WWDC2000 Session 167

Transcript

Kind: captions Language: en hi good morning my name is Shari and my topic for today is a set of API is called neural access now your alexis has actually been a topic at wwt for the past couple few years now but this year we get our very own question which is pretty exciting we're gonna have time to go through pretty much everything you ever wanted to know about your Alexis and then some let's get started here's what I plan on covering today we're going to go through what your Alexis does and why you might want to use it we'll spend some time quite a bit of time on going over the api's and depth we'll talk about what your alexis is like on 9 vs 10 versus your DP for CDs that you got at the conference we'll talk a little about what we plan to do with your Alexis in the future or a very quick demo which you guys are going to need to pay attention to because we have very little you I in this product so we'll have a quick demo and then we should have some time left over to do QA my goal for the session what I hope you'll learn today is what you can do with you oral access how to use it to to get your carbon applications going and finally since this some the CPI is a maturity I know it's been around for a few years some developers have run into some limitations with it and some issues and I want to make sure that any first-time users don't hit those as well so what is URL access if it's not totally obvious from the name it's an API to allow you to access data on the internet and the way you do this is you give it a URL we have support for the following schemes or URL prefixes HTTP HTTPS xep and file it supports both downloading of data and uploading of data and it's a carbonate CI so it's available on 9 and 10 so this diagram gives an overview the after security api's of which your alexis is one partly because it supports ssl for HTS and also for organizational reasons so as you can see your alexis is part of the classic environment and part of the carbon environment and it's colville from legacy apps carbon apps and it's also actually call before mac OS 10 apps although the diagram does not make that clear ural axis architecture it's part of carbon as I said before and implements HTTP HTTPS FTP and file and some of the toolboxes it uses our open transport internet configs the keychain and ssl we use up and transport of course to do our networking we use internet config to find out about proxies and firewalls that the user has configured we use the keychain to automatically access sites that require authentication and we use SSL to do https tonight you know what it does overall what does it do specifically this is a set of features that are available to you independent of what scheme your URL is we have an authentication dialog which will come up automatically if the site you're going to requires authentication and that is an optional feature we have a progress dialog if you'd like to the user to be able to view the progress of the download or upload and stop the download or upload and that once again is optional we support encoding and decoding of files we encode Ben hex before you upload a file if you like and we also attempt to decode the file the support bin hex again and we support using the stuff attention into Stephin engine is installed it is a scriptable api and we do have proxy and firewall support specifically we support HTTP proxies and we support the Fox firewall and as I mentioned before we support the keychain for automatic authentication HTTP feature set we support download no upload yet we support posting but that does require little additional work and I'll go through a code sample of that we support auto redirections so if the URL you're going to is relocated to another site we will follow that redirection until it terminates in some actual data and just hand you back the data that is an optional feature you do have full access access to the server response if you need it and we do support proxy authentication some HTTP proxies require you to authenticate and we will bring up a dialog for that as well with FCP you can not only download files but you can upload files and you can not only download them up those files but you can download and upload directories entire directories as well or if you prefer your url points to a directory you can also get a directory listing but you're going to have to parse it yourself because we don't provide any parsing support HTTPS right now there's a little bit of a disparity between H mecos 10 and micros nine on 10 we already support and for sale 3 with 128-bit encryption the current status of OS 9 is that we support ssl 2 point 0 and 40 bit encryption I want to apologize in advance for this next few slides because the whole point of your oral axis is that you don't need to know the technical details behind the protocol however that being said let's talk about some functional limitations in your Laxus first of all we don't park the HTML well of course not but what does that mean to you what that means is when a web master designs a website they often have two options for implementing a given feature they can do it in the HTTP or they can do it in the HTML if they offer the former then we likely have not supported if they opt to implement it in the HTML there's nothing we can do the best example of this is login when you use your web browser and you get a dialog saying you know please login to the site that's an HTTP authentication now when you use your web browser and you get a form asking you to for a username and password that's HTML authentication and we don't support that some other examples are file not found could you know there could be a web page saying file not found and they don't tell us in the htp that the file isn't there and redirection can also be implemented in the HTML but it's usually implemented in HTTP now because of this fact that we don't parse HTML there's some ectopy limitations if you go through a proxy ftp is basically transformed into HTML and because we don't parse the HTML we can't upload files and we can't download or upload directly and the last one has been hit by a number of people your lexus is pretty popular as an option for getting https support because it's some fairly high barrier of entry to implement yourself so what people have run into is that ssl and mac OS 9 has a limited root certificate database and i'm just going to quickly run you through the basics of ssl for those of you who know as a lot more about ssl please forgive any simplification so the first thing that happens when you make an ssl connection is the clients ask the server for the server certificate i'm a server obliges and then the client has to do due diligence to make sure that this certificate is is from a server that they trust how do they do this they need to find out who issued the certificate who signed the certificate and that certificate in red which we also call the root certificate and then your Alexis goes through its list of known root certificates to see if that route is in its list if it isn't you don't get to connect if it is you do and set of root certs is a static set the only way to update it is to get a new version of you relax which is unfortunate but we're hope to rectify that would be secure transport library which some of you may have heard about in the security overview so now let's talk about what you can do with you relax asst i thought i'd i'd give a few sample uses and hopefully that will get you thinking about what you can do with it to internally an apple we have several high-profile clients of viewer Laxus sherlock uses it to do its internet searching software updater uses it to upgrade files over the internet help you healthier uses it to display internet content when the content isn't local it uses your relaxes to go gets content and that we're asking it to access ftp sites which is a pretty cool feature if you haven't played with it you go to network browser enter the connect to dialogue your FTP site and you can browse through the ftp sites since third-party uses I cab some of you may be familiar with this web browser on the Macintosh it uses your Laxus only for https sites Adobe uses it in acrobat to implement a feature called web capture this is a feature that allows them to to take pdata take HTML files and transform them into PDF and finally numerous companies are using the description component internally to do various and sundry things so now you know what you're going to do with it I hope and let's talk about how to do it let's go through the API will talk about the synchronous API which is the easiest to use will go through flags which control aspects of the transfer will talk about properties and then we'll move into the asynchronous API it's a little more flexible but consequently a little more difficult to use and we'll talk about states a very easiest way to download a URL on any platform okay I don't know that for sure but but it's kind of fun to say is URL simple download it's a single call to download a URL all you do is you provide the source URL you provided the destination FF spec if you want to download to a file or you provide the destination handle if you'd like to download to memory and you also pass in any flags you know if you want it to do something in particular now I'm going to make a request that you all if you use this API please use it and thread it's the synchronous API it's going to take some time to complete so please put it in separate thread so let's see how your simple download works here we have a routine get URL so I'm going to implement in several different ways throughout this presentation it takes a source URL it takes a destination FS Beck and in this case we're going to use your real simple download to implement it as you can see it's pretty simple we declare some flags to declare status and we call you a simple download would pass from the URL we pass in the destination FF spec we say we don't want to download some memory which is in the following mill and we say here's some flags saying what I want you to do with my download when when you are eligible download completes the download is complete and we're done so I kind of breezed over the two last parameters to you our simple download and those parameters involve the system event procedure this is a way a parameter to a to all the synchronous calls and if you're going to display a dialog you think a dialogue was going to come up you really need to implement one of these it allows the dialogues to be displayed as a movable modal if you don't implement one the Daleks will be just your regular modal dialogues and what the system event procedure does is basically receive update event so your app has time to update itself while we're moving our dialogue around a second synchronous API want to talk about is slightly more complex with two more steps but is significantly more powerful and it's called you oral download the two extra steps are you have to create and dispose of a URL reference and once again it should be using a thread because it's going to take some time now why why would you use your old Alan sort of your world simple download well because you have this year old reference you can make any of the other API calls to do various and sundry things you can call gettin sent property before and after the download or for credit from another thread you could monitor the state of the download or even abort it so here is our get URL routine again implemented in terms of the year old download call as you can see there's this to extra steps once again we declare our flags we declare our status we declare you'll records now hold you owe ref and we create it by calling your own new reference and we call your old download this come a pass from the you all rest instead of the source URL directly we pass in the destination FS spec don't download some memory pass in our flags and when that call returns a downhole is done and we are free to dispose our euro reference so now we talked about synchronous downloading let's talk just briefly about synchronous uploading there's two ways once again you're all simple upload and your upload to upload synchronously and they're very similar to their downloading counterparts with the following exceptions you provide a destination URL instead of a sorcerer home of course you provide a source FS fact instead of a destination FS back in addition you cannot upload for memory you can only upload from a file and of course different flags apply to uploading as opposed to downloading finally in its current state uploading its ftp only so we've talked about flags a lot let's get into some detail on those they do control optional aspects of the transfer and they are use of those synchronous and asynchronous calls here are some sample Flags replace existing flag basically says if the destination file beat an upload or download exists then go ahead and replace it now if you don't set this flag what we do is we create a unique name we never return destination exists error but something to keep in mind the next flag display progress flag is how you indicate that you want a progress dialog display authentication flag is how you indicate you want an authentication dialog expand file flag says after the file is downloaded please do everything you can to decode it for me VIN hex file flag says before the file is uploaded if the file has a resource fork and it's not a pipe text please Ben hex it for me and finally the no Auto redirect flags if the HTTP site does redirect you and you don't want that redirect followed then you can set this flag and it won't be now let's talk about properties properties fall into one of four different categories they are either aspects of the URL itself for example the host name or the entire URL or they are aspects of the resource that the URL points to for example the size of the file the name of the file or the mime type of the data the third category is aspects of the transfer itself good example here is the ural status string which changes as the download progressives it goes from initiating to connecting to downloading to a boarding etc URL total items is a property that's available if you're downloading or uploading an entire directory tells you how many items there are total these are those first two both useful if you're displaying your own progress dialog HTTP redirected URL if there is a redirect you can find out about it in this property the last category of properties there are another way to control the transfer if something is more complicated and just a yes or no question and we couldn't make it a flag we made it a property instead for example the HTP request method is something you can you can set or the HP user agent this is really useful a lot of websites are arc working in that they want you to be Mozilla compliance so you can set your user agent to have a string Mozilla in it the properties can be retrieved with you or I'll get property they're set with you're all set property and they may change during the transfer two examples of this are the status ring which changes frequently another example is some properties may move from an unknown to a known state in HTTP the HTTP server tells us the size of the file the resource size property goes from unknown to a known state and that is a property change here's a list of all the properties you can set this is conclusive no other properties are settable that first line should read h8 URL HTTP request header which is how you set the entire header of HTTP request or you can just set the method or the body you can set the user agent and the last two username a password this is how you would implement your own authentication dialog display the dialog enter have the user enter the username and password call set properly and both of those items and then do the download so now I want to show you how to do a post doing a post is a pretty popular thing and your relaxes a lot of people use it for posting in this case we're going to use your old down once again but we're going to set some properties first we're going to create a new euro reference now we're going to set the HTTP request method property to be post and the HTTP request body property to be our post data and then we simply call your old download that does the post and the answer the post will be put into whatever your destination is so that's it for the synchronous api's flags and properties let's move on to the asynchronous API once again to use the ATM could save you guys you need a you all reference but instead of calling you all download or URL upload you're going to call Ural open europen is an asynchronous call what it does is return immediately and starts to download or upload in the background you can use it to download through a file or you can choose to get the data yourself by calling get buffer and release buffer now there's two ways to monitor an asynchronous download you can either use a notification routine which is the preferred method or if you insist you can pull with your own get current state now why would anyone want to use the asynchronous API is if you can't think of a reason here as a couple if you're a filter is a very good reason for example if you're a web crawler and all you do is parse the HTML that you receive for more URLs and and then go and download those you can consume the data before the data is completely downloaded this is a very good reason to use asynchronous API another good reason is if you want to display your own progress the async api's were the only way to get enough information to do that and finally if you have some moral opposition to threading then you should probably use the async APF so this one's a little longer as you can see and please don't go back and copy this code because it's not how we want me to do it it does pull but I want it to be consistent with my example and so we're going to implement get URL in terms of the URL open call so the first the beginning is pretty much the same we set some variables up we create a new reference the first highlight is line notify upp creates a new URL notify upp that is a carbon only step if you're implementing online only then you don't need to do this but hopefully you're all are going to carbonize your applications so you need to create a notify upp you pass in the notification routine that you want to use and then you simply call your ol open passing me your reference you say no I don't want to download to a file you pass in any flags you want to control the download your notify upp and then you pass in a mask for what events you want your notification to receive and any user context in this case I'm passing an employer to a boolean done that's the part I don't want you to emulate no madam you sit and spin well not done URL idle and your aisle is a call that allows you relax of time to do its work it's very important especially for polling and finally once i'm done i can dispose my upp i disposed my reference and that's it so here's our notification routine my notifier the parameters passed in our your user context of course the event for which you are called and the rest of the information is in the URL callback info struct this is mainly so if we want to pass you in more information in the future we can do so by modifying obstruct there's a version number in the structure so the first thing we're going to do in our notification routine is set up our user context are done variable and then we're going to switch on the event that we received if we get a data available then we need to go process some data if we get a completed our error occurred event that means we're done so we said our done their variable to true process data with passing the ORF so we can actually get the data and then we're going to sit in a loop getting data and releasing data now URL get buffer says I'm borrowing a buffer from you relax s you notice that there is no memory allocation in the turkey no it's not a bug it's not going to crash we're basically getting the buckle from you relax we consume it and everywhere in any way we so desire and then we give it back once again we're going to call ural idle because it could be in this in this loot for a while and then we get the state current state of a download to see if they're still data available when you get the data available event you get it one time per set of data available so you have to consume all the data before you're going to get another event let's talk a little bit more about events they are of course reported to the notification routine you can register first subset of events you can say I only want events that relate to data being downloaded that's the ALB effort buffer events mask or you can just for example register for just the completed an error occurred event if all you care about is whether or not the download is done let's talk about a few of the events that we have the resource found event means ural axis has gone out and looked for the resource and actually have successfully found the resource the resources are there everything's great the property changed event happens anytime any property changes either from a known state are none no state to announce state or from one value to another value the error occurred event reports non-recoverable errors does not report any interim errors we've worked around you get an error occurred event the download is done and it's completed in error the data relevant available event as I talked about earlier we're going to get one per set of data that's available periodic event just gives you time to do whatever you want to do I didn't mention earlier that the notification routine is called it a memory save time you can do whatever you want allocate memory take a whole lot of time draw to the screen do anything you want as long as you call your reliable periodically so the periodic event gives you some time to do some of that abort initiated event says somebody hit the abort button or somebody called Ural abort and we have this event mainly because the boards are not instantaneous so you need you may need to know that an abort is beginning to happen and that would be followed quickly by the completed event States let's talk about States anyway because states are useful even if you don't want to pull you all get current state reports the state of the transfer and some states have event counterparts for example there is a data available events in a date available States there's an error occurred event in an error occurred state but some of them don't the one thing that you cannot find out the state that you have to have event for is property changes and they are useful with both the async and sync ap is all you need is e roll reference and you can find out the state of your download here's a list of sample state tissue bail pretty obvious connecting we're downloading there's data available an error occurred and we've finished so let's go through some issues that other developers have hit in the past when their programming to you relax s your relax is a highly threaded API so you absolutely have to call Ural idol and I hope I drilled that home in my example setproperty expects see in Pascal strings in some cases now this is a bug but it is a release bug so we have to continue support it I do want to try and rectify this issue on Mac os10 possibly with the addition of a new API so for example when you set the user agent it's got to be a c string when you set the user name it's gotta be at E string and this is documented in the latest rather the documentation another issue people have had is that you can't call URL disclose reference from notification routine you will crash I promise a few more the HTTP requests body cannot contain no bite that's a direct result of fact that we expect to see string this is fixed in post 904 releases which there are none I realized but there will be some day I expect your reference is not reusable you can't set properties on it call your all download and then put some more properties call your own download again you have to create dispose it 1 download / finally the authentication dialog and the progress alex in that matter not supported in the in the async api so if you are using nation kpi's you have to be your own authentication dialog in your own progress dialog so that's it for the api let's just quickly go over what we've talked about we talked about the synchronous API URL simple download URL simple upload neural download your left loads for calls very easy to use talking about the asynchronous API ural open URL get buffer your release buffer talk about flags that control aspects of the transfer and properties which do all sorts of things talked about events which are reported to your notification routine and states which are available to you anytime you have a gyro reference so Mac was mine and Mac which tenure relaxes are different slightly and here's how they differ for those of you who have been to this talk on the past couple of years we talked about the ability to extend the capabilities of your relaxes using plugins now this is not support of Mac OS 10 we may add it back at some point but will not be in the first release scripting may not make the first release of Mac OS 10 actually you know now that Steve is announcement that summer is our beta and January is our Jam I think we'll be able to get stripped you done so machynlleth 10 as I mentioned before has 128-bit ssl 3 and the current michael assign has just until 240 bit properties will work correctly possibly with the addition of a new API and this last one is this kind of an FYI Mac os10 is a carbonized version of the mac OS 9 Force Base which means that will be bug for bug compatible hopefully that's good news now dude before works as much as it needed to work for Sherlock basically we lost down quite a while ago so things are much better on my machine but https isn't working the FN occasion and progress dialogues are not yet working proxy support is disabled because of some issues we had an intern config key to support is disabled for the same reason and we're not yet part of carbon it's a separate framework right now the path that is system library frameworks you relax and stop framework so you have to link that in so hopefully are all raring to go you have ideas you want to get started if you want to develop on Mac OS 9 you need to download the security SDK because we are member of the Security api's that's where the oral axis SDK is or of course you could just download carbon would you want to develop on Mac OS 10 your Laxus is on deep before with its limitations and you need to link with system library frameworks you were lack of stock framework you are going to want to get the latest documentation it has been read recently a big improvement and that is up on the tech club website so what are we going to do in the future we are going to support 128-bit ssl 3 and we're going to have a new roots of research for for mac OS 9 we're going to do some bug fixing to we're going to fix a memory leak that a number have told us about thank you very much we knew about it but it's fixed now we're going to support null from the HTTP request body that has been requested by several developers and this last one support for Xiao long with RSA signed certificates going to briefly get ssl technical again verisign has recently changed the way that they sign their certificates so as people as servers on the web updates and get new certificates these certificates are not going to be readable by your relaxes very bad thing when you're going to fix that on 10 we have more grandiose plans we do we do intend to implement HTTP upload we want to implement connection we use what this means is that if you want to do a series of uploads or downloads you don't have to bring up and tear down a connection every time because you're going to have a session we're going to move to the secure transport library which will give us our dynamic root cert database we like to improve our built-in encoding and decoding certainly we want to support make binary and whatever else you all think it's important and we may reenable plugins and or add additional scheme support built-in okay so this is where you'll have to pay attention very quick demo we can move over to the demo one machine and what I have here is an application URL axis demo what I did is I went to be carbon sample apps folder and I basically used it without modification except i added to menu items XP download HTTP download both of which simply call URL simple download with a hard-coded URL let's start with the HTTP download so here's our progress bar as you can see the user can see the progress of the download they could hit the stop button if they so desired they have an indication of the time remaining less than a minute they want more information they can find out what they're copying where they're hopping it from where they're copying it to in this case we're downloading to memory for the to field is empty and they get a running total of how many bikes have already been copied and how many bytes are total and of course we can abort it at any time ftp download this is a connection to ftp applet on apple.com as you can see from the initial line you can go ahead and type in your username and type in the password you could add it to the keychain if you wanted to or if you know that the site that you are connecting to is supports anonymous login you could just go ahead and click the anonymous button I'm going to try this actually earlier this morning it did not work I think fgg Bionicle comments just a really busy today it's just refusing my connections on you and go ahead and give it a try anyway and it receives my connection so what you would have seen is another progress bar so we've already seen that and that's it for the demo can we move back to the slides please so to summarize your alexis is vapi to use if you want to get data off the internet the carbon API it's available to you on nine and ten very easy to use synchronous api's single call to do a download or upload and we also have flexible asian kpi's if you need them the one session i want to point you to is a security feedback forum if you don't have time to get your feedback to me today then you can go to this we are including your relaxes and security feedback form and that's in room j1 today at 5pm [Music] and if you want to talk to somebody about this after the show you want to contact Tom wire who is our network and communications technology manager in apple worldwide developers Asians you