uSpace/Audio/mp3/0b27c797-5.mp3'
* Trying 40.146.243.53...
* Connected to t.name.school.nz (40.146.243.53) port 443 (#1)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: *.name.school.nz
* Server certificate: COMODO RSA Domain Validation Secure Server CA
* Server certificate: COMODO RSA Certification Authority
* Server certificate: AddTrust External CA Root
> GET //DataStore/Users/mobiletest/uSpace/Audio/mp3/0b27c797-5.mp3 HTTP/1.1
> Host: t.name.school.nz
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Cache-Control: public,max-age=1209601
< Content-Type: audio/mpeg
< Last-Modified: Fri, 19 Feb 2016 02:22:53 GMT
< Accept-Ranges: bytes
< ETag: "fb7d26fbc6ad11:0"
< Server: Microsoft-IIS/8.5
< X-Powered-By: ASP.NET
< Date: Tue, 23 Feb 2016 03:50:16 GMT
< Content-Length: 2593081
<
ID36TIT2 1rack10TSSELavf55.14.101????Info
'??...
Output for whereis openssl:
/usr/bin/openssl
Output for openssl version:
OpenSSL 0.9.8zg 14 July 2015

How can I make Jetty 9 ignore keypass while accesing keystore?

How can I make Jetty 9 ignore keypass while accesing keystore?
Here is what I did:
I generated certificate for my domain at startssl.com
I generated chained certificate (mine + sub.class1.server.ca.pem + ca.pem) like this openssl pkcs12 -export -inkey ssl.key -in /home/ubuntu/bundle.crt -out /home/ubuntu/bundle.pkcs12
Imported them into new keystore like this: keytool -importkeystore -srckeystore /home/ubuntu/bundle.pkcs12 -srcstoretype PKCS12 -destkeystore /opt/jetty/etc/keystore
For some reason alias was "1" so I renamed it to "jetty" like this keytool -changealias -alias "1" -destalias "jetty" -keystore /opt/jetty/etc/keystore -storepass storepwd
Note that I use storepwd which is default password for Jetty distro
My jetty-ssl.xml contains this
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="KeyStorePath"><Property name="jetty.home" default="." />/<Property name="jetty.keystore" default="etc/keystore"/></Set>
<Set name="KeyStorePassword"><Property name="jetty.keystore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
<Set name="KeyManagerPassword"><Property name="jetty.keymanager.password" default="OBF:1u2u1wml1z7s1z7a1wnl1u2g"/></Set>
<Set name="TrustStorePath"><Property name="jetty.home" default="." />/<Property name="jetty.truststore" default="etc/keystore"/></Set>
<Set name="TrustStorePassword"><Property name="jetty.truststore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
<Set name="EndpointIdentificationAlgorithm"></Set>
<Set name="ExcludeCipherSuites">
<Array type="String">
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
</Array>
</Set>
<New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Arg><Ref refid="httpConfig"/></Arg>
<Call name="addCustomizer">
<Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg>
</Call>
</New>
</Configure>
Now when I launch all this beauty Jetty crashes with following error
2013-07-11 21:34:01.984:WARN:oejuc.AbstractLifeCycle:main: FAILED SslContextFactory#e45a028(/opt/jetty/etc/keystore,/opt/jetty/etc/keystore): java.security.UnrecoverableKeyException: Cannot recover key
java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:328)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:138)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:55)
at java.security.KeyStore.getKey(KeyStore.java:792)
at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:131)
at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:68)
at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:259)
Which is apparently password mismatch because it expects/passes keypass keypwd from default keystore that comes with Jetty.
Here is my certicifates(s): http://pastebin.com/raw.php?i=p8LhT50P
It's output from keytool -list -keystore /opt/jetty/etc/keystore -storepass storepwd -storetype JKS -v
Where is it set? How can I fix this error?
Thanks!
There are two passwords involved: the keystore password (KeyStorePassword) and the key password (KeyManagerPassword). For PKCS#12 store, they are the same.
Since you've imported the key from the PKCS#12 store into the JKS store using the keystore's password, that doesn't mean that the password of the key itself was changed, and it's probably not "keypwd" (Jetty's default). Try to replace the value of KeyManagerPassword with your PKCS#12 store's password.
(Note that in general, you don't need to convert the keystore, you could have used PKCS12 as the KeyStoreType.)