rocket-js 0.0.1 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +0 -11
- data/Rakefile +33 -47
- data/lib/rocket/js.rb +0 -2
- data/lib/rocket/js/builder.rb +2 -2
- data/lib/rocket/js/cli.rb +1 -1
- data/rocket-js.gemspec +23 -80
- data/src/vendor/web-socket-js/FABridge.js +604 -0
- data/src/vendor/web-socket-js/README.txt +109 -0
- data/src/vendor/web-socket-js/WebSocketMain.swf +0 -0
- data/src/vendor/web-socket-js/WebSocketMainInsecure.zip +0 -0
- data/src/vendor/web-socket-js/flash-src/WebSocket.as +473 -0
- data/src/vendor/web-socket-js/flash-src/WebSocketMain.as +88 -0
- data/src/vendor/web-socket-js/flash-src/WebSocketMainInsecure.as +19 -0
- data/src/vendor/web-socket-js/flash-src/WebSocketStateEvent.as +32 -0
- data/src/vendor/web-socket-js/flash-src/bridge/FABridge.as +943 -0
- data/src/vendor/web-socket-js/flash-src/build.sh +10 -0
- data/src/vendor/web-socket-js/flash-src/com/adobe/net/proxies/RFC2817Socket.as +204 -0
- data/src/vendor/web-socket-js/flash-src/com/gsolo/encryption/MD5.as +375 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/Crypto.as +287 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/cert/MozillaRootCertificates.as +3235 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/cert/X509Certificate.as +218 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/cert/X509CertificateCollection.as +57 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/HMAC.as +82 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/IHMAC.as +27 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/IHash.as +21 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/MAC.as +137 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/MD2.as +124 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/MD5.as +204 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/SHA1.as +106 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/SHA224.as +28 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/SHA256.as +115 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/SHABase.as +71 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/prng/ARC4.as +90 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/prng/IPRNG.as +20 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/prng/Random.as +119 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/prng/TLSPRF.as +142 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/rsa/RSAKey.as +339 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/AESKey.as +2797 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/BlowFishKey.as +375 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/CBCMode.as +55 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/CFB8Mode.as +61 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/CFBMode.as +64 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/CTRMode.as +58 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/DESKey.as +365 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/ECBMode.as +86 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/ICipher.as +21 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/IMode.as +15 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/IPad.as +32 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/IStreamCipher.as +21 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/ISymmetricKey.as +35 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/IVMode.as +110 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/NullPad.as +34 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/OFBMode.as +52 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/PKCS5.as +44 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/SSLPad.as +44 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/SimpleIVMode.as +60 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/TLSPad.as +42 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/TripleDESKey.as +88 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/XTeaKey.as +94 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/aeskey.pl +29 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/dump.txt +2304 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/AESKeyTest.as +1220 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/ARC4Test.as +58 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/BigIntegerTest.as +39 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/BlowFishKeyTest.as +148 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/CBCModeTest.as +160 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/CFB8ModeTest.as +71 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/CFBModeTest.as +98 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/CTRModeTest.as +109 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/DESKeyTest.as +112 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/ECBModeTest.as +151 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/HMACTest.as +184 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/ITestHarness.as +20 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/MD2Test.as +56 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/MD5Test.as +58 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/OFBModeTest.as +101 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/RSAKeyTest.as +92 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/SHA1Test.as +198 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/SHA224Test.as +58 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/SHA256Test.as +60 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/TLSPRFTest.as +51 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/TestCase.as +42 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/TripleDESKeyTest.as +59 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/XTeaKeyTest.as +66 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/BulkCiphers.as +102 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/CipherSuites.as +117 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/IConnectionState.as +14 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/ISecurityParameters.as +29 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/KeyExchanges.as +24 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/MACs.as +38 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/SSLConnectionState.as +171 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/SSLEvent.as +26 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/SSLSecurityParameters.as +340 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSConfig.as +70 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSConnectionState.as +151 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSEngine.as +895 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSError.as +39 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSEvent.as +27 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSSecurityParameters.as +197 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSSocket.as +370 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSSocketEvent.as +26 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSTest.as +180 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/math/BarrettReduction.as +90 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/math/BigInteger.as +1543 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/math/ClassicReduction.as +35 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/math/IReduction.as +11 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/math/MontgomeryReduction.as +85 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/math/NullReduction.as +34 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/math/bi_internal.as +11 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/ArrayUtil.as +25 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/Base64.as +189 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/Hex.as +66 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/Memory.as +28 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/ByteString.as +43 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/DER.as +210 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/IAsn1Type.as +21 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/Integer.as +44 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/OID.as +35 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/ObjectIdentifier.as +112 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/PEM.as +118 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/PrintableString.as +49 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/Sequence.as +90 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/Set.as +27 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/Type.as +94 -0
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/UTCTime.as +60 -0
- data/src/vendor/web-socket-js/sample.html +76 -0
- data/src/vendor/web-socket-js/swfobject.js +4 -0
- data/src/vendor/web-socket-js/web_socket.js +388 -0
- metadata +163 -30
- data/lib/rocket/js/version.rb +0 -14
- data/rocket-0.0.1.min.js +0 -45
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* TLSError
|
|
3
|
+
*
|
|
4
|
+
* A error that can be thrown when something wrong happens in the TLS protocol.
|
|
5
|
+
* This is handled in TLSEngine by generating a TLS ALERT as appropriate.
|
|
6
|
+
* Copyright (c) 2007 Henri Torgemane
|
|
7
|
+
*
|
|
8
|
+
* See LICENSE.txt for full license information.
|
|
9
|
+
*/
|
|
10
|
+
package com.hurlant.crypto.tls {
|
|
11
|
+
public class TLSError extends Error {
|
|
12
|
+
public static const close_notify:uint = 0;
|
|
13
|
+
public static const unexpected_message:uint = 10;
|
|
14
|
+
public static const bad_record_mac:uint = 20;
|
|
15
|
+
public static const decryption_failed:uint = 21;
|
|
16
|
+
public static const record_overflow:uint = 22;
|
|
17
|
+
public static const decompression_failure:uint = 30;
|
|
18
|
+
public static const handshake_failure:uint = 40;
|
|
19
|
+
public static const bad_certificate:uint = 42;
|
|
20
|
+
public static const unsupported_certificate:uint = 43;
|
|
21
|
+
public static const certificate_revoked:uint = 44;
|
|
22
|
+
public static const certificate_expired:uint = 45;
|
|
23
|
+
public static const certificate_unknown:uint = 46;
|
|
24
|
+
public static const illegal_parameter:uint = 47;
|
|
25
|
+
public static const unknown_ca:uint = 48;
|
|
26
|
+
public static const access_denied:uint = 49;
|
|
27
|
+
public static const decode_error:uint = 50;
|
|
28
|
+
public static const decrypt_error:uint = 51;
|
|
29
|
+
public static const protocol_version:uint = 70;
|
|
30
|
+
public static const insufficient_security:uint = 71;
|
|
31
|
+
public static const internal_error:uint = 80;
|
|
32
|
+
public static const user_canceled:uint = 90;
|
|
33
|
+
public static const no_renegotiation:uint = 100;
|
|
34
|
+
|
|
35
|
+
public function TLSError(message:String, id:int) {
|
|
36
|
+
super(message,id);
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* TLSEvent
|
|
3
|
+
*
|
|
4
|
+
* This is used by TLSEngine to let the application layer know
|
|
5
|
+
* when we're ready for sending, or have received application data
|
|
6
|
+
* Copyright (c) 2007 Henri Torgemane
|
|
7
|
+
*
|
|
8
|
+
* See LICENSE.txt for full license information.
|
|
9
|
+
*/
|
|
10
|
+
package com.hurlant.crypto.tls {
|
|
11
|
+
import flash.events.Event;
|
|
12
|
+
import flash.utils.ByteArray;
|
|
13
|
+
|
|
14
|
+
public class TLSEvent extends Event {
|
|
15
|
+
|
|
16
|
+
static public const DATA:String = "data";
|
|
17
|
+
static public const READY:String = "ready";
|
|
18
|
+
static public const PROMPT_ACCEPT_CERT:String = "promptAcceptCert";
|
|
19
|
+
|
|
20
|
+
public var data:ByteArray;
|
|
21
|
+
|
|
22
|
+
public function TLSEvent(type:String, data:ByteArray = null) {
|
|
23
|
+
this.data = data;
|
|
24
|
+
super(type, false, false);
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
}
|
|
@@ -0,0 +1,197 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* TLSSecurityParameters
|
|
3
|
+
*
|
|
4
|
+
* This class encapsulates all the security parameters that get negotiated
|
|
5
|
+
* during the TLS handshake. It also holds all the key derivation methods.
|
|
6
|
+
* Copyright (c) 2007 Henri Torgemane
|
|
7
|
+
*
|
|
8
|
+
* Patched by Bobby Parker (sh0rtwave@gmail.com)
|
|
9
|
+
*
|
|
10
|
+
* See LICENSE.txt for full license information.
|
|
11
|
+
*/
|
|
12
|
+
package com.hurlant.crypto.tls {
|
|
13
|
+
import com.hurlant.crypto.hash.MD5;
|
|
14
|
+
import com.hurlant.crypto.hash.SHA1;
|
|
15
|
+
import com.hurlant.crypto.prng.TLSPRF;
|
|
16
|
+
import com.hurlant.util.Hex;
|
|
17
|
+
|
|
18
|
+
import flash.utils.ByteArray;
|
|
19
|
+
import com.hurlant.crypto.rsa.RSAKey;
|
|
20
|
+
|
|
21
|
+
public class TLSSecurityParameters implements ISecurityParameters {
|
|
22
|
+
|
|
23
|
+
// COMPRESSION
|
|
24
|
+
public static const COMPRESSION_NULL:uint = 0;
|
|
25
|
+
|
|
26
|
+
// This is probably not smart. Revise this to use all settings from TLSConfig, since this shouldn't really know about
|
|
27
|
+
// user settings, those are best handled from the engine at a session level.
|
|
28
|
+
public static var IGNORE_CN_MISMATCH:Boolean = true;
|
|
29
|
+
public static var ENABLE_USER_CLIENT_CERTIFICATE:Boolean = false;
|
|
30
|
+
public static var USER_CERTIFICATE:String;
|
|
31
|
+
|
|
32
|
+
|
|
33
|
+
private var cert:ByteArray; // Local Cert
|
|
34
|
+
private var key:RSAKey; // local key
|
|
35
|
+
private var entity:uint; // SERVER | CLIENT
|
|
36
|
+
private var bulkCipher:uint; // BULK_CIPHER_*
|
|
37
|
+
private var cipherType:uint; // STREAM_CIPHER | BLOCK_CIPHER
|
|
38
|
+
private var keySize:uint;
|
|
39
|
+
private var keyMaterialLength:uint;
|
|
40
|
+
private var IVSize:uint;
|
|
41
|
+
private var macAlgorithm:uint; // MAC_*
|
|
42
|
+
private var hashSize:uint;
|
|
43
|
+
private var compression:uint; // COMPRESSION_NULL
|
|
44
|
+
private var masterSecret:ByteArray; // 48 bytes
|
|
45
|
+
private var clientRandom:ByteArray; // 32 bytes
|
|
46
|
+
private var serverRandom:ByteArray; // 32 bytes
|
|
47
|
+
private var ignoreCNMismatch:Boolean = true;
|
|
48
|
+
private var trustAllCerts:Boolean = false;
|
|
49
|
+
private var trustSelfSigned:Boolean = false;
|
|
50
|
+
public static const PROTOCOL_VERSION:uint = 0x0301;
|
|
51
|
+
private var tlsDebug:Boolean = false;
|
|
52
|
+
|
|
53
|
+
|
|
54
|
+
// not strictly speaking part of this, but yeah.
|
|
55
|
+
public var keyExchange:uint;
|
|
56
|
+
public function TLSSecurityParameters(entity:uint, localCert:ByteArray = null, localKey:RSAKey = null) {
|
|
57
|
+
this.entity = entity;
|
|
58
|
+
reset();
|
|
59
|
+
key = localKey;
|
|
60
|
+
cert = localCert;
|
|
61
|
+
}
|
|
62
|
+
|
|
63
|
+
public function get version() : uint {
|
|
64
|
+
return PROTOCOL_VERSION;
|
|
65
|
+
}
|
|
66
|
+
|
|
67
|
+
public function reset():void {
|
|
68
|
+
bulkCipher = BulkCiphers.NULL;
|
|
69
|
+
cipherType = BulkCiphers.BLOCK_CIPHER;
|
|
70
|
+
macAlgorithm = MACs.NULL;
|
|
71
|
+
compression = COMPRESSION_NULL;
|
|
72
|
+
masterSecret = null;
|
|
73
|
+
}
|
|
74
|
+
|
|
75
|
+
public function getBulkCipher():uint {
|
|
76
|
+
return bulkCipher;
|
|
77
|
+
}
|
|
78
|
+
public function getCipherType():uint {
|
|
79
|
+
return cipherType;
|
|
80
|
+
}
|
|
81
|
+
public function getMacAlgorithm():uint {
|
|
82
|
+
return macAlgorithm;
|
|
83
|
+
}
|
|
84
|
+
|
|
85
|
+
public function setCipher(cipher:uint):void {
|
|
86
|
+
bulkCipher = CipherSuites.getBulkCipher(cipher);
|
|
87
|
+
cipherType = BulkCiphers.getType(bulkCipher);
|
|
88
|
+
keySize = BulkCiphers.getExpandedKeyBytes(bulkCipher); // 8
|
|
89
|
+
keyMaterialLength = BulkCiphers.getKeyBytes(bulkCipher); // 5
|
|
90
|
+
IVSize = BulkCiphers.getIVSize(bulkCipher);
|
|
91
|
+
|
|
92
|
+
keyExchange = CipherSuites.getKeyExchange(cipher);
|
|
93
|
+
|
|
94
|
+
macAlgorithm = CipherSuites.getMac(cipher);
|
|
95
|
+
hashSize = MACs.getHashSize(macAlgorithm);
|
|
96
|
+
}
|
|
97
|
+
public function setCompression(algo:uint):void {
|
|
98
|
+
compression = algo;
|
|
99
|
+
}
|
|
100
|
+
public function setPreMasterSecret(secret:ByteArray):void {
|
|
101
|
+
// compute master_secret
|
|
102
|
+
var seed:ByteArray = new ByteArray;
|
|
103
|
+
seed.writeBytes(clientRandom, 0, clientRandom.length);
|
|
104
|
+
seed.writeBytes(serverRandom, 0, serverRandom.length);
|
|
105
|
+
var prf:TLSPRF = new TLSPRF(secret, "master secret", seed);
|
|
106
|
+
masterSecret = new ByteArray;
|
|
107
|
+
prf.nextBytes(masterSecret, 48);
|
|
108
|
+
if (tlsDebug)
|
|
109
|
+
trace("Master Secret: " + Hex.fromArray( masterSecret, true ));
|
|
110
|
+
}
|
|
111
|
+
public function setClientRandom(secret:ByteArray):void {
|
|
112
|
+
clientRandom = secret;
|
|
113
|
+
}
|
|
114
|
+
public function setServerRandom(secret:ByteArray):void {
|
|
115
|
+
serverRandom = secret;
|
|
116
|
+
}
|
|
117
|
+
|
|
118
|
+
public function get useRSA():Boolean {
|
|
119
|
+
return KeyExchanges.useRSA(keyExchange);
|
|
120
|
+
}
|
|
121
|
+
|
|
122
|
+
public function computeVerifyData(side:uint, handshakeMessages:ByteArray):ByteArray {
|
|
123
|
+
var seed:ByteArray = new ByteArray;
|
|
124
|
+
var md5:MD5 = new MD5;
|
|
125
|
+
if (tlsDebug)
|
|
126
|
+
trace("Handshake value: " + Hex.fromArray(handshakeMessages, true ));
|
|
127
|
+
seed.writeBytes(md5.hash(handshakeMessages),0,md5.getHashSize());
|
|
128
|
+
var sha:SHA1 = new SHA1;
|
|
129
|
+
seed.writeBytes(sha.hash(handshakeMessages),0,sha.getHashSize());
|
|
130
|
+
if (tlsDebug)
|
|
131
|
+
trace("Seed in: " + Hex.fromArray(seed, true ));
|
|
132
|
+
var prf:TLSPRF = new TLSPRF(masterSecret, (side==TLSEngine.CLIENT) ? "client finished" : "server finished", seed);
|
|
133
|
+
var out:ByteArray = new ByteArray;
|
|
134
|
+
prf.nextBytes(out, 12);
|
|
135
|
+
if (tlsDebug)
|
|
136
|
+
trace("Finished out: " + Hex.fromArray(out, true ));
|
|
137
|
+
out.position = 0;
|
|
138
|
+
return out;
|
|
139
|
+
}
|
|
140
|
+
|
|
141
|
+
// client side certficate check - This is probably incorrect somehow
|
|
142
|
+
public function computeCertificateVerify( side:uint, handshakeMessages:ByteArray ):ByteArray {
|
|
143
|
+
var seed:ByteArray = new ByteArray;
|
|
144
|
+
var md5:MD5 = new MD5;
|
|
145
|
+
seed.writeBytes(md5.hash(handshakeMessages),0,md5.getHashSize());
|
|
146
|
+
var sha:SHA1 = new SHA1;
|
|
147
|
+
seed.writeBytes(sha.hash(handshakeMessages),0,sha.getHashSize());
|
|
148
|
+
|
|
149
|
+
// Now that I have my hashes of existing handshake messages (which I'm not sure about the length of yet) then
|
|
150
|
+
// Sign that with my private key
|
|
151
|
+
seed.position = 0;
|
|
152
|
+
var out:ByteArray = new ByteArray();
|
|
153
|
+
key.sign( seed, out, seed.bytesAvailable);
|
|
154
|
+
out.position = 0;
|
|
155
|
+
return out;
|
|
156
|
+
}
|
|
157
|
+
|
|
158
|
+
public function getConnectionStates():Object {
|
|
159
|
+
if (masterSecret != null) {
|
|
160
|
+
var seed:ByteArray = new ByteArray;
|
|
161
|
+
seed.writeBytes(serverRandom, 0, serverRandom.length);
|
|
162
|
+
seed.writeBytes(clientRandom, 0, clientRandom.length);
|
|
163
|
+
var prf:TLSPRF = new TLSPRF(masterSecret, "key expansion", seed);
|
|
164
|
+
|
|
165
|
+
var client_write_MAC:ByteArray = new ByteArray;
|
|
166
|
+
prf.nextBytes(client_write_MAC, hashSize);
|
|
167
|
+
var server_write_MAC:ByteArray = new ByteArray;
|
|
168
|
+
prf.nextBytes(server_write_MAC, hashSize);
|
|
169
|
+
var client_write_key:ByteArray = new ByteArray;
|
|
170
|
+
prf.nextBytes(client_write_key, keyMaterialLength);
|
|
171
|
+
var server_write_key:ByteArray = new ByteArray;
|
|
172
|
+
prf.nextBytes(server_write_key, keyMaterialLength);
|
|
173
|
+
var client_write_IV:ByteArray = new ByteArray;
|
|
174
|
+
prf.nextBytes(client_write_IV, IVSize);
|
|
175
|
+
var server_write_IV:ByteArray = new ByteArray;
|
|
176
|
+
prf.nextBytes(server_write_IV, IVSize);
|
|
177
|
+
|
|
178
|
+
var client_write:TLSConnectionState = new TLSConnectionState(
|
|
179
|
+
bulkCipher, cipherType, macAlgorithm,
|
|
180
|
+
client_write_MAC, client_write_key, client_write_IV);
|
|
181
|
+
var server_write:TLSConnectionState = new TLSConnectionState(
|
|
182
|
+
bulkCipher, cipherType, macAlgorithm,
|
|
183
|
+
server_write_MAC, server_write_key, server_write_IV);
|
|
184
|
+
|
|
185
|
+
if (entity == TLSEngine.CLIENT) {
|
|
186
|
+
return {read:server_write, write:client_write};
|
|
187
|
+
} else {
|
|
188
|
+
return {read:client_write, write:server_write};
|
|
189
|
+
}
|
|
190
|
+
|
|
191
|
+
} else {
|
|
192
|
+
return {read:new TLSConnectionState, write:new TLSConnectionState};
|
|
193
|
+
}
|
|
194
|
+
}
|
|
195
|
+
|
|
196
|
+
}
|
|
197
|
+
}
|
|
@@ -0,0 +1,370 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* TLSSocket
|
|
3
|
+
*
|
|
4
|
+
* This is the "end-user" TLS class.
|
|
5
|
+
* It works just like a Socket, by encapsulating a Socket and
|
|
6
|
+
* wrapping the TLS protocol around the data that passes over it.
|
|
7
|
+
* This class can either create a socket connection, or reuse an
|
|
8
|
+
* existing connected socket. The later is useful for STARTTLS flows.
|
|
9
|
+
*
|
|
10
|
+
* Copyright (c) 2007 Henri Torgemane
|
|
11
|
+
*
|
|
12
|
+
* See LICENSE.txt for full license information.
|
|
13
|
+
*/
|
|
14
|
+
package com.hurlant.crypto.tls {
|
|
15
|
+
import flash.events.Event;
|
|
16
|
+
import flash.events.EventDispatcher;
|
|
17
|
+
import flash.events.IOErrorEvent;
|
|
18
|
+
import flash.events.ProgressEvent;
|
|
19
|
+
import flash.events.SecurityErrorEvent;
|
|
20
|
+
import flash.net.ObjectEncoding;
|
|
21
|
+
import flash.net.Socket;
|
|
22
|
+
import flash.utils.ByteArray;
|
|
23
|
+
import flash.utils.Endian;
|
|
24
|
+
import flash.utils.IDataInput;
|
|
25
|
+
import flash.utils.IDataOutput;
|
|
26
|
+
import flash.utils.clearTimeout;
|
|
27
|
+
import flash.utils.setTimeout;
|
|
28
|
+
import com.hurlant.crypto.cert.X509Certificate;
|
|
29
|
+
|
|
30
|
+
|
|
31
|
+
[Event(name="close", type="flash.events.Event")]
|
|
32
|
+
[Event(name="connect", type="flash.events.Event")]
|
|
33
|
+
[Event(name="ioError", type="flash.events.IOErrorEvent")]
|
|
34
|
+
[Event(name="securityError", type="flash.events.SecurityErrorEvent")]
|
|
35
|
+
[Event(name="socketData", type="flash.events.ProgressEvent")]
|
|
36
|
+
[Event(name="acceptPeerCertificatePrompt", type="flash.events.Event")]
|
|
37
|
+
|
|
38
|
+
/**
|
|
39
|
+
* It feels like a socket, but it wraps the stream
|
|
40
|
+
* over TLS 1.0
|
|
41
|
+
*
|
|
42
|
+
* That's all.
|
|
43
|
+
*
|
|
44
|
+
*/
|
|
45
|
+
public class TLSSocket extends Socket implements IDataInput, IDataOutput {
|
|
46
|
+
|
|
47
|
+
private var _endian:String;
|
|
48
|
+
private var _objectEncoding:uint;
|
|
49
|
+
|
|
50
|
+
private var _iStream:ByteArray;
|
|
51
|
+
private var _oStream:ByteArray;
|
|
52
|
+
private var _iStream_cursor:uint;
|
|
53
|
+
|
|
54
|
+
private var _socket:Socket;
|
|
55
|
+
private var _config:TLSConfig;
|
|
56
|
+
private var _engine:TLSEngine;
|
|
57
|
+
public static const ACCEPT_PEER_CERT_PROMPT:String = "acceptPeerCertificatePrompt"
|
|
58
|
+
|
|
59
|
+
public function TLSSocket(host:String = null, port:int = 0, config:TLSConfig = null) {
|
|
60
|
+
_config = config;
|
|
61
|
+
if (host!=null && port!=0) {
|
|
62
|
+
connect(host, port);
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
|
|
66
|
+
override public function get bytesAvailable():uint {
|
|
67
|
+
return _iStream.bytesAvailable;
|
|
68
|
+
}
|
|
69
|
+
override public function get connected():Boolean {
|
|
70
|
+
return _socket.connected;
|
|
71
|
+
}
|
|
72
|
+
override public function get endian():String {
|
|
73
|
+
return _endian;
|
|
74
|
+
}
|
|
75
|
+
override public function set endian(value:String):void {
|
|
76
|
+
_endian = value;
|
|
77
|
+
_iStream.endian = value;
|
|
78
|
+
_oStream.endian = value;
|
|
79
|
+
}
|
|
80
|
+
override public function get objectEncoding():uint {
|
|
81
|
+
return _objectEncoding;
|
|
82
|
+
}
|
|
83
|
+
override public function set objectEncoding(value:uint):void {
|
|
84
|
+
_objectEncoding = value;
|
|
85
|
+
_iStream.objectEncoding = value;
|
|
86
|
+
_oStream.objectEncoding = value;
|
|
87
|
+
}
|
|
88
|
+
|
|
89
|
+
|
|
90
|
+
private function onTLSData(event:TLSEvent):void {
|
|
91
|
+
if (_iStream.position == _iStream.length) {
|
|
92
|
+
_iStream.position = 0;
|
|
93
|
+
_iStream.length = 0;
|
|
94
|
+
_iStream_cursor = 0;
|
|
95
|
+
}
|
|
96
|
+
var cursor:uint = _iStream.position;
|
|
97
|
+
_iStream.position = _iStream_cursor;
|
|
98
|
+
_iStream.writeBytes(event.data);
|
|
99
|
+
_iStream_cursor = _iStream.position;
|
|
100
|
+
_iStream.position = cursor;
|
|
101
|
+
dispatchEvent(new ProgressEvent(ProgressEvent.SOCKET_DATA, false, false, event.data.length));
|
|
102
|
+
}
|
|
103
|
+
|
|
104
|
+
private function onTLSReady(event:TLSEvent):void {
|
|
105
|
+
_ready = true;
|
|
106
|
+
scheduleWrite();
|
|
107
|
+
}
|
|
108
|
+
|
|
109
|
+
private function onTLSClose(event:Event):void {
|
|
110
|
+
dispatchEvent(event);
|
|
111
|
+
// trace("Received TLS close");
|
|
112
|
+
close();
|
|
113
|
+
}
|
|
114
|
+
|
|
115
|
+
private var _ready:Boolean;
|
|
116
|
+
private var _writeScheduler:uint;
|
|
117
|
+
private function scheduleWrite():void {
|
|
118
|
+
if (_writeScheduler!=0) return;
|
|
119
|
+
_writeScheduler = setTimeout(commitWrite, 0);
|
|
120
|
+
}
|
|
121
|
+
private function commitWrite():void {
|
|
122
|
+
clearTimeout(_writeScheduler);
|
|
123
|
+
_writeScheduler = 0;
|
|
124
|
+
if (_ready) {
|
|
125
|
+
_engine.sendApplicationData(_oStream);
|
|
126
|
+
_oStream.length = 0;
|
|
127
|
+
}
|
|
128
|
+
}
|
|
129
|
+
|
|
130
|
+
|
|
131
|
+
override public function close():void {
|
|
132
|
+
_ready = false;
|
|
133
|
+
_engine.close();
|
|
134
|
+
if (_socket.connected) {
|
|
135
|
+
_socket.flush();
|
|
136
|
+
_socket.close();
|
|
137
|
+
}
|
|
138
|
+
}
|
|
139
|
+
public function setTLSConfig( config:TLSConfig) : void {
|
|
140
|
+
_config = config;
|
|
141
|
+
}
|
|
142
|
+
|
|
143
|
+
override public function connect(host:String, port:int):void {
|
|
144
|
+
init(new Socket, _config, host);
|
|
145
|
+
_socket.connect(host, port);
|
|
146
|
+
_engine.start();
|
|
147
|
+
}
|
|
148
|
+
|
|
149
|
+
public function releaseSocket() : void {
|
|
150
|
+
_socket.removeEventListener(Event.CONNECT, dispatchEvent);
|
|
151
|
+
_socket.removeEventListener(IOErrorEvent.IO_ERROR, dispatchEvent);
|
|
152
|
+
_socket.removeEventListener(SecurityErrorEvent.SECURITY_ERROR, dispatchEvent);
|
|
153
|
+
_socket.removeEventListener(Event.CLOSE, dispatchEvent);
|
|
154
|
+
_socket.removeEventListener(ProgressEvent.SOCKET_DATA, _engine.dataAvailable);
|
|
155
|
+
_socket = null;
|
|
156
|
+
}
|
|
157
|
+
|
|
158
|
+
public function reinitialize(host:String, config:TLSConfig) : void {
|
|
159
|
+
// Reinitialize the connection using new values
|
|
160
|
+
// but re-use the existing socket
|
|
161
|
+
// Doubt this is useful in any valid context other than my specific case (VMWare)
|
|
162
|
+
var ba:ByteArray = new ByteArray;
|
|
163
|
+
|
|
164
|
+
if (_socket.bytesAvailable > 0) {
|
|
165
|
+
_socket.readBytes(ba, 0, _socket.bytesAvailable);
|
|
166
|
+
}
|
|
167
|
+
// Do nothing with it.
|
|
168
|
+
_iStream = new ByteArray;
|
|
169
|
+
_oStream = new ByteArray;
|
|
170
|
+
_iStream_cursor = 0;
|
|
171
|
+
objectEncoding = ObjectEncoding.DEFAULT;
|
|
172
|
+
endian = Endian.BIG_ENDIAN;
|
|
173
|
+
/*
|
|
174
|
+
_socket.addEventListener(Event.CONNECT, dispatchEvent);
|
|
175
|
+
_socket.addEventListener(IOErrorEvent.IO_ERROR, dispatchEvent);
|
|
176
|
+
_socket.addEventListener(SecurityErrorEvent.SECURITY_ERROR, dispatchEvent);
|
|
177
|
+
_socket.addEventListener(Event.CLOSE, dispatchEvent);
|
|
178
|
+
*/
|
|
179
|
+
|
|
180
|
+
if (config == null) {
|
|
181
|
+
config = new TLSConfig(TLSEngine.CLIENT);
|
|
182
|
+
}
|
|
183
|
+
|
|
184
|
+
_engine = new TLSEngine(config, _socket, _socket, host);
|
|
185
|
+
_engine.addEventListener(TLSEvent.DATA, onTLSData);
|
|
186
|
+
_engine.addEventListener(TLSEvent.READY, onTLSReady);
|
|
187
|
+
_engine.addEventListener(Event.CLOSE, onTLSClose);
|
|
188
|
+
_engine.addEventListener(ProgressEvent.SOCKET_DATA, function(e:*):void { _socket.flush(); });
|
|
189
|
+
_socket.addEventListener(ProgressEvent.SOCKET_DATA, _engine.dataAvailable);
|
|
190
|
+
_engine.addEventListener( TLSEvent.PROMPT_ACCEPT_CERT, onAcceptCert );
|
|
191
|
+
|
|
192
|
+
_ready = false;
|
|
193
|
+
_engine.start();
|
|
194
|
+
}
|
|
195
|
+
|
|
196
|
+
public function startTLS(socket:Socket, host:String, config:TLSConfig = null):void {
|
|
197
|
+
if (!socket.connected) {
|
|
198
|
+
throw new Error("Cannot STARTTLS on a socket that isn't connected.");
|
|
199
|
+
}
|
|
200
|
+
init(socket, config, host);
|
|
201
|
+
_engine.start();
|
|
202
|
+
}
|
|
203
|
+
|
|
204
|
+
private function init(socket:Socket, config:TLSConfig, host:String):void {
|
|
205
|
+
_iStream = new ByteArray;
|
|
206
|
+
_oStream = new ByteArray;
|
|
207
|
+
_iStream_cursor = 0;
|
|
208
|
+
objectEncoding = ObjectEncoding.DEFAULT;
|
|
209
|
+
endian = Endian.BIG_ENDIAN;
|
|
210
|
+
_socket = socket;
|
|
211
|
+
_socket.addEventListener(Event.CONNECT, dispatchEvent);
|
|
212
|
+
_socket.addEventListener(IOErrorEvent.IO_ERROR, dispatchEvent);
|
|
213
|
+
_socket.addEventListener(SecurityErrorEvent.SECURITY_ERROR, dispatchEvent);
|
|
214
|
+
_socket.addEventListener(Event.CLOSE, dispatchEvent);
|
|
215
|
+
|
|
216
|
+
if (config == null) {
|
|
217
|
+
config = new TLSConfig(TLSEngine.CLIENT);
|
|
218
|
+
}
|
|
219
|
+
_engine = new TLSEngine(config, _socket, _socket, host);
|
|
220
|
+
_engine.addEventListener(TLSEvent.DATA, onTLSData);
|
|
221
|
+
_engine.addEventListener( TLSEvent.PROMPT_ACCEPT_CERT, onAcceptCert );
|
|
222
|
+
_engine.addEventListener(TLSEvent.READY, onTLSReady);
|
|
223
|
+
_engine.addEventListener(Event.CLOSE, onTLSClose);
|
|
224
|
+
_engine.addEventListener(ProgressEvent.SOCKET_DATA, function(e:*):void { if(connected) _socket.flush(); });
|
|
225
|
+
_socket.addEventListener(ProgressEvent.SOCKET_DATA, _engine.dataAvailable);
|
|
226
|
+
|
|
227
|
+
_ready = false;
|
|
228
|
+
}
|
|
229
|
+
|
|
230
|
+
override public function flush():void {
|
|
231
|
+
commitWrite();
|
|
232
|
+
_socket.flush();
|
|
233
|
+
}
|
|
234
|
+
|
|
235
|
+
override public function readBoolean():Boolean {
|
|
236
|
+
return _iStream.readBoolean();
|
|
237
|
+
}
|
|
238
|
+
|
|
239
|
+
override public function readByte():int {
|
|
240
|
+
return _iStream.readByte();
|
|
241
|
+
}
|
|
242
|
+
|
|
243
|
+
override public function readBytes(bytes:ByteArray, offset:uint = 0, length:uint = 0):void {
|
|
244
|
+
return _iStream.readBytes(bytes, offset, length);
|
|
245
|
+
}
|
|
246
|
+
|
|
247
|
+
override public function readDouble():Number {
|
|
248
|
+
return _iStream.readDouble();
|
|
249
|
+
}
|
|
250
|
+
|
|
251
|
+
override public function readFloat():Number {
|
|
252
|
+
return _iStream.readFloat();
|
|
253
|
+
}
|
|
254
|
+
|
|
255
|
+
override public function readInt():int {
|
|
256
|
+
return _iStream.readInt();
|
|
257
|
+
}
|
|
258
|
+
|
|
259
|
+
override public function readMultiByte(length:uint, charSet:String):String {
|
|
260
|
+
return _iStream.readMultiByte(length, charSet);
|
|
261
|
+
}
|
|
262
|
+
|
|
263
|
+
override public function readObject():* {
|
|
264
|
+
return _iStream.readObject();
|
|
265
|
+
}
|
|
266
|
+
|
|
267
|
+
override public function readShort():int {
|
|
268
|
+
return _iStream.readShort();
|
|
269
|
+
}
|
|
270
|
+
|
|
271
|
+
override public function readUnsignedByte():uint {
|
|
272
|
+
return _iStream.readUnsignedByte();
|
|
273
|
+
}
|
|
274
|
+
|
|
275
|
+
override public function readUnsignedInt():uint {
|
|
276
|
+
return _iStream.readUnsignedInt();
|
|
277
|
+
}
|
|
278
|
+
|
|
279
|
+
override public function readUnsignedShort():uint {
|
|
280
|
+
return _iStream.readUnsignedShort();
|
|
281
|
+
}
|
|
282
|
+
|
|
283
|
+
override public function readUTF():String {
|
|
284
|
+
return _iStream.readUTF();
|
|
285
|
+
}
|
|
286
|
+
|
|
287
|
+
override public function readUTFBytes(length:uint):String {
|
|
288
|
+
return _iStream.readUTFBytes(length);
|
|
289
|
+
}
|
|
290
|
+
|
|
291
|
+
override public function writeBoolean(value:Boolean):void {
|
|
292
|
+
_oStream.writeBoolean(value);
|
|
293
|
+
scheduleWrite();
|
|
294
|
+
}
|
|
295
|
+
|
|
296
|
+
override public function writeByte(value:int):void {
|
|
297
|
+
_oStream.writeByte(value);
|
|
298
|
+
scheduleWrite();
|
|
299
|
+
}
|
|
300
|
+
|
|
301
|
+
override public function writeBytes(bytes:ByteArray, offset:uint = 0, length:uint = 0):void {
|
|
302
|
+
_oStream.writeBytes(bytes, offset, length);
|
|
303
|
+
scheduleWrite();
|
|
304
|
+
}
|
|
305
|
+
|
|
306
|
+
override public function writeDouble(value:Number):void {
|
|
307
|
+
_oStream.writeDouble(value);
|
|
308
|
+
scheduleWrite();
|
|
309
|
+
}
|
|
310
|
+
|
|
311
|
+
override public function writeFloat(value:Number):void {
|
|
312
|
+
_oStream.writeFloat(value);
|
|
313
|
+
scheduleWrite();
|
|
314
|
+
}
|
|
315
|
+
|
|
316
|
+
override public function writeInt(value:int):void {
|
|
317
|
+
_oStream.writeInt(value);
|
|
318
|
+
scheduleWrite();
|
|
319
|
+
}
|
|
320
|
+
|
|
321
|
+
override public function writeMultiByte(value:String, charSet:String):void {
|
|
322
|
+
_oStream.writeMultiByte(value, charSet);
|
|
323
|
+
scheduleWrite();
|
|
324
|
+
}
|
|
325
|
+
|
|
326
|
+
override public function writeObject(object:*):void {
|
|
327
|
+
_oStream.writeObject(object);
|
|
328
|
+
scheduleWrite();
|
|
329
|
+
}
|
|
330
|
+
|
|
331
|
+
override public function writeShort(value:int):void {
|
|
332
|
+
_oStream.writeShort(value);
|
|
333
|
+
scheduleWrite();
|
|
334
|
+
}
|
|
335
|
+
|
|
336
|
+
override public function writeUnsignedInt(value:uint):void {
|
|
337
|
+
_oStream.writeUnsignedInt(value);
|
|
338
|
+
scheduleWrite();
|
|
339
|
+
}
|
|
340
|
+
|
|
341
|
+
override public function writeUTF(value:String):void {
|
|
342
|
+
_oStream.writeUTF(value);
|
|
343
|
+
scheduleWrite();
|
|
344
|
+
}
|
|
345
|
+
|
|
346
|
+
override public function writeUTFBytes(value:String):void {
|
|
347
|
+
_oStream.writeUTFBytes(value);
|
|
348
|
+
scheduleWrite();
|
|
349
|
+
}
|
|
350
|
+
|
|
351
|
+
public function getPeerCertificate() : X509Certificate {
|
|
352
|
+
return _engine.peerCertificate;
|
|
353
|
+
}
|
|
354
|
+
|
|
355
|
+
public function onAcceptCert( event:TLSEvent ) : void {
|
|
356
|
+
dispatchEvent( new TLSSocketEvent( _engine.peerCertificate ) );
|
|
357
|
+
}
|
|
358
|
+
|
|
359
|
+
// These are just a passthroughs to the engine. Encapsulation, et al
|
|
360
|
+
public function acceptPeerCertificate( event:Event ) : void {
|
|
361
|
+
_engine.acceptPeerCertificate();
|
|
362
|
+
}
|
|
363
|
+
|
|
364
|
+
public function rejectPeerCertificate( event:Event ) : void {
|
|
365
|
+
_engine.rejectPeerCertificate();
|
|
366
|
+
}
|
|
367
|
+
|
|
368
|
+
}
|
|
369
|
+
}
|
|
370
|
+
|