I am hoping, through this post, not just to get an answer but to help many others struggling with using AWS secure POST policy infrastructure. Code is shown, after the explanation.
We use an EC2 Ubuntu 20.2 instance running Django as server. Using boto3 (s3_client.generate_presigned_post) we create a RetrieveAPIView using rest_framework. This Generic View accepts 3 GET parameters - file_name, meta_uuid & mime_type - and generates the POST signature and policy. This view returns the "fields" dictionary, url, etc. in the form of JSON. Boto3 ignores the value entered for "x-amz-date" and generates its own.
Using Postman we can successfully retrieve a full policy from the Ubuntu server. Then, after copying/pasting the values for the returned fields we use Postman to post the file to AWS using form-data in the body. The file uploads fine and we get the HTTP 204 No Content and the other fields in the Header. If we make a small change to one of the fields during the post to AWS S3, the server comes back with HTTP 403 Forbidden & the code "SignatureDoesNotMatch", just what one would expect.
BUT, when attempting to run from EITHER the Xcode simulator or from an actual device using AFNetworking's [AFHTTPSessionManager uploadTaskWithRequest: fromFile: progress: completionHandler:] we get back from AWS S3 - HTTP 400 Bad Request and the code "IncompleteBody" in the xml. AWS documentation suggests that the problem is that the content length measured at S3 not consistent with the Content-Length being sent in the header.
The file size, when measured using iOS FileManger is 111251 . AFNetworking outbound Header is Content-Length = 113071. That makes sense when one counts the length of the encoded policy, signature, other fields, the boundary value, etc.
Any hints on what to look for would be greatly appreciated. Does AWS only look at the file size when calculating Content-Length? Does this mean that the policy is OK, or does AWS S3 first just do some rudimentary header checking before looking at the encoded policy and signature?
IOS using AFNetworking 3.0 (CocoaPod), Xcode 13.1.
Thanks,
Eric
NB: Policy encodings were fudged so as not to expose our MY_AWS_ASSIGNED_S3_KEY_ID
Code follows and hoping it helps many other dealing with this same issue:
Server side Django:
def retrieve(self, request, *args, **kwargs):
s3_client = boto3.client('s3', aws_access_key_id=os.getenv('AWS_ACCESS_KEY_ID'),
aws_secret_access_key=os.getenv('AWS_SECRET_ACCESS_KEY'),
region_name=AWS_REGION_NAME,
config=config.Config(signature_version='s3v4'))
t = datetime.datetime.utcnow()
amz_date = t.strftime('%Y%m%d') # Date w/o time, used in credential scope
amz_date_z = amz_date + 'T000000Z'
amz_cred = os.getenv('AWS_ACCESS_KEY_ID') + '/' + amz_date + '/' + AWS_REGION_NAME + '/' + 's3/aws4_request'
cont_type = request.GET.get('mime_type', None)
meta_uuid = request.GET.get('meta_uuid', None)
fields_dict = {
'acl': 'authenticated-read',
'bucket': AWS_STORAGE_BUCKET_NAME,
'x-amz-algorithm': 'AWS4-HMAC-SHA256',
'x-amz-meta-uuid': meta_uuid,
'x-amz-credential': amz_cred,
'x-amz-date': amz_date_z,
'content-type': cont_type
}
cond_list = [
{'content-type': cont_type},
{'bucket': AWS_STORAGE_BUCKET_NAME},
{'x-amz-meta-uuid': meta_uuid},
{'acl': 'authenticated-read'},
]
ret_dict = s3_client.generate_presigned_post(
Bucket=AWS_STORAGE_BUCKET_NAME,
Key=PRIVATE_MEDIA_LOCATION + request.GET.get('file_name', None),
Fields=fields_dict,
Conditions=cond_list,
ExpiresIn=3600
)
print("ret_dict =")
print(ret_dict)
return Response({'status': 'success', 'data': ret_dict}, status=status.HTTP_202_ACCEPTED)
Returned JSON from server to Postman:
{
"status": "success",
"data": {
"url": "https://aa-dev-media.s3.amazonaws.com/",
"fields": {
"acl": "authenticated-read",
"bucket": "aa-dev-media",
"x-amz-algorithm": "AWS4-HMAC-SHA256",
"x-amz-meta-uuid": "some_random_string",
"x-amz-credential": "**MY_AWS_ASSIGNED_S3_KEY_ID**/20211107/us-west-2/s3/aws4_request",
"x-amz-date": "20211107T092556Z",
"content-type": "image/jpeg",
"key": "media/krTkQskg.jpg",
"policy": "eyJleHBpcmF0aW9uIjogIjIwMjEtMTEtMDdUMTA6MjU6NTZaIiwgImNvbmRpdGlvbnMiOiBbeyJjb250ZW50LXR5cGUiOiAiaW1hZ2UvanBlZyJ9LCB7ImJ1Y2tldCI6ICJhYS1kZXYtbWVkaWEifSwgeyJ4LWFtei1tZXRhLXV1aWQiOiAic29tZV9yYW5kb21fc3RyaW5nIn0sIHsiYWNsIjogImF1dGhlbnRpY2F0ZWQtcmVhZCJ9LCB7ImJ1Y2tldCI6ICJhYS1kZXYtbWVkaWTTTSwgeyJrZXkiOiAibWVkaWEva3JUa1Fza2cuanBnIn0sIHsieC1hbXotYWxnb3JpdGhtIjogIkFXUzQtSE1BQy1TSEEyNTYifSwgeyJ4LWFtei1jcmVkZW50aWFsIjogIkFLSUE2UVZNTFlWNVRSUk9YQjVZLzIwMjExMTA3L3VzLXdlc3QtMi9zMy9hd3M0X3JlcXVlc3QifSwgeyJ4LWFtei1kYXRlIjogIjIwMjExMTA3VDA5MjU1NloifV19",
"x-amz-signature": "8fcec036a12ae2ab9212133c5c7ce275e91961ab9486936a47ce0e6bb869e6ce"
}
}
}
Objective C code in App:
- (void)uploadCurrentMediaFileToS3ForAPI:(APIType)api usingParameters:(NSDictionary *)pDict
{
NSLog(#"%s fileURL = %#",__FUNCTION__,currentMFO.file_url);
NSLog(#"%s fName = %#",__FUNCTION__,currentMFO.file_name);
NSLog(#"%s mType = %#",__FUNCTION__,currentMFO.mime_mfo.mime_type);
NSLog(#"%s httpPath = %#",__FUNCTION__,httpPath);
NSLog(#"%s pDict = %#",__FUNCTION__,pDict);
NSLog(#"%s currentMFO.file_size_bytes = %lld",__FUNCTION__,currentMFO.file_size_bytes);
NSError *reqError = nil;
AFHTTPRequestSerializer *reqSerial = [AFHTTPRequestSerializer serializer];
NSMutableURLRequest *req = [reqSerial multipartFormRequestWithMethod:kHTTPPOST URLString:httpPath parameters:nil constructingBodyWithBlock:^(id<AFMultipartFormData> _Nonnull formData)
{
NSArray *paramKeys = [pDict allKeys];
for (NSString *key in paramKeys)
{
NSString *paramValue = [pDict objectForKey:key];
NSData *valData = [paramValue dataUsingEncoding:NSUTF8StringEncoding];
NSLog(#"%s key = %#, value = %# ",__FUNCTION__,key, paramValue);
[formData appendPartWithFormData:valData name:key];
}
BOOL fileFormSuccess = [formData appendPartWithFileURL:self->currentMFO.file_url name:#"file" fileName:self->currentMFO.file_name mimeType:self->currentMFO.mime_mfo.mime_type error:nil];
NSLog(#"%s fileFormSuccess = %i",__FUNCTION__,fileFormSuccess);
} error:&reqError];
if (reqError) [self incrementErrorCountForAPI:api statusCode:100 locDesc:reqError.localizedDescription andReason:reqError.localizedFailureReason];
[req addValue:#"*/*" forHTTPHeaderField:#"Accept"];
[req addValue:#"500" forHTTPHeaderField:#"Keep-Alive"];
NSLog(#"%s after req.allHTTPHeaderFields = %#",__FUNCTION__,req.allHTTPHeaderFields);
NSLog(#"%s req.URL = %#",__FUNCTION__,req.URL);
AFHTTPSessionManager *manager = [[AFHTTPSessionManager alloc] initWithSessionConfiguration:[NSURLSessionConfiguration defaultSessionConfiguration]];
manager.responseSerializer = [AFHTTPResponseSerializer serializer];
NSURLSessionUploadTask *uploadTask = [manager uploadTaskWithRequest:req fromFile:currentMFO.file_url progress:nil completionHandler:^(NSURLResponse * _Nonnull response, id _Nullable responseObject, NSError * _Nullable error)
{
NSHTTPURLResponse *httpResp = (NSHTTPURLResponse *)response;
NSLog(#"%s httpResp.allHeaderFields - %#",__FUNCTION__,httpResp.allHeaderFields);
NSLog(#"%s httpResp.MIMEType - %#",__FUNCTION__,httpResp.MIMEType);
NSLog(#"%s httpResp.statusCode - %ld",__FUNCTION__,(long)httpResp.statusCode);
if (responseObject)
{
NSString *respString = [[NSString alloc] initWithData:responseObject encoding:NSUTF8StringEncoding];
NSLog(#"%s respString - %#",__FUNCTION__,respString);
}
}];
[uploadTask resume];
}
And here are the logs from the Xcode debugger:
fileURL = file:///var/mobile/Containers/Data/Application/8FF62939-0E50-4582-B242-01472D1C75D3/Library/UserMedia/horiz_windlass_photo.png
fName = horiz_windlass_photo.png
mType = image/png
httpPath = https://aa-dev-media.s3.amazonaws.com/
pDict = {
acl = "authenticated-read";
bucket = "aa-dev-media";
"content-type" = "image/png";
key = "media/horiz_windlass_photo.png";
policy = "eyJleHBpcmF0aW9uIjogIjIwMjEtMTEtMDdUMTE6MjM6MDNaIiwgImNvbmRpdGlvbnMiOiBbeyJjb250ZW50LXR5cGUiOiAiaW1hZ2UvcG5nIn0sIHsiYnVja2V0IjogImFhLWRldi1tZWRpYSJ9LCB7IngtYW16LW1ldGEtdXVpZCI6ICJob3Jpel93aW5kbGFzc19waG90by5wbmcifSwgeyJhY2wiOiAiYXV0aGVudGljYXRlZC1yZWFkIn0sIHsiYnVja2V0IjogImFhLWRldi1tZWRpYSJ9LCB7ImtleSI6ICJtZWRpYS9ob3Jpel93aW5kbGFzc19waG90by5wbmcifSwgeyJ4LXXXXi1hbGdvcml0aG0iOiAiQVdTNC1ITUFDLVNIQTI1NiJ9LCB7IngtYW16LWNyZWRlbnRpYWwiOiAiQUtJQTZRVk1MWVY1VFJST1hCNVkvMjAyMTExMDcvdXMtd2VzdC0yL3MzL2F3czRfcmVxdWVzdCJ9LCB7IngtYW16LWRhdGUiOiAiMjAyMTExMDdUMTAyMzAzWiJ9XX0=";
"x-amz-algorithm" = "AWS4-HMAC-SHA256";
"x-amz-credential" = "**MY_AWS_ASSIGNED_S3_KEY_ID**/20211107/us-west-2/s3/aws4_request";
"x-amz-date" = 20211107T102303Z;
"x-amz-meta-uuid" = "horiz_windlass_photo.png";
"x-amz-signature" = 41677f9254e324553a429bbcc3dcf5bd0f5df4af1c25fcaf51ce088a2a5dd032;
}
currentMFO.file_size_bytes = 111251
key = bucket, value = aa-dev-media
key = content-type, value = image/png
key = policy, value = eyJleHBpcmF0aW9uIjogIjIwMjEtMTEtMDdUMTE6MjM6MDNaIiwgImNvbmRpdGlvbnMiOiBbeyJjb250ZW50LXR5cGUiOiAiaW1hZ2UvcG5nIn0sIHsiYnVja2V0IjogImFhLWRldi1tZWRpYSJ9LCB7IngtYW16LW1ldGEtdXVpZCI6ICJob3Jpel93aW5kbGFzc19waG90by5wbmcifSwgeyJhY2wiOiAiYXV0aGVudGljYXRlZC1yZWFkIn0sIHsiYnVja2V0IjogImFhLWRldi1tZWRpYSJ9LCB7ImtleSI6ICJtZWRpYS9ob3Jpel93aW5kbGFzc19waG90by5wbmcifSwgeyJ4LXXXXi1hbGdvcml0aG0iOiAiQVdTNC1ITUFDLVNIQTI1NiJ9LCB7IngtYW16LWNyZWRlbnRpYWwiOiAiQUtJQTZRVk1MWVY1VFJST1hCNVkvMjAyMTExMDcvdXMtd2VzdC0yL3MzL2F3czRfcmVxdWVzdCJ9LCB7IngtYW16LWRhdGUiOiAiMjAyMTExMDdUMTAyMzAzWiJ9XX0=
key = x-amz-signature, value = 41677f9254e324553a429bbcc3dcf5bd0f5df4af1c25fcaf51ce088a2a5dd032
key = x-amz-algorithm, value = AWS4-HMAC-SHA256
key = acl, value = authenticated-read
key = x-amz-meta-uuid, value = horiz_windlass_photo.png
key = key, value = media/horiz_windlass_photo.png
key = x-amz-credential, value = **MY_AWS_ASSIGNED_S3_KEY_ID**/20211107/us-west-2/s3/aws4_request
key = x-amz-date, value = 20211107T102303Z
after formData = <AFStreamingMultipartFormData: 0x282c6e0d0>
fileFormSuccess = 1
req.allHTTPHeaderFields = {
User-Agent = "AnchorAway/1.0 (iPhone; iOS 15.0.2; Scale/3.00)”,
Accept-Language = "en-US;q=1”,
Content-Type = "multipart/form-data; boundary=Boundary+5D68022C08D21CC8”,
Content-Length = 113071,
Accept = “*/*”,
Keep-Alive = "500"
]
req.HTTPBody = (null)
eq.URL = https://aa-dev-media.s3.amazonaws.com/}
httpResp.allHeaderFields - {
Server = AmazonS3
Content-Type = "application/xml"
Transfer-Encoding = "Identity"
x-amz-request-id = "2BXQ22BB603CA92E"
Date = "Sun, 07 Nov 2021 10:23:03 GMT"
x-amz-id-2 = "tmvZxT96gJvL4SwxTdlHhkh3ZrGj1vmiG4JO1MQPyJc3bYlXMpofLxfImLuhBZEddSAS7nUdAzc="
Connection = close
}
httpResp.MIMEType - application/xml
httpResp.statusCode - 400
respString - <?xml version="1.0" encoding="UTF-8"?><Error><Code>IncompleteBody</Code><Message>The request body terminated unexpectedly</Message> <RequestId>2BXQ22BB603CA92E<RequestId><HostId>tmvZxT96gJvL4SwxTdlHhkh3ZrGj1vmiG4JO1MQPyJc3bYlXMpofLxfImLuhBZEddSAS7nUdAzc=</HostId></Error>
I found the solutions and willing to share it. If you like or use it, please vote 'yes' so perhaps I get enough visibility so that next time someone posts advise... Approach should also work just fine in Swift...
Using AFNetworking's uploadTaskWithRequest:fromFile: in conjunction with its multipartFormRequestWithMethod:URLString:parameters:constructingBodyWithBlock:error: ------ was a bad idea.
AFNetworking's is a subclass of Apple's uploadTaskWithRequest:fromFile: . Apple Documentation States
"The body stream and body data in this request object are ignored."
Hence, anything formed during construction of the Body was ignored subsequently by uploadTask. AWS never saw a multi-form body or file.
AWS's S3 Response Error Codes cannot be taken literally
That is not to say that they aren't useful, because they are. But, often they are "red herrings" for the real issue, which requires a lot of brute force digging. What saved me on this was using WireShark to examine the packets in the request and response --- extremely helpful - https://www.wireshark.org I highly recommend using this tool.
Manually construct your own form-data body as string, convert to NSData, add data from image file, append with form-data suffix and save to temporary file
You might find this code useful:
NSString * boundaryString = [NSString stringWithFormat:#"------XY%#",SOME_RANDOM_STRING];
NSMutableString *bodyString = [NSMutableString stringWithFormat:#"--%#\r\n",boundaryString];
for (NSString *key in paramKeys)
{
[bodyString appendFormat:#"Content-Disposition: form-data; name=\"%#\"\r\n\r\n",key];
[bodyString appendFormat:#"%#",[paramDict objectForKey:key]];
[bodyString appendFormat:#"\r\n--%#\r\n", boundaryString];
}
[bodyString appendFormat:#"Content-Disposition: form-data; name=\"%#\"; filename=\"%#\"\r\n",#"file",currentMFO.file_name];
[bodyString appendFormat:#"Content-Type: %#\r\n\r\n",currentMFO.mime_mfo.mime_type];
NSMutableData *postData = [NSMutableData dataWithData:[bodyString dataUsingEncoding:NSUTF8StringEncoding]];
NSData *fileData = [NSData dataWithContentsOfFile:IMAGE_FILE_URL];
[postData appendData:fileData];
NSString *suffixString = [NSString stringWithFormat:#"\r\n--%#--\r\n",boundartString];
NSData *suffixData = [NSData dataWithData:[suffixString dataUsingEncoding:NSUTF8StringEncoding]];
[postData appendData:suffixData];
[[NSFileManager defaultManager] createFileAtPath:PATH_FOR_TEMP_FILE contents:postData attributes:nil];
Finally, passing the temporary file url to AFNetworking's uploadTaskWithRequest:fromFile: should work just fine.
I have an NSData object. I need to convert its bytes to a string and send as JSON. description returns hex and is unreliable (according to various SO posters). So I'm looking at code like this:
NSUInteger len = [imageData length];
Byte *byteData = (Byte*)malloc(len);
[imageData getBytes:&byteData length:len];
How do I then send byteData as JSON? I want to send the raw bytes.
CODE:
NSString *jsonBase64 = [imageData base64EncodedString];
NSLog(#"BASE 64 FINGERPRINT: %#", jsonBase64);
NSData *b64 = [NSData dataFromBase64String:jsonBase64];
NSLog(#"Equal: %d", [imageData isEqualToData:b64]);
NSLog(#"b64: %#", b64);
NSLog(#"original: %#", imageData);
NSString *decoded = [[NSString alloc] initWithData:b64 encoding:NSUTF8StringEncoding];
NSLog(#"decoded: %#", decoded);
I get values for everything except for the last line - decoded.
Which would indicate to me that the raw bytes are not formatted in NSUTF8encoding?
The reason the String is being considered 'unreliable' in previous Stack posts is because they too were attempting to use NSData objects where the ending bytes aren't properly terminated with NULL :
NSString *jsonString = [NSString stringWithUTF8String:[nsDataObj bytes]];
// This is unreliable because it may result in NULL string values
Whereas the example below should give you your desired results because the NSData byte string will terminate correctly:
NSString *jsonString = [[NSString alloc] initWithBytes:[nsDataObj bytes] length:[nsDataObj length] encoding: NSUTF8StringEncoding];
You were on the right track and hopefully this is able to help you solve your current problem. Best of luck!
~ EDIT ~
Make sure you are declaring your NSData Object from an image like so:
NSData *imageData = [[NSData alloc] init];
imageData = UIImagePNGRepresentation(yourImage);
Have you tried using something like this:
#implementation NSData (Base64)
- (NSString *)base64EncodedString
{
return [self base64EncodedStringWithWrapWidth:0];
}
This will turn your NSData in a base64 string, and on the other side you just need to decode it.
EDIT: #Lucas said you can do something like this:
NSString *myString = [[NSString alloc] initWithData:myData encoding:NSUTF8StringEncoding];
but i had some problem with this method because of some special characters, and because of that i started using base64 strings for communication.
EDIT3: Trys this method base64EncodedString
#implementation NSData (Base64)
- (NSString *)base64EncodedString
{
return [self base64EncodedStringWithWrapWidth:0];
}
//Helper Method
- (NSString *)base64EncodedStringWithWrapWidth:(NSUInteger)wrapWidth
{
//ensure wrapWidth is a multiple of 4
wrapWidth = (wrapWidth / 4) * 4;
const char lookup[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
long long inputLength = [self length];
const unsigned char *inputBytes = [self bytes];
long long maxOutputLength = (inputLength / 3 + 1) * 4;
maxOutputLength += wrapWidth? (maxOutputLength / wrapWidth) * 2: 0;
unsigned char *outputBytes = (unsigned char *)malloc((NSUInteger)maxOutputLength);
long long i;
long long outputLength = 0;
for (i = 0; i < inputLength - 2; i += 3)
{
outputBytes[outputLength++] = lookup[(inputBytes[i] & 0xFC) >> 2];
outputBytes[outputLength++] = lookup[((inputBytes[i] & 0x03) << 4) | ((inputBytes[i + 1] & 0xF0) >> 4)];
outputBytes[outputLength++] = lookup[((inputBytes[i + 1] & 0x0F) << 2) | ((inputBytes[i + 2] & 0xC0) >> 6)];
outputBytes[outputLength++] = lookup[inputBytes[i + 2] & 0x3F];
//add line break
if (wrapWidth && (outputLength + 2) % (wrapWidth + 2) == 0)
{
outputBytes[outputLength++] = '\r';
outputBytes[outputLength++] = '\n';
}
}
//handle left-over data
if (i == inputLength - 2)
{
// = terminator
outputBytes[outputLength++] = lookup[(inputBytes[i] & 0xFC) >> 2];
outputBytes[outputLength++] = lookup[((inputBytes[i] & 0x03) << 4) | ((inputBytes[i + 1] & 0xF0) >> 4)];
outputBytes[outputLength++] = lookup[(inputBytes[i + 1] & 0x0F) << 2];
outputBytes[outputLength++] = '=';
}
else if (i == inputLength - 1)
{
// == terminator
outputBytes[outputLength++] = lookup[(inputBytes[i] & 0xFC) >> 2];
outputBytes[outputLength++] = lookup[(inputBytes[i] & 0x03) << 4];
outputBytes[outputLength++] = '=';
outputBytes[outputLength++] = '=';
}
if (outputLength >= 4)
{
//truncate data to match actual output length
outputBytes = realloc(outputBytes, (NSUInteger)outputLength);
return [[NSString alloc] initWithBytesNoCopy:outputBytes
length:(NSUInteger)outputLength
encoding:NSASCIIStringEncoding
freeWhenDone:YES];
}
else if (outputBytes)
{
free(outputBytes);
}
return nil;
}
Null termination is not the only problem when converting from NSData to NSString.
NSString is not designed to hold arbitrary binary data. It expects an encoding.
If your NSData contains an invalid UTF-8 sequence, initializing the NSString will fail.
The documentation isn't completely clear on this point, but for initWithData it says:
Returns nil if the initialization fails for some reason (for example
if data does not represent valid data for encoding).
Also: The JSON specification defines a string as a sequence of Unicode characters.
That means even if you're able to get your raw data into a JSON string, parsing could fail on the receiving end if the code performs UTF-8 validation.
If you don't want to use Base64, take a look at the answers here.
All code in this answer is pseudo-code fragments, you need to convert the algorithms into Objective-C or other language yourself.
Your question raises many questions... You start with:
I have an NSData object. I need to convert its bytes to a string and send as JSON. description returns hex and is unreliable (according to various SO posters).
This appears to suggest you wish to encode the bytes as a string, ready to decode them back to bytes the other end. If this is the case you have a number of choices, such as Base-64 encoding etc. If you want something simple you can just encode each byte as its two character hex value, pseudo code outline:
NSMutableString *encodedString = #"".mutableCopy;
foreach aByte in byteData
[encodedString appendFormat:#"%02x", aByte];
The format %02x means two hexadecimal digits with zero padding. This results in a string which can be sent as JSON and decoded easily the other end. The byte size over the wire will probably be twice the byte length as UTF-8 is the recommended encoding for JSON over the wire.
However in response to one of the answer you write:
But I need absolutely the raw bits.
What do you mean by this? Is your receiver going to interpret the JSON string it gets as a sequence of raw bytes? If so you have a number of problems to address. JSON strings are a subset of JavaScript strings and are stored as UCS-2 or UTF-16, that is they are sequences of 16-bit values not 8-bit values. If you encode each byte into a character in a string then it will be represented using 16-bits, if your receiver can access the byte stream it has to skip ever other byte. Of course if you receiver accesses the strings a character at a time each 16-bit character can be truncated back to an 8-bit byte. Now you might think if you take this approach then each 8-bit byte can just be output as a character as part of a string, but that won't work. While all values 1-255 are valid Unicode character code points, and JavaScript/JSON allow NULs (0 value) in strings, not all those values are printable, you cannot put a double quote " into a string without escaping it, and the escape character is \ - all these will need to be encoded into the string. You'd end up with something like:
NSMutableString *encodedString = #"".mutableCopy;
foreach aByte in byteData
if (isprint(aByte) && aByte != '"' && aByte != '\\')
[encodedString appendFormat:#"%c", aByte];
otherwise
[encodedString appendFormat:#"\\u00%02x", aByte]; // JSON unicode escape sequence
This will produce a string which when parsed by a JSON decoder will give you one character (16-bits) for each byte, the top 8-bits being zero. However if you pass this string to a JSON encoder it will encode the unicode escape sequences, which are already encoded... So you really need to send this string over the wire yourself to avoid this...
Confused? Getting complicated? Well why are you trying to send binary byte data as a string? You never say what your high-level goal is or what, if anything, is known about the byte data (e.g. does it represent character in some encoding)
If this is really just an array of bytes then why not send it as JSON array of numbers - a byte is just a number in the range 0-255. To do this you would use code along the lines of:
NSMutableArray *encodedBytes = [NSMutableArray new];
foreach aByte in byteData
[encodedBytes addObject:#(aByte)]; // add aByte as an NSNumber object
Now pass encodedBytes to NSJSONSerialisation and it will send a JSON array of numbers over the wire, the receiver will reverse the process packing each byte back into a byte buffer and you have you bytes back.
This method avoids all issues of valid strings, encodings and escapes.
HTH
var index=2;
var validFor="CAAA";
function isDependentValue(index, validFor)
{
var base64 = new sforce.Base64Binary("");
var decoded = base64.decode(validFor);
var bits = decoded.charCodeAt(index>>3);
return ((bits & (0x80 >> (index%8))) != 0);
}
The above code is written in Javascript.I have to do the same in my iOS app.How can i do it with Objective-c.I have decoded the validFor string by using of this POST
Need help on this
If you are looking to convert a string to base64, the code below shows a brief example:
NSData *nsdata = [#"String to encode"
dataUsingEncoding:NSUTF8StringEncoding];
// Get NSString from NSData object in Base64
NSString *base64Encoded = [nsdata base64EncodedStringWithOptions:0];
I need to work out a decryption/encryption algorithm, but I'm confused regarding SHA256 / CBC / Salt / IV etc.
An example of a correctly encrypted string is:
U2FsdGVkX19IfIZtJ/48wk8z3ZRGDK8RD8agyQRhMrsOMsoIlVEcrzraOLo5IRBXjDkN1JUFnNrkvi2NA22IOTv00U97065tUNBQKEVXcaL0UJirtcqHlq8lN4pEm14ZokKXv8mUP8GkUKrOf37GhOugi/F/CQiILb57kIPrYPk=
It is Base64 encoded then Rijndael encoded. The first 8 characters are 'Salted__' and the next 8 characters I assume is some sort of salt (randomly generated).
The key I provided to encrypt this data is '12345678'.
The decrypted data should be:
2358442189442905:ZGF2aWQ=:1324515293:1.9.12:1:MC4wLjAuMCxub25lLzA=:LfcTMMYyUcwgL8keu3sMoNC/PFEKZy8fWFvo3rJvSdo
Apparently it is following Crypt::CBC::VERSION 2.29
I can't seem to decrypt the correctly encrypted string above. I have tried the following:
NSString *key = #"12345678";
NSData *test = [NSData dataFromBase64String:#"U2FsdGVkX19IfIZtJ/48wk8z3ZRGDK8RD8agyQRhMrsOMsoIlVEcrzraOLo5IRBXjDkN1JUFnNrkvi2NA22IOTv00U97065tUNBQKEVXcaL0UJirtcqHlq8lN4pEm14ZokKXv8mUP8GkUKrOf37GhOugi/F/CQiILb57kIPrYPk="];
unsigned char salt[8]; //get the salt out
[test getBytes:salt range:NSMakeRange(8, 8)];
NSData *saltData = [NSData dataWithBytes:salt length:8];
unsigned char data[128-16]; // remove the Salted__ and the 8 character salt
[test getBytes:data range:NSMakeRange(8, 128-8)];
test = [NSData dataWithBytes:data length:128-8];
NSMutableData *aeskey = [NSMutableData dataWithData:[key dataUsingEncoding:NSUTF8StringEncoding]];
[aeskey appendData:saltData]; // add the salt to the end of the key?
NSData *test2 = [test decryptedAES256DataUsingKey:key error:nil]; //Using a NSData+CommonCrypto library
Any ideas on how to decrypt this properly?
EDIT: more information: this is code related to what I am trying to implement.
elsif ($header_mode eq 'salt') {
$self->{salt} = $self->_get_random_bytes(8) if $self->{make_random_salt};
defined (my $salt = $self->{salt}) or croak "No header_mode of 'salt' specified, but no salt value provided"; # shouldn't happen
length($salt) == 8 or croak "Salt must be exactly 8 bytes long";
my ($key,$iv) = $self->_salted_key_and_iv($self->{passphrase},$salt);
$self->{key} = $key;
$self->{civ} = $self->{iv} = $iv;
$result = "Salted__${salt}";
}
my $self = shift;
my ($pass,$salt) = #_;
croak "Salt must be 8 bytes long" unless length $salt == 8;
my $key_len = $self->{keysize};
my $iv_len = $self->{blocksize};
my $desired_len = $key_len+$iv_len;
my $data = '';
my $d = '';
while (length $data < $desired_len) {
$d = md5($d . $pass . $salt);
$data .= $d;
}
return (substr($data,0,$key_len),substr($data,$key_len,$iv_len));
Here is an implementation that I don't fully understand: http://pastebin.com/R0b1Z7GH http://pastebin.com/aYWFXesP
unsigned char salt[8]; //get the salt out
[test getBytes:salt range:NSMakeRange(8, 8)];
NSData *saltData = [NSData dataWithBytes:salt length:8];
unsigned char data[128-16]; // remove the Salted__ and the 8 character salt
[test getBytes:data range:NSMakeRange(8, 128-8)];
test = [NSData dataWithBytes:data length:128-8];
I think in your second block of code you are copying the wrong data. Try this:
unsigned char data[128-16]; // remove the Salted__ and the 8 character salt
[test getBytes:data range:NSMakeRange(16, 128-16)];
test = [NSData dataWithBytes:data length:128-16];
Your comment indicates that you want to skip both the Salted__ and the salt itself.
Note that I haven't got a clue where the salt should go -- that's up to the protocol that you're trying to integrate with -- so I hope you've got that well-documented from another source.
I'm trying to compute a key for a SOAP signature using P_SHA-1 defined by WS-Trust. The WS-Trust specification says that
key = P_SHA1 (EntropyFromRequest, EntropyFromResponse)
and the TLS spec says P_SHA-1 is
P_SHA-1(secret, seed) =
HMAC_SHA-1(secret, A(1) + seed) +
HMAC_SHA-1(secret, A(2) + seed) +
HMAC_SHA-1(secret, A(3) + seed) + ...
Where + indicates concatenation.
A() is defined as:
A(0) = seed
A(i) = HMAC_SHA-1(secret, A(i-1))
My algorithm looks like so:
- (NSData*) psha1WithSize:(int)bytes;
{
int numberOfIterations = bytes/16;
NSData *label;
NSData *secret;
NSMutableData *seed;
NSData *reqEntropy = [NSData dataWithBase64EncodedString:requestEntropy];
NSData *resEntropy = [NSData dataWithBase64EncodedString:responseEntropy];
secret = reqEntropy;
seed = resEntropy;
NSData *aIMinusOne = seed;
NSData *aI = nil;
NSMutableData *currentData = [[NSMutableData alloc] init];
for( int i=1; i <= numberOfIterations; i++ )
{
aI = [self hmacSha1Data:aIMinusOne withKey:secret];
NSMutableData *aIPlusSeed = [NSMutableData dataWithData:aI];
[aIPlusSeed appendData:seed];
[currentData appendData:[self hmacSha1Data:aIPlusSeed withKey:secret]];
aIMinusOne = aI;
aI = nil;
}
return currentData;
}
My HMAC looks like these: iPhone and HMAC-SHA-1 encoding
This doesn't seem to be working, and I can't figure out what is wrong with my algorithm. One thought I had was that the service is implemented in .NET WCF, and to get it to accept the hashed password I had to use an NSUTF16LittleEndianStringEncoding, so maybe the response entropy is in the same encoding (prior to base64 encoding)?
Any help is greatly appreciated, thanks.