My application registers a subclass of NSURLProtocol that intercepts one specific URL. The protocol responds to requests with a secret key.
@implementation PrivateURLProtocol // ignore everything besides keyURL + (BOOL)canInitWithRequest:(NSURLRequest *)request { return [request.URL isEqual:keyURL]; } // respond with secret key â startLoading { NSURLResponse *response = [[NSURLResponse alloc] initWithURL:self.request.URL MIMEType:@"text/plain" expectedContentLength:-1 textEncodingName:nil]; [self.client URLProtocol:self didReceiveResponse:response cacheStoragePolicy:NSURLCacheStorageNotAllowed]; NSData *data = [@"Swordfish" dataUsingEncoding:NSUTF8StringEncoding]; [self.client URLProtocol:self didLoadData:data]; [self.client URLProtocolDidFinishLoading:self]; } // boilerplate â (void)stopLoading { } + (NSURLRequest *)canonicalRequestForRequest:(NSURLRequest *)request { return request; } @end
Only my code and the libraries I refer to should be able to see the key. How can an entrepreneurial user get my secret key? It's safe?
For the curious, this is part of the DRM setup. AVPlayer will request a key so that it can play encrypted media.
source share