/**
* TLSSocket
*
* This is the "end-user" TLS class.
* It works just like a Socket, by encapsulating a Socket and
* wrapping the TLS protocol around the data that passes over it.
* This class can either create a socket connection, or reuse an
* existing connected socket. The later is useful for STARTTLS flows.
*
* Copyright (c) 2007 Henri Torgemane
*
* See LICENSE.txt for full license information.
*/
package com.hurlant.crypto.tls {
import flash.events.Event;
import flash.events.EventDispatcher;
import flash.events.IOErrorEvent;
import flash.events.ProgressEvent;
import flash.events.SecurityErrorEvent;
import flash.net.ObjectEncoding;
import flash.net.Socket;
import flash.utils.ByteArray;
import flash.utils.Endian;
import flash.utils.IDataInput;
import flash.utils.IDataOutput;
import flash.utils.clearTimeout;
import flash.utils.setTimeout;
import com.hurlant.crypto.cert.X509Certificate;
[Event(name="close", type="flash.events.Event")]
[Event(name="connect", type="flash.events.Event")]
[Event(name="ioError", type="flash.events.IOErrorEvent")]
[Event(name="securityError", type="flash.events.SecurityErrorEvent")]
[Event(name="socketData", type="flash.events.ProgressEvent")]
[Event(name="acceptPeerCertificatePrompt", type="flash.events.Event")]
/**
* It feels like a socket, but it wraps the stream
* over TLS 1.0
*
* That's all.
*
*/
public class TLSSocket extends Socket implements IDataInput, IDataOutput {
private var _endian:String;
private var _objectEncoding:uint;
private var _iStream:ByteArray;
private var _oStream:ByteArray;
private var _iStream_cursor:uint;
private var _socket:Socket;
private var _config:TLSConfig;
private var _engine:TLSEngine;
public static const ACCEPT_PEER_CERT_PROMPT:String = "acceptPeerCertificatePrompt"
public function TLSSocket(host:String = null, port:int = 0, config:TLSConfig = null) {
_config = config;
if (host!=null && port!=0) {
connect(host, port);
}
}
override public function get bytesAvailable():uint {
return _iStream.bytesAvailable;
}
override public function get connected():Boolean {
return _socket.connected;
}
override public function get endian():String {
return _endian;
}
override public function set endian(value:String):void {
_endian = value;
_iStream.endian = value;
_oStream.endian = value;
}
override public function get objectEncoding():uint {
return _objectEncoding;
}
override public function set objectEncoding(value:uint):void {
_objectEncoding = value;
_iStream.objectEncoding = value;
_oStream.objectEncoding = value;
}
private function onTLSData(event:TLSEvent):void {
if (_iStream.position == _iStream.length) {
_iStream.position = 0;
_iStream.length = 0;
_iStream_cursor = 0;
}
var cursor:uint = _iStream.position;
_iStream.position = _iStream_cursor;
_iStream.writeBytes(event.data);
_iStream_cursor = _iStream.position;
_iStream.position = cursor;
dispatchEvent(new ProgressEvent(ProgressEvent.SOCKET_DATA, false, false, event.data.length));
}
private function onTLSReady(event:TLSEvent):void {
_ready = true;
scheduleWrite();
}
private function onTLSClose(event:Event):void {
dispatchEvent(event);
// trace("Received TLS close");
close();
}
private var _ready:Boolean;
private var _writeScheduler:uint;
private function scheduleWrite():void {
if (_writeScheduler!=0) return;
_writeScheduler = setTimeout(commitWrite, 0);
}
private function commitWrite():void {
clearTimeout(_writeScheduler);
_writeScheduler = 0;
if (_ready) {
_engine.sendApplicationData(_oStream);
_oStream.length = 0;
}
}
override public function close():void {
_ready = false;
_engine.close();
if (_socket.connected) {
_socket.flush();
_socket.close();
}
}
public function setTLSConfig( config:TLSConfig) : void {
_config = config;
}
override public function connect(host:String, port:int):void {
init(new Socket, _config, host);
_socket.connect(host, port);
_engine.start();
}
public function releaseSocket() : void {
_socket.removeEventListener(Event.CONNECT, dispatchEvent);
_socket.removeEventListener(IOErrorEvent.IO_ERROR, dispatchEvent);
_socket.removeEventListener(SecurityErrorEvent.SECURITY_ERROR, dispatchEvent);
_socket.removeEventListener(Event.CLOSE, dispatchEvent);
_socket.removeEventListener(ProgressEvent.SOCKET_DATA, _engine.dataAvailable);
_socket = null;
}
public function reinitialize(host:String, config:TLSConfig) : void {
// Reinitialize the connection using new values
// but re-use the existing socket
// Doubt this is useful in any valid context other than my specific case (VMWare)
var ba:ByteArray = new ByteArray;
if (_socket.bytesAvailable > 0) {
_socket.readBytes(ba, 0, _socket.bytesAvailable);
}
// Do nothing with it.
_iStream = new ByteArray;
_oStream = new ByteArray;
_iStream_cursor = 0;
objectEncoding = ObjectEncoding.DEFAULT;
endian = Endian.BIG_ENDIAN;
/*
_socket.addEventListener(Event.CONNECT, dispatchEvent);
_socket.addEventListener(IOErrorEvent.IO_ERROR, dispatchEvent);
_socket.addEventListener(SecurityErrorEvent.SECURITY_ERROR, dispatchEvent);
_socket.addEventListener(Event.CLOSE, dispatchEvent);
*/
if (config == null) {
config = new TLSConfig(TLSEngine.CLIENT);
}
_engine = new TLSEngine(config, _socket, _socket, host);
_engine.addEventListener(TLSEvent.DATA, onTLSData);
_engine.addEventListener(TLSEvent.READY, onTLSReady);
_engine.addEventListener(Event.CLOSE, onTLSClose);
_engine.addEventListener(ProgressEvent.SOCKET_DATA, function(e:*):void { _socket.flush(); });
_socket.addEventListener(ProgressEvent.SOCKET_DATA, _engine.dataAvailable);
_engine.addEventListener( TLSEvent.PROMPT_ACCEPT_CERT, onAcceptCert );
_ready = false;
_engine.start();
}
public function startTLS(socket:Socket, host:String, config:TLSConfig = null):void {
if (!socket.connected) {
throw new Error("Cannot STARTTLS on a socket that isn't connected.");
}
init(socket, config, host);
_engine.start();
}
private function init(socket:Socket, config:TLSConfig, host:String):void {
_iStream = new ByteArray;
_oStream = new ByteArray;
_iStream_cursor = 0;
objectEncoding = ObjectEncoding.DEFAULT;
endian = Endian.BIG_ENDIAN;
_socket = socket;
_socket.addEventListener(Event.CONNECT, dispatchEvent);
_socket.addEventListener(IOErrorEvent.IO_ERROR, dispatchEvent);
_socket.addEventListener(SecurityErrorEvent.SECURITY_ERROR, dispatchEvent);
_socket.addEventListener(Event.CLOSE, dispatchEvent);
if (config == null) {
config = new TLSConfig(TLSEngine.CLIENT);
}
_engine = new TLSEngine(config, _socket, _socket, host);
_engine.addEventListener(TLSEvent.DATA, onTLSData);
_engine.addEventListener( TLSEvent.PROMPT_ACCEPT_CERT, onAcceptCert );
_engine.addEventListener(TLSEvent.READY, onTLSReady);
_engine.addEventListener(Event.CLOSE, onTLSClose);
_engine.addEventListener(ProgressEvent.SOCKET_DATA, function(e:*):void { if(connected) _socket.flush(); });
_socket.addEventListener(ProgressEvent.SOCKET_DATA, _engine.dataAvailable);
_ready = false;
}
override public function flush():void {
commitWrite();
_socket.flush();
}
override public function readBoolean():Boolean {
return _iStream.readBoolean();
}
override public function readByte():int {
return _iStream.readByte();
}
override public function readBytes(bytes:ByteArray, offset:uint = 0, length:uint = 0):void {
return _iStream.readBytes(bytes, offset, length);
}
override public function readDouble():Number {
return _iStream.readDouble();
}
override public function readFloat():Number {
return _iStream.readFloat();
}
override public function readInt():int {
return _iStream.readInt();
}
override public function readMultiByte(length:uint, charSet:String):String {
return _iStream.readMultiByte(length, charSet);
}
override public function readObject():* {
return _iStream.readObject();
}
override public function readShort():int {
return _iStream.readShort();
}
override public function readUnsignedByte():uint {
return _iStream.readUnsignedByte();
}
override public function readUnsignedInt():uint {
return _iStream.readUnsignedInt();
}
override public function readUnsignedShort():uint {
return _iStream.readUnsignedShort();
}
override public function readUTF():String {
return _iStream.readUTF();
}
override public function readUTFBytes(length:uint):String {
return _iStream.readUTFBytes(length);
}
override public function writeBoolean(value:Boolean):void {
_oStream.writeBoolean(value);
scheduleWrite();
}
override public function writeByte(value:int):void {
_oStream.writeByte(value);
scheduleWrite();
}
override public function writeBytes(bytes:ByteArray, offset:uint = 0, length:uint = 0):void {
_oStream.writeBytes(bytes, offset, length);
scheduleWrite();
}
override public function writeDouble(value:Number):void {
_oStream.writeDouble(value);
scheduleWrite();
}
override public function writeFloat(value:Number):void {
_oStream.writeFloat(value);
scheduleWrite();
}
override public function writeInt(value:int):void {
_oStream.writeInt(value);
scheduleWrite();
}
override public function writeMultiByte(value:String, charSet:String):void {
_oStream.writeMultiByte(value, charSet);
scheduleWrite();
}
override public function writeObject(object:*):void {
_oStream.writeObject(object);
scheduleWrite();
}
override public function writeShort(value:int):void {
_oStream.writeShort(value);
scheduleWrite();
}
override public function writeUnsignedInt(value:uint):void {
_oStream.writeUnsignedInt(value);
scheduleWrite();
}
override public function writeUTF(value:String):void {
_oStream.writeUTF(value);
scheduleWrite();
}
override public function writeUTFBytes(value:String):void {
_oStream.writeUTFBytes(value);
scheduleWrite();
}
public function getPeerCertificate() : X509Certificate {
return _engine.peerCertificate;
}
public function onAcceptCert( event:TLSEvent ) : void {
dispatchEvent( new TLSSocketEvent( _engine.peerCertificate ) );
}
// These are just a passthroughs to the engine. Encapsulation, et al
public function acceptPeerCertificate( event:Event ) : void {
_engine.acceptPeerCertificate();
}
public function rejectPeerCertificate( event:Event ) : void {
_engine.rejectPeerCertificate();
}
}
}
|
Download
