rocket-js 0.0.2 → 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
- data/Rakefile +5 -52
- data/spec/ruby/spec_helper.rb +2 -1
- metadata +7 -129
- data/src/vendor/web-socket-js/FABridge.js +0 -604
- data/src/vendor/web-socket-js/README.txt +0 -109
- data/src/vendor/web-socket-js/WebSocketMain.swf +0 -0
- data/src/vendor/web-socket-js/WebSocketMainInsecure.zip +0 -0
- data/src/vendor/web-socket-js/flash-src/WebSocket.as +0 -473
- data/src/vendor/web-socket-js/flash-src/WebSocketMain.as +0 -88
- data/src/vendor/web-socket-js/flash-src/WebSocketMainInsecure.as +0 -19
- data/src/vendor/web-socket-js/flash-src/WebSocketStateEvent.as +0 -32
- data/src/vendor/web-socket-js/flash-src/bridge/FABridge.as +0 -943
- data/src/vendor/web-socket-js/flash-src/build.sh +0 -10
- data/src/vendor/web-socket-js/flash-src/com/adobe/net/proxies/RFC2817Socket.as +0 -204
- data/src/vendor/web-socket-js/flash-src/com/gsolo/encryption/MD5.as +0 -375
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/Crypto.as +0 -287
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/cert/MozillaRootCertificates.as +0 -3235
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/cert/X509Certificate.as +0 -218
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/cert/X509CertificateCollection.as +0 -57
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/HMAC.as +0 -82
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/IHMAC.as +0 -27
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/IHash.as +0 -21
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/MAC.as +0 -137
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/MD2.as +0 -124
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/MD5.as +0 -204
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/SHA1.as +0 -106
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/SHA224.as +0 -28
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/SHA256.as +0 -115
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/hash/SHABase.as +0 -71
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/prng/ARC4.as +0 -90
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/prng/IPRNG.as +0 -20
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/prng/Random.as +0 -119
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/prng/TLSPRF.as +0 -142
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/rsa/RSAKey.as +0 -339
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/AESKey.as +0 -2797
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/BlowFishKey.as +0 -375
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/CBCMode.as +0 -55
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/CFB8Mode.as +0 -61
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/CFBMode.as +0 -64
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/CTRMode.as +0 -58
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/DESKey.as +0 -365
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/ECBMode.as +0 -86
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/ICipher.as +0 -21
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/IMode.as +0 -15
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/IPad.as +0 -32
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/IStreamCipher.as +0 -21
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/ISymmetricKey.as +0 -35
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/IVMode.as +0 -110
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/NullPad.as +0 -34
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/OFBMode.as +0 -52
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/PKCS5.as +0 -44
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/SSLPad.as +0 -44
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/SimpleIVMode.as +0 -60
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/TLSPad.as +0 -42
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/TripleDESKey.as +0 -88
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/XTeaKey.as +0 -94
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/aeskey.pl +0 -29
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/symmetric/dump.txt +0 -2304
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/AESKeyTest.as +0 -1220
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/ARC4Test.as +0 -58
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/BigIntegerTest.as +0 -39
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/BlowFishKeyTest.as +0 -148
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/CBCModeTest.as +0 -160
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/CFB8ModeTest.as +0 -71
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/CFBModeTest.as +0 -98
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/CTRModeTest.as +0 -109
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/DESKeyTest.as +0 -112
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/ECBModeTest.as +0 -151
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/HMACTest.as +0 -184
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/ITestHarness.as +0 -20
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/MD2Test.as +0 -56
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/MD5Test.as +0 -58
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/OFBModeTest.as +0 -101
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/RSAKeyTest.as +0 -92
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/SHA1Test.as +0 -198
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/SHA224Test.as +0 -58
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/SHA256Test.as +0 -60
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/TLSPRFTest.as +0 -51
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/TestCase.as +0 -42
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/TripleDESKeyTest.as +0 -59
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tests/XTeaKeyTest.as +0 -66
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/BulkCiphers.as +0 -102
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/CipherSuites.as +0 -117
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/IConnectionState.as +0 -14
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/ISecurityParameters.as +0 -29
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/KeyExchanges.as +0 -24
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/MACs.as +0 -38
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/SSLConnectionState.as +0 -171
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/SSLEvent.as +0 -26
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/SSLSecurityParameters.as +0 -340
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSConfig.as +0 -70
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSConnectionState.as +0 -151
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSEngine.as +0 -895
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSError.as +0 -39
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSEvent.as +0 -27
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSSecurityParameters.as +0 -197
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSSocket.as +0 -370
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSSocketEvent.as +0 -26
- data/src/vendor/web-socket-js/flash-src/com/hurlant/crypto/tls/TLSTest.as +0 -180
- data/src/vendor/web-socket-js/flash-src/com/hurlant/math/BarrettReduction.as +0 -90
- data/src/vendor/web-socket-js/flash-src/com/hurlant/math/BigInteger.as +0 -1543
- data/src/vendor/web-socket-js/flash-src/com/hurlant/math/ClassicReduction.as +0 -35
- data/src/vendor/web-socket-js/flash-src/com/hurlant/math/IReduction.as +0 -11
- data/src/vendor/web-socket-js/flash-src/com/hurlant/math/MontgomeryReduction.as +0 -85
- data/src/vendor/web-socket-js/flash-src/com/hurlant/math/NullReduction.as +0 -34
- data/src/vendor/web-socket-js/flash-src/com/hurlant/math/bi_internal.as +0 -11
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/ArrayUtil.as +0 -25
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/Base64.as +0 -189
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/Hex.as +0 -66
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/Memory.as +0 -28
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/ByteString.as +0 -43
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/DER.as +0 -210
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/IAsn1Type.as +0 -21
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/Integer.as +0 -44
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/OID.as +0 -35
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/ObjectIdentifier.as +0 -112
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/PEM.as +0 -118
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/PrintableString.as +0 -49
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/Sequence.as +0 -90
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/Set.as +0 -27
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/Type.as +0 -94
- data/src/vendor/web-socket-js/flash-src/com/hurlant/util/der/UTCTime.as +0 -60
- data/src/vendor/web-socket-js/sample.html +0 -76
- data/src/vendor/web-socket-js/swfobject.js +0 -4
- data/src/vendor/web-socket-js/web_socket.js +0 -388
|
@@ -1,39 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* TLSError
|
|
3
|
-
*
|
|
4
|
-
* A error that can be thrown when something wrong happens in the TLS protocol.
|
|
5
|
-
* This is handled in TLSEngine by generating a TLS ALERT as appropriate.
|
|
6
|
-
* Copyright (c) 2007 Henri Torgemane
|
|
7
|
-
*
|
|
8
|
-
* See LICENSE.txt for full license information.
|
|
9
|
-
*/
|
|
10
|
-
package com.hurlant.crypto.tls {
|
|
11
|
-
public class TLSError extends Error {
|
|
12
|
-
public static const close_notify:uint = 0;
|
|
13
|
-
public static const unexpected_message:uint = 10;
|
|
14
|
-
public static const bad_record_mac:uint = 20;
|
|
15
|
-
public static const decryption_failed:uint = 21;
|
|
16
|
-
public static const record_overflow:uint = 22;
|
|
17
|
-
public static const decompression_failure:uint = 30;
|
|
18
|
-
public static const handshake_failure:uint = 40;
|
|
19
|
-
public static const bad_certificate:uint = 42;
|
|
20
|
-
public static const unsupported_certificate:uint = 43;
|
|
21
|
-
public static const certificate_revoked:uint = 44;
|
|
22
|
-
public static const certificate_expired:uint = 45;
|
|
23
|
-
public static const certificate_unknown:uint = 46;
|
|
24
|
-
public static const illegal_parameter:uint = 47;
|
|
25
|
-
public static const unknown_ca:uint = 48;
|
|
26
|
-
public static const access_denied:uint = 49;
|
|
27
|
-
public static const decode_error:uint = 50;
|
|
28
|
-
public static const decrypt_error:uint = 51;
|
|
29
|
-
public static const protocol_version:uint = 70;
|
|
30
|
-
public static const insufficient_security:uint = 71;
|
|
31
|
-
public static const internal_error:uint = 80;
|
|
32
|
-
public static const user_canceled:uint = 90;
|
|
33
|
-
public static const no_renegotiation:uint = 100;
|
|
34
|
-
|
|
35
|
-
public function TLSError(message:String, id:int) {
|
|
36
|
-
super(message,id);
|
|
37
|
-
}
|
|
38
|
-
}
|
|
39
|
-
}
|
|
@@ -1,27 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* TLSEvent
|
|
3
|
-
*
|
|
4
|
-
* This is used by TLSEngine to let the application layer know
|
|
5
|
-
* when we're ready for sending, or have received application data
|
|
6
|
-
* Copyright (c) 2007 Henri Torgemane
|
|
7
|
-
*
|
|
8
|
-
* See LICENSE.txt for full license information.
|
|
9
|
-
*/
|
|
10
|
-
package com.hurlant.crypto.tls {
|
|
11
|
-
import flash.events.Event;
|
|
12
|
-
import flash.utils.ByteArray;
|
|
13
|
-
|
|
14
|
-
public class TLSEvent extends Event {
|
|
15
|
-
|
|
16
|
-
static public const DATA:String = "data";
|
|
17
|
-
static public const READY:String = "ready";
|
|
18
|
-
static public const PROMPT_ACCEPT_CERT:String = "promptAcceptCert";
|
|
19
|
-
|
|
20
|
-
public var data:ByteArray;
|
|
21
|
-
|
|
22
|
-
public function TLSEvent(type:String, data:ByteArray = null) {
|
|
23
|
-
this.data = data;
|
|
24
|
-
super(type, false, false);
|
|
25
|
-
}
|
|
26
|
-
}
|
|
27
|
-
}
|
|
@@ -1,197 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* TLSSecurityParameters
|
|
3
|
-
*
|
|
4
|
-
* This class encapsulates all the security parameters that get negotiated
|
|
5
|
-
* during the TLS handshake. It also holds all the key derivation methods.
|
|
6
|
-
* Copyright (c) 2007 Henri Torgemane
|
|
7
|
-
*
|
|
8
|
-
* Patched by Bobby Parker (sh0rtwave@gmail.com)
|
|
9
|
-
*
|
|
10
|
-
* See LICENSE.txt for full license information.
|
|
11
|
-
*/
|
|
12
|
-
package com.hurlant.crypto.tls {
|
|
13
|
-
import com.hurlant.crypto.hash.MD5;
|
|
14
|
-
import com.hurlant.crypto.hash.SHA1;
|
|
15
|
-
import com.hurlant.crypto.prng.TLSPRF;
|
|
16
|
-
import com.hurlant.util.Hex;
|
|
17
|
-
|
|
18
|
-
import flash.utils.ByteArray;
|
|
19
|
-
import com.hurlant.crypto.rsa.RSAKey;
|
|
20
|
-
|
|
21
|
-
public class TLSSecurityParameters implements ISecurityParameters {
|
|
22
|
-
|
|
23
|
-
// COMPRESSION
|
|
24
|
-
public static const COMPRESSION_NULL:uint = 0;
|
|
25
|
-
|
|
26
|
-
// This is probably not smart. Revise this to use all settings from TLSConfig, since this shouldn't really know about
|
|
27
|
-
// user settings, those are best handled from the engine at a session level.
|
|
28
|
-
public static var IGNORE_CN_MISMATCH:Boolean = true;
|
|
29
|
-
public static var ENABLE_USER_CLIENT_CERTIFICATE:Boolean = false;
|
|
30
|
-
public static var USER_CERTIFICATE:String;
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
private var cert:ByteArray; // Local Cert
|
|
34
|
-
private var key:RSAKey; // local key
|
|
35
|
-
private var entity:uint; // SERVER | CLIENT
|
|
36
|
-
private var bulkCipher:uint; // BULK_CIPHER_*
|
|
37
|
-
private var cipherType:uint; // STREAM_CIPHER | BLOCK_CIPHER
|
|
38
|
-
private var keySize:uint;
|
|
39
|
-
private var keyMaterialLength:uint;
|
|
40
|
-
private var IVSize:uint;
|
|
41
|
-
private var macAlgorithm:uint; // MAC_*
|
|
42
|
-
private var hashSize:uint;
|
|
43
|
-
private var compression:uint; // COMPRESSION_NULL
|
|
44
|
-
private var masterSecret:ByteArray; // 48 bytes
|
|
45
|
-
private var clientRandom:ByteArray; // 32 bytes
|
|
46
|
-
private var serverRandom:ByteArray; // 32 bytes
|
|
47
|
-
private var ignoreCNMismatch:Boolean = true;
|
|
48
|
-
private var trustAllCerts:Boolean = false;
|
|
49
|
-
private var trustSelfSigned:Boolean = false;
|
|
50
|
-
public static const PROTOCOL_VERSION:uint = 0x0301;
|
|
51
|
-
private var tlsDebug:Boolean = false;
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
// not strictly speaking part of this, but yeah.
|
|
55
|
-
public var keyExchange:uint;
|
|
56
|
-
public function TLSSecurityParameters(entity:uint, localCert:ByteArray = null, localKey:RSAKey = null) {
|
|
57
|
-
this.entity = entity;
|
|
58
|
-
reset();
|
|
59
|
-
key = localKey;
|
|
60
|
-
cert = localCert;
|
|
61
|
-
}
|
|
62
|
-
|
|
63
|
-
public function get version() : uint {
|
|
64
|
-
return PROTOCOL_VERSION;
|
|
65
|
-
}
|
|
66
|
-
|
|
67
|
-
public function reset():void {
|
|
68
|
-
bulkCipher = BulkCiphers.NULL;
|
|
69
|
-
cipherType = BulkCiphers.BLOCK_CIPHER;
|
|
70
|
-
macAlgorithm = MACs.NULL;
|
|
71
|
-
compression = COMPRESSION_NULL;
|
|
72
|
-
masterSecret = null;
|
|
73
|
-
}
|
|
74
|
-
|
|
75
|
-
public function getBulkCipher():uint {
|
|
76
|
-
return bulkCipher;
|
|
77
|
-
}
|
|
78
|
-
public function getCipherType():uint {
|
|
79
|
-
return cipherType;
|
|
80
|
-
}
|
|
81
|
-
public function getMacAlgorithm():uint {
|
|
82
|
-
return macAlgorithm;
|
|
83
|
-
}
|
|
84
|
-
|
|
85
|
-
public function setCipher(cipher:uint):void {
|
|
86
|
-
bulkCipher = CipherSuites.getBulkCipher(cipher);
|
|
87
|
-
cipherType = BulkCiphers.getType(bulkCipher);
|
|
88
|
-
keySize = BulkCiphers.getExpandedKeyBytes(bulkCipher); // 8
|
|
89
|
-
keyMaterialLength = BulkCiphers.getKeyBytes(bulkCipher); // 5
|
|
90
|
-
IVSize = BulkCiphers.getIVSize(bulkCipher);
|
|
91
|
-
|
|
92
|
-
keyExchange = CipherSuites.getKeyExchange(cipher);
|
|
93
|
-
|
|
94
|
-
macAlgorithm = CipherSuites.getMac(cipher);
|
|
95
|
-
hashSize = MACs.getHashSize(macAlgorithm);
|
|
96
|
-
}
|
|
97
|
-
public function setCompression(algo:uint):void {
|
|
98
|
-
compression = algo;
|
|
99
|
-
}
|
|
100
|
-
public function setPreMasterSecret(secret:ByteArray):void {
|
|
101
|
-
// compute master_secret
|
|
102
|
-
var seed:ByteArray = new ByteArray;
|
|
103
|
-
seed.writeBytes(clientRandom, 0, clientRandom.length);
|
|
104
|
-
seed.writeBytes(serverRandom, 0, serverRandom.length);
|
|
105
|
-
var prf:TLSPRF = new TLSPRF(secret, "master secret", seed);
|
|
106
|
-
masterSecret = new ByteArray;
|
|
107
|
-
prf.nextBytes(masterSecret, 48);
|
|
108
|
-
if (tlsDebug)
|
|
109
|
-
trace("Master Secret: " + Hex.fromArray( masterSecret, true ));
|
|
110
|
-
}
|
|
111
|
-
public function setClientRandom(secret:ByteArray):void {
|
|
112
|
-
clientRandom = secret;
|
|
113
|
-
}
|
|
114
|
-
public function setServerRandom(secret:ByteArray):void {
|
|
115
|
-
serverRandom = secret;
|
|
116
|
-
}
|
|
117
|
-
|
|
118
|
-
public function get useRSA():Boolean {
|
|
119
|
-
return KeyExchanges.useRSA(keyExchange);
|
|
120
|
-
}
|
|
121
|
-
|
|
122
|
-
public function computeVerifyData(side:uint, handshakeMessages:ByteArray):ByteArray {
|
|
123
|
-
var seed:ByteArray = new ByteArray;
|
|
124
|
-
var md5:MD5 = new MD5;
|
|
125
|
-
if (tlsDebug)
|
|
126
|
-
trace("Handshake value: " + Hex.fromArray(handshakeMessages, true ));
|
|
127
|
-
seed.writeBytes(md5.hash(handshakeMessages),0,md5.getHashSize());
|
|
128
|
-
var sha:SHA1 = new SHA1;
|
|
129
|
-
seed.writeBytes(sha.hash(handshakeMessages),0,sha.getHashSize());
|
|
130
|
-
if (tlsDebug)
|
|
131
|
-
trace("Seed in: " + Hex.fromArray(seed, true ));
|
|
132
|
-
var prf:TLSPRF = new TLSPRF(masterSecret, (side==TLSEngine.CLIENT) ? "client finished" : "server finished", seed);
|
|
133
|
-
var out:ByteArray = new ByteArray;
|
|
134
|
-
prf.nextBytes(out, 12);
|
|
135
|
-
if (tlsDebug)
|
|
136
|
-
trace("Finished out: " + Hex.fromArray(out, true ));
|
|
137
|
-
out.position = 0;
|
|
138
|
-
return out;
|
|
139
|
-
}
|
|
140
|
-
|
|
141
|
-
// client side certficate check - This is probably incorrect somehow
|
|
142
|
-
public function computeCertificateVerify( side:uint, handshakeMessages:ByteArray ):ByteArray {
|
|
143
|
-
var seed:ByteArray = new ByteArray;
|
|
144
|
-
var md5:MD5 = new MD5;
|
|
145
|
-
seed.writeBytes(md5.hash(handshakeMessages),0,md5.getHashSize());
|
|
146
|
-
var sha:SHA1 = new SHA1;
|
|
147
|
-
seed.writeBytes(sha.hash(handshakeMessages),0,sha.getHashSize());
|
|
148
|
-
|
|
149
|
-
// Now that I have my hashes of existing handshake messages (which I'm not sure about the length of yet) then
|
|
150
|
-
// Sign that with my private key
|
|
151
|
-
seed.position = 0;
|
|
152
|
-
var out:ByteArray = new ByteArray();
|
|
153
|
-
key.sign( seed, out, seed.bytesAvailable);
|
|
154
|
-
out.position = 0;
|
|
155
|
-
return out;
|
|
156
|
-
}
|
|
157
|
-
|
|
158
|
-
public function getConnectionStates():Object {
|
|
159
|
-
if (masterSecret != null) {
|
|
160
|
-
var seed:ByteArray = new ByteArray;
|
|
161
|
-
seed.writeBytes(serverRandom, 0, serverRandom.length);
|
|
162
|
-
seed.writeBytes(clientRandom, 0, clientRandom.length);
|
|
163
|
-
var prf:TLSPRF = new TLSPRF(masterSecret, "key expansion", seed);
|
|
164
|
-
|
|
165
|
-
var client_write_MAC:ByteArray = new ByteArray;
|
|
166
|
-
prf.nextBytes(client_write_MAC, hashSize);
|
|
167
|
-
var server_write_MAC:ByteArray = new ByteArray;
|
|
168
|
-
prf.nextBytes(server_write_MAC, hashSize);
|
|
169
|
-
var client_write_key:ByteArray = new ByteArray;
|
|
170
|
-
prf.nextBytes(client_write_key, keyMaterialLength);
|
|
171
|
-
var server_write_key:ByteArray = new ByteArray;
|
|
172
|
-
prf.nextBytes(server_write_key, keyMaterialLength);
|
|
173
|
-
var client_write_IV:ByteArray = new ByteArray;
|
|
174
|
-
prf.nextBytes(client_write_IV, IVSize);
|
|
175
|
-
var server_write_IV:ByteArray = new ByteArray;
|
|
176
|
-
prf.nextBytes(server_write_IV, IVSize);
|
|
177
|
-
|
|
178
|
-
var client_write:TLSConnectionState = new TLSConnectionState(
|
|
179
|
-
bulkCipher, cipherType, macAlgorithm,
|
|
180
|
-
client_write_MAC, client_write_key, client_write_IV);
|
|
181
|
-
var server_write:TLSConnectionState = new TLSConnectionState(
|
|
182
|
-
bulkCipher, cipherType, macAlgorithm,
|
|
183
|
-
server_write_MAC, server_write_key, server_write_IV);
|
|
184
|
-
|
|
185
|
-
if (entity == TLSEngine.CLIENT) {
|
|
186
|
-
return {read:server_write, write:client_write};
|
|
187
|
-
} else {
|
|
188
|
-
return {read:client_write, write:server_write};
|
|
189
|
-
}
|
|
190
|
-
|
|
191
|
-
} else {
|
|
192
|
-
return {read:new TLSConnectionState, write:new TLSConnectionState};
|
|
193
|
-
}
|
|
194
|
-
}
|
|
195
|
-
|
|
196
|
-
}
|
|
197
|
-
}
|
|
@@ -1,370 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* TLSSocket
|
|
3
|
-
*
|
|
4
|
-
* This is the "end-user" TLS class.
|
|
5
|
-
* It works just like a Socket, by encapsulating a Socket and
|
|
6
|
-
* wrapping the TLS protocol around the data that passes over it.
|
|
7
|
-
* This class can either create a socket connection, or reuse an
|
|
8
|
-
* existing connected socket. The later is useful for STARTTLS flows.
|
|
9
|
-
*
|
|
10
|
-
* Copyright (c) 2007 Henri Torgemane
|
|
11
|
-
*
|
|
12
|
-
* See LICENSE.txt for full license information.
|
|
13
|
-
*/
|
|
14
|
-
package com.hurlant.crypto.tls {
|
|
15
|
-
import flash.events.Event;
|
|
16
|
-
import flash.events.EventDispatcher;
|
|
17
|
-
import flash.events.IOErrorEvent;
|
|
18
|
-
import flash.events.ProgressEvent;
|
|
19
|
-
import flash.events.SecurityErrorEvent;
|
|
20
|
-
import flash.net.ObjectEncoding;
|
|
21
|
-
import flash.net.Socket;
|
|
22
|
-
import flash.utils.ByteArray;
|
|
23
|
-
import flash.utils.Endian;
|
|
24
|
-
import flash.utils.IDataInput;
|
|
25
|
-
import flash.utils.IDataOutput;
|
|
26
|
-
import flash.utils.clearTimeout;
|
|
27
|
-
import flash.utils.setTimeout;
|
|
28
|
-
import com.hurlant.crypto.cert.X509Certificate;
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
[Event(name="close", type="flash.events.Event")]
|
|
32
|
-
[Event(name="connect", type="flash.events.Event")]
|
|
33
|
-
[Event(name="ioError", type="flash.events.IOErrorEvent")]
|
|
34
|
-
[Event(name="securityError", type="flash.events.SecurityErrorEvent")]
|
|
35
|
-
[Event(name="socketData", type="flash.events.ProgressEvent")]
|
|
36
|
-
[Event(name="acceptPeerCertificatePrompt", type="flash.events.Event")]
|
|
37
|
-
|
|
38
|
-
/**
|
|
39
|
-
* It feels like a socket, but it wraps the stream
|
|
40
|
-
* over TLS 1.0
|
|
41
|
-
*
|
|
42
|
-
* That's all.
|
|
43
|
-
*
|
|
44
|
-
*/
|
|
45
|
-
public class TLSSocket extends Socket implements IDataInput, IDataOutput {
|
|
46
|
-
|
|
47
|
-
private var _endian:String;
|
|
48
|
-
private var _objectEncoding:uint;
|
|
49
|
-
|
|
50
|
-
private var _iStream:ByteArray;
|
|
51
|
-
private var _oStream:ByteArray;
|
|
52
|
-
private var _iStream_cursor:uint;
|
|
53
|
-
|
|
54
|
-
private var _socket:Socket;
|
|
55
|
-
private var _config:TLSConfig;
|
|
56
|
-
private var _engine:TLSEngine;
|
|
57
|
-
public static const ACCEPT_PEER_CERT_PROMPT:String = "acceptPeerCertificatePrompt"
|
|
58
|
-
|
|
59
|
-
public function TLSSocket(host:String = null, port:int = 0, config:TLSConfig = null) {
|
|
60
|
-
_config = config;
|
|
61
|
-
if (host!=null && port!=0) {
|
|
62
|
-
connect(host, port);
|
|
63
|
-
}
|
|
64
|
-
}
|
|
65
|
-
|
|
66
|
-
override public function get bytesAvailable():uint {
|
|
67
|
-
return _iStream.bytesAvailable;
|
|
68
|
-
}
|
|
69
|
-
override public function get connected():Boolean {
|
|
70
|
-
return _socket.connected;
|
|
71
|
-
}
|
|
72
|
-
override public function get endian():String {
|
|
73
|
-
return _endian;
|
|
74
|
-
}
|
|
75
|
-
override public function set endian(value:String):void {
|
|
76
|
-
_endian = value;
|
|
77
|
-
_iStream.endian = value;
|
|
78
|
-
_oStream.endian = value;
|
|
79
|
-
}
|
|
80
|
-
override public function get objectEncoding():uint {
|
|
81
|
-
return _objectEncoding;
|
|
82
|
-
}
|
|
83
|
-
override public function set objectEncoding(value:uint):void {
|
|
84
|
-
_objectEncoding = value;
|
|
85
|
-
_iStream.objectEncoding = value;
|
|
86
|
-
_oStream.objectEncoding = value;
|
|
87
|
-
}
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
private function onTLSData(event:TLSEvent):void {
|
|
91
|
-
if (_iStream.position == _iStream.length) {
|
|
92
|
-
_iStream.position = 0;
|
|
93
|
-
_iStream.length = 0;
|
|
94
|
-
_iStream_cursor = 0;
|
|
95
|
-
}
|
|
96
|
-
var cursor:uint = _iStream.position;
|
|
97
|
-
_iStream.position = _iStream_cursor;
|
|
98
|
-
_iStream.writeBytes(event.data);
|
|
99
|
-
_iStream_cursor = _iStream.position;
|
|
100
|
-
_iStream.position = cursor;
|
|
101
|
-
dispatchEvent(new ProgressEvent(ProgressEvent.SOCKET_DATA, false, false, event.data.length));
|
|
102
|
-
}
|
|
103
|
-
|
|
104
|
-
private function onTLSReady(event:TLSEvent):void {
|
|
105
|
-
_ready = true;
|
|
106
|
-
scheduleWrite();
|
|
107
|
-
}
|
|
108
|
-
|
|
109
|
-
private function onTLSClose(event:Event):void {
|
|
110
|
-
dispatchEvent(event);
|
|
111
|
-
// trace("Received TLS close");
|
|
112
|
-
close();
|
|
113
|
-
}
|
|
114
|
-
|
|
115
|
-
private var _ready:Boolean;
|
|
116
|
-
private var _writeScheduler:uint;
|
|
117
|
-
private function scheduleWrite():void {
|
|
118
|
-
if (_writeScheduler!=0) return;
|
|
119
|
-
_writeScheduler = setTimeout(commitWrite, 0);
|
|
120
|
-
}
|
|
121
|
-
private function commitWrite():void {
|
|
122
|
-
clearTimeout(_writeScheduler);
|
|
123
|
-
_writeScheduler = 0;
|
|
124
|
-
if (_ready) {
|
|
125
|
-
_engine.sendApplicationData(_oStream);
|
|
126
|
-
_oStream.length = 0;
|
|
127
|
-
}
|
|
128
|
-
}
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
override public function close():void {
|
|
132
|
-
_ready = false;
|
|
133
|
-
_engine.close();
|
|
134
|
-
if (_socket.connected) {
|
|
135
|
-
_socket.flush();
|
|
136
|
-
_socket.close();
|
|
137
|
-
}
|
|
138
|
-
}
|
|
139
|
-
public function setTLSConfig( config:TLSConfig) : void {
|
|
140
|
-
_config = config;
|
|
141
|
-
}
|
|
142
|
-
|
|
143
|
-
override public function connect(host:String, port:int):void {
|
|
144
|
-
init(new Socket, _config, host);
|
|
145
|
-
_socket.connect(host, port);
|
|
146
|
-
_engine.start();
|
|
147
|
-
}
|
|
148
|
-
|
|
149
|
-
public function releaseSocket() : void {
|
|
150
|
-
_socket.removeEventListener(Event.CONNECT, dispatchEvent);
|
|
151
|
-
_socket.removeEventListener(IOErrorEvent.IO_ERROR, dispatchEvent);
|
|
152
|
-
_socket.removeEventListener(SecurityErrorEvent.SECURITY_ERROR, dispatchEvent);
|
|
153
|
-
_socket.removeEventListener(Event.CLOSE, dispatchEvent);
|
|
154
|
-
_socket.removeEventListener(ProgressEvent.SOCKET_DATA, _engine.dataAvailable);
|
|
155
|
-
_socket = null;
|
|
156
|
-
}
|
|
157
|
-
|
|
158
|
-
public function reinitialize(host:String, config:TLSConfig) : void {
|
|
159
|
-
// Reinitialize the connection using new values
|
|
160
|
-
// but re-use the existing socket
|
|
161
|
-
// Doubt this is useful in any valid context other than my specific case (VMWare)
|
|
162
|
-
var ba:ByteArray = new ByteArray;
|
|
163
|
-
|
|
164
|
-
if (_socket.bytesAvailable > 0) {
|
|
165
|
-
_socket.readBytes(ba, 0, _socket.bytesAvailable);
|
|
166
|
-
}
|
|
167
|
-
// Do nothing with it.
|
|
168
|
-
_iStream = new ByteArray;
|
|
169
|
-
_oStream = new ByteArray;
|
|
170
|
-
_iStream_cursor = 0;
|
|
171
|
-
objectEncoding = ObjectEncoding.DEFAULT;
|
|
172
|
-
endian = Endian.BIG_ENDIAN;
|
|
173
|
-
/*
|
|
174
|
-
_socket.addEventListener(Event.CONNECT, dispatchEvent);
|
|
175
|
-
_socket.addEventListener(IOErrorEvent.IO_ERROR, dispatchEvent);
|
|
176
|
-
_socket.addEventListener(SecurityErrorEvent.SECURITY_ERROR, dispatchEvent);
|
|
177
|
-
_socket.addEventListener(Event.CLOSE, dispatchEvent);
|
|
178
|
-
*/
|
|
179
|
-
|
|
180
|
-
if (config == null) {
|
|
181
|
-
config = new TLSConfig(TLSEngine.CLIENT);
|
|
182
|
-
}
|
|
183
|
-
|
|
184
|
-
_engine = new TLSEngine(config, _socket, _socket, host);
|
|
185
|
-
_engine.addEventListener(TLSEvent.DATA, onTLSData);
|
|
186
|
-
_engine.addEventListener(TLSEvent.READY, onTLSReady);
|
|
187
|
-
_engine.addEventListener(Event.CLOSE, onTLSClose);
|
|
188
|
-
_engine.addEventListener(ProgressEvent.SOCKET_DATA, function(e:*):void { _socket.flush(); });
|
|
189
|
-
_socket.addEventListener(ProgressEvent.SOCKET_DATA, _engine.dataAvailable);
|
|
190
|
-
_engine.addEventListener( TLSEvent.PROMPT_ACCEPT_CERT, onAcceptCert );
|
|
191
|
-
|
|
192
|
-
_ready = false;
|
|
193
|
-
_engine.start();
|
|
194
|
-
}
|
|
195
|
-
|
|
196
|
-
public function startTLS(socket:Socket, host:String, config:TLSConfig = null):void {
|
|
197
|
-
if (!socket.connected) {
|
|
198
|
-
throw new Error("Cannot STARTTLS on a socket that isn't connected.");
|
|
199
|
-
}
|
|
200
|
-
init(socket, config, host);
|
|
201
|
-
_engine.start();
|
|
202
|
-
}
|
|
203
|
-
|
|
204
|
-
private function init(socket:Socket, config:TLSConfig, host:String):void {
|
|
205
|
-
_iStream = new ByteArray;
|
|
206
|
-
_oStream = new ByteArray;
|
|
207
|
-
_iStream_cursor = 0;
|
|
208
|
-
objectEncoding = ObjectEncoding.DEFAULT;
|
|
209
|
-
endian = Endian.BIG_ENDIAN;
|
|
210
|
-
_socket = socket;
|
|
211
|
-
_socket.addEventListener(Event.CONNECT, dispatchEvent);
|
|
212
|
-
_socket.addEventListener(IOErrorEvent.IO_ERROR, dispatchEvent);
|
|
213
|
-
_socket.addEventListener(SecurityErrorEvent.SECURITY_ERROR, dispatchEvent);
|
|
214
|
-
_socket.addEventListener(Event.CLOSE, dispatchEvent);
|
|
215
|
-
|
|
216
|
-
if (config == null) {
|
|
217
|
-
config = new TLSConfig(TLSEngine.CLIENT);
|
|
218
|
-
}
|
|
219
|
-
_engine = new TLSEngine(config, _socket, _socket, host);
|
|
220
|
-
_engine.addEventListener(TLSEvent.DATA, onTLSData);
|
|
221
|
-
_engine.addEventListener( TLSEvent.PROMPT_ACCEPT_CERT, onAcceptCert );
|
|
222
|
-
_engine.addEventListener(TLSEvent.READY, onTLSReady);
|
|
223
|
-
_engine.addEventListener(Event.CLOSE, onTLSClose);
|
|
224
|
-
_engine.addEventListener(ProgressEvent.SOCKET_DATA, function(e:*):void { if(connected) _socket.flush(); });
|
|
225
|
-
_socket.addEventListener(ProgressEvent.SOCKET_DATA, _engine.dataAvailable);
|
|
226
|
-
|
|
227
|
-
_ready = false;
|
|
228
|
-
}
|
|
229
|
-
|
|
230
|
-
override public function flush():void {
|
|
231
|
-
commitWrite();
|
|
232
|
-
_socket.flush();
|
|
233
|
-
}
|
|
234
|
-
|
|
235
|
-
override public function readBoolean():Boolean {
|
|
236
|
-
return _iStream.readBoolean();
|
|
237
|
-
}
|
|
238
|
-
|
|
239
|
-
override public function readByte():int {
|
|
240
|
-
return _iStream.readByte();
|
|
241
|
-
}
|
|
242
|
-
|
|
243
|
-
override public function readBytes(bytes:ByteArray, offset:uint = 0, length:uint = 0):void {
|
|
244
|
-
return _iStream.readBytes(bytes, offset, length);
|
|
245
|
-
}
|
|
246
|
-
|
|
247
|
-
override public function readDouble():Number {
|
|
248
|
-
return _iStream.readDouble();
|
|
249
|
-
}
|
|
250
|
-
|
|
251
|
-
override public function readFloat():Number {
|
|
252
|
-
return _iStream.readFloat();
|
|
253
|
-
}
|
|
254
|
-
|
|
255
|
-
override public function readInt():int {
|
|
256
|
-
return _iStream.readInt();
|
|
257
|
-
}
|
|
258
|
-
|
|
259
|
-
override public function readMultiByte(length:uint, charSet:String):String {
|
|
260
|
-
return _iStream.readMultiByte(length, charSet);
|
|
261
|
-
}
|
|
262
|
-
|
|
263
|
-
override public function readObject():* {
|
|
264
|
-
return _iStream.readObject();
|
|
265
|
-
}
|
|
266
|
-
|
|
267
|
-
override public function readShort():int {
|
|
268
|
-
return _iStream.readShort();
|
|
269
|
-
}
|
|
270
|
-
|
|
271
|
-
override public function readUnsignedByte():uint {
|
|
272
|
-
return _iStream.readUnsignedByte();
|
|
273
|
-
}
|
|
274
|
-
|
|
275
|
-
override public function readUnsignedInt():uint {
|
|
276
|
-
return _iStream.readUnsignedInt();
|
|
277
|
-
}
|
|
278
|
-
|
|
279
|
-
override public function readUnsignedShort():uint {
|
|
280
|
-
return _iStream.readUnsignedShort();
|
|
281
|
-
}
|
|
282
|
-
|
|
283
|
-
override public function readUTF():String {
|
|
284
|
-
return _iStream.readUTF();
|
|
285
|
-
}
|
|
286
|
-
|
|
287
|
-
override public function readUTFBytes(length:uint):String {
|
|
288
|
-
return _iStream.readUTFBytes(length);
|
|
289
|
-
}
|
|
290
|
-
|
|
291
|
-
override public function writeBoolean(value:Boolean):void {
|
|
292
|
-
_oStream.writeBoolean(value);
|
|
293
|
-
scheduleWrite();
|
|
294
|
-
}
|
|
295
|
-
|
|
296
|
-
override public function writeByte(value:int):void {
|
|
297
|
-
_oStream.writeByte(value);
|
|
298
|
-
scheduleWrite();
|
|
299
|
-
}
|
|
300
|
-
|
|
301
|
-
override public function writeBytes(bytes:ByteArray, offset:uint = 0, length:uint = 0):void {
|
|
302
|
-
_oStream.writeBytes(bytes, offset, length);
|
|
303
|
-
scheduleWrite();
|
|
304
|
-
}
|
|
305
|
-
|
|
306
|
-
override public function writeDouble(value:Number):void {
|
|
307
|
-
_oStream.writeDouble(value);
|
|
308
|
-
scheduleWrite();
|
|
309
|
-
}
|
|
310
|
-
|
|
311
|
-
override public function writeFloat(value:Number):void {
|
|
312
|
-
_oStream.writeFloat(value);
|
|
313
|
-
scheduleWrite();
|
|
314
|
-
}
|
|
315
|
-
|
|
316
|
-
override public function writeInt(value:int):void {
|
|
317
|
-
_oStream.writeInt(value);
|
|
318
|
-
scheduleWrite();
|
|
319
|
-
}
|
|
320
|
-
|
|
321
|
-
override public function writeMultiByte(value:String, charSet:String):void {
|
|
322
|
-
_oStream.writeMultiByte(value, charSet);
|
|
323
|
-
scheduleWrite();
|
|
324
|
-
}
|
|
325
|
-
|
|
326
|
-
override public function writeObject(object:*):void {
|
|
327
|
-
_oStream.writeObject(object);
|
|
328
|
-
scheduleWrite();
|
|
329
|
-
}
|
|
330
|
-
|
|
331
|
-
override public function writeShort(value:int):void {
|
|
332
|
-
_oStream.writeShort(value);
|
|
333
|
-
scheduleWrite();
|
|
334
|
-
}
|
|
335
|
-
|
|
336
|
-
override public function writeUnsignedInt(value:uint):void {
|
|
337
|
-
_oStream.writeUnsignedInt(value);
|
|
338
|
-
scheduleWrite();
|
|
339
|
-
}
|
|
340
|
-
|
|
341
|
-
override public function writeUTF(value:String):void {
|
|
342
|
-
_oStream.writeUTF(value);
|
|
343
|
-
scheduleWrite();
|
|
344
|
-
}
|
|
345
|
-
|
|
346
|
-
override public function writeUTFBytes(value:String):void {
|
|
347
|
-
_oStream.writeUTFBytes(value);
|
|
348
|
-
scheduleWrite();
|
|
349
|
-
}
|
|
350
|
-
|
|
351
|
-
public function getPeerCertificate() : X509Certificate {
|
|
352
|
-
return _engine.peerCertificate;
|
|
353
|
-
}
|
|
354
|
-
|
|
355
|
-
public function onAcceptCert( event:TLSEvent ) : void {
|
|
356
|
-
dispatchEvent( new TLSSocketEvent( _engine.peerCertificate ) );
|
|
357
|
-
}
|
|
358
|
-
|
|
359
|
-
// These are just a passthroughs to the engine. Encapsulation, et al
|
|
360
|
-
public function acceptPeerCertificate( event:Event ) : void {
|
|
361
|
-
_engine.acceptPeerCertificate();
|
|
362
|
-
}
|
|
363
|
-
|
|
364
|
-
public function rejectPeerCertificate( event:Event ) : void {
|
|
365
|
-
_engine.rejectPeerCertificate();
|
|
366
|
-
}
|
|
367
|
-
|
|
368
|
-
}
|
|
369
|
-
}
|
|
370
|
-
|