rocket-js 0.0.2 → 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Rakefile +5 -52
- data/spec/ruby/spec_helper.rb +2 -1
- metadata +7 -129
- data/src/vendor/web-socket-js/FABridge.js +0 -604
- data/src/vendor/web-socket-js/README.txt +0 -109
- data/src/vendor/web-socket-js/WebSocketMain.swf +0 -0
- data/src/vendor/web-socket-js/WebSocketMainInsecure.zip +0 -0
- data/src/vendor/web-socket-js/flash-src/WebSocket.as +0 -473
- data/src/vendor/web-socket-js/flash-src/WebSocketMain.as +0 -88
- data/src/vendor/web-socket-js/flash-src/WebSocketMainInsecure.as +0 -19
- data/src/vendor/web-socket-js/flash-src/WebSocketStateEvent.as +0 -32
- data/src/vendor/web-socket-js/flash-src/bridge/FABridge.as +0 -943
- data/src/vendor/web-socket-js/flash-src/build.sh +0 -10
- data/src/vendor/web-socket-js/flash-src/com/adobe/net/proxies/RFC2817Socket.as +0 -204
- data/src/vendor/web-socket-js/flash-src/com/gsolo/encryption/MD5.as +0 -375
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/Crypto.as +0 -287
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/cert/MozillaRootCertificates.as +0 -3235
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/cert/X509Certificate.as +0 -218
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/cert/X509CertificateCollection.as +0 -57
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/HMAC.as +0 -82
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/IHMAC.as +0 -27
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/IHash.as +0 -21
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/MAC.as +0 -137
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/MD2.as +0 -124
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/MD5.as +0 -204
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/SHA1.as +0 -106
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/SHA224.as +0 -28
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/SHA256.as +0 -115
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/SHABase.as +0 -71
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/prng/ARC4.as +0 -90
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/prng/IPRNG.as +0 -20
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/prng/Random.as +0 -119
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/prng/TLSPRF.as +0 -142
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/rsa/RSAKey.as +0 -339
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/AESKey.as +0 -2797
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/BlowFishKey.as +0 -375
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/CBCMode.as +0 -55
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/CFB8Mode.as +0 -61
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/CFBMode.as +0 -64
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/CTRMode.as +0 -58
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/DESKey.as +0 -365
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/ECBMode.as +0 -86
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/ICipher.as +0 -21
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/IMode.as +0 -15
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/IPad.as +0 -32
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/IStreamCipher.as +0 -21
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/ISymmetricKey.as +0 -35
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/IVMode.as +0 -110
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/NullPad.as +0 -34
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/OFBMode.as +0 -52
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/PKCS5.as +0 -44
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/SSLPad.as +0 -44
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/SimpleIVMode.as +0 -60
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/TLSPad.as +0 -42
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/TripleDESKey.as +0 -88
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/XTeaKey.as +0 -94
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/aeskey.pl +0 -29
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/dump.txt +0 -2304
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/AESKeyTest.as +0 -1220
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/ARC4Test.as +0 -58
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/BigIntegerTest.as +0 -39
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/BlowFishKeyTest.as +0 -148
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/CBCModeTest.as +0 -160
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/CFB8ModeTest.as +0 -71
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/CFBModeTest.as +0 -98
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/CTRModeTest.as +0 -109
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/DESKeyTest.as +0 -112
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/ECBModeTest.as +0 -151
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/HMACTest.as +0 -184
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/ITestHarness.as +0 -20
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/MD2Test.as +0 -56
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/MD5Test.as +0 -58
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/OFBModeTest.as +0 -101
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/RSAKeyTest.as +0 -92
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/SHA1Test.as +0 -198
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/SHA224Test.as +0 -58
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/SHA256Test.as +0 -60
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/TLSPRFTest.as +0 -51
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/TestCase.as +0 -42
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/TripleDESKeyTest.as +0 -59
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/XTeaKeyTest.as +0 -66
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/BulkCiphers.as +0 -102
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/CipherSuites.as +0 -117
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/IConnectionState.as +0 -14
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/ISecurityParameters.as +0 -29
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/KeyExchanges.as +0 -24
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/MACs.as +0 -38
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/SSLConnectionState.as +0 -171
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/SSLEvent.as +0 -26
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/SSLSecurityParameters.as +0 -340
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSConfig.as +0 -70
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSConnectionState.as +0 -151
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSEngine.as +0 -895
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSError.as +0 -39
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSEvent.as +0 -27
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSSecurityParameters.as +0 -197
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSSocket.as +0 -370
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSSocketEvent.as +0 -26
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSTest.as +0 -180
- data/src/vendor/web-socket-js/flash-src/com/hurlant/math/BarrettReduction.as +0 -90
- data/src/vendor/web-socket-js/flash-src/com/hurlant/math/BigInteger.as +0 -1543
- data/src/vendor/web-socket-js/flash-src/com/hurlant/math/ClassicReduction.as +0 -35
- data/src/vendor/web-socket-js/flash-src/com/hurlant/math/IReduction.as +0 -11
- data/src/vendor/web-socket-js/flash-src/com/hurlant/math/MontgomeryReduction.as +0 -85
- data/src/vendor/web-socket-js/flash-src/com/hurlant/math/NullReduction.as +0 -34
- data/src/vendor/web-socket-js/flash-src/com/hurlant/math/bi_internal.as +0 -11
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/ArrayUtil.as +0 -25
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/Base64.as +0 -189
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/Hex.as +0 -66
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/Memory.as +0 -28
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/ByteString.as +0 -43
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/DER.as +0 -210
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/IAsn1Type.as +0 -21
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/Integer.as +0 -44
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/OID.as +0 -35
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/ObjectIdentifier.as +0 -112
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/PEM.as +0 -118
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/PrintableString.as +0 -49
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/Sequence.as +0 -90
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/Set.as +0 -27
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/Type.as +0 -94
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/UTCTime.as +0 -60
- data/src/vendor/web-socket-js/sample.html +0 -76
- data/src/vendor/web-socket-js/swfobject.js +0 -4
- data/src/vendor/web-socket-js/web_socket.js +0 -388
|
@@ -1,39 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* TLSError
|
|
3
|
-
*
|
|
4
|
-
* A error that can be thrown when something wrong happens in the TLS protocol.
|
|
5
|
-
* This is handled in TLSEngine by generating a TLS ALERT as appropriate.
|
|
6
|
-
* Copyright (c) 2007 Henri Torgemane
|
|
7
|
-
*
|
|
8
|
-
* See LICENSE.txt for full license information.
|
|
9
|
-
*/
|
|
10
|
-
package com.hurlant.crypto.tls {
|
|
11
|
-
public class TLSError extends Error {
|
|
12
|
-
public static const close_notify:uint = 0;
|
|
13
|
-
public static const unexpected_message:uint = 10;
|
|
14
|
-
public static const bad_record_mac:uint = 20;
|
|
15
|
-
public static const decryption_failed:uint = 21;
|
|
16
|
-
public static const record_overflow:uint = 22;
|
|
17
|
-
public static const decompression_failure:uint = 30;
|
|
18
|
-
public static const handshake_failure:uint = 40;
|
|
19
|
-
public static const bad_certificate:uint = 42;
|
|
20
|
-
public static const unsupported_certificate:uint = 43;
|
|
21
|
-
public static const certificate_revoked:uint = 44;
|
|
22
|
-
public static const certificate_expired:uint = 45;
|
|
23
|
-
public static const certificate_unknown:uint = 46;
|
|
24
|
-
public static const illegal_parameter:uint = 47;
|
|
25
|
-
public static const unknown_ca:uint = 48;
|
|
26
|
-
public static const access_denied:uint = 49;
|
|
27
|
-
public static const decode_error:uint = 50;
|
|
28
|
-
public static const decrypt_error:uint = 51;
|
|
29
|
-
public static const protocol_version:uint = 70;
|
|
30
|
-
public static const insufficient_security:uint = 71;
|
|
31
|
-
public static const internal_error:uint = 80;
|
|
32
|
-
public static const user_canceled:uint = 90;
|
|
33
|
-
public static const no_renegotiation:uint = 100;
|
|
34
|
-
|
|
35
|
-
public function TLSError(message:String, id:int) {
|
|
36
|
-
super(message,id);
|
|
37
|
-
}
|
|
38
|
-
}
|
|
39
|
-
}
|
|
@@ -1,27 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* TLSEvent
|
|
3
|
-
*
|
|
4
|
-
* This is used by TLSEngine to let the application layer know
|
|
5
|
-
* when we're ready for sending, or have received application data
|
|
6
|
-
* Copyright (c) 2007 Henri Torgemane
|
|
7
|
-
*
|
|
8
|
-
* See LICENSE.txt for full license information.
|
|
9
|
-
*/
|
|
10
|
-
package com.hurlant.crypto.tls {
|
|
11
|
-
import flash.events.Event;
|
|
12
|
-
import flash.utils.ByteArray;
|
|
13
|
-
|
|
14
|
-
public class TLSEvent extends Event {
|
|
15
|
-
|
|
16
|
-
static public const DATA:String = "data";
|
|
17
|
-
static public const READY:String = "ready";
|
|
18
|
-
static public const PROMPT_ACCEPT_CERT:String = "promptAcceptCert";
|
|
19
|
-
|
|
20
|
-
public var data:ByteArray;
|
|
21
|
-
|
|
22
|
-
public function TLSEvent(type:String, data:ByteArray = null) {
|
|
23
|
-
this.data = data;
|
|
24
|
-
super(type, false, false);
|
|
25
|
-
}
|
|
26
|
-
}
|
|
27
|
-
}
|
|
@@ -1,197 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* TLSSecurityParameters
|
|
3
|
-
*
|
|
4
|
-
* This class encapsulates all the security parameters that get negotiated
|
|
5
|
-
* during the TLS handshake. It also holds all the key derivation methods.
|
|
6
|
-
* Copyright (c) 2007 Henri Torgemane
|
|
7
|
-
*
|
|
8
|
-
* Patched by Bobby Parker (sh0rtwave@gmail.com)
|
|
9
|
-
*
|
|
10
|
-
* See LICENSE.txt for full license information.
|
|
11
|
-
*/
|
|
12
|
-
package com.hurlant.crypto.tls {
|
|
13
|
-
import com.hurlant.crypto.hash.MD5;
|
|
14
|
-
import com.hurlant.crypto.hash.SHA1;
|
|
15
|
-
import com.hurlant.crypto.prng.TLSPRF;
|
|
16
|
-
import com.hurlant.util.Hex;
|
|
17
|
-
|
|
18
|
-
import flash.utils.ByteArray;
|
|
19
|
-
import com.hurlant.crypto.rsa.RSAKey;
|
|
20
|
-
|
|
21
|
-
public class TLSSecurityParameters implements ISecurityParameters {
|
|
22
|
-
|
|
23
|
-
// COMPRESSION
|
|
24
|
-
public static const COMPRESSION_NULL:uint = 0;
|
|
25
|
-
|
|
26
|
-
// This is probably not smart. Revise this to use all settings from TLSConfig, since this shouldn't really know about
|
|
27
|
-
// user settings, those are best handled from the engine at a session level.
|
|
28
|
-
public static var IGNORE_CN_MISMATCH:Boolean = true;
|
|
29
|
-
public static var ENABLE_USER_CLIENT_CERTIFICATE:Boolean = false;
|
|
30
|
-
public static var USER_CERTIFICATE:String;
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
private var cert:ByteArray; // Local Cert
|
|
34
|
-
private var key:RSAKey; // local key
|
|
35
|
-
private var entity:uint; // SERVER | CLIENT
|
|
36
|
-
private var bulkCipher:uint; // BULK_CIPHER_*
|
|
37
|
-
private var cipherType:uint; // STREAM_CIPHER | BLOCK_CIPHER
|
|
38
|
-
private var keySize:uint;
|
|
39
|
-
private var keyMaterialLength:uint;
|
|
40
|
-
private var IVSize:uint;
|
|
41
|
-
private var macAlgorithm:uint; // MAC_*
|
|
42
|
-
private var hashSize:uint;
|
|
43
|
-
private var compression:uint; // COMPRESSION_NULL
|
|
44
|
-
private var masterSecret:ByteArray; // 48 bytes
|
|
45
|
-
private var clientRandom:ByteArray; // 32 bytes
|
|
46
|
-
private var serverRandom:ByteArray; // 32 bytes
|
|
47
|
-
private var ignoreCNMismatch:Boolean = true;
|
|
48
|
-
private var trustAllCerts:Boolean = false;
|
|
49
|
-
private var trustSelfSigned:Boolean = false;
|
|
50
|
-
public static const PROTOCOL_VERSION:uint = 0x0301;
|
|
51
|
-
private var tlsDebug:Boolean = false;
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
// not strictly speaking part of this, but yeah.
|
|
55
|
-
public var keyExchange:uint;
|
|
56
|
-
public function TLSSecurityParameters(entity:uint, localCert:ByteArray = null, localKey:RSAKey = null) {
|
|
57
|
-
this.entity = entity;
|
|
58
|
-
reset();
|
|
59
|
-
key = localKey;
|
|
60
|
-
cert = localCert;
|
|
61
|
-
}
|
|
62
|
-
|
|
63
|
-
public function get version() : uint {
|
|
64
|
-
return PROTOCOL_VERSION;
|
|
65
|
-
}
|
|
66
|
-
|
|
67
|
-
public function reset():void {
|
|
68
|
-
bulkCipher = BulkCiphers.NULL;
|
|
69
|
-
cipherType = BulkCiphers.BLOCK_CIPHER;
|
|
70
|
-
macAlgorithm = MACs.NULL;
|
|
71
|
-
compression = COMPRESSION_NULL;
|
|
72
|
-
masterSecret = null;
|
|
73
|
-
}
|
|
74
|
-
|
|
75
|
-
public function getBulkCipher():uint {
|
|
76
|
-
return bulkCipher;
|
|
77
|
-
}
|
|
78
|
-
public function getCipherType():uint {
|
|
79
|
-
return cipherType;
|
|
80
|
-
}
|
|
81
|
-
public function getMacAlgorithm():uint {
|
|
82
|
-
return macAlgorithm;
|
|
83
|
-
}
|
|
84
|
-
|
|
85
|
-
public function setCipher(cipher:uint):void {
|
|
86
|
-
bulkCipher = CipherSuites.getBulkCipher(cipher);
|
|
87
|
-
cipherType = BulkCiphers.getType(bulkCipher);
|
|
88
|
-
keySize = BulkCiphers.getExpandedKeyBytes(bulkCipher); // 8
|
|
89
|
-
keyMaterialLength = BulkCiphers.getKeyBytes(bulkCipher); // 5
|
|
90
|
-
IVSize = BulkCiphers.getIVSize(bulkCipher);
|
|
91
|
-
|
|
92
|
-
keyExchange = CipherSuites.getKeyExchange(cipher);
|
|
93
|
-
|
|
94
|
-
macAlgorithm = CipherSuites.getMac(cipher);
|
|
95
|
-
hashSize = MACs.getHashSize(macAlgorithm);
|
|
96
|
-
}
|
|
97
|
-
public function setCompression(algo:uint):void {
|
|
98
|
-
compression = algo;
|
|
99
|
-
}
|
|
100
|
-
public function setPreMasterSecret(secret:ByteArray):void {
|
|
101
|
-
// compute master_secret
|
|
102
|
-
var seed:ByteArray = new ByteArray;
|
|
103
|
-
seed.writeBytes(clientRandom, 0, clientRandom.length);
|
|
104
|
-
seed.writeBytes(serverRandom, 0, serverRandom.length);
|
|
105
|
-
var prf:TLSPRF = new TLSPRF(secret, "master secret", seed);
|
|
106
|
-
masterSecret = new ByteArray;
|
|
107
|
-
prf.nextBytes(masterSecret, 48);
|
|
108
|
-
if (tlsDebug)
|
|
109
|
-
trace("Master Secret: " + Hex.fromArray( masterSecret, true ));
|
|
110
|
-
}
|
|
111
|
-
public function setClientRandom(secret:ByteArray):void {
|
|
112
|
-
clientRandom = secret;
|
|
113
|
-
}
|
|
114
|
-
public function setServerRandom(secret:ByteArray):void {
|
|
115
|
-
serverRandom = secret;
|
|
116
|
-
}
|
|
117
|
-
|
|
118
|
-
public function get useRSA():Boolean {
|
|
119
|
-
return KeyExchanges.useRSA(keyExchange);
|
|
120
|
-
}
|
|
121
|
-
|
|
122
|
-
public function computeVerifyData(side:uint, handshakeMessages:ByteArray):ByteArray {
|
|
123
|
-
var seed:ByteArray = new ByteArray;
|
|
124
|
-
var md5:MD5 = new MD5;
|
|
125
|
-
if (tlsDebug)
|
|
126
|
-
trace("Handshake value: " + Hex.fromArray(handshakeMessages, true ));
|
|
127
|
-
seed.writeBytes(md5.hash(handshakeMessages),0,md5.getHashSize());
|
|
128
|
-
var sha:SHA1 = new SHA1;
|
|
129
|
-
seed.writeBytes(sha.hash(handshakeMessages),0,sha.getHashSize());
|
|
130
|
-
if (tlsDebug)
|
|
131
|
-
trace("Seed in: " + Hex.fromArray(seed, true ));
|
|
132
|
-
var prf:TLSPRF = new TLSPRF(masterSecret, (side==TLSEngine.CLIENT) ? "client finished" : "server finished", seed);
|
|
133
|
-
var out:ByteArray = new ByteArray;
|
|
134
|
-
prf.nextBytes(out, 12);
|
|
135
|
-
if (tlsDebug)
|
|
136
|
-
trace("Finished out: " + Hex.fromArray(out, true ));
|
|
137
|
-
out.position = 0;
|
|
138
|
-
return out;
|
|
139
|
-
}
|
|
140
|
-
|
|
141
|
-
// client side certficate check - This is probably incorrect somehow
|
|
142
|
-
public function computeCertificateVerify( side:uint, handshakeMessages:ByteArray ):ByteArray {
|
|
143
|
-
var seed:ByteArray = new ByteArray;
|
|
144
|
-
var md5:MD5 = new MD5;
|
|
145
|
-
seed.writeBytes(md5.hash(handshakeMessages),0,md5.getHashSize());
|
|
146
|
-
var sha:SHA1 = new SHA1;
|
|
147
|
-
seed.writeBytes(sha.hash(handshakeMessages),0,sha.getHashSize());
|
|
148
|
-
|
|
149
|
-
// Now that I have my hashes of existing handshake messages (which I'm not sure about the length of yet) then
|
|
150
|
-
// Sign that with my private key
|
|
151
|
-
seed.position = 0;
|
|
152
|
-
var out:ByteArray = new ByteArray();
|
|
153
|
-
key.sign( seed, out, seed.bytesAvailable);
|
|
154
|
-
out.position = 0;
|
|
155
|
-
return out;
|
|
156
|
-
}
|
|
157
|
-
|
|
158
|
-
public function getConnectionStates():Object {
|
|
159
|
-
if (masterSecret != null) {
|
|
160
|
-
var seed:ByteArray = new ByteArray;
|
|
161
|
-
seed.writeBytes(serverRandom, 0, serverRandom.length);
|
|
162
|
-
seed.writeBytes(clientRandom, 0, clientRandom.length);
|
|
163
|
-
var prf:TLSPRF = new TLSPRF(masterSecret, "key expansion", seed);
|
|
164
|
-
|
|
165
|
-
var client_write_MAC:ByteArray = new ByteArray;
|
|
166
|
-
prf.nextBytes(client_write_MAC, hashSize);
|
|
167
|
-
var server_write_MAC:ByteArray = new ByteArray;
|
|
168
|
-
prf.nextBytes(server_write_MAC, hashSize);
|
|
169
|
-
var client_write_key:ByteArray = new ByteArray;
|
|
170
|
-
prf.nextBytes(client_write_key, keyMaterialLength);
|
|
171
|
-
var server_write_key:ByteArray = new ByteArray;
|
|
172
|
-
prf.nextBytes(server_write_key, keyMaterialLength);
|
|
173
|
-
var client_write_IV:ByteArray = new ByteArray;
|
|
174
|
-
prf.nextBytes(client_write_IV, IVSize);
|
|
175
|
-
var server_write_IV:ByteArray = new ByteArray;
|
|
176
|
-
prf.nextBytes(server_write_IV, IVSize);
|
|
177
|
-
|
|
178
|
-
var client_write:TLSConnectionState = new TLSConnectionState(
|
|
179
|
-
bulkCipher, cipherType, macAlgorithm,
|
|
180
|
-
client_write_MAC, client_write_key, client_write_IV);
|
|
181
|
-
var server_write:TLSConnectionState = new TLSConnectionState(
|
|
182
|
-
bulkCipher, cipherType, macAlgorithm,
|
|
183
|
-
server_write_MAC, server_write_key, server_write_IV);
|
|
184
|
-
|
|
185
|
-
if (entity == TLSEngine.CLIENT) {
|
|
186
|
-
return {read:server_write, write:client_write};
|
|
187
|
-
} else {
|
|
188
|
-
return {read:client_write, write:server_write};
|
|
189
|
-
}
|
|
190
|
-
|
|
191
|
-
} else {
|
|
192
|
-
return {read:new TLSConnectionState, write:new TLSConnectionState};
|
|
193
|
-
}
|
|
194
|
-
}
|
|
195
|
-
|
|
196
|
-
}
|
|
197
|
-
}
|
|
@@ -1,370 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* TLSSocket
|
|
3
|
-
*
|
|
4
|
-
* This is the "end-user" TLS class.
|
|
5
|
-
* It works just like a Socket, by encapsulating a Socket and
|
|
6
|
-
* wrapping the TLS protocol around the data that passes over it.
|
|
7
|
-
* This class can either create a socket connection, or reuse an
|
|
8
|
-
* existing connected socket. The later is useful for STARTTLS flows.
|
|
9
|
-
*
|
|
10
|
-
* Copyright (c) 2007 Henri Torgemane
|
|
11
|
-
*
|
|
12
|
-
* See LICENSE.txt for full license information.
|
|
13
|
-
*/
|
|
14
|
-
package com.hurlant.crypto.tls {
|
|
15
|
-
import flash.events.Event;
|
|
16
|
-
import flash.events.EventDispatcher;
|
|
17
|
-
import flash.events.IOErrorEvent;
|
|
18
|
-
import flash.events.ProgressEvent;
|
|
19
|
-
import flash.events.SecurityErrorEvent;
|
|
20
|
-
import flash.net.ObjectEncoding;
|
|
21
|
-
import flash.net.Socket;
|
|
22
|
-
import flash.utils.ByteArray;
|
|
23
|
-
import flash.utils.Endian;
|
|
24
|
-
import flash.utils.IDataInput;
|
|
25
|
-
import flash.utils.IDataOutput;
|
|
26
|
-
import flash.utils.clearTimeout;
|
|
27
|
-
import flash.utils.setTimeout;
|
|
28
|
-
import com.hurlant.crypto.cert.X509Certificate;
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
[Event(name="close", type="flash.events.Event")]
|
|
32
|
-
[Event(name="connect", type="flash.events.Event")]
|
|
33
|
-
[Event(name="ioError", type="flash.events.IOErrorEvent")]
|
|
34
|
-
[Event(name="securityError", type="flash.events.SecurityErrorEvent")]
|
|
35
|
-
[Event(name="socketData", type="flash.events.ProgressEvent")]
|
|
36
|
-
[Event(name="acceptPeerCertificatePrompt", type="flash.events.Event")]
|
|
37
|
-
|
|
38
|
-
/**
|
|
39
|
-
* It feels like a socket, but it wraps the stream
|
|
40
|
-
* over TLS 1.0
|
|
41
|
-
*
|
|
42
|
-
* That's all.
|
|
43
|
-
*
|
|
44
|
-
*/
|
|
45
|
-
public class TLSSocket extends Socket implements IDataInput, IDataOutput {
|
|
46
|
-
|
|
47
|
-
private var _endian:String;
|
|
48
|
-
private var _objectEncoding:uint;
|
|
49
|
-
|
|
50
|
-
private var _iStream:ByteArray;
|
|
51
|
-
private var _oStream:ByteArray;
|
|
52
|
-
private var _iStream_cursor:uint;
|
|
53
|
-
|
|
54
|
-
private var _socket:Socket;
|
|
55
|
-
private var _config:TLSConfig;
|
|
56
|
-
private var _engine:TLSEngine;
|
|
57
|
-
public static const ACCEPT_PEER_CERT_PROMPT:String = "acceptPeerCertificatePrompt"
|
|
58
|
-
|
|
59
|
-
public function TLSSocket(host:String = null, port:int = 0, config:TLSConfig = null) {
|
|
60
|
-
_config = config;
|
|
61
|
-
if (host!=null && port!=0) {
|
|
62
|
-
connect(host, port);
|
|
63
|
-
}
|
|
64
|
-
}
|
|
65
|
-
|
|
66
|
-
override public function get bytesAvailable():uint {
|
|
67
|
-
return _iStream.bytesAvailable;
|
|
68
|
-
}
|
|
69
|
-
override public function get connected():Boolean {
|
|
70
|
-
return _socket.connected;
|
|
71
|
-
}
|
|
72
|
-
override public function get endian():String {
|
|
73
|
-
return _endian;
|
|
74
|
-
}
|
|
75
|
-
override public function set endian(value:String):void {
|
|
76
|
-
_endian = value;
|
|
77
|
-
_iStream.endian = value;
|
|
78
|
-
_oStream.endian = value;
|
|
79
|
-
}
|
|
80
|
-
override public function get objectEncoding():uint {
|
|
81
|
-
return _objectEncoding;
|
|
82
|
-
}
|
|
83
|
-
override public function set objectEncoding(value:uint):void {
|
|
84
|
-
_objectEncoding = value;
|
|
85
|
-
_iStream.objectEncoding = value;
|
|
86
|
-
_oStream.objectEncoding = value;
|
|
87
|
-
}
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
private function onTLSData(event:TLSEvent):void {
|
|
91
|
-
if (_iStream.position == _iStream.length) {
|
|
92
|
-
_iStream.position = 0;
|
|
93
|
-
_iStream.length = 0;
|
|
94
|
-
_iStream_cursor = 0;
|
|
95
|
-
}
|
|
96
|
-
var cursor:uint = _iStream.position;
|
|
97
|
-
_iStream.position = _iStream_cursor;
|
|
98
|
-
_iStream.writeBytes(event.data);
|
|
99
|
-
_iStream_cursor = _iStream.position;
|
|
100
|
-
_iStream.position = cursor;
|
|
101
|
-
dispatchEvent(new ProgressEvent(ProgressEvent.SOCKET_DATA, false, false, event.data.length));
|
|
102
|
-
}
|
|
103
|
-
|
|
104
|
-
private function onTLSReady(event:TLSEvent):void {
|
|
105
|
-
_ready = true;
|
|
106
|
-
scheduleWrite();
|
|
107
|
-
}
|
|
108
|
-
|
|
109
|
-
private function onTLSClose(event:Event):void {
|
|
110
|
-
dispatchEvent(event);
|
|
111
|
-
// trace("Received TLS close");
|
|
112
|
-
close();
|
|
113
|
-
}
|
|
114
|
-
|
|
115
|
-
private var _ready:Boolean;
|
|
116
|
-
private var _writeScheduler:uint;
|
|
117
|
-
private function scheduleWrite():void {
|
|
118
|
-
if (_writeScheduler!=0) return;
|
|
119
|
-
_writeScheduler = setTimeout(commitWrite, 0);
|
|
120
|
-
}
|
|
121
|
-
private function commitWrite():void {
|
|
122
|
-
clearTimeout(_writeScheduler);
|
|
123
|
-
_writeScheduler = 0;
|
|
124
|
-
if (_ready) {
|
|
125
|
-
_engine.sendApplicationData(_oStream);
|
|
126
|
-
_oStream.length = 0;
|
|
127
|
-
}
|
|
128
|
-
}
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
override public function close():void {
|
|
132
|
-
_ready = false;
|
|
133
|
-
_engine.close();
|
|
134
|
-
if (_socket.connected) {
|
|
135
|
-
_socket.flush();
|
|
136
|
-
_socket.close();
|
|
137
|
-
}
|
|
138
|
-
}
|
|
139
|
-
public function setTLSConfig( config:TLSConfig) : void {
|
|
140
|
-
_config = config;
|
|
141
|
-
}
|
|
142
|
-
|
|
143
|
-
override public function connect(host:String, port:int):void {
|
|
144
|
-
init(new Socket, _config, host);
|
|
145
|
-
_socket.connect(host, port);
|
|
146
|
-
_engine.start();
|
|
147
|
-
}
|
|
148
|
-
|
|
149
|
-
public function releaseSocket() : void {
|
|
150
|
-
_socket.removeEventListener(Event.CONNECT, dispatchEvent);
|
|
151
|
-
_socket.removeEventListener(IOErrorEvent.IO_ERROR, dispatchEvent);
|
|
152
|
-
_socket.removeEventListener(SecurityErrorEvent.SECURITY_ERROR, dispatchEvent);
|
|
153
|
-
_socket.removeEventListener(Event.CLOSE, dispatchEvent);
|
|
154
|
-
_socket.removeEventListener(ProgressEvent.SOCKET_DATA, _engine.dataAvailable);
|
|
155
|
-
_socket = null;
|
|
156
|
-
}
|
|
157
|
-
|
|
158
|
-
public function reinitialize(host:String, config:TLSConfig) : void {
|
|
159
|
-
// Reinitialize the connection using new values
|
|
160
|
-
// but re-use the existing socket
|
|
161
|
-
// Doubt this is useful in any valid context other than my specific case (VMWare)
|
|
162
|
-
var ba:ByteArray = new ByteArray;
|
|
163
|
-
|
|
164
|
-
if (_socket.bytesAvailable > 0) {
|
|
165
|
-
_socket.readBytes(ba, 0, _socket.bytesAvailable);
|
|
166
|
-
}
|
|
167
|
-
// Do nothing with it.
|
|
168
|
-
_iStream = new ByteArray;
|
|
169
|
-
_oStream = new ByteArray;
|
|
170
|
-
_iStream_cursor = 0;
|
|
171
|
-
objectEncoding = ObjectEncoding.DEFAULT;
|
|
172
|
-
endian = Endian.BIG_ENDIAN;
|
|
173
|
-
/*
|
|
174
|
-
_socket.addEventListener(Event.CONNECT, dispatchEvent);
|
|
175
|
-
_socket.addEventListener(IOErrorEvent.IO_ERROR, dispatchEvent);
|
|
176
|
-
_socket.addEventListener(SecurityErrorEvent.SECURITY_ERROR, dispatchEvent);
|
|
177
|
-
_socket.addEventListener(Event.CLOSE, dispatchEvent);
|
|
178
|
-
*/
|
|
179
|
-
|
|
180
|
-
if (config == null) {
|
|
181
|
-
config = new TLSConfig(TLSEngine.CLIENT);
|
|
182
|
-
}
|
|
183
|
-
|
|
184
|
-
_engine = new TLSEngine(config, _socket, _socket, host);
|
|
185
|
-
_engine.addEventListener(TLSEvent.DATA, onTLSData);
|
|
186
|
-
_engine.addEventListener(TLSEvent.READY, onTLSReady);
|
|
187
|
-
_engine.addEventListener(Event.CLOSE, onTLSClose);
|
|
188
|
-
_engine.addEventListener(ProgressEvent.SOCKET_DATA, function(e:*):void { _socket.flush(); });
|
|
189
|
-
_socket.addEventListener(ProgressEvent.SOCKET_DATA, _engine.dataAvailable);
|
|
190
|
-
_engine.addEventListener( TLSEvent.PROMPT_ACCEPT_CERT, onAcceptCert );
|
|
191
|
-
|
|
192
|
-
_ready = false;
|
|
193
|
-
_engine.start();
|
|
194
|
-
}
|
|
195
|
-
|
|
196
|
-
public function startTLS(socket:Socket, host:String, config:TLSConfig = null):void {
|
|
197
|
-
if (!socket.connected) {
|
|
198
|
-
throw new Error("Cannot STARTTLS on a socket that isn't connected.");
|
|
199
|
-
}
|
|
200
|
-
init(socket, config, host);
|
|
201
|
-
_engine.start();
|
|
202
|
-
}
|
|
203
|
-
|
|
204
|
-
private function init(socket:Socket, config:TLSConfig, host:String):void {
|
|
205
|
-
_iStream = new ByteArray;
|
|
206
|
-
_oStream = new ByteArray;
|
|
207
|
-
_iStream_cursor = 0;
|
|
208
|
-
objectEncoding = ObjectEncoding.DEFAULT;
|
|
209
|
-
endian = Endian.BIG_ENDIAN;
|
|
210
|
-
_socket = socket;
|
|
211
|
-
_socket.addEventListener(Event.CONNECT, dispatchEvent);
|
|
212
|
-
_socket.addEventListener(IOErrorEvent.IO_ERROR, dispatchEvent);
|
|
213
|
-
_socket.addEventListener(SecurityErrorEvent.SECURITY_ERROR, dispatchEvent);
|
|
214
|
-
_socket.addEventListener(Event.CLOSE, dispatchEvent);
|
|
215
|
-
|
|
216
|
-
if (config == null) {
|
|
217
|
-
config = new TLSConfig(TLSEngine.CLIENT);
|
|
218
|
-
}
|
|
219
|
-
_engine = new TLSEngine(config, _socket, _socket, host);
|
|
220
|
-
_engine.addEventListener(TLSEvent.DATA, onTLSData);
|
|
221
|
-
_engine.addEventListener( TLSEvent.PROMPT_ACCEPT_CERT, onAcceptCert );
|
|
222
|
-
_engine.addEventListener(TLSEvent.READY, onTLSReady);
|
|
223
|
-
_engine.addEventListener(Event.CLOSE, onTLSClose);
|
|
224
|
-
_engine.addEventListener(ProgressEvent.SOCKET_DATA, function(e:*):void { if(connected) _socket.flush(); });
|
|
225
|
-
_socket.addEventListener(ProgressEvent.SOCKET_DATA, _engine.dataAvailable);
|
|
226
|
-
|
|
227
|
-
_ready = false;
|
|
228
|
-
}
|
|
229
|
-
|
|
230
|
-
override public function flush():void {
|
|
231
|
-
commitWrite();
|
|
232
|
-
_socket.flush();
|
|
233
|
-
}
|
|
234
|
-
|
|
235
|
-
override public function readBoolean():Boolean {
|
|
236
|
-
return _iStream.readBoolean();
|
|
237
|
-
}
|
|
238
|
-
|
|
239
|
-
override public function readByte():int {
|
|
240
|
-
return _iStream.readByte();
|
|
241
|
-
}
|
|
242
|
-
|
|
243
|
-
override public function readBytes(bytes:ByteArray, offset:uint = 0, length:uint = 0):void {
|
|
244
|
-
return _iStream.readBytes(bytes, offset, length);
|
|
245
|
-
}
|
|
246
|
-
|
|
247
|
-
override public function readDouble():Number {
|
|
248
|
-
return _iStream.readDouble();
|
|
249
|
-
}
|
|
250
|
-
|
|
251
|
-
override public function readFloat():Number {
|
|
252
|
-
return _iStream.readFloat();
|
|
253
|
-
}
|
|
254
|
-
|
|
255
|
-
override public function readInt():int {
|
|
256
|
-
return _iStream.readInt();
|
|
257
|
-
}
|
|
258
|
-
|
|
259
|
-
override public function readMultiByte(length:uint, charSet:String):String {
|
|
260
|
-
return _iStream.readMultiByte(length, charSet);
|
|
261
|
-
}
|
|
262
|
-
|
|
263
|
-
override public function readObject():* {
|
|
264
|
-
return _iStream.readObject();
|
|
265
|
-
}
|
|
266
|
-
|
|
267
|
-
override public function readShort():int {
|
|
268
|
-
return _iStream.readShort();
|
|
269
|
-
}
|
|
270
|
-
|
|
271
|
-
override public function readUnsignedByte():uint {
|
|
272
|
-
return _iStream.readUnsignedByte();
|
|
273
|
-
}
|
|
274
|
-
|
|
275
|
-
override public function readUnsignedInt():uint {
|
|
276
|
-
return _iStream.readUnsignedInt();
|
|
277
|
-
}
|
|
278
|
-
|
|
279
|
-
override public function readUnsignedShort():uint {
|
|
280
|
-
return _iStream.readUnsignedShort();
|
|
281
|
-
}
|
|
282
|
-
|
|
283
|
-
override public function readUTF():String {
|
|
284
|
-
return _iStream.readUTF();
|
|
285
|
-
}
|
|
286
|
-
|
|
287
|
-
override public function readUTFBytes(length:uint):String {
|
|
288
|
-
return _iStream.readUTFBytes(length);
|
|
289
|
-
}
|
|
290
|
-
|
|
291
|
-
override public function writeBoolean(value:Boolean):void {
|
|
292
|
-
_oStream.writeBoolean(value);
|
|
293
|
-
scheduleWrite();
|
|
294
|
-
}
|
|
295
|
-
|
|
296
|
-
override public function writeByte(value:int):void {
|
|
297
|
-
_oStream.writeByte(value);
|
|
298
|
-
scheduleWrite();
|
|
299
|
-
}
|
|
300
|
-
|
|
301
|
-
override public function writeBytes(bytes:ByteArray, offset:uint = 0, length:uint = 0):void {
|
|
302
|
-
_oStream.writeBytes(bytes, offset, length);
|
|
303
|
-
scheduleWrite();
|
|
304
|
-
}
|
|
305
|
-
|
|
306
|
-
override public function writeDouble(value:Number):void {
|
|
307
|
-
_oStream.writeDouble(value);
|
|
308
|
-
scheduleWrite();
|
|
309
|
-
}
|
|
310
|
-
|
|
311
|
-
override public function writeFloat(value:Number):void {
|
|
312
|
-
_oStream.writeFloat(value);
|
|
313
|
-
scheduleWrite();
|
|
314
|
-
}
|
|
315
|
-
|
|
316
|
-
override public function writeInt(value:int):void {
|
|
317
|
-
_oStream.writeInt(value);
|
|
318
|
-
scheduleWrite();
|
|
319
|
-
}
|
|
320
|
-
|
|
321
|
-
override public function writeMultiByte(value:String, charSet:String):void {
|
|
322
|
-
_oStream.writeMultiByte(value, charSet);
|
|
323
|
-
scheduleWrite();
|
|
324
|
-
}
|
|
325
|
-
|
|
326
|
-
override public function writeObject(object:*):void {
|
|
327
|
-
_oStream.writeObject(object);
|
|
328
|
-
scheduleWrite();
|
|
329
|
-
}
|
|
330
|
-
|
|
331
|
-
override public function writeShort(value:int):void {
|
|
332
|
-
_oStream.writeShort(value);
|
|
333
|
-
scheduleWrite();
|
|
334
|
-
}
|
|
335
|
-
|
|
336
|
-
override public function writeUnsignedInt(value:uint):void {
|
|
337
|
-
_oStream.writeUnsignedInt(value);
|
|
338
|
-
scheduleWrite();
|
|
339
|
-
}
|
|
340
|
-
|
|
341
|
-
override public function writeUTF(value:String):void {
|
|
342
|
-
_oStream.writeUTF(value);
|
|
343
|
-
scheduleWrite();
|
|
344
|
-
}
|
|
345
|
-
|
|
346
|
-
override public function writeUTFBytes(value:String):void {
|
|
347
|
-
_oStream.writeUTFBytes(value);
|
|
348
|
-
scheduleWrite();
|
|
349
|
-
}
|
|
350
|
-
|
|
351
|
-
public function getPeerCertificate() : X509Certificate {
|
|
352
|
-
return _engine.peerCertificate;
|
|
353
|
-
}
|
|
354
|
-
|
|
355
|
-
public function onAcceptCert( event:TLSEvent ) : void {
|
|
356
|
-
dispatchEvent( new TLSSocketEvent( _engine.peerCertificate ) );
|
|
357
|
-
}
|
|
358
|
-
|
|
359
|
-
// These are just a passthroughs to the engine. Encapsulation, et al
|
|
360
|
-
public function acceptPeerCertificate( event:Event ) : void {
|
|
361
|
-
_engine.acceptPeerCertificate();
|
|
362
|
-
}
|
|
363
|
-
|
|
364
|
-
public function rejectPeerCertificate( event:Event ) : void {
|
|
365
|
-
_engine.rejectPeerCertificate();
|
|
366
|
-
}
|
|
367
|
-
|
|
368
|
-
}
|
|
369
|
-
}
|
|
370
|
-
|