Initial commit

flash/mod_fsp/README

+=======
+mod_fsp
+=======
+
+mod_fsp is an Apache2 module for providing a Flash Socket Policy on the
+same port that HTTP is served. The cross-domain policy that is served is
+specified via a configuration option 'FSPPolicyFile'.
+
+If a flash application sends a policy file request to an Apache server
+that has enabled and configured the mod_fsp module over its HTTP port,
+then the configured cross-domain policy will be returned as the response.
+
+========
+Building
+========
+
+To build the mod_fsp source code you can use Apache2's module
+build and installation tool: 'apxs2' which is, at the time of
+this writing, available on debian in the package:
+
+apache2-threaded-dev
+
+To compile mod_fsp you would run the following command:
+
+apxs2 -c mod_fsp.c
+
+============
+Installation
+============
+
+To install mod_fsp you the following command as root:
+
+apxs2 -c -i -a mod_fsp.c
+
+You must then restart your apache2 process, typically like so:
+
+/etc/init.d/apache2 restart
+
+===================
+Manual Installation
+===================
+
+To manually enable mod_dsp on your Apache2 server, you must copy the
+module file to the appropriate directory and create a load file.
+
+The module file:
+
+fsp.so (The library extension may vary if you are not using linux).
+
+Must be copied to Apache's module installation directory which is
+typically located (on a debian system):
+
+/usr/lib/apache2/modules
+
+The load file:
+
+fsp.load
+
+Must be created in Apache2's 'mods-available' directory, typically
+located (on a debian system):
+
+/etc/apache2/mods-available
+
+The load file should contain:
+
+LoadModule fsp_module         /usr/lib/apache2/modules/mod_fsp.so
+
+If your Apache module installation directory is different from
+the one listed above, you will need to set the correct one in the
+fsp.load file.
+
+To actually enable the module you must create a symbolic link in
+Apache's 'mods-enabled' directory, typically located (on debian):
+
+/etc/apache2/mods-enabled
+
+By typing (from that directory):
+
+ln -s ../mods-available/fsp.load fsp.load
+
+=============
+Configuration
+=============
+
+Once mod_fsp is installed, it must be configured. There is currently
+only one configuration option for mod_fsp: 'FSPPolicyFile'. This
+configuration option will set the file that mod_fsp will look in
+on apache startup for the cross-domain policy to serve. This option
+can be provided on a per-port basis. Each port can use a different
+one, but VirtualServers on a single port will use the same one. This
+is a limitation of the design by Adobe.
+
+Note: The cross-domain policy may fail to be served if the configuration
+option isn't added in the first VirtualHost entry (for a given port) read
+by Apache.
+
+An example of this configuration in use:
+
+<VirtualHost *:80>
+   ServerName example.com
+   DocumentRoot /var/www/example.com
+   ErrorLog /var/log/apache2/example.com-error.log
+   CustomLog /var/log/apache2/example.com-access.log vhost_combined
+
+   # mod_fsp config option
+   FSPPolicyFile /etc/apache2/crossdomain/crossdomain.xml
+
+   <Directory /var/www/example.com>
+      Options Indexes FollowSymLinks MultiViews
+      AllowOverride All
+      Order allow,deny
+      allow from all
+   </Directory>
+
+</VirtualHost>
+
+And example of the most permissive cross-domain policy file for flash:
+
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE cross-domain-policy SYSTEM
+"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
+<cross-domain-policy>
+<site-control permitted-cross-domain-policies="all"/>
+<allow-access-from domain="*" to-ports="*"/>
+<allow-http-request-headers-from domain="*" headers="*"/>
+</cross-domain-policy>
+
+==================
+Note about SSL/TLS
+==================
+
+Flash currently has no built-in SSL/TLS support so there is no
+reason to specify an 'FSPPolicyFile' option for SSL servers. The
+Flash player cannot directly communicate with them when doing
+internal look ups of policy files.

flash/package.json

+{
+  "name": "node-forge-flash",
+  "version": "0.0.0",
+  "private": true,
+  "description": "Flash build support for Forge.",
+  "homepage": "https://github.com/digitalbazaar/forge",
+  "author": {
+    "name": "Digital Bazaar, Inc.",
+    "email": "support@digitalbazaar.com",
+    "url": "http://digitalbazaar.com/"
+  },
+  "devDependencies": {
+    "flex-sdk": ""
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/digitalbazaar/forge"
+  },
+  "bugs": {
+    "url": "https://github.com/digitalbazaar/forge/issues",
+    "email": "support@digitalbazaar.com"
+  },
+  "license": "(BSD-3-Clause OR GPL-2.0)",
+  "scripts": {
+    "build": "mxmlc -debug=false -define=CONFIG::debugging,false -define=CONFIG::release,true -compiler.source-path=. -static-link-runtime-shared-libraries -output=swf/SocketPool.swf SocketPool.as",
+    "build-debug": "mxmlc -debug=true -define=CONFIG::debugging,true -define=CONFIG::release,false -compiler.source-path=. -static-link-runtime-shared-libraries -output=swf/SocketPool.swf SocketPool.as"
+  }
+}

flash/policyserver.js

+/**
+ * Forge test Flash Policy Server.
+ *
+ * @author Dave Longley
+ * @author David I. Lehn
+ *
+ * Copyright (c) 2010-2016 Digital Bazaar, Inc.
+ */
+const net = require('net');
+const program = require('commander');
+
+// The policy file
+// NOTE: This format is very strict. Edit with care.
+let policyFile =
+  '<?xml version="1.0"?>' +
+  '<!DOCTYPE cross-domain-policy' +
+  ' SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">' +
+  '<cross-domain-policy>' +
+  '<allow-access-from domain="*" to-ports="*"/>' +
+  '</cross-domain-policy>\0';
+
+// Simple non-robust policy file server.
+// Looks for a request string and returns the policy file.
+exports.policyServer = function(port) {
+  let prefix = '[policy-server] ';
+  let server = net.createServer(socket => {
+    let remoteAddress = socket.remoteAddress + ':' + socket.remotePort;
+    console.log(prefix + 'new client connection from %s', remoteAddress);
+
+    // deal with strings
+    socket.setEncoding('utf8');
+
+    socket.on('data', d => {
+      if(d.indexOf('<policy-file-request/>') === 0) {
+        console.log(prefix + 'policy file request from: %s', remoteAddress);
+        socket.write(policyFile);
+      } else {
+        console.log(prefix + 'junk request from %s: %j', remoteAddress, d);
+      }
+    });
+    socket.once('close', () => {
+      console.log(prefix + 'connection from %s closed', remoteAddress);
+    });
+    socket.on('error', err => {
+      console.error(
+        prefix + 'connection %s error: %s', remoteAddress, err.message);
+    });
+  }).on('error', err => {
+    throw err;
+  });
+  server.listen(port, () => {
+    console.log(prefix + 'listening: ', server.address());
+  });
+};
+
+if(require.main === module) {
+  program
+    //.option('--host [host]',
+    //  'host to bind to [localhost]')
+    .option('--policy-port [port]',
+      'port used to serve policy file [19945]', 19945)
+    .parse(process.argv);
+
+  exports.policyServer(program.policyPort);
+}

flash/policyserver.py

+#!/usr/bin/env python
+
+"""
+Flash Socket Policy Server.
+
+- Starts Flash socket policy file server.
+- Defaults to port 843.
+- NOTE: Most operating systems require administrative privileges to use
+  ports under 1024.
+
+  $ ./policyserver.py [options]
+"""
+
+"""
+Also consider Adobe's solutions:
+http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html
+"""
+
+from multiprocessing import Process
+from optparse import OptionParser
+import SocketServer
+import logging
+
+# Set address reuse for all TCPServers
+SocketServer.TCPServer.allow_reuse_address = True
+
+# Static socket policy file string.
+# NOTE: This format is very strict. Edit with care.
+socket_policy_file = """\
+<?xml version="1.0"?>\
+<!DOCTYPE cross-domain-policy\
+ SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">\
+<cross-domain-policy>\
+<allow-access-from domain="*" to-ports="*"/>\
+</cross-domain-policy>\0"""
+
+
+class PolicyHandler(SocketServer.BaseRequestHandler):
+    """
+    The RequestHandler class for our server.
+
+    Returns a policy file when requested.
+    """
+
+    def handle(self):
+        """Send policy string if proper request string is received."""
+        # get some data
+        # TODO: make this more robust (while loop, etc)
+        self.data = self.request.recv(1024).rstrip('\0')
+        logging.debug("%s wrote:%s" % (self.client_address[0], repr(self.data)))
+        # if policy file request, send the file.
+        if self.data == "<policy-file-request/>":
+            logging.info("Policy server request from %s." % (self.client_address[0]))
+            self.request.send(socket_policy_file)
+        else:
+            logging.info("Policy server received junk from %s: \"%s\"" % \
+                    (self.client_address[0], repr(self.data)))
+
+
+class ThreadedTCPServer(SocketServer.ThreadingMixIn, SocketServer.TCPServer):
+    def serve_forever(self):
+        """Handle one request at a time until shutdown or keyboard interrupt."""
+        try:
+           SocketServer.BaseServer.serve_forever(self)
+        except KeyboardInterrupt:
+           return
+
+
+def main():
+    """Run socket policy file servers."""
+    usage = "Usage: %prog [options]"
+    parser = OptionParser(usage=usage)
+    parser.add_option("", "--host", dest="host", metavar="HOST",
+            default="localhost", help="bind to HOST")
+    parser.add_option("-p", "--port", dest="port", metavar="PORT",
+            default=843, type="int", help="serve on PORT")
+    parser.add_option("-d", "--debug", dest="debug", action="store_true",
+            default=False, help="debugging output")
+    parser.add_option("-v", "--verbose", dest="verbose", action="store_true",
+            default=False, help="verbose output")
+    (options, args) = parser.parse_args()
+
+    # setup logging
+    if options.debug:
+        lvl = logging.DEBUG
+    elif options.verbose:
+        lvl = logging.INFO
+    else:
+        lvl = logging.WARNING
+    logging.basicConfig(level=lvl, format="%(levelname)-8s %(message)s")
+
+    # log basic info
+    logging.info("Flash Socket Policy Server. Use ctrl-c to exit.")
+
+    # create policy server
+    logging.info("Socket policy serving on %s:%d." % (options.host, options.port))
+    policyd = ThreadedTCPServer((options.host, options.port), PolicyHandler)
+
+    # start server
+    policy_p = Process(target=policyd.serve_forever)
+    policy_p.start()
+
+    while policy_p.is_alive():
+        try:
+            policy_p.join(1)
+        except KeyboardInterrupt:
+            logging.info("Stopping test server...")
+
+
+if __name__ == "__main__":
+    main()
+

karma-sauce.conf.js

+/*!
+ * Karma Sauce Labs configuration
+ *
+ * `SAUCE_USERNAME` and `SAUCE_ACCESS_KEY` environmental variables should
+ * be set. For configuration details, see:
+ * https://github.com/karma-runner/karma-sauce-launcher
+ */
+
+var baseConfig = require('./karma.conf');
+
+module.exports = function(config) {
+  // load base forge karma config
+  baseConfig(config);
+
+  // Define an unlimited number of browser/OS combinations here. Sauce Labs
+  // will manage concurrency based on user's account restrictions.
+  // Platform Configurator Tool:
+  // https://wiki.saucelabs.com/display/DOCS/Platform+Configurator#/
+  var sauceLabsCustomLaunchers = {
+    sl_chrome: {
+      base: 'SauceLabs',
+      browserName: 'chrome',
+      platform: 'Linux',
+      version: '48.0'
+    },
+    sl_firefox: {
+      base: 'SauceLabs',
+      browserName: 'firefox',
+      platform: 'Linux',
+      version: '45.0'
+    },
+    sl_ios_safari_10: {
+      base: 'SauceLabs',
+      browserName: 'safari',
+      platform: 'OS X 10.11',
+      version: '10.0'
+    },
+    sl_ios_safari_9: {
+      base: 'SauceLabs',
+      browserName: 'safari',
+      platform: 'OS X 10.11',
+      version: '9.0'
+    },
+    sl_ie_11: {
+      base: 'SauceLabs',
+      browserName: 'internet explorer',
+      platform: 'Windows 7',
+      version: '11.0'
+    },
+    sl_edge_14: {
+      base: 'SauceLabs',
+      browserName: 'MicrosoftEdge',
+      platform: 'Windows 10',
+      version: '14.14393'
+    },
+    sl_edge_13: {
+      base: 'SauceLabs',
+      browserName: 'MicrosoftEdge',
+      platform: 'Windows 10',
+      version: '13.10586'
+    }
+  };
+
+  config.set({
+    sauceLabs: {
+      testName: 'Forge Unit Tests',
+      startConnect: true
+    },
+    captureTimeout: 180000,
+
+    // merge SauceLabs launchers
+    customLaunchers: sauceLabsCustomLaunchers,
+
+    // default to only SauceLabs launchers
+    browsers: Object.keys(sauceLabsCustomLaunchers),
+
+    reporters: ['dots', 'saucelabs']
+  });
+};

lib/asn1-validator.js

+/**
+ * Copyright (c) 2019 Digital Bazaar, Inc.
+ */
+
+var forge = require('./forge');
+require('./asn1');
+var asn1 = forge.asn1;
+
+exports.privateKeyValidator = {
+  // PrivateKeyInfo
+  name: 'PrivateKeyInfo',
+  tagClass: asn1.Class.UNIVERSAL,
+  type: asn1.Type.SEQUENCE,
+  constructed: true,
+  value: [{
+    // Version (INTEGER)
+    name: 'PrivateKeyInfo.version',
+    tagClass: asn1.Class.UNIVERSAL,
+    type: asn1.Type.INTEGER,
+    constructed: false,
+    capture: 'privateKeyVersion'
+  }, {
+    // privateKeyAlgorithm
+    name: 'PrivateKeyInfo.privateKeyAlgorithm',
+    tagClass: asn1.Class.UNIVERSAL,
+    type: asn1.Type.SEQUENCE,
+    constructed: true,
+    value: [{
+      name: 'AlgorithmIdentifier.algorithm',
+      tagClass: asn1.Class.UNIVERSAL,
+      type: asn1.Type.OID,
+      constructed: false,
+      capture: 'privateKeyOid'
+    }]
+  }, {
+    // PrivateKey
+    name: 'PrivateKeyInfo',
+    tagClass: asn1.Class.UNIVERSAL,
+    type: asn1.Type.OCTETSTRING,
+    constructed: false,
+    capture: 'privateKey'
+  }]
+};
+
+exports.publicKeyValidator = {
+  name: 'SubjectPublicKeyInfo',
+  tagClass: asn1.Class.UNIVERSAL,
+  type: asn1.Type.SEQUENCE,
+  constructed: true,
+  captureAsn1: 'subjectPublicKeyInfo',
+  value: [{
+    name: 'SubjectPublicKeyInfo.AlgorithmIdentifier',
+    tagClass: asn1.Class.UNIVERSAL,
+    type: asn1.Type.SEQUENCE,
+    constructed: true,
+    value: [{
+      name: 'AlgorithmIdentifier.algorithm',
+      tagClass: asn1.Class.UNIVERSAL,
+      type: asn1.Type.OID,
+      constructed: false,
+      capture: 'publicKeyOid'
+    }]
+  },
+  // capture group for ed25519PublicKey
+  {
+    tagClass: asn1.Class.UNIVERSAL,
+    type: asn1.Type.BITSTRING,
+    constructed: false,
+    composed: true,
+    captureBitStringValue: 'ed25519PublicKey'
+  }
+  // FIXME: this is capture group for rsaPublicKey, use it in this API or
+  // discard?
+  /* {
+    // subjectPublicKey
+    name: 'SubjectPublicKeyInfo.subjectPublicKey',
+    tagClass: asn1.Class.UNIVERSAL,
+    type: asn1.Type.BITSTRING,
+    constructed: false,
+    value: [{
+      // RSAPublicKey
+      name: 'SubjectPublicKeyInfo.subjectPublicKey.RSAPublicKey',
+      tagClass: asn1.Class.UNIVERSAL,
+      type: asn1.Type.SEQUENCE,
+      constructed: true,
+      optional: true,
+      captureAsn1: 'rsaPublicKey'
+    }]
+  } */
+  ]
+};

lib/forge.js

+/**
+ * Node.js module for Forge.
+ *
+ * @author Dave Longley
+ *
+ * Copyright 2011-2016 Digital Bazaar, Inc.
+ */
+module.exports = {
+  // default options
+  options: {
+    usePureJavaScript: false
+  }
+};