Up to Discussions in XIFF

This Question is Not Answered

1 "correct" answer available (10 pts) 2 "helpful" answers available (5 pts)
41 Replies Last post: May 30, 2008 11:04 AM by Dustin  
Dustin Bronze
Dustin
21 posts since
Apr 10, 2008
Currently Being Moderated

Apr 10, 2008 8:43 PM

Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

I have tested it multiple times against 3.4.1-3.4.4 versions of openfire.  I verified packet encryption using Wireshark.  I've tested this in both Flex and Air applications.   

 

Things you need...

 

 

  • AS3 version of XIFF

    • replace XMPPConnection with attached version

    • replace XMPPSocketConnection with attached version

  • Latest Crypto

    • add UTF8String to util/der

    • replace DER with attached (additional type support for openfire certs)

 

Things to note before hand. 

 

 

  • This only works with XMPPSocketConnection

  • I'm not sure but I think crypto will only work with RSA certs.  I could be wrong though.  Will be checking into it more later.

  • Crypto does not work with self signed certificates (detault certs generated by openfire).  This can be bipassed by commenting out the checks in TLSEngine.loadCertificates(certs:Array).  Just leave these two lines uncommented in the if block that checks for signed/unsigned.

 

trace("TLS WARNING: No check made on the certificate's identity.");

_otherCertificate = firstCert;

 

 

 

 

To use TLS simply use the following boolean flag on your interface scripting that handles the initial connect.  Here is my example code block. 

 

 

 

 

xconn.username = usernameti.text;

userAccount = usernameti.text;

xconn.password = passwordti.text;

 

xconn.server = DEFAULT_SERVER;

xconn.tls = true;

xconn.connect("standard");

 

 

 

 

 

 

 

 

Enjoy!  Let me know if you have any success.  Not all the kinks have been worked out but it's a good start.

Attachments:
Tags: xiff, tls, fix, air, flex, xiff_3, flex_3, crypto, actionscript3, actionscript
Daniel Henninger Jiver
Daniel Henninger
2,722 posts since
Aug 10, 2005
Currently Being Moderated
Apr 11, 2008 1:45 PM in response to: Dustin
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

Wow!  +100 points for you!  =)  Great work!

David Smith Jiver
David Smith
170 posts since
Jan 11, 2007
Currently Being Moderated
Apr 11, 2008 4:20 PM in response to: Dustin
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

Sweeeeeeeeeeeeeeeeet. I've set aside some time next week to look over patches and merge stuff into trunk/provide feedback where appropriate.

Dustin Bronze
Dustin
21 posts since
Apr 10, 2008
Currently Being Moderated
Apr 11, 2008 6:14 PM in response to: Dustin
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

Sounds good : )

 

I'll help out as needed.  Let me know if you have any questions or suggestions.  I know a lot of people were looking for this kind of solution instead of relying on http binding.  I've spoken with Adobe on the subject regarding the Socket class.  I know several other individuals and companies have done so also.  Hopefully we'll see something from the Air/Flex team later this year once Air has been on the market longer.  In the meantime this should be good enough to utilize.

 

 

Kudos to both the XIFF and Crypto team.

David Smith Jiver
David Smith
170 posts since
Jan 11, 2007
Currently Being Moderated
Apr 23, 2008 1:52 PM in response to: Dustin
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

OK, having finally recovered from being sick last week, I'm taking a look at this now. An svn diff would have been nice for reviewing what's different.

 

Did you actually get XMPPSocketConnection working? It's been pretty finicky in my testing.

Dustin Bronze
Dustin
21 posts since
Apr 10, 2008
Currently Being Moderated
Apr 23, 2008 5:30 PM in response to: David Smith
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

 

Bummer on the illness. 

 

 

Yes I have it working consistently.  I'm on the road

right now... in the middle of a move.  I can do a comparison against the trunk (or a specific branch if you prefer) sometime next week and get back to you.  I'll probably have to grab latest and merge changes over as I've made some other custom tweaks to the library. 

 

 

-Cheers

 

 

David Smith Jiver
David Smith
170 posts since
Jan 11, 2007
Currently Being Moderated
Apr 23, 2008 5:37 PM in response to: Dustin
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

Trunk would be best. I'm trying to spend as little time in 3.5.x work as possible. Thanks

Dustin Bronze
Dustin
21 posts since
Apr 10, 2008
Currently Being Moderated
Apr 28, 2008 4:02 PM in response to: David Smith
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

 

Ok included in this zip is...

 

  1. Modified Crypto package

  2. Modified XMPPConnection

  3. Modified XMPPSocketConnection

  4. TLSDemo Application

  5. SVN diff file for the connection classes. (Working copy against trunk 10307)

  6. Plane text packet capture of TLSDemo 5222 and 5223 negotiation under a single login session.

 

To use TLSDemo you will need to setup your own project and include Xiff and the included Crypto in your build path.  Also you will need to specify your server inside the file.  Let me know how things go. 

 

 

 

 

-Cheers

 

 

Attachments:
Ethan Mosbaugh Bronze
Ethan Mosbaugh
9 posts since
Sep 20, 2007
Currently Being Moderated
May 2, 2008 2:35 PM in response to: Dustin
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

 

i found one little bug i think. please correct me if im wrong:

 

 

line 115 of XMPPSocketConnection.as I think should be

 

 

handleReceivedData(_incompleteRawXML + s);

 

 

instead of

 

 

handleReceivedData(s); 

 

 

Dustin Bronze
Dustin
21 posts since
Apr 10, 2008
Currently Being Moderated
May 3, 2008 10:12 AM in response to: Ethan Mosbaugh
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

Line 115 is blank on the version I have. 

 

Line 113 is the handleReceivedData(s);

 

 

 

 

 

 

If you check line 207 there's a "_incompleteRawXML += s;" to fix the truncated xml.  Although it wouldn't hurt to add it on there.  I thought the truncation only occurred on the xmlsocket and not the binary socket.

Ethan Mosbaugh Bronze
Ethan Mosbaugh
9 posts since
Sep 20, 2007
Currently Being Moderated
May 6, 2008 2:00 PM in response to: Dustin
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

i get a truncation when i load a very large roster with the binary socket. this fixed the problem.

Dustin Bronze
Dustin
21 posts since
Apr 10, 2008
Currently Being Moderated
May 6, 2008 2:59 PM in response to: Ethan Mosbaugh
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

Cool thanks for the heads up.  I'll make the adjustment to mine as well.

David Smith Jiver
David Smith
170 posts since
Jan 11, 2007
Currently Being Moderated
May 7, 2008 12:07 PM in response to: Dustin
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

OK, I'm looking over this right now. So far so good

 

Have you read http://www.igniterealtime.org/community/docs/DOC-1495 btw? I'd love to get this merged in if you're ok with the contributor agreement.

Dustin Bronze
Dustin
21 posts since
Apr 10, 2008
Currently Being Moderated
May 8, 2008 2:37 PM in response to: David Smith
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

 

Sending the agreement over soon.  You should have it later today or tomorrow at the latest. 

 

 

-Dustin

 

 

David Smith Jiver
David Smith
170 posts since
Jan 11, 2007
Currently Being Moderated
May 8, 2008 3:02 PM in response to: Dustin
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

Spiffy

Dustin Bronze
Dustin
21 posts since
Apr 10, 2008
Currently Being Moderated
May 12, 2008 4:40 PM in response to: David Smith
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

Tried to fax it to no avail. so I mailed it instead.

David Smith Jiver
David Smith
170 posts since
Jan 11, 2007
Currently Being Moderated
May 12, 2008 4:46 PM in response to: Dustin
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

Argh. Anything at our end that I could bug people to fix? I want to streamline this as much as possible.

Dustin Bronze
Dustin
21 posts since
Apr 10, 2008
Currently Being Moderated
May 12, 2008 10:30 PM in response to: David Smith
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

I used the Fax # on the document, but someone picked up on the other end.  Sounded more like a resident so I just stuck it in an envelope.  I can try again tomorrow and see if the same thing happens.

Dustin Bronze
Dustin
21 posts since
Apr 10, 2008
Currently Being Moderated
May 13, 2008 2:53 PM in response to: Dustin
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

 

Yeah I tried to fax again and just got an answering machine.  Just using the # of the organization contrib doc.  At least there's a hard copy in the mail. 

 

 

 

 

BTW I have a quick question.  I have some other possible contributions for the project.  Do I just keep posting those similar to how I did this one or is there a pipeline process I can join for the project.  

 

 

David Smith Jiver
David Smith
170 posts since
Jan 11, 2007
Currently Being Moderated
May 13, 2008 3:03 PM in response to: Dustin
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

If you set up a JIRA account (http://www.igniterealtime.org/issues/) I can turn on write access for it, so you can file issues and attach patches. That's probably the best way to handle things for now.

Dustin Bronze
Dustin
21 posts since
Apr 10, 2008
Currently Being Moderated
May 13, 2008 5:17 PM in response to: David Smith
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

Done using the same account name "exnihilo".

David Smith Jiver
David Smith
170 posts since
Jan 11, 2007
Currently Being Moderated
May 13, 2008 5:41 PM in response to: Dustin
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

You should have permissions on JIRA now... if all went as intended.

Dustin Bronze
Dustin
21 posts since
Apr 10, 2008
Currently Being Moderated
May 13, 2008 11:00 PM in response to: David Smith
Re: Have