https from as3 air project to webservice using as3httpclientlib

Question

I am trying to change webservice implementation I have done over to use HTTPS.

I have been using the as3httpclientlib (https://code.google.com/p/as3httpclientlib/).

When I use a non-ssl endpoint it works as expected.

However when I use an SSL endpoint and version 1.3 as3crypt from the downloads page (https://code.google.com/p/as3crypto/downloads/list) or the included as3crypto-1_3_patched.swc I get the following:

I DONT KNOW HOW TO HANDLE DER stuff of TYPE 22
I DONT KNOW HOW TO HANDLE DER stuff of TYPE 22
I DONT KNOW HOW TO HANDLE DER stuff of TYPE 22
I DONT KNOW HOW TO HANDLE DER stuff of TYPE 22
I DONT KNOW HOW TO HANDLE DER stuff of TYPE 12
I DONT KNOW HOW TO HANDLE DER stuff of TYPE 22
I DONT KNOW HOW TO HANDLE DER stuff of TYPE 22
I DONT KNOW HOW TO HANDLE DER stuff of TYPE 22
I DONT KNOW HOW TO HANDLE DER stuff of TYPE 22
[Fault] exception, information=TypeError: Error #1009: Cannot access a property or method of a null object reference.

With the traces originating from Line 123 of DER.as https://code.google.com/p/as3crypto/source/browse/trunk/as3crypto/src/com/hurlant/util/der/DER.as?r=7 and the error from line 225 of X509Certificate.as https://code.google.com/p/as3crypto/source/browse/trunk/as3crypto/src/com/hurlant/crypto/cert/X509Certificate.as?spec=svn28&r=7

When I use the latest version of as3crypt https://code.google.com/p/as3crypto/source/detail?r=28 I get

[Fault] exception, information=Error: couldn't parse DER stream.

Thrown from line 23 of https://code.google.com/p/as3crypto/source/browse/trunk/as3crypto/src/com/hurlant/util/asn1/type/SetType.as

The webservice I am trying to access is on azurewebsites, so will be using the *.azurewebsites.net certificate.

I am also using the ASC2 compiler, this caused a couple of bugs which I had to fix in the crypto project including changing if (hex.length&1==1) hex="0"+hex; to if ((hex.length&1)==1) hex="0"+hex; which I found posted here com.hurlant.util.hex syntax error on air sdk 3.5

I am starting to think it may be something related to the way SSL is done on Azure websites, since when I strip back the request completely, I still get the same error, however pointing to https://www.google.com, I get no error.

They state on their website:

HTTPS doesn't always work. There are some minor bugs with the as3crypto library, so for example https at yahoo and yahoo owned domains (like delicious) don't currently work.

I had a look through the list of issues for as3crypt, and was wondering whether one of these contained a fix: https://code.google.com/p/as3crypto/issues/list

Does anyone know why I am getting these errors (what it is that azure are doing differently with their certificate (could it be the wildcard?)) and how I can fix it? Is there a maintained version of as3crypto that works? Or is there a better way for consuming https webservices from Air mobile apps?

****UPDATE****

I tried using the patched version of as3crypto but still no joy. The following is a copy of my stack trace when it errors. Does seem to be an error parsing the certificate?

I also had a look into changing over to SecureSocket but unfortunately it is not supported on iOS.

http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/SecureSocket.html

AIR profile support: This feature is supported on all desktop operating systems, but is not supported on all AIR for TV devices. On mobile devices, it is supported on Android, but not on iOS. You can test for support at run time using the SecureSocket.isSupported property.

TO RECREATE:

Make a get request to any https subdomain of azurewebsites.net.

ie the following code will reproduce:

var client:HttpClient = new HttpClient();
client.get(new URI("https://httpstest.azurewebsites.net"));

Answer 1

I have the same issue with DER decoing, and fix from this issue helped me: http://code.google.com/p/as3crypto/issues/detail?id=39

What about:

Or is there a better way for consuming https webservices from Air mobile apps?

You can try to substitute TLSSocket from as3crypto with Flash native SecureSocket in the as3httpclient, I think it shouldn't be too difficult to do. In my project I tryed to use both SecureSoket and TLSSocket and stood on TLSSocket because SecureSoket requires FP 11 and doesn't work with self-signed certificates that we use on test server, but SecureSoket also works fine and has shown even better performance that TLSSocket. You also can grab already patched version of as3crypto from my github (https://github.com/fsbmain/as3public) :)

If you still have problems, please provide endpoint of your webservice so I'll be able test it.

UPD:

I were able to reproduce your issue and tested certificate parsing with my patched as3crypto lib (it still allows to go deeper through the parsing), I also tested parsing of the same certificate but downloaded with the browser - the same result in both cases (as on your screenshot), so the conclusion is that TLSSocket loads correct and full bytes of certificate but fails to parse it. I tried to fix the parsing but it requires deeper dive into the as3crypto DER format implementation. So I'm afraid the only way to use as3httpclient is to fix DER parsing.

BTW why doesn't standard URLLoader fit you?

Answer 2

The as3crypto.swc file here: http://www.igniterealtime.org/downloads/download-landing.jsp?file=xiff/xiff_3_1_0.zip solved my issue.

as3crypto.swc is inside the libs folder, after extracting.