actionscript-3 - 使用 as3crypto 多次登录 assiSTLy.com

Question

我正在尝试使用此处所述的多 channel 登录自动将我的用户登录到 assiSTLy.com:http://dev.assistly.com/docs/portal/multipass

我尝试使用 as3crypto 将他们的代码示例 ( https://github.com/assistly/multipass-examples ) 转换为 Actionscript，显然没有成功。

这是我所拥有的:

package
{
    import com.adobe.crypto.SHA1;
    import com.adobe.serialization.json.JSON;
    import com.hurlant.crypto.*
    import com.hurlant.util.Base64;
    import flash.utils.ByteArray;

    public class AssistlySingleSignOn
    {
        protected static var API_SITE_KEY:String = "YOUR SITE KEY"
        protected static var MULTIPASS_KEY:String = "YOUR MULTIPASS API KEY"

        public function AssistlySingleSignOn()
        {
        }

        public static function generateMultipass(uid:String, username:String, email:String):String
        {
            var o:Object = {};
            o.uid = uid;
            o.expires = "2012-12-29T10:25:28-08:00";
            o.customer_email = email;
            o.customer_name = username;

            var salted:String = API_SITE_KEY + MULTIPASS_KEY;
            var hash:String = SHA1.hash(salted);
            var saltedHash:String = hash.substr(0, 16);
            var iv:String = "OpenSSL for Ruby";

            var ivByteArray:ByteArray = new ByteArray();
            ivByteArray.writeUTFBytes(iv);

            var key:ByteArray = new ByteArray();
            key.writeUTFBytes(saltedHash);
            key.position = 0;

            var json:String = JSON.encode(o);
            var jsonByteArray:ByteArray = new ByteArray();
            jsonByteArray.writeUTFBytes(json);

            var padding:IPad = new PKCS5(16);
            ivByteArray.position = 0;

            key.position = 0;
            var cyphered:CBCMode = Crypto.getCipher("aes-128-cbc", key, padding) as CBCMode;
        jsonByteArray.position = 0;
        cyphered.IV = ivByteArray;
        cyphered.encrypt(jsonByteArray);

            jsonByteArray.position = 0;
        var base64:String = Base64.encode(jsonByteArray.readUTFBytes(jsonByteArray.length));

        /*Convert to a URL safe string by performing the following

        Remove any newlines
        Remove trailing equal (=) characters
        Change any plus (+) characters to dashes (-)
        Change any slashes (/) characters to underscores (_)*/

        base64 = base64.replace(/\n/g, "");
        base64 = base64.replace(/=/g, "");
        base64 = base64.replace(/+/g, "-");
        base64 = base64.replace(/\//g, "_");

        return base64;
        }
    }
}

我假设我在 IV 或填充方面做错了，因为我不太明白它;-)

Answer 1

您可能想使用不同的加密类，或修改 as3crypto 类。我知道 SHA1 函数与 PHP sha1 函数存在不一致。看这个:

sha1 hash from as3crypto differs from the one made with PHP

这可能会使您的值无效。我的建议是追踪所有正在计算的数据，并针对 PHP 中的相同内容或 github 中的其他示例运行它。查看数据差异的位置。我打赌这将是与 AS3Crypto 相关的问题。