pontarius-xmpp/source/Network/Xmpp/Sasl.hs

{-# LANGUAGE NoMonomorphismRestriction, OverloadedStrings #-}

module Network.Xmpp.Sasl where

import           Control.Applicative
import           Control.Arrow (left)
import           Control.Monad
import           Control.Monad.Error
import           Control.Monad.State.Strict
import           Data.Maybe (fromJust, isJust)

import qualified Crypto.Classes as CC

import qualified Data.Binary as Binary
import qualified Data.ByteString.Base64 as B64
import qualified Data.ByteString.Char8 as BS8
import qualified Data.ByteString.Lazy as BL
import qualified Data.Digest.Pure.MD5 as MD5
import qualified Data.List as L
import           Data.Word (Word8)

import qualified Data.Text as Text
import           Data.Text (Text)
import qualified Data.Text.Encoding as Text

import           Network.Xmpp.Monad
import           Network.Xmpp.Stream
import           Network.Xmpp.Types
import           Network.Xmpp.Pickle

import qualified System.Random as Random

import Network.Xmpp.Sasl.Sasl
import Network.Xmpp.Sasl.DigestMD5
import Network.Xmpp.Sasl.Plain
import Network.Xmpp.Sasl.Types

-- Uses the first supported mechanism to authenticate, if any. Updates the
-- XmppConMonad state with non-password credentials and restarts the stream upon
-- success. This computation wraps an ErrorT computation, which means that
-- catchError can be used to catch any errors.
xmppSASL :: [SASLCredentials] -- ^ Acceptable authentication mechanisms and
                              --   their corresponding credentials
         -> XmppConMonad (Either AuthError ())
xmppSASL creds = runErrorT $ do
    -- Chooses the first mechanism that is acceptable by both the client and the
    -- server.
    mechanisms <- gets $ saslMechanisms . sFeatures
    let cred = L.find (\cred -> credsToName cred `elem` mechanisms) creds
    unless (isJust cred) (throwError $ AuthMechanismError mechanisms)
    case fromJust cred of
        DIGEST_MD5Credentials authzid authcid passwd -> ErrorT $ xmppDigestMD5
            authzid
            authcid
            passwd
        PLAINCredentials authzid authcid passwd -> ErrorT $ xmppPLAIN
            authzid
            authcid
            passwd
        _ -> error "xmppSASL: Mechanism not caught"
  where
    -- Converts the credentials to the appropriate mechanism name, corresponding to
    -- the XMPP mechanism attribute.
    credsToName :: SASLCredentials -> Text
    credsToName (DIGEST_MD5Credentials _ _ _) = "DIGEST-MD5"
    credsToName (PLAINCredentials _ _ _) = "PLAIN"
    credsToName c = error $ "credsToName failed for " ++ (show c)
prepared to extend sasl functionality, put digest-md5 code in its own module 14 years ago			`{-# LANGUAGE NoMonomorphismRestriction, OverloadedStrings #-}`
reformatted, partially documented and made all functions except xmppSASL where-local 14 years ago
replace XMPP with Xmpp everywhere to unify style replace SASL with Sasl replace DIGEST_MD5 with DigestMD5 replace PLAIN with Plain 14 years ago			`module Network.Xmpp.Sasl where`
sasl working 14 years ago
warning clean 14 years ago			`import Control.Applicative`
Added some SASL failure handling 14 years ago			`import Control.Arrow (left)`
warning clean 14 years ago			`import Control.Monad`
Added some SASL failure handling 14 years ago			`import Control.Monad.Error`
added error handling to Stream, TLS switched to Strict State switched to mtl improved build script 14 years ago			`import Control.Monad.State.Strict`
prepared to extend sasl functionality, put digest-md5 code in its own module 14 years ago			`import Data.Maybe (fromJust, isJust)`
sasl working 14 years ago
			`import qualified Crypto.Classes as CC`

			`import qualified Data.Binary as Binary`
warning clean 14 years ago			`import qualified Data.ByteString.Base64 as B64`
sasl working 14 years ago			`import qualified Data.ByteString.Char8 as BS8`
			`import qualified Data.ByteString.Lazy as BL`
			`import qualified Data.Digest.Pure.MD5 as MD5`
warning clean 14 years ago			`import qualified Data.List as L`
SASL alignment, simplified conversion 14 years ago			`import Data.Word (Word8)`
sasl working 14 years ago
			`import qualified Data.Text as Text`
warning clean 14 years ago			`import Data.Text (Text)`
sasl working 14 years ago			`import qualified Data.Text.Encoding as Text`

replace XMPP with Xmpp everywhere to unify style replace SASL with Sasl replace DIGEST_MD5 with DigestMD5 replace PLAIN with Plain 14 years ago			`import Network.Xmpp.Monad`
			`import Network.Xmpp.Stream`
			`import Network.Xmpp.Types`
			`import Network.Xmpp.Pickle`
sasl working 14 years ago
			`import qualified System.Random as Random`

replace XMPP with Xmpp everywhere to unify style replace SASL with Sasl replace DIGEST_MD5 with DigestMD5 replace PLAIN with Plain 14 years ago			`import Network.Xmpp.Sasl.Sasl`
			`import Network.Xmpp.Sasl.DigestMD5`
			`import Network.Xmpp.Sasl.Plain`
			`import Network.Xmpp.Sasl.Types`
Added some SASL failure handling 14 years ago
prepared to extend sasl functionality, put digest-md5 code in its own module 14 years ago			`-- Uses the first supported mechanism to authenticate, if any. Updates the`
replace XMPP with Xmpp everywhere to unify style replace SASL with Sasl replace DIGEST_MD5 with DigestMD5 replace PLAIN with Plain 14 years ago			`-- XmppConMonad state with non-password credentials and restarts the stream upon`
reformatted, partially documented and made all functions except xmppSASL where-local 14 years ago			`-- success. This computation wraps an ErrorT computation, which means that`
			`-- catchError can be used to catch any errors.`
prepared to extend sasl functionality, put digest-md5 code in its own module 14 years ago			`xmppSASL :: [SASLCredentials] -- ^ Acceptable authentication mechanisms and`
			`-- their corresponding credentials`
replace XMPP with Xmpp everywhere to unify style replace SASL with Sasl replace DIGEST_MD5 with DigestMD5 replace PLAIN with Plain 14 years ago			`-> XmppConMonad (Either AuthError ())`
prepared to extend sasl functionality, put digest-md5 code in its own module 14 years ago			`xmppSASL creds = runErrorT $ do`
			`-- Chooses the first mechanism that is acceptable by both the client and the`
			`-- server.`
			`mechanisms <- gets $ saslMechanisms . sFeatures`
			let cred = L.find (\cred -> credsToName cred `elem` mechanisms) creds
			`unless (isJust cred) (throwError $ AuthMechanismError mechanisms)`
			`case fromJust cred of`
replace XMPP with Xmpp everywhere to unify style replace SASL with Sasl replace DIGEST_MD5 with DigestMD5 replace PLAIN with Plain 14 years ago			`DIGEST_MD5Credentials authzid authcid passwd -> ErrorT $ xmppDigestMD5`
prepared to extend sasl functionality, put digest-md5 code in its own module 14 years ago			`authzid`
			`authcid`
			`passwd`
(untested) sasl plain implementation 14 years ago			`PLAINCredentials authzid authcid passwd -> ErrorT $ xmppPLAIN`
			`authzid`
			`authcid`
			`passwd`
prepared to extend sasl functionality, put digest-md5 code in its own module 14 years ago			`_ -> error "xmppSASL: Mechanism not caught"`
de-monadified createResponse 14 years ago			`where`
prepared to extend sasl functionality, put digest-md5 code in its own module 14 years ago			`-- Converts the credentials to the appropriate mechanism name, corresponding to`
			`-- the XMPP mechanism attribute.`
			`credsToName :: SASLCredentials -> Text`
			`credsToName (DIGEST_MD5Credentials _ _ _) = "DIGEST-MD5"`
Eq instance for JID, PLAIN now base64-encoded, EchoClient compiles, isBare/Full functions exposed 14 years ago			`credsToName (PLAINCredentials _ _ _) = "PLAIN"`
prepared to extend sasl functionality, put digest-md5 code in its own module 14 years ago			`credsToName c = error $ "credsToName failed for " ++ (show c)`