1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
|
/**
* TLSTest
*
* A test class for TLS. Not a finished product.
* Copyright (c) 2007 Henri Torgemane
*
* See LICENSE.txt for full license information.
*/
package com.hurlant.crypto.tls {
import com.hurlant.crypto.cert.X509Certificate;
import com.hurlant.crypto.cert.X509CertificateCollection;
import com.hurlant.util.Hex;
import com.hurlant.util.der.PEM;
import flash.events.Event;
import flash.events.ProgressEvent;
import flash.net.Socket;
import flash.utils.ByteArray;
import flash.utils.getTimer;
public class TLSTest {
public var myDebugData:String;
//[Embed(source="/src/host.cert",mimeType="application/octet-stream")]
public var myCert:Class;
//[Embed(source="/src/host.key",mimeType="application/octet-stream")]
public var myKey:Class;
public function TLSTest(host:String = null, port:int = 0, type:int = 0 ) {
//loopback();
if (host != null) {
if (type == 0) { // SSL 3.0
connectLoginYahooCom();
// connectLocalSSL(host, port);
} else {
connectLocalTLS(host, port);
}
} else {
testSocket();
}
}
public function connectLoginYahooCom():void {
trace("Connecting test socket");
var s:Socket = new Socket("esx.bluebearllc.net", 903);
var clientConfig:TLSConfig = new TLSConfig(TLSEngine.CLIENT,
null,
null,
null,
null,
null,
SSLSecurityParameters.PROTOCOL_VERSION);
var client:TLSEngine = new TLSEngine(clientConfig, s, s);
// hook some events.
s.addEventListener(ProgressEvent.SOCKET_DATA, client.dataAvailable);
client.addEventListener(ProgressEvent.SOCKET_DATA, function(e:*):void { s.flush(); });
client.start();
}
public function connectLocalTLS(host:String, port:int):void {
var s:Socket = new Socket(host, port);
var clientConfig:TLSConfig = new TLSConfig(TLSEngine.CLIENT);
var client:TLSEngine = new TLSEngine(clientConfig, s, s);
// hook some events.
s.addEventListener(ProgressEvent.SOCKET_DATA, client.dataAvailable);
client.addEventListener(ProgressEvent.SOCKET_DATA, function(e:*):void { s.flush(); });
client.start();
}
public function connectLocalSSL(host:String, port:int):void {
var s:Socket = new Socket(host, port);
var clientConfig:TLSConfig = new TLSConfig(TLSEngine.CLIENT,
null,
null,
null,
null,
null,
SSLSecurityParameters.PROTOCOL_VERSION);
var client:TLSEngine = new TLSEngine(clientConfig, s, s);
// hook some events.
s.addEventListener(ProgressEvent.SOCKET_DATA, client.dataAvailable);
client.addEventListener(ProgressEvent.SOCKET_DATA, function(e:*):void { s.flush(); });
client.start();
}
public function loopback():void {
var server_write:ByteArray = new ByteArray;
var client_write:ByteArray = new ByteArray;
var server_write_cursor:uint = 0;
var client_write_cursor:uint = 0;
var clientConfig:TLSConfig = new TLSConfig(TLSEngine.CLIENT, null, null, null, null, null, SSLSecurityParameters.PROTOCOL_VERSION);
var serverConfig:TLSConfig = new TLSConfig(TLSEngine.SERVER, null, null, null, null, null, SSLSecurityParameters.PROTOCOL_VERSION);
var cert:ByteArray = new myCert;
var key:ByteArray = new myKey;
serverConfig.setPEMCertificate(cert.readUTFBytes(cert.length), key.readUTFBytes(key.length));
// tmp, for debugging. currently useless
cert.position = 0;
key.position = 0;
clientConfig.setPEMCertificate(cert.readUTFBytes(cert.length), key.readUTFBytes(key.length));
// put the server cert in the client's trusted store, to keep things happy.
clientConfig.CAStore = new X509CertificateCollection;
cert.position = 0;
var x509:X509Certificate = new X509Certificate(PEM.readCertIntoArray(cert.readUTFBytes(cert.length)));
clientConfig.CAStore.addCertificate(x509);
var server:TLSEngine = new TLSEngine(serverConfig, client_write, server_write);
var client:TLSEngine = new TLSEngine(clientConfig, server_write, client_write);
server.addEventListener(ProgressEvent.SOCKET_DATA, function(e:*=null):void {
trace("server wrote something!");
trace(Hex.fromArray(server_write));
var l:uint = server_write.position;
server_write.position = server_write_cursor;
client.dataAvailable(e);
server_write.position = l;
server_write_cursor = l;
});
client.addEventListener(ProgressEvent.SOCKET_DATA, function(e:*=null):void {
trace("client wrote something!");
trace(Hex.fromArray(client_write));
var l:uint = client_write.position;
client_write.position = client_write_cursor;
server.dataAvailable(e);
client_write.position = l;
client_write_cursor = l;
});
server.start();
client.start();
}
public function testSocket():void {
var hosts:Array = [
"bugs.adobe.com", // apache
"login.yahoo.com", // apache, bigger response
"login.live.com", // IIS-6, chain of 3 certs
"banking.wellsfargo.com", // custom, sends its CA cert along for the ride.
"www.bankofamerica.com" // sun-one, chain of 3 certs
];
var i:int =0;
(function next():void {
testHost(hosts[i++], next);
})();
}
private function testHost(host:String, next:Function):void {
if (host==null) return;
var t1:int = getTimer();
var host:String = host;
var t:TLSSocket = new TLSSocket;
t.connect(host, 4433);
t.writeUTFBytes("GET / HTTP/1.0\nHost: "+host+"\n\n");
t.addEventListener(Event.CLOSE, function(e:*):void {
var s:String = t.readUTFBytes(t.bytesAvailable);
trace("Response from "+host+": "+s.length+" characters");
var bytes:ByteArray = new ByteArray();
t.readBytes(bytes, 0, t.bytesAvailable);
trace(Hex.fromArray(bytes));
trace("Time used = "+(getTimer()-t1)+"ms");
next();
});
}
}
}
|
