https from as3 air project to webservice using as3httpclientlib - actionscript-3

I am trying to change webservice implementation I have done over to use HTTPS.
I have been using the as3httpclientlib (https://code.google.com/p/as3httpclientlib/).
When I use a non-ssl endpoint it works as expected.
However when I use an SSL endpoint and version 1.3 as3crypt from the downloads page (https://code.google.com/p/as3crypto/downloads/list) or the included as3crypto-1_3_patched.swc I get the following:
I DONT KNOW HOW TO HANDLE DER stuff of TYPE 22
I DONT KNOW HOW TO HANDLE DER stuff of TYPE 22
I DONT KNOW HOW TO HANDLE DER stuff of TYPE 22
I DONT KNOW HOW TO HANDLE DER stuff of TYPE 22
I DONT KNOW HOW TO HANDLE DER stuff of TYPE 12
I DONT KNOW HOW TO HANDLE DER stuff of TYPE 22
I DONT KNOW HOW TO HANDLE DER stuff of TYPE 22
I DONT KNOW HOW TO HANDLE DER stuff of TYPE 22
I DONT KNOW HOW TO HANDLE DER stuff of TYPE 22
[Fault] exception, information=TypeError: Error #1009: Cannot access a property or method of a null object reference.
With the traces originating from Line 123 of DER.as
https://code.google.com/p/as3crypto/source/browse/trunk/as3crypto/src/com/hurlant/util/der/DER.as?r=7
and the error from line 225 of X509Certificate.as
https://code.google.com/p/as3crypto/source/browse/trunk/as3crypto/src/com/hurlant/crypto/cert/X509Certificate.as?spec=svn28&r=7
When I use the latest version of as3crypt https://code.google.com/p/as3crypto/source/detail?r=28 I get
[Fault] exception, information=Error: couldn't parse DER stream.
Thrown from line 23 of https://code.google.com/p/as3crypto/source/browse/trunk/as3crypto/src/com/hurlant/util/asn1/type/SetType.as
The webservice I am trying to access is on azurewebsites, so will be using the *.azurewebsites.net certificate.
I am also using the ASC2 compiler, this caused a couple of bugs which I had to fix in the crypto project including changing if (hex.length&1==1) hex="0"+hex; to if ((hex.length&1)==1) hex="0"+hex; which I found posted here com.hurlant.util.hex syntax error on air sdk 3.5
I am starting to think it may be something related to the way SSL is done on Azure websites, since when I strip back the request completely, I still get the same error, however pointing to https://www.google.com, I get no error.
They state on their website:
HTTPS doesn't always work. There are some minor bugs with the
as3crypto library, so for example https at yahoo and yahoo owned
domains (like delicious) don't currently work.
I had a look through the list of issues for as3crypt, and was wondering whether one of these contained a fix: https://code.google.com/p/as3crypto/issues/list
Does anyone know why I am getting these errors (what it is that azure are doing differently with their certificate (could it be the wildcard?)) and how I can fix it? Is there a maintained version of as3crypto that works? Or is there a better way for consuming https webservices from Air mobile apps?
****UPDATE****
I tried using the patched version of as3crypto but still no joy. The following is a copy of my stack trace when it errors. Does seem to be an error parsing the certificate?
I also had a look into changing over to SecureSocket but unfortunately it is not supported on iOS.
http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/SecureSocket.html
AIR profile support: This feature is supported on all desktop
operating systems, but is not supported on all AIR for TV devices. On
mobile devices, it is supported on Android, but not on iOS. You can
test for support at run time using the SecureSocket.isSupported
property.
TO RECREATE:
Make a get request to any https subdomain of azurewebsites.net.
ie the following code will reproduce:
var client:HttpClient = new HttpClient();
client.get(new URI("https://httpstest.azurewebsites.net"));

I have the same issue with DER decoing, and fix from this issue helped me:
http://code.google.com/p/as3crypto/issues/detail?id=39
What about:
Or is there a better way for consuming https webservices from Air mobile apps?
You can try to substitute TLSSocket from as3crypto with Flash native SecureSocket in the as3httpclient, I think it shouldn't be too difficult to do. In my project I tryed to use both SecureSoket and TLSSocket and stood on TLSSocket because SecureSoket requires FP 11 and doesn't work with self-signed certificates that we use on test server, but SecureSoket also works fine and has shown even better performance that TLSSocket. You also can grab already patched version of as3crypto from my github (https://github.com/fsbmain/as3public) :)
If you still have problems, please provide endpoint of your webservice so I'll be able test it.
UPD:
I were able to reproduce your issue and tested certificate parsing with my patched as3crypto lib (it still allows to go deeper through the parsing), I also tested parsing of the same certificate but downloaded with the browser - the same result in both cases (as on your screenshot), so the conclusion is that TLSSocket loads correct and full bytes of certificate but fails to parse it. I tried to fix the parsing but it requires deeper dive into the as3crypto DER format implementation. So I'm afraid the only way to use as3httpclient is to fix DER parsing.
BTW why doesn't standard URLLoader fit you?

The as3crypto.swc file here: http://www.igniterealtime.org/downloads/download-landing.jsp?file=xiff/xiff_3_1_0.zip solved my issue.
as3crypto.swc is inside the libs folder, after extracting.

Related

Content-Security-Policy to make Tensorflow.js's WASM backend work (Chrome 91.0.4472.77, macOS 11.3.1)

Latest Chrome update breaks WASM backend when using Tensorflow.js. Apparently, browser enforces more strict Content-Security-Policy headers now.
Gist of the error (from console):
"Initialization of backend wasm failed"
"Error: Failed to construct 'Worker': Access to the script at 'blob:https://fiddle.jshell.net/c95fbade-77fe-4945-a4dc-25a3a19f97d6' is denied by the document's Content Security Policy.
Curious if anyone figured out a way to run it?
Browser/OS - Chrome 91.0.4472.77 / macOS Big Sur 11.3.1
To check out error go here - https://jsfiddle.net/alex_oliynyk/2b6oa4dm/14/
Cheers!
My question got answered in the Tensorflow.js repo. I'll repost the solution here in case anyone has the same issue.
CSP headers to help:
'Cross-Origin-Embedder-Policy': 'require-corp',
'Cross-Origin-Opener-Policy': 'same-origin',
Still, after figuring out CSP headers Tensorflow.js did not work. Threw an error connected to SIMD.
This appears to fix it for the time being:
tf.ENV.set('WASM_HAS_SIMD_SUPPORT', false);
tf.ENV.set('WASM_HAS_MULTITHREAD_SUPPORT', false);
It disables SIMD support and cuts performance, thus I hope it will be fully addressed in the future versions of the lib.
Cheers,

'Unspecified certificate from client' error received from Delphi THTTPClient post request in ver 10.3.1 but not 10.3.2

As the title suggests, I'm receiving this error when trying to make a simple POST request via a THTTPClient in Delphi and the connection isn't completed so I get no response:
lHttpResp := FHTTP.Post(
'https://url123/',
jsonToSend,
nil,
[
TNetHeader.Create('content-type', 'application/json;charset=utf8'),
TNetHeader.Create('accept', 'application/json;charset=utf8')
]);
This call works without an issue when built with Delphi 10.3.2 / Windows 10.
I thought perhaps copying the 10.3.2 \Embarcadero\Studio\20.0\source\rtl files to the 10.3.1 machine might have done the trick, alas it didn't.
Upgrade is an option, however it would be nice if there was a simple code fix/work around for 10.3.1.
Edit: I thought this might help, however it didn't: Unspecified certificate from client when using TRESTRequest
How do I get this working in 10.3.1?
The solution is to just upgrade to a version >= 10.3.2

Map issues when testing in IOS 8

I have an application that uses MapBox's API to stylize the underlying map which uses Google Places. This all worked perfectly fine when running in IOS 7+, but when I try testing this in IOS 8, it immediately crashes with the following error message:
Terminating app due to uncaught exception NSInternalInconsistencyException, reason: 'The layout constraints still need update after sending -updateConstraints to MapView at {0,0}-{320x444}.
RMMapView or one of its superclasses may have overridden -updateConstraints without calling super. Or, something may have dirtied layout constraints in the middle of updating them. Both are programming errors.'
I have been looking around the Web and Stack for a while but have been unable to find anything helpful unfortunately. Any suggestions?
I deleted all Mapbox framework / headers / lib from my project and reinstalled the latest (1.4.1) mapbox static library (libMapbox.a) and the Headers, and everything was ok after that without changing a line of my code.

AIR app: navigateToURL throws a SecurityError #2193

I'm trying to port an existing web app (ActionScript 3 only project) to AIR, to run as a standalone application. One of its features is opening urls in a browser window. But calling navigateToURL(new URLRequest(url)) throws this SecurityError:
SecurityError: Error #2193: Security
sandbox violation: navigateToURL:
app:/AIRDigE.swf cannot access
http://www.youtube.com/watch?v=xCPwAr0xnGE.
at global/flash.net::navigateToURL()
when run from Flash Builder 4.
Googling doesn't really help me with this specific error number.
Adobe's reference on Security Sandboxes states that any AIR application running with Security.sandboxType==Security.APPLICATION (which my application uses) should be able to connect to any domain, but apparently that doesn't count for me.
Any ideas?
Thanks, Frank
Sorry folks, this morning I found the answer myself: the url that I passed into the URLRequest had a space in front of it (it was loaded from an xml feed that is evidently producing faulty urls).
So it seems that a url with an invalid protocol causes that error, and putting a trim() around the url fixed it.
I was getting this error because of using double backward slashes in the web link like "http:\\www.youtube.com"
Where as I supposed to use "http:*//*www.youtube.com"
try using URLRequest with navigateToURL
navigateToURL(new URLRequest("http://www.youtube.com"));
UPDATED:
navigateToURL(new URLRequest("http://www.youtube.com"),"blank");

How can I make Chromium send the new WebSocket handshake?

I came across this code change in Chromium. It says Chromium now supports both handshake versions, which the code seems to confirm. I mean the second version at Wikipedia (draft-ietf-hybi-thewebsocketprotocol-06).
However, when I connect to my server, the only thing I obtain is the old version, i.e. including these headers:
Sec-WebSocket-Key1: 4 #1 46546xW%0l 1 5
Sec-WebSocket-Key2: 12998 5 Y3 1 .P00
but not the new version which would be a request containing:
Sec-WebSocket-Key: x3JJHMbDL1EzLkh9GBhXDw==
What am I missing here? I downloaded the latest nightly build and it has been included more than two weeks ago, so that cannot be the cause I guess.
How can I make a WebSocket send the new handshake version?
The code link you posted is for the server-side of the handshake (there is a few places this will likely be used in Chrome such as remote debugging and as a proxy for extensions).
If you really want use the new HyBi-07 protocol version you can try using this branch of web-socket-js that I made. Once Chrome switch to the new protocol, web-socket-js will switch by default also. In order to make web-socket-js work in a browser that already has WebSockets support you will need make some minor tweaks to it to use a different object name instead of WebSocket.
I expect Chrome/WebKit will add the new protocol before long. Note that the API changes to add binary support have only recent been decided so Chrome the new protocol may be added before the API fully supports the new functionality enabled by the protocol.
The only browser I know of that implements the 07 protocol is this build of FF4:
http://www.ducksong.com/misc/websockets-builds/ws-07/