pontarius-xmpp/src/Network/XMPP/TLS.hs

{-# LANGUAGE OverloadedStrings  #-}

module Network.XMPP.TLS where

import           Control.Monad
import           Control.Monad.Trans.Class
import           Control.Monad.Trans.State

import           Data.Conduit
import           Data.Conduit.List as CL
import           Data.Conduit.TLS as TLS
import           Data.Default
import           Data.XML.Types

import qualified Network.TLS as TLS
import qualified Network.TLS.Extra as TLS
import           Network.XMPP.Monad
import           Network.XMPP.Stream
import           Network.XMPP.Types

import qualified Text.XML.Stream.Render as XR


starttlsE :: Element
starttlsE =
  Element "{urn:ietf:params:xml:ns:xmpp-tls}starttls" [] []

exampleParams :: TLS.TLSParams
exampleParams = TLS.defaultParams
                      {pConnectVersion    = TLS.TLS10
                      , pAllowedVersions   = [TLS.SSL3, TLS.TLS10, TLS.TLS11]
                      , pCiphers           = [TLS.cipher_AES128_SHA1]
                      , pCompressions      = [TLS.nullCompression]
                      , pWantClientCert    = False -- Used for servers
                      , pUseSecureRenegotiation = False -- No renegotiation
                      , pCertificates      = [] -- TODO
                      , pLogging           = TLS.defaultLogging -- TODO
                      , onCertificatesRecv = \ certificate ->
                                             return TLS.CertificateUsageAccept
                      }

xmppStartTLS :: TLS.TLSParams -> XMPPConMonad ()
xmppStartTLS params = do
  features <- gets sFeatures
  unless (stls features == Nothing) $ do
      pushN starttlsE
      Element "{urn:ietf:params:xml:ns:xmpp-tls}proceed" [] [] <- pullE
      Just handle <- gets sConHandle
      (raw, snk, psh) <- lift $ TLS.tlsinit params handle
      modify (\x -> x
                     { sRawSrc = raw
--                   , sConSrc =  -- Note: this momentarily leaves us in an
                                  -- inconsistent state
                     , sConPushBS = psh
                     })
      xmppRestartStream
      modify (\s -> s{sHaveTLS = True})
  return ()
initial 14 years ago			`{-# LANGUAGE OverloadedStrings #-}`
inserted Haddock comments to hide the non-Network.XMPP modules, fixed some Haddock problems 15 years ago
initial 14 years ago			`module Network.XMPP.TLS where`
cleaned up the TLS and Stream modules 15 years ago
warning clean 14 years ago			`import Control.Monad`
			`import Control.Monad.Trans.Class`
			`import Control.Monad.Trans.State`
initial import, copy of darcs repository 15 years ago
warning clean 14 years ago			`import Data.Conduit`
			`import Data.Conduit.List as CL`
			`import Data.Conduit.TLS as TLS`
			`import Data.Default`
			`import Data.XML.Types`
initial import, copy of darcs repository 15 years ago
Merge branch 'xmpp-lib' Conflicts: LICENSE src/Network/XMPP.hs src/Network/XMPP/SASL.hs src/Network/XMPP/Session.hs src/Network/XMPP/Stream.hs src/Network/XMPP/TLS.hs src/Network/XMPP/Types.hs 14 years ago			`import qualified Network.TLS as TLS`
			`import qualified Network.TLS.Extra as TLS`
warning clean 14 years ago			`import Network.XMPP.Monad`
			`import Network.XMPP.Stream`
			`import Network.XMPP.Types`
cleaned up the TLS and Stream modules 15 years ago
compiles... again 14 years ago			`import qualified Text.XML.Stream.Render as XR`
initial import, copy of darcs repository 15 years ago
updated TLS API, debug information on received certificates, added dependencies 15 years ago
compiles... again 14 years ago			`starttlsE :: Element`
initial 14 years ago			`starttlsE =`
compiles... again 14 years ago			`Element "{urn:ietf:params:xml:ns:xmpp-tls}starttls" [] []`
initial 14 years ago
Merge branch 'xmpp-lib' Conflicts: LICENSE src/Network/XMPP.hs src/Network/XMPP/SASL.hs src/Network/XMPP/Session.hs src/Network/XMPP/Stream.hs src/Network/XMPP/TLS.hs src/Network/XMPP/Types.hs 14 years ago			`exampleParams :: TLS.TLSParams`
removed sConPush, session now starts without connection, added inline connection method xml-types-pickle updated 14 years ago			`exampleParams = TLS.defaultParams`
			`{pConnectVersion = TLS.TLS10`
Merge branch 'xmpp-lib' Conflicts: LICENSE src/Network/XMPP.hs src/Network/XMPP/SASL.hs src/Network/XMPP/Session.hs src/Network/XMPP/Stream.hs src/Network/XMPP/TLS.hs src/Network/XMPP/Types.hs 14 years ago			`, pAllowedVersions = [TLS.SSL3, TLS.TLS10, TLS.TLS11]`
			`, pCiphers = [TLS.cipher_AES128_SHA1]`
			`, pCompressions = [TLS.nullCompression]`
reduced the TLS module to just the TLSParams and improved the TLS handshake code 15 years ago			`, pWantClientCert = False -- Used for servers`
cleaned up the TLS and Stream modules 15 years ago			`, pUseSecureRenegotiation = False -- No renegotiation`
reduced the TLS module to just the TLSParams and improved the TLS handshake code 15 years ago			`, pCertificates = [] -- TODO`
Merge branch 'xmpp-lib' Conflicts: LICENSE src/Network/XMPP.hs src/Network/XMPP/SASL.hs src/Network/XMPP/Session.hs src/Network/XMPP/Stream.hs src/Network/XMPP/TLS.hs src/Network/XMPP/Types.hs 14 years ago			`, pLogging = TLS.defaultLogging -- TODO`
cleaned up the TLS and Stream modules 15 years ago			`, onCertificatesRecv = \ certificate ->`
removed sConPush, session now starts without connection, added inline connection method xml-types-pickle updated 14 years ago			`return TLS.CertificateUsageAccept`
			`}`
Merge branch 'xmpp-lib' Conflicts: LICENSE src/Network/XMPP.hs src/Network/XMPP/SASL.hs src/Network/XMPP/Session.hs src/Network/XMPP/Stream.hs src/Network/XMPP/TLS.hs src/Network/XMPP/Types.hs 14 years ago
			`xmppStartTLS :: TLS.TLSParams -> XMPPConMonad ()`
initial 14 years ago			`xmppStartTLS params = do`
			`features <- gets sFeatures`
switched to hexpat 14 years ago			`unless (stls features == Nothing) $ do`
			`pushN starttlsE`
compiles... again 14 years ago			`Element "{urn:ietf:params:xml:ns:xmpp-tls}proceed" [] [] <- pullE`
bind 14 years ago			`Just handle <- gets sConHandle`
warning clean 14 years ago			`(raw, snk, psh) <- lift $ TLS.tlsinit params handle`
initial 14 years ago			`modify (\x -> x`
switched to hexpat 14 years ago			`{ sRawSrc = raw`
			`-- , sConSrc = -- Note: this momentarily leaves us in an`
			`-- inconsistent state`
warning clean 14 years ago			`, sConPushBS = psh`
initial 14 years ago			`})`
switched to hexpat 14 years ago			`xmppRestartStream`
bind 14 years ago			`modify (\s -> s{sHaveTLS = True})`
updated example, cleanup 14 years ago			`return ()`
initial 14 years ago