I built an extention to the XMPPConnection.as class to enable connecting to a server, negotiating TLS and encrypting further communication all on a single socket connection. The class wraps the socket into the TLSSocket when encryption is negotiated.
This is built on Base rev. 11209, because the project I’m working on is stable with this version. Updating it should not cost alot of time, i assume. I am planning on writing an extention for the negotiating. It’s not very elegant now. Please let me know if there are other “proceed” node types, other than the one used for TLS negotiating.
I have left in/built in some checks for future compression negotiating.
I have only tested it with the Flex Builder.
Credit has to go out to this thread:
I pretty much got it working trough studying all the solutions there. I also used it as a template
for the description down here.
(New) Things you need:
AS3 version of XIFF
Base rev 11209
attached XMPPTLSConnection.as in the same directory as XMPPConnection.as
Latest as3Crypto from the repository (It’s now rev 28)
add UTF8String to util/der
replace DER with attached (additional type support for openfire certs) to util/der
replace AesKey.as with attached to crypto/symmetric if you have trouble compiling (http://code.google.com/p/as3crypto/issues/detail?id=22)
(New) Things to note beforehand.
This only works with a socket connection. Not with BOSH.
I’m not sure but I think crypto will only work with RSA certs.
Crypto does not work with self signed certificates (detault certs generated by openfire). This can be bypassed by changing line 802 in TLSEngine.as from “if(_config.trustAllCertificates)” to “if(true)”. Don’t forget to put back the check when you get a certificate for your server! =] You can of course also supply your own configuration.
To use TLS simply use the following boolean flag on your interface scripting that handles the initial connect. Here is my example code block.
xconn.username = usernameti.text;
xconn.password = passwordti.text;
xconn.server = DEFAULT_SERVER;
xconn.tls = true;
xconn.tls defaults to false. If it is false it will connect unencrypted like usual.
If TLS is enabled with xmpp.tls = true and the server does not have TLS it will not connect.
If TLS is not enabled but the server requires TLS it will be automatically enabled and connect.
I haven’t had time to write a demo app or test it extensively.
Let me know if this works for you!
Single Socket TLS Connection.zip (13835 Bytes)