WWDC2000 Session 167

Transcript

Kind: captions
Language: en
hi good morning my name is Shari and my
topic for today is a set of API is
called neural access now your alexis has
actually been a topic at wwt for the
past couple few years now but this year
we get our very own question which is
pretty exciting we're gonna have time to
go through pretty much everything you
ever wanted to know about your Alexis
and then some let's get started here's
what I plan on covering today we're
going to go through what your Alexis
does and why you might want to use it
we'll spend some time quite a bit of
time on going over the api's and depth
we'll talk about what your alexis is
like on 9 vs 10 versus your DP for CDs
that you got at the conference we'll
talk a little about what we plan to do
with your Alexis in the future or a very
quick demo which you guys are going to
need to pay attention to because we have
very little you I in this product so
we'll have a quick demo and then we
should have some time left over to do QA
my goal for the session what I hope
you'll learn today is what you can do
with you oral access how to use it to to
get your carbon applications going and
finally since this some the CPI is a
maturity I know it's been around for a
few years some developers have run into
some limitations with it and some issues
and I want to make sure that any
first-time users don't hit those as well
so what is URL access if it's not
totally obvious from the name it's an
API to allow you to access data on the
internet and the way you do this is you
give it a URL we have support for the
following schemes or URL prefixes HTTP
HTTPS xep and file it supports both
downloading of data and uploading of
data and it's a carbonate CI so it's
available on 9 and 10
so this diagram gives an overview the
after security api's of which your
alexis is one partly because it supports
ssl for HTS and also for organizational
reasons so as you can see your alexis is
part of the classic environment and part
of the carbon environment and it's
colville from legacy apps carbon apps
and it's also actually call before mac
OS 10 apps although the diagram does not
make that clear ural axis architecture
it's part of carbon as I said before and
implements HTTP HTTPS FTP and file and
some of the toolboxes it uses our open
transport internet configs the keychain
and ssl we use up and transport of
course to do our networking we use
internet config to find out about
proxies and firewalls that the user has
configured we use the keychain to
automatically access sites that require
authentication and we use SSL to do
https tonight you know what it does
overall what does it do specifically
this is a set of features that are
available to you independent of what
scheme your URL is we have an
authentication dialog which will come up
automatically if the site you're going
to requires authentication and that is
an optional feature we have a progress
dialog if you'd like to the user to be
able to view the progress of the
download or upload and stop the download
or upload and that once again is
optional we support encoding and
decoding of files we encode Ben hex
before you upload a file if you like and
we also attempt to decode the file the
support bin hex again and we support
using the stuff attention into Stephin
engine is installed it is a scriptable
api and we do have proxy and firewall
support specifically we support HTTP
proxies and we support the Fox firewall
and as I mentioned before we support the
keychain for automatic authentication
HTTP feature set we support download no
upload yet we support posting but that
does require little additional work and
I'll go through a code sample of that we
support auto redirections so if the URL
you're going to is relocated to another
site we will follow that redirection
until it terminates in some actual data
and just hand you back the data that is
an optional feature you do have full
access access to the server response if
you need it and we do support proxy
authentication some HTTP proxies require
you to authenticate and we will bring up
a dialog for that as well with FCP you
can not only download files but you can
upload files and you can not only
download them up those files but you can
download and upload directories entire
directories as well or if you prefer
your url points to a directory you can
also get a directory listing but you're
going to have to parse it yourself
because we don't provide any parsing
support HTTPS right now there's a little
bit of a disparity between H mecos 10
and micros nine on 10 we already support
and for sale 3 with 128-bit encryption
the current status of OS 9 is that we
support ssl 2 point 0 and 40 bit
encryption I want to apologize in
advance for this next few slides because
the whole point of your oral axis is
that you don't need to know the
technical details behind the protocol
however that being said let's talk about
some functional limitations in your
Laxus first of all we don't park the
HTML well of course not but what does
that mean to you what that means is when
a web master designs a website they
often have two options for implementing
a given feature they can do it in the
HTTP or they can do it in the HTML if
they offer the former then we likely
have not supported if they opt to
implement it in the HTML there's nothing
we can do the best example of this is
login
when you use your web browser and you
get a dialog saying you know please
login to the site that's an HTTP
authentication now when you use your web
browser and you get a form asking you to
for a username and password that's HTML
authentication and we don't support that
some other examples are file not found
could you know there could be a web page
saying file not found and they don't
tell us in the htp that the file isn't
there and redirection can also be
implemented in the HTML but it's usually
implemented in HTTP now because of this
fact that we don't parse HTML there's
some ectopy limitations if you go
through a proxy ftp is basically
transformed into HTML and because we
don't parse the HTML we can't upload
files and we can't download or upload
directly and the last one has been hit
by a number of people your lexus is
pretty popular as an option for getting
https support because it's some fairly
high barrier of entry to implement
yourself so what people have run into is
that ssl and mac OS 9 has a limited root
certificate database and i'm just going
to quickly run you through the basics of
ssl for those of you who know as a lot
more about ssl please forgive any
simplification so the first thing that
happens when you make an ssl connection
is the clients ask the server for the
server certificate i'm a server obliges
and then the client has to do due
diligence to make sure that this
certificate is is from a server that
they trust how do they do this they need
to find out who issued the certificate
who signed the certificate and that
certificate in red which we also call
the root certificate and then your
Alexis goes through its list of known
root certificates to see if that route
is in its list if it isn't you don't get
to connect if it is you do and
set of root certs is a static set the
only way to update it is to get a new
version of you relax which is
unfortunate but we're hope to rectify
that would be secure transport library
which some of you may have heard about
in the security overview so now let's
talk about what you can do with you
relax asst i thought i'd i'd give a few
sample uses and hopefully that will get
you thinking about what you can do with
it to internally an apple we have
several high-profile clients of viewer
Laxus sherlock uses it to do its
internet searching software updater uses
it to upgrade files over the internet
help you healthier uses it to display
internet content when the content isn't
local it uses your relaxes to go gets
content and that we're asking it to
access ftp sites which is a pretty cool
feature if you haven't played with it
you go to network browser enter the
connect to dialogue your FTP site and
you can browse through the ftp sites
since third-party uses I cab some of you
may be familiar with this web browser on
the Macintosh it uses your Laxus only
for https sites Adobe uses it in acrobat
to implement a feature called web
capture this is a feature that allows
them to to take pdata take HTML files
and transform them into PDF and finally
numerous companies are using the
description component internally to do
various and sundry things so now you
know what you're going to do with it I
hope and let's talk about how to do it
let's go through the API will talk about
the synchronous API which is the easiest
to use will go through flags which
control aspects of the transfer will
talk about properties and then we'll
move into the asynchronous API it's a
little more flexible but consequently a
little more difficult to use and we'll
talk about states a very easiest way to
download a URL on any platform okay I
don't know that for sure but but it's
kind of fun to say is URL simple
download it's a single call
to download a URL all you do is you
provide the source URL you provided the
destination FF spec if you want to
download to a file or you provide the
destination handle if you'd like to
download to memory and you also pass in
any flags you know if you want it to do
something in particular now I'm going to
make a request that you all if you use
this API please use it and thread it's
the synchronous API it's going to take
some time to complete so please put it
in separate thread so let's see how your
simple download works here we have a
routine get URL so I'm going to
implement in several different ways
throughout this presentation it takes a
source URL it takes a destination FS
Beck and in this case we're going to use
your real simple download to implement
it as you can see it's pretty simple we
declare some flags to declare status and
we call you a simple download would pass
from the URL we pass in the destination
FF spec we say we don't want to download
some memory which is in the following
mill and we say here's some flags saying
what I want you to do with my download
when when you are eligible download
completes the download is complete and
we're done so I kind of breezed over the
two last parameters to you our simple
download and those parameters involve
the system event procedure this is a way
a parameter to a to all the synchronous
calls and if you're going to display a
dialog you think a dialogue was going to
come up you really need to implement one
of these it allows the dialogues to be
displayed as a movable modal if you
don't implement one the Daleks will be
just your regular modal dialogues and
what the system event procedure does is
basically receive update event so your
app has time to update itself while
we're moving our dialogue around a
second synchronous API want to talk
about is slightly more complex with two
more steps but is significantly more
powerful and it's called you oral
download the two extra steps are you
have to create and dispose of a URL
reference and once again it should be
using a thread because it's going to
take some time
now why why would you use your old Alan
sort of your world simple download well
because you have this year old reference
you can make any of the other API calls
to do various and sundry things you can
call gettin sent property before and
after the download or for credit from
another thread you could monitor the
state of the download or even abort it
so here is our get URL routine again
implemented in terms of the year old
download call as you can see there's
this to extra steps once again we
declare our flags we declare our status
we declare you'll records now hold you
owe ref and we create it by calling your
own new reference and we call your old
download this come a pass from the you
all rest instead of the source URL
directly we pass in the destination FS
spec don't download some memory pass in
our flags and when that call returns a
downhole is done and we are free to
dispose our euro reference so now we
talked about synchronous downloading
let's talk just briefly about
synchronous uploading there's two ways
once again you're all simple upload and
your upload to upload synchronously and
they're very similar to their
downloading counterparts with the
following exceptions you provide a
destination URL instead of a sorcerer
home of course you provide a source FS
fact instead of a destination FS back in
addition you cannot upload for memory
you can only upload from a file and of
course different flags apply to
uploading as opposed to downloading
finally in its current state uploading
its ftp only
so we've talked about flags a lot let's
get into some detail on those they do
control optional aspects of the transfer
and they are use of those synchronous
and asynchronous calls here are some
sample Flags replace existing flag
basically says if the destination file
beat an upload or download exists then
go ahead and replace it now if you don't
set this flag what we do is we create a
unique name we never return destination
exists error but something to keep in
mind the next flag display progress flag
is how you indicate that you want a
progress dialog display authentication
flag is how you indicate you want an
authentication dialog expand file flag
says after the file is downloaded please
do everything you can to decode it for
me VIN hex file flag says before the
file is uploaded if the file has a
resource fork and it's not a pipe text
please Ben hex it for me and finally the
no Auto redirect flags if the HTTP site
does redirect you and you don't want
that redirect followed then you can set
this flag and it won't be now let's talk
about properties properties fall into
one of four different categories they
are either aspects of the URL itself for
example the host name or the entire URL
or they are aspects of the resource that
the URL points to for example the size
of the file the name of the file or the
mime type of the data the third category
is aspects of the transfer itself good
example here is the ural status string
which changes as the download
progressives it goes from initiating to
connecting to downloading to a boarding
etc URL total items is a property that's
available if you're downloading or
uploading an entire directory tells you
how many items there are total these are
those first two both useful if you're
displaying your own progress dialog HTTP
redirected URL if there is a redirect
you can find out about it in this
property
the last category of properties there
are another way to control the transfer
if something is more complicated and
just a yes or no question and we
couldn't make it a flag we made it a
property instead for example the HTP
request method is something you can you
can set or the HP user agent this is
really useful a lot of websites are arc
working in that they want you to be
Mozilla compliance so you can set your
user agent to have a string Mozilla in
it the properties can be retrieved with
you or I'll get property they're set
with you're all set property and they
may change during the transfer two
examples of this are the status ring
which changes frequently another example
is some properties may move from an
unknown to a known state in HTTP the
HTTP server tells us the size of the
file the resource size property goes
from unknown to a known state and that
is a property change here's a list of
all the properties you can set this is
conclusive no other properties are
settable that first line should read h8
URL HTTP request header which is how you
set the entire header of HTTP request or
you can just set the method or the body
you can set the user agent and the last
two username a password this is how you
would implement your own authentication
dialog display the dialog enter have the
user enter the username and password
call set properly and both of those
items and then do the download so now I
want to show you how to do a post doing
a post is a pretty popular thing and
your relaxes a lot of people use it for
posting in this case we're going to use
your old down once again but we're going
to set some properties first we're going
to create a new euro reference now we're
going to set the HTTP request method
property to be post and the HTTP request
body property to be our post data and
then we simply call your old download
that does the post and the answer the
post will be put into whatever your
destination is so that's it for the
synchronous api's flags and properties
let's move on to the asynchronous API
once again to use the ATM could save you
guys you need a you all reference but
instead of calling you all download or
URL upload you're going to call Ural
open europen is an asynchronous call
what it does is return immediately and
starts to download or upload in the
background you can use it to download
through a file or you can choose to get
the data yourself by calling get buffer
and release buffer now there's two ways
to monitor an asynchronous download you
can either use a notification routine
which is the preferred method or if you
insist you can pull with your own get
current state now why would anyone want
to use the asynchronous API is if you
can't think of a reason here as a couple
if you're a filter is a very good reason
for example if you're a web crawler and
all you do is parse the HTML that you
receive for more URLs and and then go
and download those you can consume the
data before the data is completely
downloaded this is a very good reason to
use asynchronous API another good reason
is if you want to display your own
progress the async api's were the only
way to get enough information to do that
and finally if you have some moral
opposition to threading then you should
probably use the async APF so this one's
a little longer as you can see and
please don't go back and copy this code
because it's not how we want me to do it
it does pull but I want it to be
consistent with my example and so we're
going to implement get URL in terms of
the URL open call so the first the
beginning is pretty much the same we set
some variables up we create a new
reference the first highlight is line
notify upp creates a new URL notify upp
that is a carbon only step if you're
implementing online only then you don't
need to do this but hopefully you're all
are going to carbonize your applications
so you need to create a notify upp you
pass in the notification routine that
you want to use
and then you simply call your ol open
passing me your reference you say no I
don't want to download to a file you
pass in any flags you want to control
the download your notify upp and then
you pass in a mask for what events you
want your notification to receive and
any user context in this case I'm
passing an employer to a boolean done
that's the part I don't want you to
emulate no madam you sit and spin well
not done URL idle and your aisle is a
call that allows you relax of time to do
its work it's very important especially
for polling and finally once i'm done i
can dispose my upp i disposed my
reference and that's it so here's our
notification routine my notifier the
parameters passed in our your user
context of course the event for which
you are called and the rest of the
information is in the URL callback info
struct this is mainly so if we want to
pass you in more information in the
future we can do so by modifying
obstruct there's a version number in the
structure so the first thing we're going
to do in our notification routine is set
up our user context are done variable
and then we're going to switch on the
event that we received if we get a data
available then we need to go process
some data if we get a completed our
error occurred event that means we're
done so we said our done their variable
to true process data with passing the
ORF so we can actually get the data and
then we're going to sit in a loop
getting data and releasing data now URL
get buffer says I'm borrowing a buffer
from you relax s you notice that there
is no memory allocation in the turkey no
it's not a bug it's not going to crash
we're basically getting the buckle from
you relax we consume it and everywhere
in any way we so desire and then we give
it back once again we're going to call
ural idle because it could be in this in
this loot for a while and then we get
the state current state of a download to
see if they're still data available when
you get the data available event you get
it one time per set of data available so
you have to consume all the data before
you're going to get another event let's
talk a little bit more about events they
are of course reported to the
notification routine you can register
first subset of events you can say I
only want events that relate to data
being downloaded that's the ALB effort
buffer events mask or you can just for
example register for just the completed
an error occurred event if all you care
about is whether or not the download is
done let's talk about a few of the
events that we have the resource found
event means ural axis has gone out and
looked for the resource and actually
have successfully found the resource the
resources are there everything's great
the property changed event happens
anytime any property changes either from
a known state are none no state to
announce state or from one value to
another value the error occurred event
reports non-recoverable errors does not
report any interim errors we've worked
around you get an error occurred event
the download is done and it's completed
in error the data relevant available
event as I talked about earlier we're
going to get one per set of data that's
available periodic event just gives you
time to do whatever you want to do I
didn't mention earlier that the
notification routine is called it a
memory save time you can do whatever you
want allocate memory take a whole lot of
time draw to the screen do anything you
want as long as you call your reliable
periodically
so the periodic event gives you some
time to do some of that abort initiated
event says somebody hit the abort button
or somebody called Ural abort and we
have this event mainly because the
boards are not instantaneous so you need
you may need to know that an abort is
beginning to happen and that would be
followed quickly by the completed event
States let's talk about States anyway
because states are useful even if you
don't want to pull you all get current
state reports the state of the transfer
and some states have event counterparts
for example there is a data available
events in a date available States
there's an error occurred event in an
error occurred state but some of them
don't the one thing that you cannot find
out the state that you have to have
event for is property changes and they
are useful with both the async and sync
ap is all you need is e roll reference
and you can find out the state of your
download here's a list of sample state
tissue bail pretty obvious connecting
we're downloading there's data available
an error occurred and we've finished so
let's go through some issues that other
developers have hit in the past when
their programming to you relax s your
relax is a highly threaded API so you
absolutely have to call Ural idol and I
hope I drilled that home in my example
setproperty expects see in Pascal
strings in some cases now this is a bug
but it is a release bug so we have to
continue support it I do want to try and
rectify this issue on Mac os10 possibly
with the addition of a new API so for
example when you set the user agent it's
got to be a c string when you set the
user name it's gotta be at E string and
this is documented in the latest rather
the documentation another issue people
have had is that you can't call URL
disclose reference from notification
routine you will crash I promise
a few more the HTTP requests body cannot
contain no bite that's a direct result
of fact that we expect to see string
this is fixed in post 904 releases which
there are none I realized but there will
be some day I expect your reference is
not reusable you can't set properties on
it call your all download and then put
some more properties call your own
download again you have to create
dispose it 1 download / finally the
authentication dialog and the progress
alex in that matter not supported in the
in the async api so if you are using
nation kpi's you have to be your own
authentication dialog in your own
progress dialog so that's it for the api
let's just quickly go over what we've
talked about we talked about the
synchronous API URL simple download URL
simple upload neural download your left
loads for calls very easy to use talking
about the asynchronous API ural open URL
get buffer your release buffer talk
about flags that control aspects of the
transfer and properties which do all
sorts of things talked about events
which are reported to your notification
routine and states which are available
to you anytime you have a gyro reference
so Mac was mine and Mac which tenure
relaxes are different slightly and
here's how they differ for those of you
who have been to this talk on the past
couple of years we talked about the
ability to extend the capabilities of
your relaxes using plugins now this is
not support of Mac OS 10 we may add it
back at some point but will not be in
the first release scripting may not make
the first release of Mac OS 10 actually
you know now that Steve is announcement
that summer is our beta and January is
our Jam I think we'll be able to get
stripped you done so
machynlleth 10 as I mentioned before has
128-bit ssl 3 and the current michael
assign has just until 240 bit properties
will work correctly possibly with the
addition of a new API and this last one
is this kind of an FYI Mac os10 is a
carbonized version of the mac OS 9 Force
Base which means that will be bug for
bug compatible hopefully that's good
news now dude before works as much as it
needed to work for Sherlock basically we
lost down quite a while ago so things
are much better on my machine but https
isn't working the FN occasion and
progress dialogues are not yet working
proxy support is disabled because of
some issues we had an intern config key
to support is disabled for the same
reason and we're not yet part of carbon
it's a separate framework right now the
path that is system library frameworks
you relax and stop framework so you have
to link that in so hopefully are all
raring to go you have ideas you want to
get started if you want to develop on
Mac OS 9 you need to download the
security SDK because we are member of
the Security api's that's where the oral
axis SDK is or of course you could just
download carbon would you want to
develop on Mac OS 10 your Laxus is on
deep before with its limitations and you
need to link with system library
frameworks you were lack of stock
framework you are going to want to get
the latest documentation it has been
read recently a big improvement and that
is up on the tech club website
so what are we going to do in the future
we are going to support 128-bit ssl 3
and we're going to have a new roots of
research for for mac OS 9 we're going to
do some bug fixing to we're going to fix
a memory leak that a number have told us
about thank you very much we knew about
it but it's fixed now we're going to
support null from the HTTP request body
that has been requested by several
developers and this last one support for
Xiao long with RSA signed certificates
going to briefly get ssl technical again
verisign has recently changed the way
that they sign their certificates so as
people as servers on the web updates and
get new certificates these certificates
are not going to be readable by your
relaxes very bad thing when you're going
to fix that on 10 we have more grandiose
plans we do we do intend to implement
HTTP upload we want to implement
connection we use what this means is
that if you want to do a series of
uploads or downloads you don't have to
bring up and tear down a connection
every time because you're going to have
a session we're going to move to the
secure transport library which will give
us our dynamic root cert database we
like to improve our built-in encoding
and decoding certainly we want to
support make binary and whatever else
you all think it's important and we may
reenable plugins and or add additional
scheme support built-in okay so this is
where you'll have to pay attention very
quick demo we can move over to the demo
one machine and what I have here is an
application URL axis demo what I did is
I went to be carbon sample apps folder
and I basically used it without
modification except i added to menu
items XP download HTTP download both of
which simply call URL simple download
with a hard-coded URL let's start with
the HTTP download so here's our progress
bar as you can see the user can see the
progress of the download they could hit
the stop button if they
so desired they have an indication of
the time remaining less than a minute
they want more information they can find
out what they're copying where they're
hopping it from where they're copying it
to in this case we're downloading to
memory for the to field is empty and
they get a running total of how many
bikes have already been copied and how
many bytes are total and of course we
can abort it at any time ftp download
this is a connection to ftp applet on
apple.com as you can see from the
initial line you can go ahead and type
in your username and type in the
password you could add it to the
keychain if you wanted to or if you know
that the site that you are connecting to
is supports anonymous login you could
just go ahead and click the anonymous
button I'm going to try this actually
earlier this morning it did not work I
think fgg Bionicle comments just a
really busy today it's just refusing my
connections on you and go ahead and give
it a try anyway and it receives my
connection so what you would have seen
is another progress bar so we've already
seen that and that's it for the demo can
we move back to the slides please so to
summarize your alexis is vapi to use if
you want to get data off the internet
the carbon API it's available to you on
nine and ten very easy to use
synchronous api's single call to do a
download or upload and we also have
flexible asian kpi's if you need them
the one session i want to point you to
is a security feedback forum if you
don't have time to get your feedback to
me today then you can go to this we are
including your relaxes and security
feedback form and that's in room j1
today at 5pm
[Music]
and if you want to talk to somebody
about this after the show you want to
contact Tom wire who is our network and
communications technology manager in
apple worldwide developers Asians
you