Upgrade to Pro — share decks privately, control downloads, hide ads and more …

忙しい人のためのApp Transport Security

Ca4c60651acf1e671e631f27a45e00a9?s=47 niwatako
March 03, 2017

忙しい人のためのApp Transport Security

@ try! Swift Tokyo 2017 https://www.tryswift.co/tokyo/jp
発表原稿はこちら: http://niwatako.hatenablog.jp/entry/2017/03/03/162543

WWDC2016にてATS(App Transport Security)の必須化がアナウンスされました。しかしご存知の通り、必須化は延期されました。また、iOS10で新たなATSの設定を行うInfo.plistのキーが導入されましたが、iOS10のマイナーバージョンごとに仕様が異なります。このLTでは、制度も情報も仕様も混乱しているATSを5分でマスターしていただくことに挑戦します。

Ca4c60651acf1e671e631f27a45e00a9?s=128

niwatako

March 03, 2017
Tweet

More Decks by niwatako

Other Decks in Technology

Transcript

  1. { } try! Swift ๩͍͠ਓͷͨΊͷ App Transport Security Tokyo 2017

  2. @ niwatako

  3. None
  4. { } try! Swift Kyoto
 ژ౎

  5. None
  6. None
  7. MacBook Gold

  8. None
  9. { } try! Swift ๩͍͠ਓͷͨΊͷ App Transport Security Tokyo 2017

  10. App Transport Security Enforcement

  11. App Transport Security

  12. σϑΥϧτͰ༗ޮ

  13. App Transport Security Safe HTTPS Unsafe HTTPS HTTP ❌ ❌

  14. https • different? Safe HTTPS Unsafe HTTPS

  15. https • different? • Hash algorithm • Digital sign •

    Encryption • … Safe HTTPS Unsafe HTTPS
  16. > What’s is the “Safe HTTPS” ? ( ɾωɾ)ͬ Information

    Property List Key Reference https://developer.apple.com/library/prerelease/content/ documentation/General/Reference/InfoPlistKeyReference/Articles/ CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW57
  17. $ nscurl --ats-diagnostics https://apple.com/

  18. $ nscurl --ats-diagnostics https://apple.com/ Default ATS Secure Connection --- ATS

    Default Connection Result : PASS ---
  19. $ nscurl --ats-diagnostics https://swift.org/ Default ATS Secure Connection --- ATS

    Default Connection 2017-03-03 09:53:51.924 nscurl[82267:6343870] N NSURLConnection HTTP load failed (kCFStreamErro Result : FAIL ---
  20. Want to connect HTTP? Safe HTTPS HTTP ❌ ❌ Unsafe

    HTTPS
  21. NSAllowsArbitraryLoads Safe HTTPS HTTP Unsafe HTTPS

  22. NSExceptionDomains Safe HTTPS HTTP ❌ ❌ Unsafe HTTPS hatena.ne.jp hatena.ne.jp

    swift.org
  23. New ATS Options

  24. • NSAllowsArbitraryLoadsForMedia App Transport SecurityͷͨΊͷΦϓγϣϯ

  25. • NSAllowsArbitraryLoadsForMedia • NSAllowsArbitraryLoadsInWebContent App Transport SecurityͷͨΊͷΦϓγϣϯ

  26. • NSAllowsArbitraryLoadsForMedia • NSAllowsArbitraryLoadsInWebContent • NSAllowsLocalNetworking App Transport SecurityͷͨΊͷΦϓγϣϯ

  27. • NSAllowsArbitraryLoadsForMedia • NSAllowsArbitraryLoadsInWebContent • NSAllowsLocalNetworking App Transport SecurityͷͨΊͷΦϓγϣϯ

  28. None
  29. NSAllowsArbitraryLoadsInWebContent

  30. NSAllowsArbitraryLoadsInWebContent WK: WebViewɺUI: UIWebViewɺNS: NSURLSession WK UI NS Safe HTTPS

    HTTP Unsafe HTTPS WK UI NS WK UI NS
  31. ATSɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹ ATS ɹɹɹɹɹɹɹɹɹ WK UI NS Safe HTTPS HTTP Unsafe

    HTTPS WK UI NS WK UI NS ATS
  32. NSAllowsArbitraryLoads WK UI NS Safe HTTPS HTTP Unsafe HTTPS WK

    UI NS WK UI NS
  33. … ATSɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹ ATS ɹɹɹɹɹɹɹɹɹ WK UI NS Safe HTTPS HTTP

    Unsafe HTTPS WK UI NS WK UI NS
  34. NSAllowsArbitraryLoadsInWebContent (iOS10.0) WK UI NS Safe HTTPS HTTP Unsafe HTTPS

    WK UI NS WK UI NS ATS ɹɹɹɹɹɹɹɹɹ
  35. WK UI NS Safe HTTPS HTTP Unsafe HTTPS WK UI

    NS WK UI NS ATS ɹɹɹɹɹɹɹɹɹ NSAllowsArbitraryLoadsInWebContent (iOS10.0)
  36. NSAllowsArbitraryLoadsInWebContent (iOS10.0) WK UI NS Safe HTTPS HTTP Unsafe HTTPS

    WK UI NS WK UI NS ATS ɹɹɹɹɹɹɹɹɹ
  37. WK UI NS Safe HTTPS HTTP Unsafe HTTPS WK UI

    NS WK UI NS iOS10.2ʙ NSAllowsArbitraryLoadsInWebContent (iOS10.2) ATS ɹɹɹɹɹɹɹɹɹ ATS
  38. NSAllowsArbitraryLoadsInWebContent (iOS10.2) Bug… WK UI NS Safe HTTPS HTTP Unsafe

    HTTPS WK UI NS WK UI NS ATS ɹɹɹɹɹɹɹɹɹ ATS
  39. NSAllowsHTTPLoadsInWebContent NSAllowsArbitraryLoadsInWebContent

  40. None
  41. WK UI NS Safe HTTPS HTTP Unsafe HTTPS WK UI

    NS WK UI NS ATS ɹɹɹɹɹɹɹɹɹ NSAllowsArbitraryLoadsInWebContent (iOS10.0)
  42. WK UI NS Safe HTTPS HTTP Unsafe HTTPS WK UI

    NS WK UI NS iOS10.2ʙ NSAllowsArbitraryLoadsInWebContent (iOS10.2) ATS ɹɹɹɹɹɹɹɹɹ ATS
  43. Required by App Store at end of 2016

  44. Required by App Store at end of 2016 Ԇظ

  45. Let's use
 NSAllowsArbitraryLoads


  46. Important Things About ATS • There are cases that it

    does not work properly. • You should to check 
 both the specification and the actual behavior. • Behaviors are different between minor versions.