WWDC2004 Session 406

Transcript

Kind: captions
Language: en
and with that would like to introduce
Becky well rich and chill
about modern networking using CF network
hi I'm Becky will return the technical
lead for CF network and i'll be talking
to you about how you can use CF network
into Mac os10 application what we're
going to cover today is we'll start out
with an introduction and overview we're
going to breeze through that pretty fast
because I figure that's review for most
everybody at this point we're going to
talk about what's new and tiger in
particular we're going to highlight two
new classes CF met diagnostics and CF
HTTP authentication then we're going to
look at a couple of common CF Network
tasks that we know from feedback from
you is something you want a little more
guidance with we're going to look at how
you manage proxies using CF network and
how you can use CF network to perform
asynchronous host look up and then
finally at the end we're going to wrap
up by comparing CF network with some of
the other URL loading api's on the
system and help you figure out which one
is most appropriate for the programming
task you have so I'm going to dive
straight into the introduction and
overview now what we're going to do is
start out by talking about what is CF
network and then we're going to look and
see how CF Network fits into the Mac
os10 stack as a whole and then finally
we're going to look at the feature set
in depth so CF network is chock-full of
network II goodness I have this on high
authority from a co-worker what TF
network is is a framework that provides
high level AP is for a number of
different Internet protocols and I
listed them here well what do I mean by
high level I mean higher level than BSD
sockets I do not mean high level like
you know just give me the URL and go do
some magic and give me the data it's not
that high level but it is better than
the sockets it's better than managing
selects yourself ins and parsing
yourself we also provide support for
dance features like proxies and
authentication so you don't have to
program those yourself one of our goals
is to provide web compatibility because
you know wonder of wonders not every
server out there is actually HTTP
compliant
we do our best to provide full access to
those servers anyway and it's worth
noting that the HTTP engine that
underlies Safari is in fact CF network
so every time you download a URL off the
web using Safari you're going through CF
network code CF networks api's are all
in the style of core foundation that has
two important consequences the first one
is that you're constantly using CF types
so you're going through the holes of CF
retain CF release reference counting
saying we use a couple types from the
core foundation pretty heavily CF read
stream and CF right stream we also add
new types in CF network those are all
CFCF types as well I listed three common
ones here CF host CF net services CF
HTTP message all introduced in CF
networks all also CF types the other
important consequence of having an API
based on core foundation is that we
produce all of our a synchronous using
CF run loop so the advantage of that is
that it fits in very easily with your
applications natural event model carbon
events and NS run loop are both built on
top of CF run loop so CF Network fits in
very naturally with that event model
however it also means that if you want
to use CF network to its best effect you
are going to need to understand CF run
loop to program it effectively it's not
going to be important for this talk but
just to warn you when you get into the
code itself you're going to want to have
a good understanding of CF run loop so I
said before I CF network is not this
convenient API where you give you hand
over the URL and you're like please just
download the data I don't want to know
the details there are api's on the
system that do that for you but CF
network is not it pardon me so for
example we do not automatically apply
any settings for you CF network is
intended to be a power API where
you go through and explicitly set each
bit and flag that you are interested to
customize the process the other part of
the goal is to expose the full power of
the protocols that it implements so you
can very explicitly turn on and off
every individual feature of the protocol
you're using now the upside is that you
do in fact have full control the
downside is that you really need to have
some understanding of the protocol
before you're going to be able to use CF
network to good effect so here's an
architecture diagram of Mac OS 10 you
guys have probably seen this a few
million times by now Darwin our UNIX
implementation is the core OS and then
we have various layers of libraries all
the way up to the applications at the
top CF networks fits into this core
services later so that's below the
graphics layer at the point where all of
the basic services that pretty much
every process on the system uses unless
it's a pure unix process and if you look
specifically at the networking pieces in
the stack here's how they line up CF
network is what's available at the core
services layer it's built on top of
Berkeley sockets tcp/ip rendezvous and
DNS implementations all available from
the core OS Darwin layer not much going
on in the networking world that the
application services layer which isn't
surprising that's where the graphics the
graphics and user event let pieces are
added but then above and the application
framework layers nsurl and WebKit become
available and then built on top of all
of this stack you'll see all of all of
the major networking apps on our system
like ichat sherlock safari males itunes
so specifically what feature set does CF
Network provide well first of all it
provides an abstraction for TCP socket
streams we went beyond supporting basic
TCP though to add in support for TLS and
SSL and socks proxies CF hosts gives you
access to DNS and in particular provides
asynchronous
host resolution then we have streams to
support both the HTTP and the FTP
protocol CF net services is your API
into rendezvous CF net diagnostics is
new and we'll talk about it some more in
a little bit and then of course we have
integrated proxy supported all these
layers so that if you need to use if you
need to apply a proxy setting you can do
that that's as much of an overview as I
want to give and from here I'm going to
dive into what's new in Tiger I've
already said that we have two new types
CF net diagnostics and CF HTTP
authentication we also have some new CF
net services api's and we have some new
settings on socket streams excuse me
specifically to allow you to customize
SSL and TLS sessions so what is CF net
diagnostics the basic scenario is this
you're in the middle of some networking
task and for some reason it's not
working you don't know why you just get
an error code back from a download for
instance or some kind of a POSIX error
that tells you that the network has gone
bad how do you report that back to the
user in some meaningful way and how do
you help the user move along to fix the
problem so that your program can work CF
Matt truck Diagnostics provides an easy
interface for you to lead the user
through these tasks so what kind of
problems to see if met in CF net
diagnostics prepared to diagnose
anything from a simple physical
connection failure someone's unplugged
the ethernet cables or a networking
failure like the router is not working
for some reason packets are just not
going through or a dns or dhcp server
has gone been to configuration failures
the user just did not enter the right
thing in the network and the network
system preferences panel CF net
diagnostics gives you away to prompt the
user about the problem and then move
through it and help the user to correct
the problem
looks like this so what would happen is
you would encounter this network failure
you'd lead the user to this panel
essentially and this panel would go
through the five steps you see on the on
the left to try and determine what's
gone wrong once it hits a problem in the
network pet in the network settings it
tells a user about it and tells them
what they can do to correct it once the
user is corrected it it goes further to
tell the user it that the situation has
been corrected so what's the advantage
of CF net diagnostics well the biggest
advantage well the biggest advantage is
you don't have to write the code but the
second biggest advantage is it provides
a uniform interface to the user it
allows you the programmer to easily
query what the network connectivity
status is you know is a network
functioning properly or not and if it's
not it gives you a localized string that
you can present directly to the user to
explain what's gone wrong having done
that it further leads the user to that
panel we just saw so that the user can
then go and try and correct a problem
themselves there a sample code available
showing how CF net diagnostics work
unfortunately due to a mastering error
it does not appear at this path on your
tiger CDs however it is included along
with every other sample code piece that
I'm going to talk about in the disc
image for this session so I encourage
you to download the discussions the disc
image for the session and grab the
sample code from there so how's it going
to look in your application it's
actually a very simple minimal API and
what I've got here are the three lines
of code that you're going to need to add
to your program to integrate CF net
diagnostics you can see at the top what
we've done is we've read bites from a
stream and we got a negative 1 return
which tells us that an error has
occurred so what where do we go from
there well it's pretty straightforward
we take the failed read stream the read
stream that we could not read from and
instantiate a net diagnostic object from
it
having done that we call met diagnostic
copy network status to retrieve an error
string that we can now display to the
user and we're going to display it in
some kind of an alert panel that says
that has an ok button to just dismiss it
and continue and a diagnosed a button to
draw to lead the user to further do
perform diagnosis if the user clicks the
diagnose button we're going to call this
line at the bottom diagnose problem
interactively that's going to return
immediately from your programs point of
view but from the users point of view
it's clean it's going to launch another
application and bring up a panel so that
the that will help the users start to
diagnose the problem so that's net
diagnostics and now I'm going to move on
to talk from about HTTP authentication
we've had authentication support for
HTTP in CF network for a long time now
at least a couple three years however
we've made some substantial changes in
tiger historically HTTP authentication
has supported basic and digest schemes
since since I last talked to you here
last year we've added support for ntlm
and span ago which are a couple schemes
that are common in the windows world and
the existing old API the one that's been
available for years was designed for
single shot transactions you'd send
issue a request and get back an
authentication challenge once you get
the challenge you call this as you call
the old API it corrects the request you
issue the request again and away you go
and it works fine the problem was that
you don't usually issue just one request
to a server you usually issue 10 or 20
and it seems a shame to have to go
through this process for each and every
request so that's why we added CF HTTP
authentication and tiger to allow you to
carry state forward from one request to
another going to the same authenticating
server so here's the old at the old API
CFH
GDP message add authentication every
request is processed individually each
time you receive a challenge you get the
credentials from the users you apply the
credentials to the request and then you
issue the entire request again and there
was no persistency across multiple
requests to the same servers the new API
uses an object of CF HTTP authentication
object to carry that state across from
request to request and that gives you
much better performance particularly
when you're talking to some some host
that has one of these very expensive
authentication schemes that requires for
instance multiple legs just to compute
keys and negotiate protocols so how's it
going to work in code in code you're
going to maintain a set of CF HTTP
authentication objects when you receive
an authentication challenge you're going
to look through the set of objects to
try and find one that applies if you
find one great if not you're going to
create one once you have that object you
apply it to the request along with
credentials from the users and CF
network will use the information stored
in that object to process the request as
efficiently as possible gives much
better performance this is the
authentication scheme used by Safari and
again we have sample code available
we've updated the get example inside
developed or examples networking to
include support for authentication so
here are the api's you're going to use
along the way from the store from the
store of authentication objects you'll
use CF HTTP authentication applies to
request to find out whether the auth
object applies to the request you're
trying to handle if you have to create
one from scratch you'll use create from
response once you have that off object
you need to check to see if the object
is valid reason why you need to do that
is because the authentication object may
go stale over time assuming it's valid
you get the credentials from the user or
from some shared store that you have in
mode you can use requires username and
password and requires account domain to
figure out what information you need to
collect from the user and then finally
you're going to apply all of the pieces
to the request to correct the request
and prepare it for an authenticated
transaction with the server and you're
going to you're going to do that using
apply credentials dictionary now there
are a couple tricks that you have to be
aware of when you're using HTTP
authentication the first one is that
some authentication schemes will only
work it's the subsequent request go out
over precisely the same socket as the
initial request went out over so that
means you have to turn on persistent
connections so when you're when you're
in a situation where you're trying to
handle authentication make sure you have
persistent connections turn on turned on
but further than that in order for the
persistent connections to Garrett to be
guaranteed to stay open you have to make
sure to keep open one stream to hold
open that socket inside CF network for
the subsequent requests so what I
recommend is that as you're going from
request to request don't close the
stream for the old request until you've
opened the stream to the new request
that'll guarantee that the socket
underlying the connection will be kept
open and reused the other thing to be
aware of is that some of the
authentication schemes require multiple
legs back and forth to the server just
to negotiate hash values protocols
whatever so that means that even though
you have you have applied authentication
once to a particular request that
doesn't mean that it will automatically
work from there you may have to keep
reapplying it over and over again until
finally the server negotiation gets to a
point where the server is ready to
return the data the simple rule is just
keep reapplying the authentication
object until or unless it goes invalid
the auth object knows how many legs are
required it knows when the credentials
are simply wrong or when the
server has decided to shut down the
transaction at that point you can fall
back and figure out how to handle a
failure case so with that I'm going to
switch over to the demo what I've got
here is a simple application which
downloads URLs so I can type in dub dub
dub apple com and click start and click
start there we go scared me for a moment
there and you can see that the URL was
downloaded down here so here we're
looking at all the text for dub dub dub
apple com and at the top we just the way
I've just displayed a summary of the
status line now there are a couple
things that are not working properly in
this demo the first one is that failures
are not handled in a particularly
interesting way so if I go to
www.hsn.com back with a little error
string right here which is in fact what
the code is set up to do just now that's
not very interesting feedback to the
user so what we're going to do is add
net diagnostics to this application also
even though we have a username and
password configured here earth you I set
up here this isn't hooked up in any way
so even if I go to an authenticating
site like jigsaw dubbed reorg this is a
little site set up by the doubletree
consortium to let you test
authentications authentication code so
we go there
there we go and it comes back with a 401
on unauthorized because we haven't
provided username and password well even
if I provide the correct username and
password it's still going to come back
with this 401 so what we're going to do
is we're first going to hook up net
diagnostic so we can give better
feedback to the user and then we're
going to add authentication to this
application I'm going to quit this app
and come and look at the code here so
this code is also on the disk image it's
a very simple cocoa application it has
just one class download controller which
is wired up to the UI and to integrate
net diagnostics what I'm going to do is
go to the handle error method and here's
the simple the simple error string that
you would have seen it does nothing but
pull the error out of the read stream
and formatted and display it in the text
view that's not very interesting so
we're going to get rid of it and we're
going to replace it with net diagnostics
code the CF met diagnostic ref dude
Diagnostics get if net diagnostics
create with strings null allocator
stream is the instance variable that's
that storing the failed read stream and
we don't have a right stream so that's
there now we need a string rest for the
error error string CF net diagnostics
copy network status passively diag at
air ok so what that calls going to do is
it's going to use a Diagnostics object
and ask for an error string describing
the failure that error string is going
to be put into air now if you're not a
cocoa programmer I'm going to ask you to
just take my word on this I'm about to
add a line that's going to run an alert
panel and its run alert panel first
argument is the title second argument is
a printf string for the contents of the
panel third argument buttons default
button third argument is the alternate
button so we're going to have an
alternate button of diagnose which if
the user clicks we're going to use to
head off in to see if net Diagnostics to
bring up that diagnostic panel don't
have a third button and finally the
argument for the printf okay so that's
going to run an alert panel and what
we're going to do is if the result from
that is NS alert alternate return then
what that means is the user clicked
diagnose and we're just going to call CF
net diagnostic diagnose problems
interactively I'm really a much better
typist when I'm not on stage and that's
it we're done oh except for a little
cleanup we should release the objects we
have created oh there we go oh good all
right so so now let's just see what
happens
oh yes thank you and is it yes yes and
there is no F here either try this again
okay that does not look good there we go
alright it's just taking a little time
alright so given that the DNS server
doesn't seem to be too happy with us
right now I'm going to create a much
simpler networking failure that's a very
simple networking failure now let's see
if we can go to dub dub dub apple com no
we can't and here's that alert panel it
comes up and it shows us a string chosen
by CF net diagnostics the systems
internet connection appears to be down
all right let's see what CF net
Diagnostics can tell us about that so
here's the Diagnostics panel and it was
going to go through these five different
types of networking errors but in fact
it failed immediately the first one the
built in ethernet is not working so are
we trying to connect to the internet for
the first time no we're not we're trying
to configure the ethernet and now it's
as well the ethernet ports not active
let's check the following things and
you'll notice in this list one of them
is into the ethernet cable plugged in
well look at that no it's not so let's
just plug it back in let's just plug it
back in there we go and now you can see
net Diagnostics discovered that we've
corrected the problem and is going
through and checking the remainder of
our configuration
and now if I go back here i can download
apple com now I have to have make a
little confession here what you're
looking up looking at up here is pure
demo where if you were to build this
program on the WWDC seed that you
received you would not see that series
of panels and said you'd see a
placeholder panel which would tell you
that yes met Diagnostics fired correctly
it would tell you what application had
brought it up and what the code entry
point was but it wouldn't actually lead
you through that series of panels the
series of panels will of course be there
for the final tiger release we didn't
have them quite ready to where we were
willing to include them in the seed so
for the seed you'll just see the
placeholder panel which is hopefully
enough to allow you to develop your code
so having done that now let's add
authentication authentications a little
more complex than just using CF net
diagnostics to do that I'm going to need
to add two new instance variables
authentication ref so this is the auth
object that I'm going to use to store
the current authentication state and I'm
going to add a CF mutable array to store
the set of all authentication pieces
that I've received so that's the change
to the header file now over here in the
source file we need a couple bookkeeping
things first of all we'd better release
the objects when we're when we're
deallocated so we don't leave
secondly in the stop download method
this is what happens when the user
clicks top or when the stream is finally
exhausted in the data has been
successfully loaded we need to throw out
the auth object if one exists so it's
not carried forward to future requests
okay so that's the bookkeeping now to
actually do the work we have a method
here evaluate headers this is going to
fire the first time we get a look at the
headers back from the server so what we
want to do is look for an authentication
failure which would be a status code of
401 or 407 and if we have such a
response we want to attempt
authentication so here if we gotta
respond if CF HTTP message get response
status code response we're just going to
deal with 401 for the demo 407 s would
be a proxy authentication failure it's
pretty it's pretty much straight forward
in the same code for that so if we got a
401 we're going to attempt
authentication and we'll pass the
response we received and if that
succeeds so if this method returns true
then we're going to return no telling
the surrounding code ignore the stream
you've been looking at there's a new
stream coming okay I'm at it for that
code now all we need to do is write this
attempt authentication method well I'm
not going to force you to sit here and
watch me introduce a million typos I
actually have that method already
written up here and what I'm going to do
is just uncomment it and walk you
through it the first thing we do is look
and see if we already have an
authentication object if not we're going
to try and find one and we'll do that by
walking through author a for each item
in auth array we ask it does it apply to
our request
if so that's still not good enough we
want to know if it's still valid if it
is valid all right great then we store
it in our instance variable and break
out of the loop otherwise where there's
no there's no need to hold on to invalid
authentication items so we dispose it
and up and do some updating for the loop
once you reach once we're outside of
that loop if we still don't have an
authentication object that means we
couldn't find one so now we're going to
create one so we call CF HTTP
authentication create some response now
it is actually possible for a newly
created authentication item to be
invalid off the bat what that usually
means is that the server has chosen to
send an unauthorized response without
any information about how you can
correct the error the server is not
going to let you authenticate period
there are some other possibilities there
could be some missing headers in the
response but the main one is that the
server is simply not going to let you in
so you do have to check to make sure
that the authentication object you just
created is in fact valid if it is
terrific we'll add it to the shared
store if not then we're then we give up
so now coming down here at this point if
we don't have an authentication object
we're simply not going to get one and
we'll see at the end here that we simply
punt in that case however assuming we
did get an authentication object we look
to see if it requires an account domain
and if it does again we're going to punt
because my you I wasn't clever enough to
prompt for a domain that mostly means
we're giving up on ntlm that's the one
authentication scheme that requires a
domain aside from a user in addition to
user names so in that case we release
off and just return know otherwise we
come down into this code if the
authentication requires a username and
password we go and haul it out of the UI
and then we call HTTP message apply
credentials to apply the authentication
we've got to the request assuming if
that fails return no and bail otherwise
we're going to ultimately return yes
say that the authentication has
succeeded now comes the part where we
have to deal with the with the problem
of persistency we cannot dispose of the
old stream until the new stream is well
established so right here we do all the
work of setting up the new stream this
is all standard CF network code create
the new stream set the client scheduled
it with the run loop set what other
whatever properties you need and then
open the stream once we've got that
stream setup we can now go and dispose
of the old stream close it set the
client to null on schedule and release
and ultimately set our instance variable
to point to the new stream at this point
we're done and we can return yes
authentication has succeeded so let's
see if it actually works ok so let's go
to jigsaw dub three org that same test
site so without a username and password
there we go comes back with a 401
unauthorized but this time when we
provide the username and password click
start we come back with the 200 ok and
if we were to look at this if we were to
look at the data we received yeah your
browser made it ok but if I give the
wrong username and password again we get
the 401 unauthorized so they are in
about 10 minutes we've added met
diagnostic capability and HTTP
authentication to a simple download
application
if I could get back to the slides if I
could have the slides back great okay
there are a couple other API new API is
I want to mention we redid the CF net
services ap is that's the api's would
give you access to rendezvous via the
run loop we redid it and Tiger not just
because we love making you change your
code we did it because we need to fix a
few problems that we uncovered with the
earlier api's and at the same time we
found that the earlier api's were
insufficient to pick up some new
features being exposed by a core OS we
are deprecating the old API that doesn't
mean that it will suddenly stopped
working it will still work as it always
did but one of the big things that
you'll pick up by going to the new API
is better network better network i/o
performance so we encourage you to
transition when you're ready to the
transition is as simple as we could make
it it's very nearly search and replace
and what I've done is I've listed here
what the old calls were and what the new
calls would be to help you with the
transition the release notes which are
on the tiger CD and also in the disk
image for this session give full
instructions for how to how to
transition to the new API we also
updated the echo & echoplex amples which
use CF net services to discover the
clients in the server to use the new API
so you can look there for more examples
there is one important difference that I
want to mention CF net service resolve
has been replaced with CF net service
resolved with timeout the reason well
one of the reasons why is that CF net
service resolve would leave open the
resolution until it was explicitly
canceled and what we found out is that
this was completely unexpected by most
people and so they would call Matt
service resolve they would get back the
resolution the
so they would get back the information
they were looking for and then they
would assume that the net service was
done well it wasn't it's still consuming
bandwidth it's still consuming network
time until it's explicitly cancelled so
CF net service resolved with timeout has
slightly different behavior it now will
exit when either a suitable address has
been found where the timeout has been
reached and as a result it consumes
considerably less network bandwidth now
there was one legitimate time when you
would want to leave a net service open
and running forever you would want to do
that if you were monitoring a single net
service and waiting for changes to occur
to address that problem we've added a
new type CF net service monitor new and
tiger and where you used to use a
long-running CF net service resolve call
together with get protocol specific
information so you could find out what
had changed about that net service
instead just use net service monitor it
has a much more efficient smaller
network footprint in terms of the
traffic the other new API is just a
couple new properties on CF socket
streamed they're both targeted to allow
you finer control and a better
understanding of what has happened in
the ssl/tls negotiations for secure
socket streams the first property is kc
f stream property ssl pier certificates
this is a retrievable property you can
retrieve any time after the ssl
handshake has completed and what it's
going to return is an array of the
certificates that the server has has
used to present itself for the pier
who's used to present itself so it's got
every certificate from the root
certificates to the certificate given by
the server you can look at them in depth
you can do any kind of evaluation with
it that you'd like the other property is
kc upstream property ssl settings this
is a settable property its value as a
dictionary the keys of the dictionaries
are a number of
configuration options which you can find
in CF socket streamed H and it allows
you to control how CF network will judge
the pier certificates by and large and
how CF network will work we'll handle
the head the TLS or SSL handshake I'm
not going to go through these in huge
details these are all the different
properties you can set SSL level lets
you choose TLS v1 or sslv3 or what kind
of fall back you want allows expired
certificates and allows expired routes
allows any route pretty much
self-explanatory validate validate some
certificate if Akane whether you want CF
network to even look at the certificate
chain or whether you want to do that
yourself or you want to leave yourself
wide open to whatever the server gives
you ssl pier name allows you to set the
expected name that you that you're
expecting to see on the certificate from
the remote side because you might
connect my IP address but the
certificate the certificate is going to
display a hostname and so you need to
set that separately ssl-certificates
allows you to set the certificates for
your side of the ssl transaction so
that's what you would use if you wanted
to do client-side certificate checking
or if you wanted to write a server
yourself speaking of servers you'd set
SSL is server if you were performing the
server side of the transaction as
opposed to the client side default
values are all documented in CF socket
stream th in general the defaults are
for the strongest security possible and
the maximum amount of checking so you
would need to set these to make the
requirements more lacs that's the new
API is that we have available in tiger
now I'm going to take a moment to talk
about the difference a couple different
CF Network tasks in particular we're
going to talk about how you use proxies
using CF network and how you would
perform an asynchronous DNS lookup
so one of CF networks strengths /
working with other networking stacks or
writing your own is that it's prepared
to handle complex combinations of
proxies so if you look at the system
settings the users turned on a socks
proxy and an HTTP proxy and an HTTPS
proxy and you don't know which one
you're going to use and you don't you're
not sure how the different
communications are handled well CF
network does CF network can figure out
which proxy should be applied and then
do the correct communication for that
type of proxy however CF networks not
intended in the convenience API so you
have to explicitly turn proxies on to
get proxy support from CF networks
you're always going to do that by
calling CF read stream set properties
and the key or the property you're going
to set is whatever proxy setting is
appropriate for the kind of stream
you're using well so one of the
questions we get as well as an HDTV
proxy and there's a socks proxy and I'm
work but I'm working with an HTTP stream
do i set the socks property a proxy
property or the HTTP proxy property
always set the highest level so in that
case you would be setting the HTTP proxy
if you were working with an FTP stream
you would set the ftp proxy property
even if the proxy you're applying is
socks for instance you should also
always apply the proxy settings before
opening the stream because we need that
information before we establish the
correct socket and what we found is that
our developers use proxies basically in
two different ways either they simply
want to apply the default system proxy
configuration or they know that their
case is special in some way and they
have a custom proxy server that they
wish to apply regardless of what other
settings may be present so here's
probably the more common one you just
want to use whatever the current system
proxy settings are well the good news is
that while you have to be explicit about
this its really fairly straightforward
just call FC dynamic store copy proxies
that will get you the default proxy
dictionary or the system proxy
dictionary out of system config
and apply it blindly to the stream don't
look at it don't tear it apart just pass
the whole schmear through CF read stream
setproperty streams property HTTP proxy
and the dictionary you got back from
system config that's it CF network will
pull the dictionary apart figure out
what the correct settings are and use
them if on the other hand you need to
use a custom proxy configuration you're
going to need to create the custom proxy
dictionary yourself look in the correct
stream header file to find out what the
keys are you're going to need a key for
the host and a key for the port and
those are the only two keys that you
need present in your dictionary some
proxies most notably thought have some
additional keys you could set if you
would like you can take a look at those
those aren't actually required once you
have constructed that dictionary you
apply it exactly the same way by calling
setproperty stream HTTP proxy dictionary
so here's what it looks like in code
create a mutable CF dictionary set value
proxy host whatever the host is set
value proxy port whatever the port is
then called CF read stream setproperty
exactly as you did before so another
task that's pretty common that we hear
about is the need to perform an
asynchronous host look up what do I mean
by that well you have a host name you
want the IP address so that
straightforward and the traditional UNIX
calls for this or get host by name or
the slightly newer get a tour info but
the problem with those calls is that
they're blocking they're going to tie up
a thread and they're not going to return
until they have the answer that makes it
very difficult to process multiple
multiple host names at once so the
solution to that is to use CF host
instead CF host is going to report its
results back to you hey synchronously
via the CF run loop
excuse me that way you can have as many
open queries as you'd like they're all
going to happen on the same thread and
they're all going to report the results
back asynchronously and incidentally CF
hosts will perform both ipv4 and ipv6
look look up for you incidentally CF
hosts supports a number of other things
too you can do reverse DNS lookup so you
have the address you want to know the
common host names you can use it to
determine whether a given host is
reachable just now if for some reason
you want to use a blocking API you can
use CF host in that fashion although we
always recommend that you use the
asynchronous non-blocking API instead
that's the power of the object and for
our purposes here today we're going to
focus on just basic host lookups so
using CF host is pretty much the same as
using every other CF network object you
start by setting it up you create it set
your callback all of that good stuff
then you wait for the call back to come
in when the callback comes in you filled
it and then finally you clean up every
CF Network object follows this basic
pattern set it up wait for the events
wait for the callbacks to come in and
then dispose of the object so here's the
setup here we're doing a DNS lookup
dub-dub-dub apple com CF hose create
with names wal com then we need to set
up the client call back we UCF host set
client that's just how you specify what
function CF host should call when it
when it receives the information that
you're looking for schedule it with a
run loop here we're scheduling it with
the current run loop in the default mode
that tells CF host where you want to
receive that call back you can schedule
it on another thread if you want and
then having done all that setup you
start CF hosted its work by calling CF
host start in full resolution and here
you pass the host object and then the
type of information you're looking for
looking for the addresses so that's KCF
host addresses and you're done then the
run loop runs and at some point later CF
host has its answer once that happens
it's going to call your call back on the
run move you specified so here we're
fielding the call back first argument is
going to be the host object whose
resolution it has completed second
argument tells you what resolution has
completed we only signed up for one so
we know what that's going to be third
argument is an error if an error has
occurred and then finally is a context
pointer which you could have provided to
pass information or state around inside
your own program to handle it first we
look at the error if an errors occurred
then we're going to need to field it in
some fashion assuming no error has
occurred we can now safely call CF host
get addressing knowing that the host
already has the address available so
that will return immediately providing
the addresses that it just received your
program will probably want to do
something more specific or more
sophisticated than this but just to show
you how we would get the information out
here we get the value of the first the
first item in the array that's going to
be CF data ref the CF data is
essentially a sockaddr so CF data get
byte pointer is going to give you a
pointer to a sock adder CF data get
length will give you the length of that
sockaddr and you can pass it into any
Berkeley or any units call so here I'm
just calling connect to connect a socket
finally we need to clean up any
asynchronous process is going to require
a little extra clean up compared to
simply releasing a reference basically
three phases first unschedule it from
the run loop that makes sure that the
run loop releases any reference it has
on the host and that any any data or
state that's being maintained by the
host object or by the run loop gets
freed up CS host set client null tells
the host that you're done you don't ever
want to receive a call back again and
then finally CF truly
this release releases your reference on
the host object and that's what I wanted
to say about those two basic CF
networking tasks and we're running a
little tight on time so I'm going to fly
through this next section where we're
going to talk about some of the other
URL loading api's on the system the two
other major URL loading api's on a mac
OS 10 system are the foundation URL
loading pieces and URL access manager
the foundation pieces are basically
represented by these three classes and
at URL request response in connection
URL access manager is the carbon API
that became available I think starting
in nine maybe a little before that and
is now deprecated has been for a couple
years now so way back when I was talking
about how CF network is intended as a
power API that explode exposes all of
the pieces that all of the the knobs and
buttons on its given protocols
foundation is the convenience API
foundation provides a nice smooth easy
API to allow you to download a URL just
like a browser would whatever it is that
a browser does in terms of cookies
authentication caching all of that magic
is just done automatically at the
foundation level so there are two
consequences of that first as you'd
expect at the foundation level we have a
support for a lot more features caching
cookie support better authentication
support in the sense that there will be
some automatic credential management the
callback for a little cleaner at the
foundation level than what we saw at the
fence at the CF network level but the
other consequences there are a lot more
constraints because the URL loading
system has made some choices for you you
must use an asynchronous delegation
model you must use the threading model
that foundation dictates and you must
use foundation scheduling policy so for
instance there's no way to say download
these URLs on one fund
thread and these others on another
there's no way to hold a download in
progress there's no way to give a
particular URL download a higher
priority than other ones and then just
as an added note the foundation always
uses the system proxies you cannot do
any custom proxy configuration at the
foundation layer so how do you decide
which one you're going to use well use
nsurl use the foundation api's if you
need the additional features but more
generally use nsurl if your task is
really to download something pretty much
exactly like a browser would so the
classic example for me of this is when
you're downloading HTML mail you're
going to display it just the way you
would expect a browser to display it you
want to download all the images exactly
the same way with the same cookies same
authentication model that a browser
would use on the other hand UCF network
if you don't want to link that high you
don't want the extra convenience and the
extra pieces you don't want to link
foundation or objective c you want
fine-tuned control of the threading
model or more generally you just you're
not doing a basic browser like download
so classic example of that is your
downloading a software update you're
only going to download it once you don't
want it cached you know there are no
cookies involved whatever authentication
needs to be performed you already know
all the details about it you can use
foundation to do that kind of a download
if you want but it's more work to go in
and turn off each and every one of those
things then to just start with CF
network can work and do it the download
from there so then the other API URL
access manager you should never use URL
access manager anymore really it's bad
we've been saying that for at least two
years now and then I was thinking well
okay is there any time I would recommend
that you use URL access manager well if
you still need compatibility with mac OS
9 then you're stuck yeah you're going to
have to use URL access manager
but to give you a little incentive to
kind of my great that old code off of
URL access manager I've listed here the
major shortcomings of URL access that
have been fixed with CF networking with
foundation but will never be fixed in
the URL access manager no authenticating
proxies no HTTPS proxies tied to a
couple obsolete AP is the thread manager
and FS specs and no support never will
be for ipv6 so if I want to migrate from
URL access manager to CF network or
foundation what do I need to do three
basic entry points to URL access manager
URL simple download and URL download and
then there's URL open which is the
asynchronous API for ul access manager
if you're doing a download to memory use
these nsurl methods instead if you're
doing a download the file use nsurl
download it's designed for that purpose
you can use CF network instead of nsurl
it takes a little more work I listed
nsurl is the first choice because that's
the one line replacement using CF
network is maybe 50 something like
depending on how sophisticated to
download you're doing and they're there
is some good sample code available at
developer.apple.com to show you how to
do a CF Network download URL open is
considerably more sophisticated and
provides a number of different flags so
what you're going to do if you're
calling URL open depends on why you're
using URL open if the only reason you're
using URL open is to get some asynchrony
support use nsurlconnection instead if
on the other hand you need high high
level of customization or detailed
threading and buffer control drop the CF
network that will give you the extra
knobs you need to control the download
that's all I want to say about those AP
is we are out of time so I'm just going
to point at point out so there are about
a million references a bunch of
documentation and sample code available
all of this information is available in
the disc image so just get the disc
image and you'll see all of this
information replicated there