12 files changed, 282 insertions, 2 deletions
diff --git a/BuildTools/SCons/SConstruct b/BuildTools/SCons/SConstruct
index cd7a25a..0c2779a 100644
--- a/BuildTools/SCons/SConstruct
+++ b/BuildTools/SCons/SConstruct
@@ -428,6 +428,10 @@ if use_openssl and openssl_conf.CheckCHeader("openssl/ssl.h") :
 		if env["PLATFORM"] == "darwin" :
 			if platform.mac_ver()[0].startswith("10.5") :
 				env["OPENSSL_FLAGS"]["FRAMEWORKS"] = ["Security"]
+elif env["target"] in ("xcode"):
+	env["HAVE_SECURETRANSPORT"] = True
+	env["SECURETRANSPORT_FLAGS"]["FRAMEWORKS"] = ["Security"]
+	#env["SECURETRANSPORT_FLAGS"]["CPPPATH"] = [""]
 elif env["target"] in ("iphone-device", "iphone-simulator", "xcode") :
 	env["OPENSSL_BUNDLED"] = True
 	env["HAVE_OPENSSL"] = True
@@ -571,6 +575,6 @@ print "  Projects: " + ' '.join(env["PROJECTS"])
 print ""
 print "  XML Parsers: " + ' '.join(parsers)
 
-print "  TLS Support: " + ("OpenSSL" if env.get("HAVE_OPENSSL",0) else ("Schannel" if env.get("HAVE_SCHANNEL", 0) else "Disabled"))
+print "  TLS Support: " + ("OpenSSL" if env.get("HAVE_OPENSSL",0) else ("Schannel" if env.get("HAVE_SCHANNEL", 0) else ("SecureTransport" if env.get("HAVE_SECURETRANSPORT", 0) else "Disabled")))
 print "  DNSSD Support: " + ("Bonjour" if env.get("HAVE_BONJOUR") else ("Avahi" if env.get("HAVE_AVAHI") else "Disabled"))
 print
diff --git a/Swift/QtUI/SConscript b/Swift/QtUI/SConscript
index 064faab..1b22d49 100644
--- a/Swift/QtUI/SConscript
+++ b/Swift/QtUI/SConscript
@@ -65,6 +65,10 @@ if env["PLATFORM"] == "win32" :
     if env["debug"] :
       myenv.Append(LINKFLAGS = ["/NODEFAULTLIB:msvcrt"])
 
+if env["PLATFORM"] == "darwin" :
+  if myenv.get("HAVE_SECURETRANSPORT") :
+    myenv.Append(CPPDEFINES = "HAVE_SECURETRANSPORT")
+
 myenv.WriteVal("DefaultTheme.qrc", myenv.Value(generateDefaultTheme(myenv.Dir("#/Swift/resources/themes/Default"))))
 
 sources = [
diff --git a/Swift/SConscript b/Swift/SConscript
index cee3a74..0d0b350 100644
--- a/Swift/SConscript
+++ b/Swift/SConscript
@@ -5,7 +5,7 @@ Import("env")
 SConscript("Controllers/SConscript")
 
 if env["SCONS_STAGE"] == "build" :
-	if not GetOption("help") and not env.get("HAVE_OPENSSL", 0) and not env.get("HAVE_SCHANNEL", 0) :
+	if not GetOption("help") and not env.get("HAVE_OPENSSL", 0) and not env.get("HAVE_SCHANNEL", 0) and not env.get("HAVE_SECURETRANSPORT", 0):
 		print "Error: Swift requires OpenSSL support, and OpenSSL was not found."
 		if "Swift" in env["PROJECTS"] :
 			env["PROJECTS"].remove("Swift")
diff --git a/Swiften/TLS/PlatformTLSFactories.cpp b/Swiften/TLS/PlatformTLSFactories.cpp
index 64a5ab3..4f2128c 100644
--- a/Swiften/TLS/PlatformTLSFactories.cpp
+++ b/Swiften/TLS/PlatformTLSFactories.cpp
@@ -18,6 +18,10 @@
 	#include "Swiften/TLS/Schannel/SchannelContextFactory.h"
 	#include "Swiften/TLS/Schannel/SchannelCertificateFactory.h"
 #endif
+#ifdef HAVE_SECURETRANSPORT
+	#include "Swiften/TLS/SecureTransport/SecureTransportContextFactory.h"
+	#include "Swiften/TLS/SecureTransport/SecureTransportCertificateFactory.h"
+#endif
 
 namespace Swift {
 
@@ -30,6 +34,10 @@ PlatformTLSFactories::PlatformTLSFactories() : contextFactory(NULL), certificate
 	contextFactory = new SchannelContextFactory();
 	certificateFactory = new SchannelCertificateFactory();
 #endif
+#ifdef HAVE_SECURETRANSPORT
+	contextFactory = new SecureTransportContextFactory();
+	certificateFactory = new SsecureTransportCertificateFactory();
+#endif
 }
 
 PlatformTLSFactories::~PlatformTLSFactories() {
diff --git a/Swiften/TLS/SConscript b/Swiften/TLS/SConscript
index fb327b9..f88d0a8 100644
--- a/Swiften/TLS/SConscript
+++ b/Swiften/TLS/SConscript
@@ -27,6 +27,15 @@ elif myenv.get("HAVE_SCHANNEL", 0) :
 			"Schannel/SchannelContextFactory.cpp",
 		])
 	myenv.Append(CPPDEFINES = "HAVE_SCHANNEL")
+elif myenv.get("HAVE_SECURETRANSPORT", 0) :
+	#swiften_env.Append(LIBS = ["Winscard"])
+	myenv.MergeFlags(myenv["SECURETRANSPORT_FLAGS"])
+	objects += myenv.StaticObject([
+			"SecureTransport/SecureTransportContext.cpp",
+			"SecureTransport/SecureTransportCertificate.cpp",
+			"SecureTransport/SecureTransportContextFactory.cpp",
+		])
+	myenv.Append(CPPDEFINES = "HAVE_SECURETRANSPORT")
 
 objects += myenv.SwiftenObject(["PlatformTLSFactories.cpp"])
 
diff --git a/Swiften/TLS/SecureTransport/SecureTransportCertificate.cpp b/Swiften/TLS/SecureTransport/SecureTransportCertificate.cpp
new file mode 100644
index 0000000..0ea8f83
--- /dev/null
+++ b/Swiften/TLS/SecureTransport/SecureTransportCertificate.cpp
@@ -0,0 +1,14 @@
+/*
+ * Copyright (c) 2012 Tobias Markmann
+ * Licensed under the simplified BSD license.
+ * See Documentation/Licenses/BSD-simplified.txt for more information.
+ */
+
+#include <Swiften/TLS/SecureTransport/SecureTransportCertificate.h>
+
+#include <Swiften/Base/ByteArray.h>
+#include <Swiften/Base/Log.h>
+
+namespace Swift {
+
+}
diff --git a/Swiften/TLS/SecureTransport/SecureTransportCertificate.h b/Swiften/TLS/SecureTransport/SecureTransportCertificate.h
new file mode 100644
index 0000000..fe759a0
--- /dev/null
+++ b/Swiften/TLS/SecureTransport/SecureTransportCertificate.h
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2012 Tobias Markmann
+ * Licensed under the simplified BSD license.
+ * See Documentation/Licenses/BSD-simplified.txt for more information.
+ */
+
+#pragma once
+
+#include <boost/shared_ptr.hpp>
+
+#include <string>
+#include <Swiften/TLS/Certificate.h>
+
+#include <Security/SecureTransport.h>
+
+namespace Swift {
+	class SecureTransportCertificate : public Certificate {
+		public:
+			SecureTransportCertificate(SecCertificateRef);
+			SecureTransportCertificate(const ByteArray& der);
+
+			std::string getSubjectName() const {
+				return subjectName;
+			}
+
+			std::vector<std::string> getCommonNames() const {
+				return commonNames;
+			}
+
+			std::vector<std::string> getSRVNames() const {
+				return srvNames;
+			}
+
+			std::vector<std::string> getDNSNames() const {
+				return dnsNames;
+			}
+
+			std::vector<std::string> getXMPPAddresses() const {
+				return xmppAddresses;
+			}
+
+			ByteArray toDER() const;
+
+		private:
+			void parse();
+
+			void addSRVName(const std::string& name) {
+				srvNames.push_back(name);
+			}
+
+			void addDNSName(const std::string& name) {
+				dnsNames.push_back(name);
+			}
+
+			void addXMPPAddress(const std::string& addr) {
+				xmppAddresses.push_back(addr);
+			}
+
+		private:
+			std::string subjectName;
+			std::vector<std::string> commonNames;
+			std::vector<std::string> dnsNames;
+			std::vector<std::string> xmppAddresses;
+			std::vector<std::string> srvNames;
+	};
+}
diff --git a/Swiften/TLS/SecureTransport/SecureTransportCertificateFactory.h b/Swiften/TLS/SecureTransport/SecureTransportCertificateFactory.h
new file mode 100644
index 0000000..8a8e009
--- /dev/null
+++ b/Swiften/TLS/SecureTransport/SecureTransportCertificateFactory.h
@@ -0,0 +1,19 @@
+/*
+ * Copyright (c) 2012 Tobias Markmann
+ * Licensed under the simplified BSD license.
+ * See Documentation/Licenses/BSD-simplified.txt for more information. 
+ */
+
+#pragma once
+
+#include <Swiften/TLS/CertificateFactory.h>
+#include <Swiften/TLS/SecureTransport/SecureTransportCertificate.h>
+
+namespace Swift {
+	class SecureTransportCertificateFactory : public CertificateFactory {
+		public:
+			virtual Certificate::ref createCertificateFromDER(const ByteArray& der) {
+				return Certificate::ref(new SecureTransportCertificate(der));
+			}
+	};
+}
diff --git a/Swiften/TLS/SecureTransport/SecureTransportContext.cpp b/Swiften/TLS/SecureTransport/SecureTransportContext.cpp
new file mode 100644
index 0000000..1d073e0
--- /dev/null
+++ b/Swiften/TLS/SecureTransport/SecureTransportContext.cpp
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2012 Tobias Markmann
+ * Licensed under the simplified BSD license.
+ * See Documentation/Licenses/BSD-simplified.txt for more information. 
+ */
+#include <Swiften/Base/Platform.h>
+
+#include <vector>
+#include <boost/smart_ptr/make_shared.hpp>
+
+#include <Swiften/TLS/SecureTransport/SecureTransportContext.h>
+#include <Swiften/TLS/SecureTransport/SecureTransportCertificate.h>
+#include <Swiften/TLS/CertificateWithKey.h>
+#include <Swiften/TLS/PKCS12Certificate.h>
+
+
+namespace Swift {
+
+
+SecureTransportContext::SecureTransportContext() : state_(Start) {
+	assert(false);
+}
+
+SecureTransportContext::~SecureTransportContext() {
+	assert(false);
+}
+
+void SecureTransportContext::ensureLibraryInitialized() {
+	assert(false);
+}
+
+void SecureTransportContext::connect() {
+	assert(false);
+}
+
+void SecureTransportContext::doConnect() {
+	assert(false);
+}
+
+void SecureTransportContext::handleDataFromNetwork(const SafeByteArray& data) {
+	assert(false);
+}
+
+void SecureTransportContext::handleDataFromApplication(const SafeByteArray& data) {
+	assert(false);
+}
+
+bool SecureTransportContext::setClientCertificate(CertificateWithKey::ref certificate) {
+	assert(false);
+}
+
+std::vector<Certificate::ref> SecureTransportContext::getPeerCertificateChain() const {
+	assert(false);
+}
+
+boost::shared_ptr<CertificateVerificationError> SecureTransportContext::getPeerCertificateVerificationError() const {
+	assert(false);
+}
+
+ByteArray SecureTransportContext::getFinishMessage() const {
+	assert(false);
+}
+
+CertificateVerificationError::Type SecureTransportContext::getVerificationErrorTypeForResult(int result) {
+	assert(false);
+}
+
+}
diff --git a/Swiften/TLS/SecureTransport/SecureTransportContext.h b/Swiften/TLS/SecureTransport/SecureTransportContext.h
new file mode 100644
index 0000000..95fb929
--- /dev/null
+++ b/Swiften/TLS/SecureTransport/SecureTransportContext.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 2012 Tobias Markmann
+ * Licensed under the simplified BSD license.
+ * See Documentation/Licenses/BSD-simplified.txt for more information. 
+ */
+
+#pragma once
+
+#include <Security/SecureTransport.h>
+#include <Swiften/Base/boost_bsignals.h>
+#include <boost/noncopyable.hpp>
+
+#include <Swiften/TLS/TLSContext.h>
+#include <Swiften/Base/ByteArray.h>
+#include <Swiften/TLS/CertificateWithKey.h>
+
+namespace Swift {
+
+	class SecureTransportContext : public TLSContext, boost::noncopyable {
+		public:
+			SecureTransportContext();
+			~SecureTransportContext();
+
+			void connect();
+			bool setClientCertificate(CertificateWithKey::ref cert);
+
+			void handleDataFromNetwork(const SafeByteArray&);
+			void handleDataFromApplication(const SafeByteArray&);
+
+			std::vector<Certificate::ref> getPeerCertificateChain() const;
+			boost::shared_ptr<CertificateVerificationError> getPeerCertificateVerificationError() const;
+
+			virtual ByteArray getFinishMessage() const;
+
+
+		private:
+			enum State { Start, Connecting, Connected, Error };
+
+			State state_;
+
+	};
+}
diff --git a/Swiften/TLS/SecureTransport/SecureTransportContextFactory.cpp b/Swiften/TLS/SecureTransport/SecureTransportContextFactory.cpp
new file mode 100644
index 0000000..adc1a93
--- /dev/null
+++ b/Swiften/TLS/SecureTransport/SecureTransportContextFactory.cpp
@@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2012 Tobias Markmann
+ * Licensed under the simplified BSD license.
+ * See Documentation/Licenses/BSD-simplified.txt for more information. 
+ */
+
+#include <Swiften/TLS/SecureTransport/SecureTransportContextFactory.h>
+#include <Swiften/TLS/SecureTransport/SecureTransportContext.h>
+#include <Swiften/Base/Log.h>
+
+namespace Swift {
+
+bool SecureTransportContextFactory::canCreate() const {
+	return true;
+}
+
+TLSContext* SecureTransportContextFactory::createTLSContext() {
+	return null;
+}
+
+void SecureTransportContextFactory::setCheckCertificateRevocation(bool check) {
+
+}
+
+}
diff --git a/Swiften/TLS/SecureTransport/SecureTransportContextFactory.h b/Swiften/TLS/SecureTransport/SecureTransportContextFactory.h
new file mode 100644
index 0000000..f3ab1e7
--- /dev/null
+++ b/Swiften/TLS/SecureTransport/SecureTransportContextFactory.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2012 Tobias Markmann
+ * Licensed under the simplified BSD license.
+ * See Documentation/Licenses/BSD-simplified.txt for more information. 
+ */
+
+#pragma once
+
+#include <Swiften/TLS/TLSContextFactory.h>
+
+#include <cassert>
+
+namespace Swift {
+	class SecureTransportContextFactory : public TLSContextFactory {
+		public:
+			bool canCreate() const;
+			virtual TLSContext* createTLSContext();
+
+			virtual void setCheckCertificateRevocation(bool b);
+	};
+}