为 CouchbaseLite(CBLListener 和 CBLReplication)设置身份验证层以进行 p2p 数据库复制的正确方法是什么?
What is proper way to setup auth layer for CouchbaseLite (CBLListener and CBLReplication) for p2p database replication?
我正在尝试为 p2p 复制配置基本登录名/密码身份验证。
无需身份验证,复制工作正常。所以我很确定我的问题与身份验证配置有关。
CBListener配置:
login = "my_login"
password = "my_password"
listener = CBLListener(manager: CBLManager.sharedInstance(), port: 55555)
listener.setBonjourName(netServiceName, type: netServiceType)
listener.readOnly = true
listener.setPasswords([login : password])
try! listener.start()
CBLReplication配置:
let netService: NetService = ... // Got from NetServiceBrowserDelegate and NetServiceDelegate
let components = NSURLComponents()
components.scheme = "http"
components.host = netService.hostName
components.port = NSNumber(value: 55555)
components.path = "/" + database.name
components.user = login
components.password = password
let newReplication = database.createPullReplication(components.url!)
newReplication.continuous = true
newReplication.start()
这是我在 Xcode 控制台中得到的:
CBLRestPuller[http://my_login:*****@Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net]: Going online
CBLRestPuller[http://my_login:*****@Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net]: No local checkpoint; not getting remote one
CBLRestPuller[http://my_login:*****@Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net] Progress: set active = 1
CBLReplication[from http://my_login:*****@Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net]: active, progress = 0 / 0, err: (null)
nil
CBLRestPuller[http://my_login:*****@Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net]: Reachability state = :reachable (20002), suspended=0
: HTTP auth failed; sent Authorization: Basic bXlfbG9naW46bXlfcGFzc3dvcmQ= ; got WWW-Authenticate: Digest realm="CouchbaseLite", qop="auth", nonce="69773230-683C-4DCC-AB40-A21527A1F911"
CBLSocketChangeTracker[0x127d63810 sg_to_firstfoundry_net]: Can't connect, giving up: CBLHTTP[401, http://my_login:*****@Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net/_changes?feed=normal&heartbeat=300000&style=all_docs]<--NSURLError[-1013, http://my_login:*****@Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net/_changes?feed=normal&heartbeat=300000&style=all_docs]
CBLRestPuller[http://my_login:*****@Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net]: ChangeTracker stopped; error=CBLHTTP[401, http://my_login:*****@Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net/_changes?feed=normal&heartbeat=300000&style=all_docs]<--NSURLError[-1013, http://my_login:*****@Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net/_changes?feed=normal&heartbeat=300000&style=all_docs]
我认为这里最重要的日志是这一行:
: HTTP auth failed; sent Authorization:
Basic bXlfbG9naW46bXlfcGFzc3dvcmQ= ; got WWW-Authenticate: Digest
realm="CouchbaseLite", qop="auth",
nonce="69773230-683C-4DCC-AB40-A21527A1F911"
或者我尝试使用 CBLAuthenticator 而不是将 login/password 注入 url。仍然不起作用,但是我在日志中收到不同的错误消息:
更改内容:
// Added:
newReplication.authenticator = CBLAuthenticator.basicAuthenticator(withName: login, password: password)
// Removed:
components.user = login
components.password = password
这是更新代码后我在 Xcode 控制台中得到的内容:
CBLRestPuller[http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net]: Going online
CBLRestPuller[http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net] Progress: set active = 1
CBLRestPuller[http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net]: Successfully logged in!
RemoteRequest: Added Authorization header for CBLPasswordAuthorizer[my_login/****]
CBLRemoteJSONRequest[GET http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net/_local/b3f625c9bddabfb59ee49d78f3bb484a5876b486]: Starting...
DEALLOC CBLRemoteLogin[http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net]
2017-02-20 16:51:28.335 Union Dev[1922:1702832] RemoteRequest: CBLRemoteSession starting CBLRemoteJSONRequest[GET http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net/_local/b3f625c9bddabfb59ee49d78f3bb484a5876b486]
Sync: CBLReplication[from http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net]: active, progress = 0 / 0, err: (null)
nil
CBLRestPuller[http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net]: Reachability state = :reachable (20002), suspended=0
RemoteRequest: Got challenge for CBLRemoteJSONRequest[GET http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net/_local/b3f625c9bddabfb59ee49d78f3bb484a5876b486]: method=NSURLAuthenticationMethodHTTPDigest, err=(null)
RemoteRequest: challenge: (phase 3) continueWithoutCredential
Sync: CBLRestPuller[http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net]: Server is (null)
RemoteRequest: CBLRemoteJSONRequest[GET http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net/_local/b3f625c9bddabfb59ee49d78f3bb484a5876b486]: Got response, status 401
CBLRemoteJSONRequest[GET http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net/_local/b3f625c9bddabfb59ee49d78f3bb484a5876b486]: Got error CBLHTTP[401, "unauthorized", http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net/_local/b3f625c9bddabfb59ee49d78f3bb484a5876b486]
Sync: CBLRestPuller[http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net]: Error fetching last sequence: CBLHTTP[401, "unauthorized", http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net/_local/b3f625c9bddabfb59ee49d78f3bb484a5876b486]
Sync: CBLRestPuller[http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net] Progress: set error = CBLHTTP[401, "unauthorized", http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net/_local/b3f625c9bddabfb59ee49d78f3bb484a5876b486]
有人能指出我哪里做错了吗?
在与 Couchbase 工程师交谈后,我们决定最好的解决方案是启用安全的 http 连接,因为通过不安全的 http 请求发送登录名/密码没有意义。
启用 https 的最简单(不是最安全)的方法是下一步:
// Change url to https
components.scheme = "https"
// Inject self-signed generated on the fly certificate into CBLListener
try listener.setAnonymousSSLIdentityWithLabel("use_any_string_here")
我们提供了有关为 p2p 复制配置 https 连接的更多信息here。
我正在尝试为 p2p 复制配置基本登录名/密码身份验证。
无需身份验证,复制工作正常。所以我很确定我的问题与身份验证配置有关。
CBListener配置:
login = "my_login"
password = "my_password"
listener = CBLListener(manager: CBLManager.sharedInstance(), port: 55555)
listener.setBonjourName(netServiceName, type: netServiceType)
listener.readOnly = true
listener.setPasswords([login : password])
try! listener.start()
CBLReplication配置:
let netService: NetService = ... // Got from NetServiceBrowserDelegate and NetServiceDelegate
let components = NSURLComponents()
components.scheme = "http"
components.host = netService.hostName
components.port = NSNumber(value: 55555)
components.path = "/" + database.name
components.user = login
components.password = password
let newReplication = database.createPullReplication(components.url!)
newReplication.continuous = true
newReplication.start()
这是我在 Xcode 控制台中得到的:
CBLRestPuller[http://my_login:*****@Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net]: Going online
CBLRestPuller[http://my_login:*****@Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net]: No local checkpoint; not getting remote one
CBLRestPuller[http://my_login:*****@Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net] Progress: set active = 1
CBLReplication[from http://my_login:*****@Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net]: active, progress = 0 / 0, err: (null) nil
CBLRestPuller[http://my_login:*****@Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net]: Reachability state = :reachable (20002), suspended=0
: HTTP auth failed; sent Authorization: Basic bXlfbG9naW46bXlfcGFzc3dvcmQ= ; got WWW-Authenticate: Digest realm="CouchbaseLite", qop="auth", nonce="69773230-683C-4DCC-AB40-A21527A1F911"
CBLSocketChangeTracker[0x127d63810 sg_to_firstfoundry_net]: Can't connect, giving up: CBLHTTP[401, http://my_login:*****@Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net/_changes?feed=normal&heartbeat=300000&style=all_docs]<--NSURLError[-1013, http://my_login:*****@Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net/_changes?feed=normal&heartbeat=300000&style=all_docs]
CBLRestPuller[http://my_login:*****@Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net]: ChangeTracker stopped; error=CBLHTTP[401, http://my_login:*****@Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net/_changes?feed=normal&heartbeat=300000&style=all_docs]<--NSURLError[-1013, http://my_login:*****@Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net/_changes?feed=normal&heartbeat=300000&style=all_docs]
我认为这里最重要的日志是这一行:
: HTTP auth failed; sent Authorization: Basic bXlfbG9naW46bXlfcGFzc3dvcmQ= ; got WWW-Authenticate: Digest realm="CouchbaseLite", qop="auth", nonce="69773230-683C-4DCC-AB40-A21527A1F911"
或者我尝试使用 CBLAuthenticator 而不是将 login/password 注入 url。仍然不起作用,但是我在日志中收到不同的错误消息:
更改内容:
// Added:
newReplication.authenticator = CBLAuthenticator.basicAuthenticator(withName: login, password: password)
// Removed:
components.user = login
components.password = password
这是更新代码后我在 Xcode 控制台中得到的内容:
CBLRestPuller[http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net]: Going online
CBLRestPuller[http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net] Progress: set active = 1
CBLRestPuller[http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net]: Successfully logged in!
RemoteRequest: Added Authorization header for CBLPasswordAuthorizer[my_login/****]
CBLRemoteJSONRequest[GET http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net/_local/b3f625c9bddabfb59ee49d78f3bb484a5876b486]: Starting...
DEALLOC CBLRemoteLogin[http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net] 2017-02-20 16:51:28.335 Union Dev[1922:1702832] RemoteRequest: CBLRemoteSession starting CBLRemoteJSONRequest[GET http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net/_local/b3f625c9bddabfb59ee49d78f3bb484a5876b486]
Sync: CBLReplication[from http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net]: active, progress = 0 / 0, err: (null) nil
CBLRestPuller[http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net]: Reachability state = :reachable (20002), suspended=0
RemoteRequest: Got challenge for CBLRemoteJSONRequest[GET http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net/_local/b3f625c9bddabfb59ee49d78f3bb484a5876b486]: method=NSURLAuthenticationMethodHTTPDigest, err=(null)
RemoteRequest: challenge: (phase 3) continueWithoutCredential
Sync: CBLRestPuller[http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net]: Server is (null)
RemoteRequest: CBLRemoteJSONRequest[GET http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net/_local/b3f625c9bddabfb59ee49d78f3bb484a5876b486]: Got response, status 401
CBLRemoteJSONRequest[GET http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net/_local/b3f625c9bddabfb59ee49d78f3bb484a5876b486]: Got error CBLHTTP[401, "unauthorized", http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net/_local/b3f625c9bddabfb59ee49d78f3bb484a5876b486]
Sync: CBLRestPuller[http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net]: Error fetching last sequence: CBLHTTP[401, "unauthorized", http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net/_local/b3f625c9bddabfb59ee49d78f3bb484a5876b486]
Sync: CBLRestPuller[http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net] Progress: set error = CBLHTTP[401, "unauthorized", http://Uladzimir-Papkos-iPad.local.:55555/sg_to_firstfoundry_net/_local/b3f625c9bddabfb59ee49d78f3bb484a5876b486]
有人能指出我哪里做错了吗?
在与 Couchbase 工程师交谈后,我们决定最好的解决方案是启用安全的 http 连接,因为通过不安全的 http 请求发送登录名/密码没有意义。
启用 https 的最简单(不是最安全)的方法是下一步:
// Change url to https
components.scheme = "https"
// Inject self-signed generated on the fly certificate into CBLListener
try listener.setAnonymousSSLIdentityWithLabel("use_any_string_here")
我们提供了有关为 p2p 复制配置 https 连接的更多信息here。