pontarius-xmpp/source/Network/XMPP/TLS.hs

{-# LANGUAGE DeriveDataTypeable #-}
{-# LANGUAGE OverloadedStrings #-}

module Network.XMPP.TLS where

import qualified Control.Exception.Lifted as Ex
import           Control.Monad
import           Control.Monad.Error
import           Control.Monad.State.Strict

import           Data.Conduit.TLS as TLS
import           Data.Typeable
import           Data.XML.Types

import           Network.XMPP.Monad
import           Network.XMPP.Pickle(ppElement)
import           Network.XMPP.Stream
import           Network.XMPP.Types

starttlsE :: Element
starttlsE = Element "{urn:ietf:params:xml:ns:xmpp-tls}starttls" [] []

exampleParams :: TLS.TLSParams
exampleParams = TLS.defaultParams
    { pConnectVersion    = TLS.TLS10
    , pAllowedVersions   = [TLS.SSL3, TLS.TLS10, TLS.TLS11]
    , pCiphers           = [TLS.cipher_AES128_SHA1]
    , pCompressions      = [TLS.nullCompression]
    , pWantClientCert    = False -- Used for servers
    , pUseSecureRenegotiation = False -- No renegotiation
    , pCertificates      = [] -- TODO
    , pLogging           = TLS.defaultLogging -- TODO
    , onCertificatesRecv = \_certificate ->
          return TLS.CertificateUsageAccept
    }

-- | Error conditions that may arise during TLS negotiation.
data XMPPTLSError = TLSError TLSError
                  | TLSNoServerSupport
                  | TLSNoConnection
                  | TLSStreamError StreamError
                  | XMPPTLSError -- General instance used for the Error instance
                    deriving (Show, Eq, Typeable)

instance Error XMPPTLSError where
  noMsg = XMPPTLSError

-- Pushes "<starttls/>, waits for "<proceed/>", performs the TLS handshake, and
-- restarts the stream. May throw errors.
startTLS :: TLS.TLSParams -> XMPPConMonad (Either XMPPTLSError ())
startTLS params = Ex.handle (return . Left . TLSError) . runErrorT $ do
    features <- lift $ gets sFeatures
    handle' <- lift $ gets sConHandle
    handle <- maybe (throwError TLSNoConnection) return handle'
    when (stls features == Nothing) $ throwError TLSNoServerSupport
    lift $ pushElement starttlsE
    answer <- lift $ pullElement
    case answer of
        Element "{urn:ietf:params:xml:ns:xmpp-tls}proceed" [] [] -> return ()
        Element "{urn:ietf:params:xml:ns:xmpp-tls}failure" _ _ ->
            lift . Ex.throwIO $ StreamConnectionError
            -- TODO: find something more suitable
        e -> lift . Ex.throwIO . StreamXMLError $
            "Unexpected element: " ++ ppElement e
    (raw, _snk, psh, ctx) <- lift $ TLS.tlsinit params handle
    lift $ modify ( \x -> x
                  { sRawSrc = raw
--                , sConSrc =  -- Note: this momentarily leaves us in an
                               -- inconsistent state
                  , sConPushBS = catchPush . psh
                  , sCloseConnection = TLS.bye ctx >> sCloseConnection x
                  })
    either (lift . Ex.throwIO) return =<< lift xmppRestartStream
    modify (\s -> s{sConnectionState = XmppConnectionSecured})
    return ()
added error handling to Stream, TLS switched to Strict State switched to mtl improved build script 14 years ago			`{-# LANGUAGE DeriveDataTypeable #-}`
minor formatting and documentation additions 14 years ago			`{-# LANGUAGE OverloadedStrings #-}`
inserted Haddock comments to hide the non-Network.XMPP modules, fixed some Haddock problems 15 years ago
initial 14 years ago			`module Network.XMPP.TLS where`
cleaned up the TLS and Stream modules 15 years ago
added error handling to Stream, TLS switched to Strict State switched to mtl improved build script 14 years ago			`import qualified Control.Exception.Lifted as Ex`
warning clean 14 years ago			`import Control.Monad`
added error handling to Stream, TLS switched to Strict State switched to mtl improved build script 14 years ago			`import Control.Monad.Error`
			`import Control.Monad.State.Strict`
initial import, copy of darcs repository 15 years ago
warning clean 14 years ago			`import Data.Conduit.TLS as TLS`
added error handling to Stream, TLS switched to Strict State switched to mtl improved build script 14 years ago			`import Data.Typeable`
warning clean 14 years ago			`import Data.XML.Types`
initial import, copy of darcs repository 15 years ago
warning clean 14 years ago			`import Network.XMPP.Monad`
protected withConnection from asynchronous exceptions (may beed more work) renamed picklers to adhere to the xpPicklername schema added xmpp stream error data type and pickler changed fatal errors throw exceptions rather than ErrorT errors renamed pulls to pullSink renamed pullE pullElement renamed pull to pullStanza renamed sendS to sendStanza 14 years ago			`import Network.XMPP.Pickle(ppElement)`
warning clean 14 years ago			`import Network.XMPP.Stream`
			`import Network.XMPP.Types`
cleaned up the TLS and Stream modules 15 years ago
compiles... again 14 years ago			`starttlsE :: Element`
minor formatting and documentation additions 14 years ago			`starttlsE = Element "{urn:ietf:params:xml:ns:xmpp-tls}starttls" [] []`
initial 14 years ago
Merge branch 'xmpp-lib' Conflicts: LICENSE src/Network/XMPP.hs src/Network/XMPP/SASL.hs src/Network/XMPP/Session.hs src/Network/XMPP/Stream.hs src/Network/XMPP/TLS.hs src/Network/XMPP/Types.hs 14 years ago			`exampleParams :: TLS.TLSParams`
removed sConPush, session now starts without connection, added inline connection method xml-types-pickle updated 14 years ago			`exampleParams = TLS.defaultParams`
minor formatting and documentation additions 14 years ago			`{ pConnectVersion = TLS.TLS10`
			`, pAllowedVersions = [TLS.SSL3, TLS.TLS10, TLS.TLS11]`
			`, pCiphers = [TLS.cipher_AES128_SHA1]`
			`, pCompressions = [TLS.nullCompression]`
			`, pWantClientCert = False -- Used for servers`
			`, pUseSecureRenegotiation = False -- No renegotiation`
			`, pCertificates = [] -- TODO`
			`, pLogging = TLS.defaultLogging -- TODO`
			`, onCertificatesRecv = \_certificate ->`
			`return TLS.CertificateUsageAccept`
			`}`
Merge branch 'xmpp-lib' Conflicts: LICENSE src/Network/XMPP.hs src/Network/XMPP/SASL.hs src/Network/XMPP/Session.hs src/Network/XMPP/Stream.hs src/Network/XMPP/TLS.hs src/Network/XMPP/Types.hs 14 years ago
preliminary shaping of API structure, documentation 14 years ago			`-- \| Error conditions that may arise during TLS negotiation.`
added error handling to Stream, TLS switched to Strict State switched to mtl improved build script 14 years ago			`data XMPPTLSError = TLSError TLSError`
			`\| TLSNoServerSupport`
			`\| TLSNoConnection`
			`\| TLSStreamError StreamError`
minor formatting and documentation additions 14 years ago			`\| XMPPTLSError -- General instance used for the Error instance`
added error handling to Stream, TLS switched to Strict State switched to mtl improved build script 14 years ago			`deriving (Show, Eq, Typeable)`

			`instance Error XMPPTLSError where`
minor formatting and documentation additions 14 years ago			`noMsg = XMPPTLSError`
added error handling to Stream, TLS switched to Strict State switched to mtl improved build script 14 years ago
minor formatting and documentation additions 14 years ago			`-- Pushes "<starttls/>, waits for "<proceed/>", performs the TLS handshake, and`
			`-- restarts the stream. May throw errors.`
unlifted connection handling exported withConnection 14 years ago			`startTLS :: TLS.TLSParams -> XMPPConMonad (Either XMPPTLSError ())`
minor formatting and documentation additions 14 years ago			`startTLS params = Ex.handle (return . Left . TLSError) . runErrorT $ do`
			`features <- lift $ gets sFeatures`
			`handle' <- lift $ gets sConHandle`
			`handle <- maybe (throwError TLSNoConnection) return handle'`
			`when (stls features == Nothing) $ throwError TLSNoServerSupport`
renames (pushN -> pushElement, push -> pushStanza, pushOpen -> pushOpenElement, pullSink -> pullToSink, xpStreamEntity -> xpStreamStanza); minor formatting and documentation additions in Monad 14 years ago			`lift $ pushElement starttlsE`
minor formatting and documentation additions 14 years ago			`answer <- lift $ pullElement`
			`case answer of`
added error handling to Stream, TLS switched to Strict State switched to mtl improved build script 14 years ago			`Element "{urn:ietf:params:xml:ns:xmpp-tls}proceed" [] [] -> return ()`
minor formatting and documentation additions 14 years ago			`Element "{urn:ietf:params:xml:ns:xmpp-tls}failure" _ _ ->`
			`lift . Ex.throwIO $ StreamConnectionError`
			`-- TODO: find something more suitable`
			`e -> lift . Ex.throwIO . StreamXMLError $`
			`"Unexpected element: " ++ ppElement e`
			`(raw, _snk, psh, ctx) <- lift $ TLS.tlsinit params handle`
			`lift $ modify ( \x -> x`
			`{ sRawSrc = raw`
			`-- , sConSrc = -- Note: this momentarily leaves us in an`
			`-- inconsistent state`
			`, sConPushBS = catchPush . psh`
			`, sCloseConnection = TLS.bye ctx >> sCloseConnection x`
			`})`
			`either (lift . Ex.throwIO) return =<< lift xmppRestartStream`
			`modify (\s -> s{sConnectionState = XmppConnectionSecured})`
			`return ()`