Up to Discussions in XIFF

This Question is Not Answered

1 "correct" answer available (10 pts) 2 "helpful" answers available (5 pts)
39 Replies Last post: May 14, 2008 1:18 PM by exnihilo  
Click to view exnihilo's profile Bronze
exnihilo
20 posts since
Apr 10, 2008

Apr 10, 2008 8:43 PM

Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )
I have tested it multiple times against 3.4.1-3.4.4 versions of openfire. I verified packet encryption using Wireshark. I've tested this in both Flex and Air applications.

Things you need...


  • AS3 version of XIFF
    • replace XMPPConnection with attached version
    • replace XMPPSocketConnection with attached version
  • Latest Crypto
    • add UTF8String to util/der
    • replace DER with attached (additional type support for openfire certs)

Things to note before hand.


  • This only works with XMPPSocketConnection
  • I'm not sure but I think crypto will only work with RSA certs. I could be wrong though. Will be checking into it more later.
  • Crypto does not work with self signed certificates (detault certs generated by openfire). This can be bipassed by commenting out the checks in TLSEngine.loadCertificates(certs:Array). Just leave these two lines uncommented in the if block that checks for signed/unsigned.

trace("TLS WARNING: No check made on the certificate's identity.");
_otherCertificate = firstCert;


To use TLS simply use the following boolean flag on your interface scripting that handles the initial connect. Here is my example code block.

xconn.username = usernameti.text;
userAccount = usernameti.text;
xconn.password = passwordti.text;

xconn.server = DEFAULT_SERVER;
xconn.tls = true;
xconn.connect("standard");

Enjoy! Let me know if you have any success. Not all the kinks have been worked out but it's a good start.

Attachments:
Tags: xiff, tls, fix, air, flex, xiff_3, flex_3, crypto, actionscript3, actionscript
Click to view jadestorm's profile Jiver
jadestorm
2,546 posts since
Aug 10, 2005
Apr 11, 2008 1:45 PM in response to: exnihilo
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )
Wow! +100 points for you! =) Great work!
Click to view DavidSmith's profile Jiver
DavidSmith
140 posts since
Jan 11, 2007
Apr 11, 2008 4:20 PM in response to: exnihilo
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )
Sweeeeeeeeeeeeeeeeet. I've set aside some time next week to look over patches and merge stuff into trunk/provide feedback where appropriate.
Click to view exnihilo's profile Bronze
exnihilo
20 posts since
Apr 10, 2008
Apr 11, 2008 6:14 PM in response to: exnihilo
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )
Sounds good : )

I'll help out as needed. Let me know if you have any questions or suggestions. I know a lot of people were looking for this kind of solution instead of relying on http binding. I've spoken with Adobe on the subject regarding the Socket class. I know several other individuals and companies have done so also. Hopefully we'll see something from the Air/Flex team later this year once Air has been on the market longer. In the meantime this should be good enough to utilize.

Kudos to both the XIFF and Crypto team.

Click to view DavidSmith's profile Jiver
DavidSmith
140 posts since
Jan 11, 2007
Apr 23, 2008 1:52 PM in response to: exnihilo
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )
OK, having finally recovered from being sick last week, I'm taking a look at this now. An svn diff would have been nice for reviewing what's different.

Did you actually get XMPPSocketConnection working? It's been pretty finicky in my testing.
Click to view exnihilo's profile Bronze
exnihilo
20 posts since
Apr 10, 2008
Apr 23, 2008 5:30 PM in response to: DavidSmith
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

Bummer on the illness.

Yes I have it working consistently. I'm on the road
right now... in the middle of a move. I can do a comparison against the trunk (or a specific branch if you prefer) sometime next week and get back to you. I'll probably have to grab latest and merge changes over as I've made some other custom tweaks to the library.

-Cheers

Click to view DavidSmith's profile Jiver
DavidSmith
140 posts since
Jan 11, 2007
Apr 23, 2008 5:37 PM in response to: exnihilo
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )
Trunk would be best. I'm trying to spend as little time in 3.5.x work as possible. Thanks :D
Click to view exnihilo's profile Bronze
exnihilo
20 posts since
Apr 10, 2008
Apr 28, 2008 4:02 PM in response to: DavidSmith
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

Ok included in this zip is...

  1. Modified Crypto package
  2. Modified XMPPConnection
  3. Modified XMPPSocketConnection
  4. TLSDemo Application
  5. SVN diff file for the connection classes. (Working copy against trunk 10307)
  6. Plane text packet capture of TLSDemo 5222 and 5223 negotiation under a single login session.

To use TLSDemo you will need to setup your own project and include Xiff and the included Crypto in your build path. Also you will need to specify your server inside the file. Let me know how things go.


-Cheers

Attachments:
Click to view emosbaugh's profile Bronze
emosbaugh
9 posts since
Sep 20, 2007
May 2, 2008 2:35 PM in response to: exnihilo
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

i found one little bug i think. please correct me if im wrong:

line 115 of XMPPSocketConnection.as I think should be

handleReceivedData(_incompleteRawXML + s);

instead of

handleReceivedData(s);

Click to view exnihilo's profile Bronze
exnihilo
20 posts since
Apr 10, 2008
May 3, 2008 10:12 AM in response to: emosbaugh
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )
Line 115 is blank on the version I have.

Line 113 is the handleReceivedData(s);


If you check line 207 there's a "_incompleteRawXML += s;" to fix the truncated xml. Although it wouldn't hurt to add it on there. I thought the truncation only occurred on the xmlsocket and not the binary socket.

Click to view emosbaugh's profile Bronze
emosbaugh
9 posts since
Sep 20, 2007
May 6, 2008 2:00 PM in response to: exnihilo
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )
i get a truncation when i load a very large roster with the binary socket. this fixed the problem.
Click to view exnihilo's profile Bronze
exnihilo
20 posts since
Apr 10, 2008
May 6, 2008 2:59 PM in response to: emosbaugh
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )
Cool thanks for the heads up. I'll make the adjustment to mine as well.
Click to view DavidSmith's profile Jiver
DavidSmith
140 posts since
Jan 11, 2007
May 7, 2008 12:07 PM in response to: exnihilo
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )
OK, I'm looking over this right now. So far so good :)

Have you read http://www.igniterealtime.org/community/docs/DOC-1495 btw? I'd love to get this merged in if you're ok with the contributor agreement.
Click to view exnihilo's profile Bronze
exnihilo
20 posts since
Apr 10, 2008
May 8, 2008 2:37 PM in response to: DavidSmith
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

Sending the agreement over soon. You should have it later today or tomorrow at the latest.

-Dustin

Click to view DavidSmith's profile Jiver
DavidSmith
140 posts since
Jan 11, 2007
May 8, 2008 3:02 PM in response to: exnihilo
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )
Spiffy :D
Click to view exnihilo's profile Bronze
exnihilo
20 posts since
Apr 10, 2008
May 12, 2008 4:40 PM in response to: DavidSmith
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )
Tried to fax it to no avail. so I mailed it instead.
Click to view DavidSmith's profile Jiver
DavidSmith
140 posts since
Jan 11, 2007
May 12, 2008 4:46 PM in response to: exnihilo
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )
Argh. Anything at our end that I could bug people to fix? I want to streamline this as much as possible.
Click to view exnihilo's profile Bronze
exnihilo
20 posts since
Apr 10, 2008
May 12, 2008 10:30 PM in response to: DavidSmith
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )
I used the Fax # on the document, but someone picked up on the other end. Sounded more like a resident so I just stuck it in an envelope. I can try again tomorrow and see if the same thing happens.
Click to view exnihilo's profile Bronze
exnihilo
20 posts since
Apr 10, 2008
May 13, 2008 2:53 PM in response to: exnihilo
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

Yeah I tried to fax again and just got an answering machine. Just using the # of the organization contrib doc. At least there's a hard copy in the mail.


BTW I have a quick question. I have some other possible contributions for the project. Do I just keep posting those similar to how I did this one or is there a pipeline process I can join for the project.

Click to view DavidSmith's profile Jiver
DavidSmith
140 posts since
Jan 11, 2007
May 13, 2008 3:03 PM in response to: exnihilo
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )
If you set up a JIRA account (http://www.igniterealtime.org/issues/) I can turn on write access for it, so you can file issues and attach patches. That's probably the best way to handle things for now.
Click to view exnihilo's profile Bronze
exnihilo
20 posts since
Apr 10, 2008
May 13, 2008 5:17 PM in response to: DavidSmith
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )
Done using the same account name "exnihilo".
Click to view DavidSmith's profile Jiver
DavidSmith
140 posts since
Jan 11, 2007
May 13, 2008 5:41 PM in response to: exnihilo
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )
You should have permissions on JIRA now... if all went as intended.
Click to view exnihilo's profile Bronze
exnihilo
20 posts since
Apr 10, 2008
May 13, 2008 11:00 PM in response to: DavidSmith
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )
Sounds good. Which project do I post on though. 3.1.0 is the latest I see but the trunk is past version 3.5.
Click to view DavidSmith's profile Jiver
DavidSmith
140 posts since
Jan 11, 2007
May 13, 2008 11:24 PM in response to: exnihilo
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )
You should have access to http://www.igniterealtime.org/issues/browse/SW and http://www.igniterealtime.org/issues/browse/XIFF

Don't worry about versions at the moment. I still need to get that organized.
Click to view exnihilo's profile Bronze
exnihilo
20 posts since
Apr 10, 2008
May 13, 2008 11:34 PM in response to: DavidSmith
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

Ah ok. Yeah I can browse them and create new issues/features/tasks/ect.

Is Sean no longer with the project?

Click to view DavidSmith's profile Jiver
DavidSmith
140 posts since
Jan 11, 2007
May 14, 2008 12:09 AM in response to: exnihilo
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )
Seems to be the case :/
Click to view emosbaugh's profile Bronze
emosbaugh
9 posts since
Sep 20, 2007
May 12, 2008 3:27 PM in response to: exnihilo
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

sorry to be that guy, but i think i found one more problem

line 207:

_incompleteRawXML += s;//concatenate the raw xml to the previous

should be:

_incompleteRawXML = s;

because when you pass in the concatenated strings, you are concatenating the new data twice

line 269

handleReceivedData(_incompleteRawXML + ev.data as String);

Click to view exnihilo's profile Bronze
exnihilo
20 posts since
Apr 10, 2008
May 12, 2008 4:57 PM in response to: emosbaugh
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )
That only happens if the string itself doesn't parse out. I believe that's part of the default xiff project anyways.

I do the concatentation there because I replaced line 124 of trunk


var rawXML:String = _incompleteRawXML + ev.data as String;


with


var rawXML:String = s;


This is so both sockets can submit to handleReceivedData().


What issue are you running into.

Click to view emosbaugh's profile Bronze
emosbaugh
9 posts since
Sep 20, 2007
May 13, 2008 4:44 PM in response to: exnihilo
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

you are saying

_incompleteRawXML += s

but s = function param = _incompleteRawXML + ev.data as String

so now

_incompleteRawXML = _incompleteRawXML + _incompleteRawXML + ev.data as String

Click to view emosbaugh's profile Bronze
emosbaugh
9 posts since
Sep 20, 2007
May 13, 2008 4:44 PM in response to: emosbaugh
Re: Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )