Package | flash.net |
Class | public class SecureSocket |
Inheritance | SecureSocket Socket EventDispatcher Object |
Language version: | ActionScript 3.0 |
Runtime version: | AIR 2 |
AIR profile support: This feature is supported
on all desktop operating systems, but is not supported on all AIR for TV devices.
On mobile devices, it is supported on Android and also supported on iOS starting from AIR 20.
You can test for support at run time using the SecureSocket.isSupported
property. See
AIR Profile Support for more information regarding API support across multiple profiles.
The SSL/TLS protocols provide a mechanism to handle both aspects of a secure socket connection:
The supported encryption protocols are SSL 3.1 and higher, and TLS 1.0 and higher. (TLS is the successor protocol for SSL. TLS 1.0 equals SSL 3.1, TLS 1.1 equals SSL 3.2, and so on.) SSL versions 3.0 or lower are not supported.
Validation of the server certificate is performed using the trust store and certificate validation
support of the client platform. In addition you can add your own certificates programmatically with the
addBinaryChainBuildingCertificate()
method.This API isn't supported on iOS currently. Using this API
on iOS would throw an exception - "ArgumentError: Error #2004"
The SecureSocket class only connects to servers with valid, trusted certificates. You cannot choose to connect to a server in spite of a problem with its certificate. For example, there is no way to connect to a server with an expired certificate. The same is true for a certificate that doesn't chain to a trusted anchor certificate. The connection will not be made, even though the certificate would be valid otherwise.
The SecureSocket class is useful for performing encrypted communication to a trusted server. In other respects, a SecureSocket object behaves like a regular Socket object.
To use the SecureSocket class, create a SecureSocket object (new SecureSocket()
).
Next, set up your listeners, and then run SecureSocket.connect(host, port)
.
When you successfully connect to the server, the socket dispatches a connect
event. A successful
connection is one in which the server's security protocols are supported and its certificate is valid and trusted.
If the certificate cannot be validated, the Socket dispatches an IOError
event.
Important: The Online Certificate Status Protocol (OCSP) is not supported by all operating systems. Users can also disable OCSP checking on individual computers. If OCSP is not supported or is disabled and a certificate does not contain the information necessary to check revocation using a Certificate Revocation List (CRL), then certificate revocation is not checked. The certificate is accepted if otherwise valid. This scenario could allow a server to use a revoked certificate.
See also
Property | Defined by | ||
---|---|---|---|
bytesAvailable : uint
The number of bytes of data available for reading in the input buffer.
| Socket | ||
bytesPending : uint
Indicates the number of bytes remaining in the write buffer.
| Socket | ||
connected : Boolean
Indicates whether this Socket object is currently connected.
| Socket | ||
constructor : Object
A reference to the class object or constructor function for a given object instance.
| Object | ||
endian : String
Indicates the byte order for the data.
| Socket | ||
isSupported : Boolean
[static][read-only]
Indicates whether secure sockets are supported on the current system.
| SecureSocket | ||
localAddress : String
The IP address this socket is bound to on the local machine.
| Socket | ||
localPort : int
The port this socket is bound to on the local machine.
| Socket | ||
objectEncoding : uint
Controls the version of AMF used when writing or reading an object.
| Socket | ||
prototype : Object
[static]
A reference to the prototype object of a class or function object.
| Object | ||
remoteAddress : String
The IP address of the remote machine to which this socket is connected.
| Socket | ||
remotePort : int
The port on the remote machine to which this socket is connected.
| Socket | ||
serverCertificate : X509Certificate
[read-only]
Holds the X.509 certificate obtained from the server after a secure SSL/TLS connection is established.
| SecureSocket | ||
serverCertificateStatus : String
[read-only]
Returns the status of the server's certificate.
| SecureSocket | ||
tcpNoDelay : Boolean
Whether to use the 'TCP_NODELAY' setting to avoid the use of Nagle's algorithm.
| Socket | ||
timeout : uint
Indicates the number of milliseconds to wait for a connection.
| Socket |
Method | Defined by | ||
---|---|---|---|
Creates a new SecureSocket object.
| SecureSocket | ||
Adds an X.509 certificate to the local certificate chain that your system uses for validating the server certificate.
| SecureSocket | ||
addEventListener(type:String, listener:Function, useCapture:Boolean = false, priority:int = 0, useWeakReference:Boolean = false):void
Registers an event listener object with an EventDispatcher object so that the listener
receives notification of an event.
| EventDispatcher | ||
Closes the socket.
| Socket | ||
Connects the socket to the specified host and port using SSL or TLS.
| SecureSocket | ||
Dispatches an event into the event flow.
| EventDispatcher | ||
Flushes any accumulated data in the socket's output buffer.
| Socket | ||
Checks whether the EventDispatcher object has any listeners registered for a specific type
of event.
| EventDispatcher | ||
Indicates whether an object has a specified property defined.
| Object | ||
Indicates whether an instance of the Object class is in the prototype chain of the object specified
as the parameter.
| Object | ||
Indicates whether the specified property exists and is enumerable.
| Object | ||
Reads a Boolean value from the socket.
| Socket | ||
Reads a signed byte from the socket.
| Socket | ||
Reads the number of data bytes specified by the length
parameter from the socket.
| Socket | ||
Reads an IEEE 754 double-precision floating-point number from the socket.
| Socket | ||
Reads an IEEE 754 single-precision floating-point number from the socket.
| Socket | ||
Reads a signed 32-bit integer from the socket.
| Socket | ||
Reads a multibyte string from the byte stream, using the specified character set.
| Socket | ||
readObject():*
Reads an object from the socket, encoded in AMF serialized format.
| Socket | ||
Reads a signed 16-bit integer from the socket.
| Socket | ||
Reads an unsigned byte from the socket.
| Socket | ||
Reads an unsigned 32-bit integer from the socket.
| Socket | ||
Reads an unsigned 16-bit integer from the socket.
| Socket | ||
Reads a UTF-8 string from the socket.
| Socket | ||
Reads the number of UTF-8 data bytes specified by the
length
parameter from the socket, and returns a string. | Socket | ||
Removes a listener from the EventDispatcher object.
| EventDispatcher | ||
Sets the availability of a dynamic property for loop operations.
| Object | ||
Returns the string representation of this object, formatted according to locale-specific conventions.
| Object | ||
Returns the string representation of the specified object.
| Object | ||
Returns the primitive value of the specified object.
| Object | ||
Checks whether an event listener is registered with this EventDispatcher object or any of
its ancestors for the specified event type.
| EventDispatcher | ||
Writes a Boolean value to the socket.
| Socket | ||
Writes a byte to the socket.
| Socket | ||
Writes a sequence of bytes from the specified byte array.
| Socket | ||
Writes an IEEE 754 double-precision floating-point number to the socket.
| Socket | ||
Writes an IEEE 754 single-precision floating-point number to the socket.
| Socket | ||
Writes a 32-bit signed integer to the socket.
| Socket | ||
Writes a multibyte string from the byte stream, using the specified character set.
| Socket | ||
Write an object to the socket in AMF serialized format.
| Socket | ||
Writes a 16-bit integer to the socket.
| Socket | ||
Writes a 32-bit unsigned integer to the socket.
| Socket | ||
Writes the following data to the socket: a 16-bit unsigned integer, which
indicates the length of the specified UTF-8 string in bytes, followed by
the string itself.
| Socket | ||
Writes a UTF-8 string to the socket.
| Socket |
Event | Summary | Defined by | ||
---|---|---|---|---|
[broadcast event] Dispatched when the Flash Player or AIR application gains operating system focus and becomes active. | EventDispatcher | |||
Dispatched when the server closes the socket connection. | SecureSocket | |||
Dispatched when the server closes the socket connection. | Socket | |||
Dispatched when a network connection has been established. | SecureSocket | |||
Dispatched when a network connection has been established. | Socket | |||
[broadcast event] Dispatched when the Flash Player or AIR application operating loses system focus and is becoming inactive. | EventDispatcher | |||
Dispatched when an input or output error occurs that causes a send or receive operation to fail. | SecureSocket | |||
Dispatched when an input/output error occurs that causes a send or load operation to fail. | Socket | |||
Dispatched when a socket moves data from its write buffer to the networking transport layer | Socket | |||
Dispatched when a call to SecureSocket.connect() fails because of a security restriction. | SecureSocket | |||
Dispatched if a call to Socket.connect() attempts to connect to a server
prohibited by the caller's security sandbox or to a port lower than 1024 and no socket policy file
exists to permit such a connection. | Socket | |||
Dispatched when a socket has received data. | SecureSocket | |||
Dispatched when a socket has received data. | Socket |
isSupported | property |
isSupported:Boolean
[read-only]
Language version: | ActionScript 3.0 |
Runtime version: | AIR 2 |
Indicates whether secure sockets are supported on the current system.
Secure sockets are not supported on all platforms. Check this property before attempting to create a SecureSocket instance.
Implementation public static function get isSupported():Boolean
serverCertificate | property |
serverCertificate:X509Certificate
[read-only]
Language version: | ActionScript 3.0 |
Runtime version: | AIR 3 |
Holds the X.509 certificate obtained from the server after a secure SSL/TLS connection is established.
If a secure connection is not established, this property is set to null
. Currently it is not
supported on iOS, and hence it is set to null
in case of iOS.
For more information on X.509 certificates, see RFC2459.
Implementation public function get serverCertificate():X509Certificate
serverCertificateStatus | property |
serverCertificateStatus:String
[read-only]
Language version: | ActionScript 3.0 |
Runtime version: | AIR 2 |
Returns the status of the server's certificate.
The status is CertificateStatus.UNKNOWN
until the
socket attempts to connect to a server. After validation, the status is one
of the strings enumerated by the CertificateStatus class. The connection only
succeeds when the certificate is valid and trusted. Thus, after a
connect
event, the value of serverCertificateStatus
is always trusted
.
Note: Once the certificate has been validated or rejected, the status
value is not updated until the next call to the connect()
method.
Calling close()
does not reset the status value to "unknown".
public function get serverCertificateStatus():String
See also
SecureSocket | () | constructor |
public function SecureSocket()
Language version: | ActionScript 3.0 |
Runtime version: | AIR 2 |
Creates a new SecureSocket object.
Check SecureSocket.isSupported
before attempting to create a SecureSocket
instance. If SSL 3.0 or TLS 1.0 sockets are not supported, the runtime will throw an IllegalOperationError.
Error — When SSL Version 3.0 (and higher) or TLS Version 1.0 (and higher) is not supported.
|
|
SecurityError — Local untrusted SWF files cannot communicate with the Internet. You can work around this problem by reclassifying this SWF file as local-with-networking or trusted.
|
addBinaryChainBuildingCertificate | () | method |
public function addBinaryChainBuildingCertificate(certificate:ByteArray, trusted:Boolean):void
Language version: | ActionScript 3.0 |
Runtime version: | AIR 3 |
Adds an X.509 certificate to the local certificate chain that your system uses for validating the server certificate. The certificate is temporary, and lasts for the duration of the session.
Server certificate validation relies on your system's trust store for certificate chain building and validation. Use this method to programmatically add additional certification chains and trusted anchors.
On Mac OS, the System keychain is the default keychain used during the SSL/TLS handshake process. Any intermediate certificates in that keychain are included when building the certification chain.
The certificate you add with this API must be a DER-encoded X.509 certificate.
If the trusted
parameter is true, the certificate you add with
this API is considered a trusted anchor.
For more information on X.509 certificates, see RFC2459.
Parameterscertificate:ByteArray — A ByteArray object containing a DER-encoded X.509 digital certificate.
|
|
trusted:Boolean — Set to true to designate this certificate as a trust anchor.
|
ArgumentError — When the certificate cannot be added.
|
connect | () | method |
public override function connect(host:String, port:int):void
Language version: | ActionScript 3.0 |
Runtime version: | AIR 2 |
Connects the socket to the specified host and port using SSL or TLS.
When you call the SecureSocket.connect()
method, the socket attempts SSL/TLS
handshaking with the server.
If the handshake succeeds, the socket attempts to validate the server certificate. If the
certificate is valid and trusted, then the secure socket connection is established, and
the socket dispatches a connect
event. If the handshake fails or the certificate cannot
be validated, the socket dispatches an IOError
event. You can check the certificate
validation result by reading the serverCertificateStatus
property after the
IOError
event is dispatched. (When a connect
event is dispatched, the certificate
status is always trusted
.)
If the socket was already connected, the existing connection is closed first.
Parametershost:String — The name or IP address of the host to connect to.
|
|
port:int — The port number to connect to.
|
connect:Event — Dispatched when a network connection has been
established. |
|
ioError:IOErrorEvent — Dispatched if a host is specified and an
input/output error occurs that causes the connection to fail.
This includes SSL/TLS handshake errors and failure to
successfully validate the host's server certificate. |
|
securityError:SecurityErrorEvent — Dispatched if a call to
Socket.connect() attempts to connect
either to a server that doesn't serve a socket policy file,
or to a server whose policy file doesn't grant the calling host access to the specified port.
For more information on policy files, see "Website controls (policy files)" in
the ActionScript 3.0 Developer's Guide and the Flash Player Developer Center Topic:
Security. |
Error — When you don't specify a host and the connection fails.
|
|
SecurityError — When you specify a socket port less than
zero or higher than 65535.
|
close | event |
flash.events.Event
flash.events.Event.CLOSE
Language version: | ActionScript 3.0 |
Runtime version: | AIR 2 |
Dispatched when the server closes the socket connection.
The close
event is dispatched only when the server
closes the connection; it is not dispatched when you call the Socket.close()
method.
The Event.CLOSE
constant defines the value of the type
property of a close
event object.
This event has the following properties:
Property | Value |
---|---|
bubbles | false |
cancelable | false ; there is no default behavior to cancel. |
currentTarget | The object that is actively processing the Event object with an event listener. |
target | The object whose connection has been closed. |
connect | event |
flash.events.Event
flash.events.Event.CONNECT
Language version: | ActionScript 3.0 |
Runtime version: | AIR 2 |
Dispatched when a network connection has been established.
The Event.CONNECT
constant defines the value of the type
property of a connect
event object.
This event has the following properties:
Property | Value |
---|---|
bubbles | false |
cancelable | false ; there is no default behavior to cancel. |
currentTarget | The object that is actively processing the Event object with an event listener. |
target | The Socket or XMLSocket object that has established a network connection. |
ioError | event |
flash.events.IOErrorEvent
flash.events.IOErrorEvent.IO_ERROR
Language version: | ActionScript 3.0 |
Runtime version: | AIR 2 |
Dispatched when an input or output error occurs that causes a send or receive operation to fail.
When a server certificate cannot be validated, the error event dispatched is an IOError. In this case,
you can check the serverCertificateStatus
property to determine the cause of the problem.
Defines the value of the type
property of an ioError
event object.
This event has the following properties:
Property | Value |
---|---|
bubbles | false |
cancelable | false ; there is no default behavior to cancel. |
currentTarget | The object that is actively processing the Event object with an event listener. |
errorID | A reference number associated with the specific error (AIR only). |
target | The network object experiencing the input/output error. |
text | Text to be displayed as an error message. |
securityError | event |
flash.events.SecurityErrorEvent
flash.events.SecurityErrorEvent.SECURITY_ERROR
Language version: | ActionScript 3.0 |
Runtime version: | AIR 2 |
Dispatched when a call to SecureSocket.connect()
fails because of a security restriction.
A security error event is dispatched when code running in Flash Player or in AIR outside the application security sandbox attempts to connect to a server in a different domain or to a port lower than 1024 and the server does not provide a policy file that allows the connection. Note that code running within the AIR application sandbox can connect to a server at any domain and on ports below 1024 without a policy file.
The SecurityErrorEvent.SECURITY_ERROR
constant defines the value of the type
property of a securityError
event object.
This event has the following properties:
Property | Value |
---|---|
bubbles | false |
cancelable | false ; there is no default behavior to cancel. |
currentTarget | The object that is actively processing the Event object with an event listener. |
target | The network object reporting the security error. |
text | Text to be displayed as an error message. |
See also
socketData | event |
flash.events.ProgressEvent
flash.events.ProgressEvent.SOCKET_DATA
Language version: | ActionScript 3.0 |
Runtime version: | AIR 2 |
Dispatched when a socket has received data.
Events of type socketData
do not use the ProgressEvent.bytesTotal
property.
Defines the value of the type
property of a socketData
event object.
This event has the following properties:
Property | Value |
---|---|
bubbles | false |
cancelable | false ; there is no default behavior to cancel. |
currentTarget | The object that is actively processing the Event. |
bytesLoaded | The number of items or bytes loaded at the time the listener processes the event. |
bytesTotal | 0; this property is not used by socketData event objects. |
target | The socket reporting progress. |
package { import flash.display.Sprite; import flash.errors.IOError; import flash.events.Event; import flash.events.IOErrorEvent; import flash.net.SecureSocket; public class SecureSocketExample extends Sprite { private var secureSocket:SecureSocket = new SecureSocket(); public function SecureSocketExample() { secureSocket.addEventListener( Event.CONNECT, onConnect ) secureSocket.addEventListener( IOErrorEvent.IO_ERROR, onError ); try { secureSocket.connect( "208.77.188.166", 443 ); } catch ( error:Error ) { trace ( error.toString() ); } } private function onConnect( event:Event ):void { trace("Connected."); } private function onError( error:IOErrorEvent ):void { trace( error.text + ", " + secureSocket.serverCertificateStatus ); } } }