Category Archives: OSX

CoreData HeavyWeight Migration Issues

We recently hit a pretty severe bug. In one of our apps, users began experiencing token issues after an upgrade.

Bottomline?… the last upgrade had a Heavyweight migration. So far so good, but what happened?. Turns out that the URIRepresentation that can be used to map a NSManagedObjectID, is and is not reliable. Everything is okay, until you perform a heavyweight migration!.

Heavyweight migrations might swizzle your NSManagedObjectID’s. Fix?, create your own primaryKeys. NSUUID helper class is the easiest way to accomplish that.

Reference here!

Loading SecCertificateRef from PEM String

In order to load a PEM certificate, you’d probably wanna grab the PEM itself from your backend, right?.

You can do so, by means of this command:

openssl s_client -showcerts -host host.com -port 443

Once you’ve got the certificate, you should get rid of the Begin/End Certificate substrings.

Cocoa Snippet itself is quite easy:

NSData *rawCertificate = [[NSData alloc] initWithBase64Encoding:PlaintextCertificateString];
SecCertificateRef parsedCertificate = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)rawCertificate);

That’s it. Don’t forget about checking expiration dates. Unfortunately, Apple’s API to do so is private, and i personally refuse to build OpenSSL into my app, just to check that.

Codesign Check

Keychain access for iOS apps is tied up to the provisioning profile you use to sign the binary. So, what happens if you release a new build, signed using a different provisioning profile?.

Yes! your guess is accurate!. You loose access to anything you’ve stored in the keychain, resulting in (probably) deauthentication.

There is a command that allows you to verify the “Keychain Access Group” for a given executable. By means of this, you’ll be able to verify if your new release will have the same access than your previous build (assuming you also have that binary!).

Take notes…

codesign -d --entitlements - /path/AppName.OSX.1.0.2.xcarchive/Products/Applications/AppName.app/