pontarius-xmpp/source/Network/Xmpp/Tls.hs

{-# OPTIONS_HADDOCK hide #-}
{-# LANGUAGE DeriveDataTypeable #-}
{-# LANGUAGE OverloadedStrings #-}

module Network.Xmpp.Tls where

import qualified Control.Exception.Lifted as Ex
import           Control.Monad
import           Control.Monad.Error
import           Control.Monad.State.Strict

import qualified Data.ByteString as BS
import qualified Data.ByteString.Lazy as BL
import           Data.Conduit
import qualified Data.Conduit.Binary as CB
import           Data.Conduit.Tls as TLS
import           Data.Typeable
import           Data.XML.Types

import           Network.Xmpp.Stream
import           Network.Xmpp.Types

import           Control.Concurrent.STM.TMVar

mkBackend con = Backend { backendSend = \bs -> void (streamSend con bs)
                        , backendRecv = streamReceive con
                        , backendFlush = streamFlush con
                        , backendClose = streamClose con
                        }
  where
    cutBytes n = do
        liftIO $ putStrLn "awaiting"
        mbs <- await
        liftIO $ putStrLn "done awaiting"
        case mbs of
            Nothing -> return BS.empty
            Just bs -> do
                let (a, b) = BS.splitAt n bs
                liftIO . putStrLn $
                    "remaining" ++ (show $ BS.length b) ++ " of " ++ (show n)

                unless (BS.null b) $ leftover b
                return a


cutBytes n = do
    liftIO $ putStrLn "awaiting"
    mbs <- await
    liftIO $ putStrLn "done awaiting"
    case mbs of
        Nothing -> return False
        Just bs -> do
            let (a, b) = BS.splitAt n bs
            liftIO . putStrLn $
                "remaining" ++ (show $ BS.length b) ++ " of " ++ (show n)

            unless (BS.null b) $ leftover b
            return True


starttlsE :: Element
starttlsE = Element "{urn:ietf:params:xml:ns:xmpp-tls}starttls" [] []

exampleParams :: TLS.TLSParams
exampleParams = TLS.defaultParamsClient
    { pConnectVersion    = TLS.TLS10
    , pAllowedVersions   = [TLS.SSL3, TLS.TLS10, TLS.TLS11]
    , pCiphers           = [TLS.cipher_AES128_SHA1]
    , pCompressions      = [TLS.nullCompression]
    , pUseSecureRenegotiation = False -- No renegotiation
    , onCertificatesRecv = \_certificate ->
          return TLS.CertificateUsageAccept
    }

-- Pushes "<starttls/>, waits for "<proceed/>", performs the TLS handshake, and
-- restarts the stream.
startTls :: TLS.TLSParams -> TMVar Stream -> IO (Either XmppFailure ())
startTls params con = Ex.handle (return . Left . TlsError)
                      . flip withStream con
                      . runErrorT $ do
    features <- lift $ gets streamFeatures
    state <- gets streamState
    case state of
        Plain -> return ()
        Closed -> throwError XmppNoStream
        Secured -> throwError TlsStreamSecured
    con <- lift $ gets streamHandle
    when (streamTls features == Nothing) $ throwError TlsNoServerSupport
    lift $ pushElement starttlsE
    answer <- lift $ pullElement
    case answer of
        Left e -> return $ Left e
        Right (Element "{urn:ietf:params:xml:ns:xmpp-tls}proceed" [] []) -> return $ Right ()
        Right (Element "{urn:ietf:params:xml:ns:xmpp-tls}failure" _ _) -> return $ Left XmppOtherFailure
    (raw, _snk, psh, read, ctx) <- lift $ TLS.tlsinit debug params (mkBackend con)
    let newHand = StreamHandle { streamSend = catchPush . psh
                                   , streamReceive = read
                                   , streamFlush = contextFlush ctx
                                   , streamClose = bye ctx >> streamClose con
                                   }
    lift $ modify ( \x -> x {streamHandle = newHand})
    either (lift . Ex.throwIO) return =<< lift restartStream
    modify (\s -> s{streamState = Secured})
    return ()
shape documentation 13 years ago			`{-# OPTIONS_HADDOCK hide #-}`
added error handling to Stream, TLS switched to Strict State switched to mtl improved build script 14 years ago			`{-# LANGUAGE DeriveDataTypeable #-}`
minor formatting and documentation additions 14 years ago			`{-# LANGUAGE OverloadedStrings #-}`
inserted Haddock comments to hide the non-Network.XMPP modules, fixed some Haddock problems 15 years ago
Projects/Pontarius/Apply various minor fixes Started using double quotes instead of single quotes on XMLDecl, to conform to the quotations of the other XML. To conform with the Haskell style guidelines, `TLS' is now spelled `Tls', and `XML' is now spelled `Xml'. Updated library name in README file. 13 years ago			`module Network.Xmpp.Tls where`
cleaned up the TLS and Stream modules 15 years ago
added error handling to Stream, TLS switched to Strict State switched to mtl improved build script 14 years ago			`import qualified Control.Exception.Lifted as Ex`
warning clean 14 years ago			`import Control.Monad`
added error handling to Stream, TLS switched to Strict State switched to mtl improved build script 14 years ago			`import Control.Monad.Error`
			`import Control.Monad.State.Strict`
initial import, copy of darcs repository 15 years ago
Fix BufferedSource (couldn't handle leftovers and was therefore useless) Factor out connection from Session Abstract over connection type (remove mention of Handle) 13 years ago			`import qualified Data.ByteString as BS`
			`import qualified Data.ByteString.Lazy as BL`
			`import Data.Conduit`
			`import qualified Data.Conduit.Binary as CB`
Projects/Pontarius/Apply various minor fixes Started using double quotes instead of single quotes on XMLDecl, to conform to the quotations of the other XML. To conform with the Haskell style guidelines, `TLS' is now spelled `Tls', and `XML' is now spelled `Xml'. Updated library name in README file. 13 years ago			`import Data.Conduit.Tls as TLS`
added error handling to Stream, TLS switched to Strict State switched to mtl improved build script 14 years ago			`import Data.Typeable`
warning clean 14 years ago			`import Data.XML.Types`
initial import, copy of darcs repository 15 years ago
replace XMPP with Xmpp everywhere to unify style replace SASL with Sasl replace DIGEST_MD5 with DigestMD5 replace PLAIN with Plain 14 years ago			`import Network.Xmpp.Stream`
			`import Network.Xmpp.Types`
cleaned up the TLS and Stream modules 15 years ago
Simplify API Drops the Connection newtype, and shows TMVar Connection instead. Hides Connection from Network.Xmpp, as the vast majority of users will not need to work with Connection directly. The related functions are now instead available from Network.Xmpp.Basic. Renames `simpleConnect' to `session', and makes it flexible in terms of authentication and whether or not to use TLS. Adds some minor documentation changes. We will need to export some session related information (such as the acquired resource, stream properties, etc.). We will also need to expose any failures encountered, probably by making `session' an ErrorT calculation. Also removed the Errors module from the Cabal file. 13 years ago			`import Control.Concurrent.STM.TMVar`

Renamed some stream-related record fields Prefixed the fields with `stream'. `ServerFeatures' was renamed `StreamFeatures' to be more coherent with the terminology in RFC 6120. 13 years ago			`mkBackend con = Backend { backendSend = \bs -> void (streamSend con bs)`
			`, backendRecv = streamReceive con`
			`, backendFlush = streamFlush con`
			`, backendClose = streamClose con`
Fix BufferedSource (couldn't handle leftovers and was therefore useless) Factor out connection from Session Abstract over connection type (remove mention of Handle) 13 years ago			`}`
			`where`
			`cutBytes n = do`
			`liftIO $ putStrLn "awaiting"`
			`mbs <- await`
			`liftIO $ putStrLn "done awaiting"`
			`case mbs of`
			`Nothing -> return BS.empty`
			`Just bs -> do`
			`let (a, b) = BS.splitAt n bs`
			`liftIO . putStrLn $`
			`"remaining" ++ (show $ BS.length b) ++ " of " ++ (show n)`

			`unless (BS.null b) $ leftover b`
			`return a`


			`cutBytes n = do`
			`liftIO $ putStrLn "awaiting"`
			`mbs <- await`
			`liftIO $ putStrLn "done awaiting"`
			`case mbs of`
			`Nothing -> return False`
			`Just bs -> do`
			`let (a, b) = BS.splitAt n bs`
			`liftIO . putStrLn $`
			`"remaining" ++ (show $ BS.length b) ++ " of " ++ (show n)`

			`unless (BS.null b) $ leftover b`
			`return True`


compiles... again 14 years ago			`starttlsE :: Element`
minor formatting and documentation additions 14 years ago			`starttlsE = Element "{urn:ietf:params:xml:ns:xmpp-tls}starttls" [] []`
initial 14 years ago
Merge branch 'xmpp-lib' Conflicts: LICENSE src/Network/XMPP.hs src/Network/XMPP/SASL.hs src/Network/XMPP/Session.hs src/Network/XMPP/Stream.hs src/Network/XMPP/TLS.hs src/Network/XMPP/Types.hs 14 years ago			`exampleParams :: TLS.TLSParams`
fix TLS code for hs-tls 1.0 13 years ago			`exampleParams = TLS.defaultParamsClient`
minor formatting and documentation additions 14 years ago			`{ pConnectVersion = TLS.TLS10`
			`, pAllowedVersions = [TLS.SSL3, TLS.TLS10, TLS.TLS11]`
			`, pCiphers = [TLS.cipher_AES128_SHA1]`
			`, pCompressions = [TLS.nullCompression]`
			`, pUseSecureRenegotiation = False -- No renegotiation`
			`, onCertificatesRecv = \_certificate ->`
			`return TLS.CertificateUsageAccept`
			`}`
Merge branch 'xmpp-lib' Conflicts: LICENSE src/Network/XMPP.hs src/Network/XMPP/SASL.hs src/Network/XMPP/Session.hs src/Network/XMPP/Stream.hs src/Network/XMPP/TLS.hs src/Network/XMPP/Types.hs 14 years ago
minor formatting and documentation additions 14 years ago			`-- Pushes "<starttls/>, waits for "<proceed/>", performs the TLS handshake, and`
Make the stream failure types more intuitive and clear StreamError has been renamed to StreamFailure, as it's neither an error or an exception, and since the term "stream error" is ambigous (it can also refer to the stream error element on the XMPP stream). Furthermore, XmppTLSError has been renamed to TLSFailure. The data types related to the above mentioned failures are now exported. We do no longer clutter the API with detailed error conditions such as StreamNotStreamElement. These kinds of conditions are such rare occurances, and details about them are better suited in the logging system (to be implemented soon). Stream failures can occur either when a `stream:error' first-level XML element is encountered, or if something unexpected happens in the stream. Currently, `StreamErrorFailure', `StreamEndFailure', and `StreamOtherFailure' are defined for these purposes, but additional exceptions can be added if that would be helpful for the developers. TLSFailure is moved to Types.hs and is now exported. Also temporarily removed findStreamErrors. 13 years ago			`-- restarts the stream.`
Join `Stream' and `Connection' The `Stream' and the `Connection' modules/concepts has been quite similar and, in some ways, overlapping. The `Stream' and `Connection' modules allow for direct access to the XML stream. The `Stream' module exported an API for opening, restarting, and closing the stream. The `Connection' module, on the other hand, allowed for pushing and pulling elements and stanzas to and from the stream. Furthermore, the `Connection' type was used in both the `Connection' module and the higher-level `Stream' module. This patch joins the two modules into one `Stream' module, and renames the `Connection' type to `Stream'. It also renames most other connection-related functions and types. Also, `connect' is renamed `openStream' and `closeStreams' is renamed `closeStream' (the stream is `bidirectional' in RFC 6120 terminology). 13 years ago			`startTls :: TLS.TLSParams -> TMVar Stream -> IO (Either XmppFailure ())`
Projects/Pontarius/Apply various minor fixes Started using double quotes instead of single quotes on XMLDecl, to conform to the quotations of the other XML. To conform with the Haskell style guidelines, `TLS' is now spelled `Tls', and `XML' is now spelled `Xml'. Updated library name in README file. 13 years ago			`startTls params con = Ex.handle (return . Left . TlsError)`
Join `Stream' and `Connection' The `Stream' and the `Connection' modules/concepts has been quite similar and, in some ways, overlapping. The `Stream' and `Connection' modules allow for direct access to the XML stream. The `Stream' module exported an API for opening, restarting, and closing the stream. The `Connection' module, on the other hand, allowed for pushing and pulling elements and stanzas to and from the stream. Furthermore, the `Connection' type was used in both the `Connection' module and the higher-level `Stream' module. This patch joins the two modules into one `Stream' module, and renames the `Connection' type to `Stream'. It also renames most other connection-related functions and types. Also, `connect' is renamed `openStream' and `closeStreams' is renamed `closeStream' (the stream is `bidirectional' in RFC 6120 terminology). 13 years ago			`. flip withStream con`
refactor xmppConMonad 13 years ago			`. runErrorT $ do`
Renamed some stream-related record fields Prefixed the fields with `stream'. `ServerFeatures' was renamed `StreamFeatures' to be more coherent with the terminology in RFC 6120. 13 years ago			`features <- lift $ gets streamFeatures`
			`state <- gets streamState`
Fix BufferedSource (couldn't handle leftovers and was therefore useless) Factor out connection from Session Abstract over connection type (remove mention of Handle) 13 years ago			`case state of`
Join `Stream' and `Connection' The `Stream' and the `Connection' modules/concepts has been quite similar and, in some ways, overlapping. The `Stream' and `Connection' modules allow for direct access to the XML stream. The `Stream' module exported an API for opening, restarting, and closing the stream. The `Connection' module, on the other hand, allowed for pushing and pulling elements and stanzas to and from the stream. Furthermore, the `Connection' type was used in both the `Connection' module and the higher-level `Stream' module. This patch joins the two modules into one `Stream' module, and renames the `Connection' type to `Stream'. It also renames most other connection-related functions and types. Also, `connect' is renamed `openStream' and `closeStreams' is renamed `closeStream' (the stream is `bidirectional' in RFC 6120 terminology). 13 years ago			`Plain -> return ()`
			`Closed -> throwError XmppNoStream`
			`Secured -> throwError TlsStreamSecured`
Renamed some stream-related record fields Prefixed the fields with `stream'. `ServerFeatures' was renamed `StreamFeatures' to be more coherent with the terminology in RFC 6120. 13 years ago			`con <- lift $ gets streamHandle`
			`when (streamTls features == Nothing) $ throwError TlsNoServerSupport`
renames (pushN -> pushElement, push -> pushStanza, pushOpen -> pushOpenElement, pullSink -> pullToSink, xpStreamEntity -> xpStreamStanza); minor formatting and documentation additions in Monad 14 years ago			`lift $ pushElement starttlsE`
minor formatting and documentation additions 14 years ago			`answer <- lift $ pullElement`
			`case answer of`
Tweak failure approach I'm assuming and defining the following: 1. XMPP failures (which can occur at the TCP, TLS, and XML/XMPP layers (as a stream error or forbidden input)) are fatal; they will distrupt the XMPP session. 2. All fatal failures should be thrown (or similar) by `session', or any other function that might produce them. 3. Authentication failures that are not "XMPP failures" are not fatal. They do not necessarily terminate the stream. For example, the developer should be able to make another authentication attempt. The `Session' object returned by `session' might be useful even if the authentication fails. 4. We can (and should) use one single data type for fatal failures. (Previously, both StreamFailure and TlsFailure was used.) 5. We can catch and rethrow/wrap IO exceptions in the context of the Pontarius XMPP error system that we decide to use, making the error system more intuitive, Haskell-like, and more straight-forward to implement. Calling `error' may only be done in the case of a program error (a bug). 6. A logging system will remove the need for many of the error types. Only exceptions that seem likely to affect the flow of client applications should be defined. 7. The authentication functions are prone to fatal XMPP failures in addition to non-fatal authentication conditions. (Previously, `AuthStreamFailure' was used to wrap these errors.) I'm hereby suggesting (and implementing) the following: `StreamFailure' and `TlsFailure' should be joined into `XmppFailure'. `pullStanza' and the other Connection functions used to throw `IOException', `StreamFailure' and `TlsFailure' exceptions. With this patch, they have been converted to `StateT Connection IO (Either XmppFailure a)' computations. They also catch (some) IOException errors and wrap them in the new `XmppIOException' constructor. `newSession' is now `IO (Either XmppFailure Session)' as well (being capable of throwing IO exceptions). Whether or not to continue to a) wrap `XmppFailure' failures in an `AuthStreamFailure' equivalent, or, b) treat the authentication functions just like the other functions that may result in failure (Either XmppFailure a), depends on how Network.Xmpp.Connection.auth will be used. Since the latter will make `auth' more consistent, as well as remove the need for a wrapped (and special-case) "AuthFailure" type, I have decided to give the "b" approach a try. (The drawback being, of course, that authentication errors can not be accessed through the use of ErrorT. Whether or not this might be a problem, I don't really know at this point.) As the SASL code (and SaslM) depended on `AuthStreamFailure', it remains for internal use, at least for the time-being. `session' is now an ErrorT computation as well. Some functions have been updated as hacks, but this will be changed if we decide to move forward with this approach. 13 years ago			`Left e -> return $ Left e`
			`Right (Element "{urn:ietf:params:xml:ns:xmpp-tls}proceed" [] []) -> return $ Right ()`
			`Right (Element "{urn:ietf:params:xml:ns:xmpp-tls}failure" _ _) -> return $ Left XmppOtherFailure`
Fix BufferedSource (couldn't handle leftovers and was therefore useless) Factor out connection from Session Abstract over connection type (remove mention of Handle) 13 years ago			`(raw, _snk, psh, read, ctx) <- lift $ TLS.tlsinit debug params (mkBackend con)`
Renamed some stream-related record fields Prefixed the fields with `stream'. `ServerFeatures' was renamed `StreamFeatures' to be more coherent with the terminology in RFC 6120. 13 years ago			`let newHand = StreamHandle { streamSend = catchPush . psh`
			`, streamReceive = read`
			`, streamFlush = contextFlush ctx`
			`, streamClose = bye ctx >> streamClose con`
Hide `Context', add exports, extend documentation As mentioned in #pontarius, `Context' is simply a bunch of thread management features, and users that want that can build their own on top of the `Connection' layer. The benefit of hiding `Context' is that it makes the API clearer, and significantly decreases the complexity of the library. As the `Basic' module is simply an interface to `Connection', it was renamed to `Connection'. The old `Connection' module was moved to `Connection_'. Exported the types of the fields of `Connection' (such as `ConnectionState' and `ConnectionHandle' (previously `HandleLike'). 13 years ago			`}`
Renamed some stream-related record fields Prefixed the fields with `stream'. `ServerFeatures' was renamed `StreamFeatures' to be more coherent with the terminology in RFC 6120. 13 years ago			`lift $ modify ( \x -> x {streamHandle = newHand})`
refactor xmppConMonad 13 years ago			`either (lift . Ex.throwIO) return =<< lift restartStream`
Renamed some stream-related record fields Prefixed the fields with `stream'. `ServerFeatures' was renamed `StreamFeatures' to be more coherent with the terminology in RFC 6120. 13 years ago			`modify (\s -> s{streamState = Secured})`
Add debug support (controlled by debug constant in Network.Xmpp.Monad) 14 years ago			`return ()`