我们试图实现的目标是将本地视频资源(存储在磁盘上)加载到 WKWebView 实例中,以用作 WebGL 中的纹理。到目前为止,我们一直使用绑定(bind)到 localhost (GCDWebServer) 的服务器来完成此操作,并使用(在本示例中)baseURL:"http://localhost:8989/ "将本地源代码加载为 HTML 字符串,然后使用以下代码行:
<video src="test.mp4" width="320" height="240" preload="auto" playsinline autoplay muted></video>
但是,随着 Apple 的 ATS 政策即将发生变化,我们现在需要通过 HTTPS 实现这一点。我们的新服务器实现基于 OpenSSL,如下所示:
#import "SSLServer.h"
#import "Logging.h"
#import "Util.h"
#import "SSLServerResponse.h"
#include <errno.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <arpa/inet.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <resolv.h>
#include "openssl/ssl.h"
#include "openssl/err.h"
#define FAIL -1
#define SSL_SERVER_UPDATE_INTERVAL 0.0f
@interface SSLServer ()
{
BOOL _keepAlive;
NSUInteger _port;
NSString* _directoryPath;
NSString* _certFilepath;
SSLServerStartCompletionHandler _startCompletionHandler;
}
@end
@implementation SSLServer
-(instancetype)initWithPort:(NSUInteger)port directoryPath:(NSString*)directoryPath andCertFilepath:(NSString*)certFilepath {
self = [super init];
if (self) {
_keepAlive = YES;
_port = 8989; //port;
_certFilepath = certFilepath ? certFilepath : @"";
_directoryPath = directoryPath;
}
return self;
}
-(void)startWithCompletionHandler:(SSLServerStartCompletionHandler)handler {
_startCompletionHandler = handler;
SSL_CTX *ctx;
int server;
SSL_library_init();
//Initialize SSL
ctx = [self initServerCTX];
if (ctx == NULL) {
LogInfoPrivate(@"[SSLServer] : Failed to create SSL context for some reason");
return;
}
//Load certs
[self loadCertificates:ctx certFile:_certFilepath keyFile:_certFilepath];
//Create server socket
server = [self openListener:_port];
if (server == -1) {
_startCompletionHandler(NO, (NSUInteger)_port);
} else {
_startCompletionHandler(YES, (NSUInteger)_port);
}
_startCompletionHandler = nil;
while (_keepAlive) {
struct sockaddr_in addr;
socklen_t len = sizeof(addr);
SSL *ssl;
LogInfoPrivate(@"[SSLServer] : Listening on port: %lu", (unsigned long)_port);
//Accept connection as usual
int client = accept(server, (struct sockaddr*)&addr, &len);
LogInfoPrivate(@"[SSLServer] : Connection: %s:%d\n", inet_ntoa(addr.sin_addr), ntohs(addr.sin_port));
LogInfoPrivate(@"[SSLServer] : Port:%lu\n", (unsigned long)_port);
//Get new SSL state with context
ssl = SSL_new(ctx);
//Set connection socket to SSL state
SSL_set_fd(ssl, client);
//Service connection
dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0), ^{
[self servlet:ssl directoryPath:_directoryPath];
});
[NSThread sleepForTimeInterval:SSL_SERVER_UPDATE_INTERVAL];
}
//Close server socket
close(server);
//Release context
SSL_CTX_free(ctx);
}
-(int)openListener:(NSUInteger)port {
int sock;
struct sockaddr_in addr;
sock = socket(PF_INET, SOCK_STREAM, 0);
bzero(&addr, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_port = htons((unsigned long)port);
addr.sin_addr.s_addr = INADDR_ANY;
socklen_t len = sizeof(addr);
if (bind(sock, (struct sockaddr*)&addr, len) != 0) {
LogErrorPrivate(@"[SSLServer] : Can't bind port");
return -1;
}
if (listen(sock, 10) != 0) {
LogErrorPrivate(@"[SSLServer] : Can't configure listening port");
return -1;
}
// when sin_port is init'd as '0', socket lib will randomize the port, so, we grab the bound port here.
if (port == 0) {
if (getsockname(sock, (struct sockaddr *)&addr, &len) == -1) {
LogErrorPrivate(@"[SSLServer] : Could not retrieve random port number");
return -1;
} else {
_port = ntohs(addr.sin_port);
}
}
return sock;
}
-(SSL_CTX*)initServerCTX {
const SSL_METHOD *method;
SSL_CTX *ctx;
//Load & register all cryptos, etc.
OpenSSL_add_all_algorithms();
//Load all error 4messages
SSL_load_error_strings();
//Create new server-method instance
method = TLSv1_2_server_method();
//Create new context from method
ctx = SSL_CTX_new(method);
if (ctx == NULL) {
ERR_print_errors_fp(stderr);
return NULL;
}
return ctx;
}
-(void)loadCertificates:(SSL_CTX*)ctx certFile:(NSString*)certFile keyFile:(NSString*)keyFile {
//Set the local certificate from CertFile
if (SSL_CTX_use_certificate_file(ctx, [certFile UTF8String], SSL_FILETYPE_PEM) <= 0 ) {
ERR_print_errors_fp(stderr);
return;
}
//Set the private key from KeyFile (may be the same as CertFile)
if (SSL_CTX_use_PrivateKey_file(ctx, [keyFile UTF8String], SSL_FILETYPE_PEM) <= 0 ) {
ERR_print_errors_fp(stderr);
return;
}
//Verify private key
if (!SSL_CTX_check_private_key(ctx) ) {
LogErrorPrivate(@"[SSLServer] : Private key does not match the public certificate");
return;
}
}
-(void)showCerts:(SSL*)ssl {
X509 *cert;
char *line;
//Get certificates (if available)
cert = SSL_get_peer_certificate(ssl);
if (cert != NULL) {
LogInfoPrivate(@"[SSLServer] : Server certificates:");
line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
LogInfoPrivate(@"[SSLServer] : Subject: %s", line);
free(line);
line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
LogInfoPrivate(@"[SSLServer] : Issuer: %s", line);
free(line);
X509_free(cert);
} else {
LogInfoPrivate(@"[SSLServer] : No certificates.");
}
}
//Serve the connection
-(void)servlet:(SSL*)ssl directoryPath:(NSString*)directoryPath {
char buf[1024];
int sd, bytes;
//Do SSL-protocol accept
if (SSL_accept(ssl) == FAIL) {
ERR_print_errors_fp(stderr);
} else {
//Get any certificates
[self showCerts:ssl];
//Get request
bytes = SSL_read(ssl, buf, sizeof(buf));
if (bytes > 0) {
buf[bytes] = 0;
LogInfoPrivate(@"[SSLServer] Client msg: \"%s\"", buf);
NSArray* requestElements = [[NSString stringWithUTF8String:buf] componentsSeparatedByString:@" "];
NSString* resource = [requestElements[1] lastPathComponent];
NSString* resourcePath = [directoryPath stringByAppendingPathComponent:resource];
LogInfoPrivate(@"[SSLServer] Resource path: %@", resource);
//Configure the response
SSLServerResponse* response = [[SSLServerResponse alloc] initWithResourcePath:resourcePath chunked:YES];
[response configure];
//Write the response
for (NSData* data in response.payload) {
SSL_write(ssl, (const char*)[data bytes], (int)[data length]);
}
} else {
LogInfoPrivate(@"[SSLServer] : Nothing to send back");
ERR_print_errors_fp(stderr);
}
}
//Get socket connection
sd = SSL_get_fd(ssl);
//Release SSL state
SSL_free(ssl);
//Close connection
close(sd);
}
-(void)finish {
_keepAlive = NO;
}
@end
我们遇到的问题是图像 (.png) 和文本无法正确提供;然而,音频和视频则不然。我们一直在监控 Charles 的网络流量,甚至没有任何请求从 Web View 中发出。更具体地说,除了图像和 JavaScript 的 GET 请求之外,套接字上不会发生任何通信。对于图像和文本,我们在 Charles 中看到请求,并且 Web View 正在获取身份验证质询回调。我们通过将“allowsInlineMediaPlayback”设置为“YES”和“mediaPlaybackRequiresUserAction”设置为“NO”来配置 WKWebViewConfiguration。有人可以解释一下为什么只有一些请求从 WebView 中被触发吗?
最佳答案
我们在“http://+:13333 ”上有一个 httpListener,但是当我们使用此内容“http://localhost:13333 ”在 WKWebView 中加载 htmlString 时,什么也没有发生。
我们的解决方案是将“localhost”替换为“127.0.0.1”。
也许这是 WKWebView 的普遍问题?!
关于ios - OpenSSL 服务器未收到来自 WKWebView 的媒体(音频/视频)请求,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39859724/