ACTIONSCRIPT 3 Developer’s Guide en

ACTIONSCRIPT 3.0 DEVELOPER’S GUIDE
XML signature validation in AIR
The following example implements a dereferencer for validating AIR application signatures. The implementation is
kept simple by relying on the known structure of an AIR signature. A general-purpose dereferencer could be
significantly more complex.
package
{
import flash.events.ErrorEvent;
import flash.security.IURIDereferencer;
import flash.utils.ByteArray;
import flash.utils.IDataInput;
}
public class AIRSignatureDereferencer implements IURIDereferencer {
private const XML_SIG_NS:Namespace =
new Namespace( "http://www.w3.org/2000/09/xmldsig#" );
private var airSignature:XML;
}
public function AIRSignatureDereferencer( airSignature:XML ) {
this.airSignature = airSignature;
}
public function dereference( uri:String ):IDataInput {
var data:ByteArray = null;
try
{
if( uri != "#PackageContents" )
{
throw( new Error("Unsupported signature type.") );
}
var manifest:XMLList =
airSignature.XML_SIG_NS::Object.XML_SIG_NS::Manifest;
data = new ByteArray();
data.writeUTFBytes( manifest.toXMLString());
data.position = 0;
}
catch (e:Error)
{
data = null;
throw new Error("Reference not resolvable: " + uri + ", " + e.message);
}
finally
{
return data;
}
}
When you verify this type of signature, only the data in the Manifest element is validated. The actual files in the package
are not checked at all. To check the package files for tampering, you must read the files, compute the SHA256 digest
and compare the result to digest recorded in the manifest. The XMLSignatureValidator does not automatically check
such secondary references.
Note: This example is provided only to illustrate the signature validation process. There is little use in an AIR application
validating its own signature. If the application has already been tampered with, the tampering agent could simply remove
the validation check.
Last updated 6/6/2012
866