iOS Question NSURLSession dataTaskWithURL: completionHandler:

gglaz

Member
Licensed User
Hello,
i want implement a publickey compare method.
For this an NSURLSession, its delegate methods and the
Instance Method dataTaskWithURL: completionHandler: needed.
So far, I have written only simple objective c methods in B4i, but
I have no idea how to install and use delegates and completionhandlers.

B4X:
#If OBJC

…..
NSURLSession = [NSURLSession sessionWithConfiguration:sessionConfig delegate:self delegateQueue:nil];
[[urlSession dataTaskWithURL:[NSURL URLWithString:urlstring] completionHandler:^(NSData * _Nullable data, NSURLResponse * _Nullable response, NSError * _Nullable error) {
 if (error == NULL){
 }
 else{
       }
 }] resume];
……
-(void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition, NSURLCredential * _Nullable))completionHandler {
    
    if(myCompareMethod == True ){
    
        NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrustRef];
        completionHandler(NSURLSessionAuthChallengeUseCredential, credential);
    }
    else{
        completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, NULL);
    }   
}
In B4i code I need to know if (error == NULL)
 

gglaz

Member
Licensed User
Hello Erel,

I want to prevent man-in-the-middle attacks.
In Xcode, I can do that by comparing the public key of the certificate. For that I need NSURLAuthenticationChallenge, more exactly NSURLAuthenticationChallenge.protectionSpace.serverTrust.
Thanks for your time
 

gglaz

Member
Licensed User
Unfortunately not necessarily
Someone can create a self-signed certificate and include it in the iOS Trust Store or hack a root CA certificate. This allows the transmitted data to be recorded.
 
Top