Search code examples
actionscript-3oauthas3crypto

Multipass login to assistly.com with as3crypto

I'm trying to automatically login my users into assistly.com with their multipass login as described here: http://dev.assistly.com/docs/portal/multipass

I have tried to convert their code examples ( https://github.com/assistly/multipass-examples) to Actionscript using as3crypto, obviously without success.

Here's what I have:

package
{
    import com.adobe.crypto.SHA1;
    import com.adobe.serialization.json.JSON;
    import com.hurlant.crypto.*
    import com.hurlant.util.Base64;
    import flash.utils.ByteArray;

    public class AssistlySingleSignOn
    {
        protected static var API_SITE_KEY:String = "YOUR SITE KEY"
        protected static var MULTIPASS_KEY:String = "YOUR MULTIPASS API KEY"

        public function AssistlySingleSignOn()
        {
        }

        public static function generateMultipass(uid:String, username:String, email:String):String
        {
            var o:Object = {};
            o.uid = uid;
            o.expires = "2012-12-29T10:25:28-08:00";
            o.customer_email = email;
            o.customer_name = username;

            var salted:String = API_SITE_KEY + MULTIPASS_KEY;
            var hash:String = SHA1.hash(salted);
            var saltedHash:String = hash.substr(0, 16);
            var iv:String = "OpenSSL for Ruby";

            var ivByteArray:ByteArray = new ByteArray();
            ivByteArray.writeUTFBytes(iv);

            var key:ByteArray = new ByteArray();
            key.writeUTFBytes(saltedHash);
            key.position = 0;

            var json:String = JSON.encode(o);
            var jsonByteArray:ByteArray = new ByteArray();
            jsonByteArray.writeUTFBytes(json);

            var padding:IPad = new PKCS5(16);
            ivByteArray.position = 0;

            key.position = 0;
            var cyphered:CBCMode = Crypto.getCipher("aes-128-cbc", key, padding) as CBCMode;
        jsonByteArray.position = 0;
        cyphered.IV = ivByteArray;
        cyphered.encrypt(jsonByteArray);

            jsonByteArray.position = 0;
        var base64:String = Base64.encode(jsonByteArray.readUTFBytes(jsonByteArray.length));

        /*Convert to a URL safe string by performing the following

        Remove any newlines
        Remove trailing equal (=) characters
        Change any plus (+) characters to dashes (-)
        Change any slashes (/) characters to underscores (_)*/

        base64 = base64.replace(/\n/g, "");
        base64 = base64.replace(/=/g, "");
        base64 = base64.replace(/+/g, "-");
        base64 = base64.replace(/\//g, "_");

        return base64;
        }
    }
}

I'm assuming that I'm doing something wrong with the IV stuff or the padding, because I don't quite understand it ;-)

Solution

  • You might want to use a different crypto class, or modify the as3crypto one. I know there are inconsistencies in the SHA1 function vs. the PHP sha1 function. See this:

    sha1 hash from as3crypto differs from the one made with PHP

    This could be making your values invalid. My recommendation would be to trace out all your data as it's being calculated and run it against the same things in PHP or another of the examples in github. See where the data diverges. I'm betting it's going to be issues relating to AS3Crypto.