使用NSSecureCoding协议进行对象编解码(转)

http://blog.jobbole.com/67655/
NSCoding是把数据存储在iOS和Mac

OS上的一种极其简单和方便的方式,它把模型对象直接转变成一个文件,然后再把这个文件重新加载到内存里,并不需要任何文件解析和序列化的逻辑。如果要把对象保存到一个数据文件中(假设这个对象实现了NSCoding协议),那么你可以像下面这样做:

C++

Foo *someFoo = [[Foo alloc] init];

[NSKeyedArchiver archiveRootObject:someFoo toFile:someFile];

1

2Foo*someFoo=[[Fooalloc]init];

[NSKeyedArchiverarchiveRootObject:someFootoFile:someFile];

稍后再加载它:

C++

Foo *someFoo = [NSKeyedUnarchiver unarchiveObjectWithFile:someFile];

1

Foo*someFoo=[NSKeyedUnarchiverunarchiveObjectWithFile:someFile];

这样做对于编译进APP里的资源来说是可以的(例如nib文件,它在底层使用了NSCoding),但是使用NSCoding来读写用户数据文件的问题在于,把全部的类编码到一个文件里,也就间接地给了这个文件访问你APP里面实例类的权限。

虽然你不能在一个NSCoded文件里(至少在iOS中的)存储可执行代码,但是一名黑客可以使用特制地文件骗过你的APP进入到实例化类中,这是你从没打算做的,或者是你想要在另一个不同的上下文时才做的。尽管以这种方式造成实际性的破坏很难,但是无疑会导致用户的APP崩溃掉或者数据丢失。

在iOS6中,苹果引入了一个新的协议,是基于NSCoding的,叫做NSSecureCoding。NSSecureCoding和NSCoding是一样的,除了在解码时要同时指定key和要解码的对象的类,如果要求的类和从文件中解码出的对象的类不匹配,NSCoder会抛出异常,告诉你数据已经被篡改了。

大部分支持NSCoding的系统对象都已经升级到支持NSSecureCoding了,所以能安全地写有关归档的代码,你可以确保正在加载的数据文件是安全的。实现的方式如下:

C++

// Set up NSKeyedUnarchiver to use secure coding

NSData *data = [NSData dataWithContentsOfFile:someFile];

NSKeyedUnarchiver *unarchiver = [[NSKeyedUnarchiver alloc] initForReadingWithData:data];

[unarchiver setRequiresSecureCoding:YES];

// Decode object

Foo *someFoo = [unarchiver decodeObjectForKey:NSKeyedArchiveRootObjectKey];

1

2

3

4

5

6

7// Set up NSKeyedUnarchiver to use secure coding

NSData*data=[NSDatadataWithContentsOfFile:someFile];

NSKeyedUnarchiver*unarchiver=[[NSKeyedUnarchiveralloc]initForReadingWithData:data];

[unarchiversetRequiresSecureCoding:YES];

// Decode object

Foo*someFoo=[unarchiverdecodeObjectForKey:NSKeyedArchiveRootObjectKey];

注意一下,如果要让编写归档的代码是安全的,那么存储在文件中的每一个对象都要实现NSSecureCoding协议,否则会有异常抛出。如果要告诉框架自定义的类支持NSSecureCoding协议,那么你必须在initWithCoder:

method方法中实现新的解码逻辑,并且supportsSecureCodin方法要返回YES。encodeWithCoder:方法没有变化,因为与安全相关的事是围绕加载进行的,而不是保存:

C++

@interface Foo : NSObject

@property (nonatomic, strong) NSNumber *property1;

@property (nonatomic, copy) NSArray *property2;

@property (nonatomic, copy) NSString *property3;

@end

@implementation Foo

+ (BOOL)supportsSecureCoding

{

return YES;

}

- (id)initWithCoder:(NSCoder *)coder

{

if ((self = [super init]))

{

// Decode the property values by key, specifying the expected class

_property1 = [coder decodeObjectOfClass:[NSNumber class] forKey:@"property1"];

_property2 = [coder decodeObjectOfClass:[NSArray class] forKey:@"property2"];

_property3 = [coder decodeObjectOfClass:[NSString class] forKey:@"property3"];

}

return self;

}

- (void)encodeWithCoder:(NSCoder *)coder

{

// Encode our ivars using string keys as normal

[coder encodeObject:_property1 forKey:@"property1"];

[coder encodeObject:_property2 forKey:@"property2"];

[coder encodeObject:_property3 forKey:@"property3"];

}

@end

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57@interfaceFoo:NSObject

@property(nonatomic,strong)NSNumber*property1;

@property(nonatomic,copy)NSArray*property2;

@property(nonatomic,copy)NSString*property3;

@end

@implementationFoo

+(BOOL)supportsSecureCoding

{

returnYES;

}

-(id)initWithCoder:(NSCoder*)coder

{

if((self=[superinit]))

{

// Decode the property values by key, specifying the expected class

_property1=[coderdecodeObjectOfClass:[NSNumberclass]forKey:@"property1"];

_property2=[coderdecodeObjectOfClass:[NSArrayclass]forKey:@"property2"];

_property3=[coderdecodeObjectOfClass:[NSStringclass]forKey:@"property3"];

}

returnself;

}

-(void)encodeWithCoder:(NSCoder*)coder

{

// Encode our ivars using string keys as normal

[coderencodeObject:_property1forKey:@"property1"];

[coderencodeObject:_property2forKey:@"property2"];

[coderencodeObject:_property3forKey:@"property3"];

}

@end

几周前,我写了一篇关于如何自动实现NSCoding的文章,它利用反射机制确定运行时类的属性。

这是一种给所有的模型对象添加NSCoding支持的很好的方式,在initWithCoder:/encodeWithCoder:

方法中,你不再需要写重复的并且容易出错的代码了。但是我们使用的方法没有支持NSSecureCoding,因为我们不打算在对象被加载时校验其类型。

那么怎么改善这个自动NSCoding系统,使其以正确的方式支持NSSecureCoding呢?

回想一下,最开始的实现原理是利用class_copyPropertyList() 和 property_getName()这样两个运行时方法,产生属性名称列表,我们再把它们在数组中排序:

C++

// Import the Objective-C runtime headers

#import

- (NSArray *)propertyNames

{

// Get the list of properties

unsigned int propertyCount;

objc_property_t *properties = class_copyPropertyList([self class],

&propertyCount);

NSMutableArray *array = [NSMutableArray arrayWithCapacity:propertyCount];

for (int i = 0; i < propertyCount; i++)

{

// Get property name

objc_property_t property = properties[i];

const char *propertyName = property_getName(property);

NSString *key = @(propertyName);

// Add to array

[array addObject:key];

}

// Remember to free the list because ARC doesn't do that for us

free(properties);

return array;

}

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43// Import the Objective-C runtime headers

#import

-(NSArray*)propertyNames

{

// Get the list of properties

unsignedintpropertyCount;

objc_property_t*properties=class_copyPropertyList([selfclass],

&propertyCount);

NSMutableArray*array=[NSMutableArrayarrayWithCapacity:propertyCount];

for(inti=0;i

{

// Get property name

objc_property_tproperty=properties[i];

constchar*propertyName=property_getName(property);

NSString*key=@(propertyName);

// Add to array

[arrayaddObject:key];

}

// Remember to free the list because ARC doesn't do that for us

free(properties);

returnarray;

}

使用KVC(键-值编码),我们能够利用名称设置和获取一个对象的所有属性,并且在一个NSCoder对象中对这些属性进行编码/解码。

为了要实现NSSecureCoding,我们要遵循同样的原则,但是不仅仅是获取属性名,还需要获取它们的类型。幸运地是,Objective C运行时存储了类的属性类型的详细信息,所以可以很容易和名字一起取到这些数据。

一个类的属性可以是基本数据类型(例如整型、布尔类型和结构体),或者对象(例如字符串、数组等等)。KVC中的valueForKey: and

setValue:forKey:方法实现了对基本类型的自动“装箱”,也就是说它们会把整型、布尔型和结构体各自转变成NSNumber和NSValue对象。这使事情变得简单了很多,因为我们只要处理装箱过的类型(对象)即可,所以我们可以声明属性类型为类,而不用为不同的属性类型调用不同的解码方法。

尽管运行时方法没有提供已装箱的类名,但是它们提供了类型编码—一种特殊格式化的C风格的字符串,它包含了类型信息(与@encode(var);返回的形式一样)。因为没有方法自动获取到基本类型对应的装箱过的类,所以我们需要解析这个字符串,然后指定其合适的类型。

类型编码字符串形式的文档说明在这里。

第一个字母代表了基本类型。Objective

C使用一个唯一的字母表示每一个支持的基本类型,例如’i’表示integer,’f’表示float,’d’表示double,等等。对象用’@’表示(紧跟着的是类名),还有其他一些不常见的类型,例如’:’表示selectors,’#’表示类。

结构体和联合体表示为大括号里面的表达式。只有几种类型是KVC机制所支持的,但是支持的那些类通常被装箱为NSValue对象,所以可用一种方式处理以’{’开头的任何值。

如果根据字符串的首字母来转换,那么我们可以处理所有已知的类型:

C++

Class propertyClass = nil;

char *typeEncoding = property_copyAttributeValue(property, "T");

switch (typeEncoding[0])

{

case 'c': // Numeric types

case 'i':

case 's':

case 'l':

case 'q':

case 'C':

case 'I':

case 'S':

case 'L':

case 'Q':

case 'f':

case 'd':

case 'B':

{

propertyClass = [NSNumber class];

break;

}

case '*': // C-String

{

propertyClass = [NSString class];

break;

}

case '@': // Object

{

//TODO: get class name

break;

}

case '{': // Struct

{

propertyClass = [NSValue class];

break;

}

case '[': // C-Array

case '(': // Enum

case '#': // Class

case ':': // Selector

case '^': // Pointer

case 'b': // Bitfield

case '?': // Unknown type

default:

{

propertyClass = nil; // Not supported by KVC

break;

}

}

free(typeEncoding);

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99ClasspropertyClass=nil;

char*typeEncoding=property_copyAttributeValue(property,"T");

switch(typeEncoding[0])

{

case'c':// Numeric types

case'i':

case's':

case'l':

case'q':

case'C':

case'I':

case'S':

case'L':

case'Q':

case'f':

case'd':

case'B':

{

propertyClass=[NSNumberclass];

break;

}

case'*':// C-String

{

propertyClass=[NSStringclass];

break;

}

case'@':// Object

{

//TODO: get class name

break;

}

case'{':// Struct

{

propertyClass=[NSValueclass];

break;

}

case'[':// C-Array

case'(':// Enum

case'#':// Class

case':':// Selector

case'^':// Pointer

case'b':// Bitfield

case'?':// Unknown type

default:

{

propertyClass=nil;// Not supported by KVC

break;

}

}

free(typeEncoding);

如果要处理’@’类型,则需要提去出类名。类名可能包括协议(实际上我们并不需要用到),所以划分字符串拿准确的类名,然后使用NSClassFromString得到类:

C++

case '@':

{

// The objcType for classes will always be at least 3 characters long

if (strlen(typeEncoding) >= 3)

{

// Copy the class name as a C-String

char *cName = strndup(typeEncoding + 2, strlen(typeEncoding) - 3);

// Convert to an NSString for easier manipulation

NSString *name = @(cName);

// Strip out and protocols from the end of the class name

NSRange range = [name rangeOfString:@"<"];

if (range.location != NSNotFound)

{

name = [name substringToIndex:range.location];

}

// Get class from name, or default to NSObject if no name is found

propertyClass = NSClassFromString(name) ?: [NSObject class];

free(cName);

}

break;

}

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40case'@':

{

// The objcType for classes will always be at least 3 characters long

if(strlen(typeEncoding)>=3)

{

// Copy the class name as a C-String

char*cName=strndup(typeEncoding+2,strlen(typeEncoding)-3);

// Convert to an NSString for easier manipulation

NSString*name=@(cName);

// Strip out and protocols from the end of the class name

NSRangerange=[namerangeOfString:@"<"];

if(range.location!=NSNotFound)

{

name=[namesubstringToIndex:range.location];

}

// Get class from name, or default to NSObject if no name is found

propertyClass=NSClassFromString(name)?:[NSObjectclass];

free(cName);

}

break;

}

最后,把上面的解析过程和前面实现的propertyNames方法结合起来,创建一个方法返回属性类的字典,属性名称作为字典的键。下面是完成的实现过程:

- (NSDictionary *)propertyClassesByName

{

// Check for a cached value (we use _cmd as the cache key,

// which represents @selector(propertyNames))

NSMutableDictionary *dictionary = objc_getAssociatedObject([self class], _cmd);

if (dictionary)

{

return dictionary;

}

// Loop through our superclasses until we hit NSObject

dictionary = [NSMutableDictionary dictionary];

Class subclass = [self class];

while (subclass != [NSObject class])

{

unsigned int propertyCount;

objc_property_t *properties = class_copyPropertyList(subclass,

&propertyCount);

for (int i = 0; i < propertyCount; i++)

{

// Get property name

objc_property_t property = properties[i];

const char *propertyName = property_getName(property);

NSString *key = @(propertyName);

// Check if there is a backing ivar

char *ivar = property_copyAttributeValue(property, "V");

if (ivar)

{

// Check if ivar has KVC-compliant name

NSString *ivarName = @(ivar);

if ([ivarName isEqualToString:key] ||

[ivarName isEqualToString:[@"_" stringByAppendingString:key]])

{

// Get type

Class propertyClass = nil;

char *typeEncoding = property_copyAttributeValue(property, "T");

switch (typeEncoding[0])

{

case 'c': // Numeric types

case 'i':

case 's':

case 'l':

case 'q':

case 'C':

case 'I':

case 'S':

case 'L':

case 'Q':

case 'f':

case 'd':

case 'B':

{

propertyClass = [NSNumber class];

break;

}

case '*': // C-String

{

propertyClass = [NSString class];

break;

}

case '@': // Object

{

//TODO: get class name

break;

}

case '{': // Struct

{

propertyClass = [NSValue class];

break;

}

case '[': // C-Array

case '(': // Enum

case '#': // Class

case ':': // Selector

case '^': // Pointer

case 'b': // Bitfield

case '?': // Unknown type

default:

{

propertyClass = nil; // Not supported by KVC

break;

}

}

free(typeEncoding);

// If known type, add to dictionary

if (propertyClass) dictionary[propertyName] = propertyClass;

}

free(ivar);

}

}

free(properties);

subclass = [subclass superclass];

}

// Cache and return dictionary

objc_setAssociatedObject([self class], _cmd, dictionary,

OBJC_ASSOCIATION_RETAIN_NONATOMIC);

return dictionary;

}

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193-(NSDictionary *)propertyClassesByName

{

// Check for a cached value (we use _cmd as the cache key,

// which represents @selector(propertyNames))

NSMutableDictionary *dictionary=objc_getAssociatedObject([selfclass],_cmd);

if(dictionary)

{

returndictionary;

}

// Loop through our superclasses until we hit NSObject

dictionary=[NSMutableDictionarydictionary];

Classsubclass=[selfclass];

while(subclass!=[NSObjectclass])

{

unsignedintpropertyCount;

objc_property_t *properties=class_copyPropertyList(subclass,

&propertyCount);

for(inti=0;i

{

// Get property name

objc_property_tproperty=properties[i];

constchar*propertyName=property_getName(property);

NSString *key=@(propertyName);

// Check if there is a backing ivar

char*ivar=property_copyAttributeValue(property,"V");

if(ivar)

{

// Check if ivar has KVC-compliant name

NSString *ivarName=@(ivar);

if([ivarNameisEqualToString:key]||

[ivarNameisEqualToString:[@"_"stringByAppendingString:key]])

{

// Get type

ClasspropertyClass=nil;

char*typeEncoding=property_copyAttributeValue(property,"T");

switch(typeEncoding[0])

{

case'c': // Numeric types

case'i':

case's':

case'l':

case'q':

case'C':

case'I':

case'S':

case'L':

case'Q':

case'f':

case'd':

case'B':

{

propertyClass=[NSNumberclass];

break;

}

case'*': // C-String

{

propertyClass=[NSStringclass];

break;

}

case'@': // Object

{

//TODO: get class name

break;

}

case'{': // Struct

{

propertyClass=[NSValueclass];

break;

}

case'[': // C-Array

case'(': // Enum

case'#': // Class

case':': // Selector

case'^': // Pointer

case'b': // Bitfield

case'?': // Unknown type

default:

{

propertyClass=nil;// Not supported by KVC

break;

}

}

free(typeEncoding);

// If known type, add to dictionary

if(propertyClass)dictionary[propertyName]=propertyClass;

}

free(ivar);

}

}

free(properties);

subclass=[subclasssuperclass];

}

// Cache and return dictionary

objc_setAssociatedObject([selfclass],_cmd,dictionary,

OBJC_ASSOCIATION_RETAIN_NONATOMIC);

returndictionary;

}

最难的部分已经完成了。现在,要实现NSSecureCoding,只要将initWithCoder:方法中之前写的自动编码实现的部分,改为在解析时考虑到属性的类就可以了。此外,还需让supportsSecureCoding方法返回YES:

C++

+ (BOOL)supportsSecureCoding

{

return YES;

}

- (id)initWithCoder:(NSCoder *)coder

{

if ((self = [super init]))

{

// Decode the property values by key, specifying the expected class

[[self propertyClassesByName] enumerateKeysAndObjectsUsingBlock:(void (^)(NSString *key, Class propertyClass, BOOL *stop)) {

id object = [aDecoder decodeObjectOfClass:propertyClass forKey:key];

if (object) [self setValue:object forKey:key];

}];

}

return self;

}

- (void)encodeWithCoder:(NSCoder *)aCoder

{

for (NSString *key in [self propertyClassesByName])

{

id object = [self valueForKey:key];

if (object) [aCoder encodeObject:object forKey:key];

}

}

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47+(BOOL)supportsSecureCoding

{

returnYES;

}

-(id)initWithCoder:(NSCoder*)coder

{

if((self=[superinit]))

{

// Decode the property values by key, specifying the expected class

[[selfpropertyClassesByName]enumerateKeysAndObjectsUsingBlock:(void(^)(NSString*key,ClasspropertyClass,BOOL*stop)){

idobject=[aDecoderdecodeObjectOfClass:propertyClassforKey:key];

if(object)[selfsetValue:objectforKey:key];

}];

}

returnself;

}

-(void)encodeWithCoder:(NSCoder*)aCoder

{

for(NSString*keyin[selfpropertyClassesByName])

{

idobject=[selfvalueForKey:key];

if(object)[aCoderencodeObject:objectforKey:key];

}

}

这样就得到了一个用于描述模型对象的简单的基类,并且它以正确的方式支持NSSecureCoding。此外,你可以使用我的AutoCoding扩展,它利用这种方法自动给没有实现NSCoding 和 NSSecureCoding协议的对象添加对它们的支持。

你可能感兴趣的:(使用NSSecureCoding协议进行对象编解码(转))