iOS app with HTTPS server - Will Apple reject the in appstore approval?

[nbaity]

I was able to create an HTTPS server using https://github.com/robbiehanson/CocoaHTTPServer/tree/master/Samples/iPhoneHTTPServer

I faced the certificate issue while setting up HTTP'S' in iOS and I have resolved as below but I want to know it will not be rejected in the Appstore.

1. Created an SSL certificate using keychain access

2. That is successfully added in the keychain

3. I explicitly marked that certificate as trusted one fro this account so I can see the plus symbol on that certificate

4. I exported this certificate from keychain and named as TestCertificate.p12 and included in the app’s bundle

5. I have made the changes in the code as below to mentioned this as secured server

6. Changed the method to provide the certificate

   • Note: In order to support secure connections, the sslIdentityAndCertificates method must be implemented. **/

   • (BOOL)isSecureServer { HTTPLogTrace();

   // Override me to create an https server...

   return YES; }

7. Changed this method to provide the certificate for the secured connection which is available in the app’s bundle named “TestCertificate”

8. When the HTTPS server is started the certificate will be used as below

• (NSArray *)sslIdentityAndCertificates { SecIdentityRef identityRef = NULL; SecCertificateRef certificateRef = NULL; SecTrustRef trustRef = NULL;

  NSString thePath = [[NSBundle mainBundle] pathForResource:@"TestCertificate" ofType:@"p12"]; NSData PKCS12Data = [[NSData alloc] initWithContentsOfFile:thePath]; CFDataRef inPKCS12Data = (CFDataRef)CFBridgingRetain(PKCS12Data); CFStringRef password = CFSTR("test123"); const void keys[] = { kSecImportExportPassphrase }; const void values[] = { password }; CFDictionaryRef optionsDictionary = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL); CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);

  OSStatus securityError = errSecSuccess; securityError = SecPKCS12Import(inPKCS12Data, optionsDictionary, &items); if (securityError == 0) { CFDictionaryRef myIdentityAndTrust = CFArrayGetValueAtIndex (items, 0); const void tempIdentity = NULL; tempIdentity = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemIdentity); identityRef = (SecIdentityRef)tempIdentity; const void tempTrust = NULL; tempTrust = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemTrust); trustRef = (SecTrustRef)tempTrust; } else { NSLog(@"Failed with error code %d",(int)securityError); return nil; }

  SecIdentityCopyCertificate(identityRef, &certificateRef); NSArray *result = [[NSArray alloc] initWithObjects:(id)CFBridgingRelease(identityRef), (id)CFBridgingRelease(certificateRef), nil];

  return result; }

9. Server started successfully and when I start the request from web view to my local HTTPS server I received the authentication challenge I resolved this as below

• (void)webView:(WKWebView )webView didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge )challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential))completionHandler { //NSLog(@"Allow all"); SecTrustRef serverTrust = challenge.protectionSpace.serverTrust; CFDataRef exceptions = SecTrustCopyExceptions (serverTrust); SecTrustSetExceptions (serverTrust, exceptions); CFRelease (exceptions); completionHandler (NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:serverTrust]); }

0. My questions are below

 > Does Apple reject the app which runs an HTTPS server inside of the application?

 > If Apple doesn’t reject then can I use the COCOAHTTPServer library

 > In the above implementation,  Whether the SSL certificate enough for production?

 > If not, then can I use any development/ Appstore certificate created from member centre?
>  If not then how can I get a certificate in order to run the HTTPS server on the iPhone?
 

[Srinivasp]

Anyone have the answer for this.

[asinghxav]

did anyone get the answer for this ??

[hjailani-pk]

Yes. The sample app which uses the above method to set up HTTP server in the mobile side got approved in the appstore review process.

[asinghxav]

just curious to know if other device on other network can communicate with ios app with https server ??

[flemingm]

YES But you will need to accept the certificate if self signed.

On Jan 17, 2019, at 11:36 AM, asinghxav notifications@github.com wrote:

just curious to know if other device on other network can communicate with ios app with https server ??

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/robbiehanson/CocoaHTTPServer/issues/190#issuecomment-455239656, or mute the thread https://github.com/notifications/unsubscribe-auth/AAYN1acxOk7zMPLphFueLrJYcRM_VwTUks5vEKaXgaJpZM4R_cEx.