Creating and Distributing iOS Frameworks | Swift | Tips & Tricks

Why do we need to create frameworks? because it has three major purposes mentioned below and also you can share your code with your team, other developer or iOS community.

  • Code encapsulation
  • Code modularity
  • Code reuse

Let’s create the iOS framework.

Screen Shot 2018-02-05 at 8.24.50 PM

Now just give some meta-data about your framework like name, organization, identifier etc (I hope you’re already aware of it).

Screen Shot 2018-02-05 at 8.26.54 PM.png

We’re good to go till now. Just add the files that you want to keep within your framework.

add

Build the framework project to make sure that you get build succeeded with no build warnings or errors.

Things that you need to take care.

  • Make sure to check Copy items if needed, so that the files actually copy into the new project instead of just adding a reference. Frameworks need their own code, not references, to be independent.
  • Double-check that each of the files has Target Membership in ThreeRingControl to make sure they appear in the final framework. You can see this in the File Inspector for each file.
  • Double-check the access modifiers, while creating framework access modifiers plays very important roles.
  • if you’re creating Swift framework make sure you’re extending classes from NSObject otherwise it won’t reflect once you will import the framework.

Thanks for reading.

SOLID principle with Swift | STUPID

SOLID principle is an acronym created by Robert C Martin also unknown as Uncle Bob. It represents five principles for OOPS.

Single responsibility
Open/Closed
Liskov Substitution
Interface Segregation
Dependency Inversion

Now the first thought that came to my mind is Why do we need this? Here is the answer, using these principles we can solve the problems of a bad architecture.

Fragility where A small change may break complete module it’s really very difficult to find this if you don’t have good test cases.

Immobility where A component is very hard to reuse in another project or we can say multiple places in the same project because of too many dependencies.

Rigidity where Single change requires lots of developer efforts because it affects several parts of the project.

Here I want to add principles will not turn a bad programmer into a good programmer you need a better judgment there. Principles have to apply with judgment and you must be smart enough to understand when to apply what.

I have also written one blog where they have mentioned one more acronym like SOLID and it’s STUPID. This may hurt your feeling but yes if you are following this you are writing stupid code.

Singleton
Tight Coupling
Untestability
Premature Optimization
Indescriptive Naming
Duplication

Thank you for reading the quick introduction, In next blogs, I will try to define all principles with Swift Code.

App Secure | URLSession | Authentication Challenge | NTLM | Security | Credentails

Yesterday, I have posted about How to response Authentication Challange but thoughts came in mind that if you are going with the first options Provide authentication credentials is it really secure and safe? how is client sharing the credentials with the server?

After lots of Google, I have found, how’s NTLM works and it’s pretty interesting to see that client don’t share the password with the server. here are the steps as follow.

Screen Shot 2017-10-12 at 1.06.51 PM.png

  1. The client makes the request to the server.
  2. The server needs to validate the user because there is no identity so server generates 16 bytes random number called as the challenge and sends it to the client.
  3. Client hash this challenge with the user’s password and return it back to the server that is called the response it also includes username as plain text and challenge sent to the client.
  4. The server sends everything to the domain controller and it uses the username to retrieve the hash of the user’s password from security account manager database and hash the challenge.
  5. Domain controller shares the response back to the server if they are identical then authentication is successful otherwise a failure.

So the interesting part is here that Network API doesn’t share the password with the server it means it very secure.

Thank you for reading.

Share your thoughts and feeback.

 

 

 

How to Respond to an Authentication Challenge | iOS

How to Respond to an Authentication Challenge

If a session requires authentication it creates authentication challenge

 URLSession:task:didReceiveChallenge:completionHandler: 

in order for the connection to continue, the delegate has three options.

  • Provide authentication credentials
  • Attempt to continue without credentails
  • Cancel the authentication request.

NSURLProtectionSpace will give all information about the authentication type and failure if any attempts failed earlier.

Providing Credentials

To attempt to authenticate, the application should create an NSURLCredential object with authentication information of the form expected by the server. You can determine the server’s authentication method by calling authenticationMethod on the protection space.

  • HTTP basic authentication (NSURLAuthenticationMethodHTTPBasic) requires a user name and password. P
  • HTTP digest authentication (NSURLAuthenticationMethodHTTPDigest), like basic authentication, requires a user name and password.withcredentialWithUser:password:persistence:.
  • Client certificate authentication (NSURLAuthenticationMethodClientCertificate) requires the system identity and all certificates needed to authenticate with the server. Create an NSURLCredential object.
  • Server trust authentication (NSURLAuthenticationMethodServerTrust) requires a trust provided by the protection space of the authentication challenge.

Continuing Without Credentials

If the delegate chooses not to provide a credential for the authentication challenge, it can attempt to continue without one.

NSURLSessionAuthChallengePerformDefaultHandling processes the request as though the delegate did not provide a delegate method to handle the challenge.

  • NSURLSessionAuthChallengeRejectProtectionSpace rejects the challenge. Depending on the authentication types allowed by the server’s response, the URL loading class may call this delegate method more than once, for additional protection spaces.

Canceling the Connection

The delegate may also choose to cancel the authentication challenge, by passing NSURLSessionAuthChallengeCancelAuthenticationChallenge to the provided completion handler block.

Make your iOS apps more secure with SSL pinning

SSL/Certificate pinning plays a very critical role in building highly secure mobile apps which users will be able to use even in countless insecure wireless network connections.

At a glance, Idea is the SSL(Secure Socket Layer) ensures the encrypted client-server communication over HTTPS. The encryption is based on PKI (Public Key Infrastructure) and a session key. The session key was introduced because encrypting and decrypting a public/private key uses a lot of processing time/power/space for sure it will slow down the process.

MIMT, Yes SSL Communication is very secure but the man-in-the-middle attack still poses an exact threat using ARP cache poisoning and DNS spoofing.

SSL/Certificate Pinning, ensure that the app communicates only with the designated server only and the prerequisites for SSL pinning is saving the target’s server SSL certificate within the app bundle.

SSL pinning is implemented within the

    func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void

and here are the steps we need to follow.

  • First read the server trust and server certificate.

let serverTrust = challenge.protectionSpace.serverTrust
let certificate = SecTrustGetCertificateAtIndex(serverTrust, 0

  • Now set the policies for server validation, previous failure count etc.

SecTrustSetPolicies(serverTrust, SecPolicyCreateSSL(true, (challenge.protectionSpace.host as CFString)))

  • Start policies validation, convert server certificate in Data and get the local certificate from bundle.

 let remoteCertificateData = SecCertificateCopyData(certificate)
 let pathToCert = Bundle.main.path(forResource: “certificate”, ofType: “cer”

At last compare your policies result and local certificate data with your server certificate data, if everything goes well complete the challange with credentail.

completionHandler(.UseCredential, credential)

Otherwise cancel the authentication and pass nil as credentails.

completionHandler(.CancelAuthenticationChallenge, nil)

Thank you reading, you can download the source code from GIT and also learn contribute about iOS Security.

WWDC June 2017 | Keynote

  • tvOS: Introduced Amazon prime video Integration with Apple tvOS.Screen Shot 2017-06-05 at 10.45.41 PM.png
  • Apple Watch: watchOS 4 released with lots of amazing features like Apple watch Siri faces (upcoming events and weather, traffic. integration of AI make it more confident and accurate), cloudy displays and more mickey characters. Also they have Enhances lots of Apps like  Workout: High intensity training, Music For Siri.
  • macOS High Sierra: All about deep technology, lots of refinements in safari like auto play blocking, Intelligent tracking prevention. Refinements in Mail, Photos (Filtering, Face recognition(sycn across all devices, Photo editing tools)). Apple file system for macOS introduced its,  H265 new standard for videos. Metal 2 for graphics, video cut pro. Steam VR SDK – 90 frames per seconds for desining new VR expereice,  thunderbold 3.Screen Shot 2017-06-05 at 11.21.45 PM.png
  • iOS: iOS 10 – 96% customer satisfaction, 86% running installed base. Screen Shot 2017-06-05 at 11.39.12 PM.pngLaunch of iOS 11, Redesigned App drawers for messages app, integration with iCloud, End to end encryption. Apple Pay – Person to person payment also intrgarion with iMessage App. Apple Pay Card for holding your money. Siri – 375 million devices, Translation Beta. Camera – 1 Trillion photo per year. entrily new app store,Screen Shot 2017-06-05 at 11.38.07 PM.pngScreen Shot 2017-06-05 at 11.40.22 PM.png

    Introducing new ARKit for iOS.

    Screen Shot 2017-06-06 at 12.05.24 AM.png

  • iPad: 10.5 inch new iPad Pro with weight 1 pound, higher refresh rates, 40% faster graphics performance, multi touch, Files app for accessing all files with in the mac.Screen Shot 2017-06-06 at 12.17.13 AM.pngScreen Shot 2017-06-06 at 12.23.21 AM.png
  • Music: reinvent home music, Launch of HomePod, Musicologist. Screen Shot 2017-06-06 at 12.48.40 AM

iOS | Bounds vs Frame ?

Everyone talk about bounds and frame during the interview for sure. lets make it little easy.

The Bounds of a view is recentagle, expressed as location coordinates (x,y) and also the size (height, width) relative to the own coordinate system.

The Frame of a view is recentagle, expressed as location coordinates (x,y) and also the size (height, width) relative to the its superview.

So for example lets say if you have UILabel on top of your UIView that has size of (100×100) with thelocation coordinates (10,10). so here is the Swift code.

override func viewDidLoad() {
        super.viewDidLoad()

        //Bounds
        print("label.bounds.origin.x    = \(label.bounds.origin.x)")
        print("label.bounds.origin.y    = \(label.bounds.origin.y)")
        print("label.bounds.size.height = \(label.bounds.size.height)")
        print("label.bounds.size.width  = \(label.bounds.size.width)")

        //Frame
        print("label.frame.origin.x    = \(label.frame.origin.x)")
        print("label.frame.origin.y    = \(label.frame.origin.y)")
        print("label.frame.size.height = \(label.frame.size.height)")
        print("label.frame.size.width  = \(label.frame.size.width)")
    }

So for the both cases size(height, width) will be same only the position (x,y) will be different as in case of bounds its relative to its own view and for frame its relative to superview. for more please see the below image(source: slideshare, CS 193P lecture).

Screen Shot 2017-05-17 at 11.12.59 AM