/*

* Copyright (c) 2010 Remko Tronçon

* Licensed under the GNU General Public License v3.

* See Documentation/Licenses/GPLv3.txt for more information.

*/

#include <Swiften/Client/ClientSession.h>

#include <boost/bind.hpp>

#include <boost/uuid/uuid.hpp>

#include <boost/uuid/uuid_io.hpp>

#include <boost/uuid/uuid_generators.hpp>

#include <boost/smart_ptr/make_shared.hpp>

#include <Swiften/Elements/ProtocolHeader.h>

#include <Swiften/Elements/StreamFeatures.h>

#include <Swiften/Elements/StreamError.h>

#include <Swiften/Elements/StartTLSRequest.h>

#include <Swiften/Elements/StartTLSFailure.h>

#include <Swiften/Elements/TLSProceed.h>

#include <Swiften/Elements/AuthRequest.h>

#include <Swiften/Elements/AuthSuccess.h>

#include <Swiften/Elements/AuthFailure.h>

#include <Swiften/Elements/AuthChallenge.h>

#include <Swiften/Elements/AuthResponse.h>

#include <Swiften/Elements/Compressed.h>

#include <Swiften/Elements/CompressFailure.h>

#include <Swiften/Elements/CompressRequest.h>

#include <Swiften/Elements/EnableStreamManagement.h>

#include <Swiften/Elements/StreamManagementEnabled.h>

#include <Swiften/Elements/StreamManagementFailed.h>

#include <Swiften/Elements/StartSession.h>

#include <Swiften/Elements/StanzaAck.h>

#include <Swiften/Elements/StanzaAckRequest.h>

#include <Swiften/Elements/IQ.h>

#include <Swiften/Elements/ResourceBind.h>

#include <Swiften/SASL/PLAINClientAuthenticator.h>

#include <Swiften/SASL/SCRAMSHA1ClientAuthenticator.h>

#include <Swiften/SASL/DIGESTMD5ClientAuthenticator.h>

#include <Swiften/Session/SessionStream.h>

#include <Swiften/TLS/CertificateTrustChecker.h>

#include <Swiften/TLS/ServerIdentityVerifier.h>

namespace Swift {

ClientSession::ClientSession(

const JID& jid,

boost::shared_ptr<SessionStream> stream) :

localJID(jid),

state(Initial),

stream(stream),

allowPLAINOverNonTLS(false),

useStreamCompression(true),

useTLS(UseTLSWhenAvailable),

useAcks(true),

needSessionStart(false),

needResourceBind(false),

needAcking(false),

rosterVersioningSupported(false),

authenticator(NULL),

certificateTrustChecker(NULL) {

}

ClientSession::~ClientSession() {

}

void ClientSession::start() {

stream->onStreamStartReceived.connect(boost::bind(&ClientSession::handleStreamStart, shared_from_this(), _1));

stream->onElementReceived.connect(boost::bind(&ClientSession::handleElement, shared_from_this(), _1));

stream->onClosed.connect(boost::bind(&ClientSession::handleStreamClosed, shared_from_this(), _1));

stream->onTLSEncrypted.connect(boost::bind(&ClientSession::handleTLSEncrypted, shared_from_this()));

assert(state == Initial);

state = WaitingForStreamStart;

sendStreamHeader();

}

void ClientSession::sendStreamHeader() {

ProtocolHeader header;

header.setTo(getRemoteJID());

stream->writeHeader(header);

}

void ClientSession::sendStanza(boost::shared_ptr<Stanza> stanza) {

stream->writeElement(stanza);

if (stanzaAckRequester_) {

stanzaAckRequester_->handleStanzaSent(stanza);

}

}

void ClientSession::handleStreamStart(const ProtocolHeader&) {

checkState(WaitingForStreamStart);

state = Negotiating;

}

void ClientSession::handleElement(boost::shared_ptr<Element> element) {

if (stream->hasTLSCertificate()) {

if (streamFeatures->hasAuthenticationMechanism("EXTERNAL")) {

state = Authenticating;

stream->writeElement(boost::make_shared<AuthRequest>("EXTERNAL", createSafeByteArray("")));

}

else {

finishSession(Error::TLSClientCertificateError);

}

}

else if (streamFeatures->hasAuthenticationMechanism("EXTERNAL")) {

state = Authenticating;

stream->writeElement(boost::make_shared<AuthRequest>("EXTERNAL", createSafeByteArray("")));

}

else if (streamFeatures->hasAuthenticationMechanism("SCRAM-SHA-1") || streamFeatures->hasAuthenticationMechanism("SCRAM-SHA-1-PLUS")) {

std::ostringstream s;

ByteArray finishMessage;

bool plus = stream->isTLSEncrypted() && streamFeatures->hasAuthenticationMechanism("SCRAM-SHA-1-PLUS");

if (plus) {

finishMessage = stream->getTLSFinishMessage();

plus &= !finishMessage.empty();

}

s << boost::uuids::random_generator()();

SCRAMSHA1ClientAuthenticator* scramAuthenticator = new SCRAMSHA1ClientAuthenticator(s.str(), plus);

if (plus) {

scramAuthenticator->setTLSChannelBindingData(finishMessage);

}

authenticator = scramAuthenticator;

state = WaitingForCredentials;

onNeedCredentials();

}

else if ((stream->isTLSEncrypted() || allowPLAINOverNonTLS) && streamFeatures->hasAuthenticationMechanism("PLAIN")) {

authenticator = new PLAINClientAuthenticator();

state = WaitingForCredentials;

onNeedCredentials();

}

std::ostringstream s;

s << boost::uuids::random_generator()();

// FIXME: Host should probably be the actual host

authenticator = new DIGESTMD5ClientAuthenticator(localJID.getDomain(), s.str());

state = WaitingForCredentials;

onNeedCredentials();

}

else {

finishSession(Error::NoSupportedAuthMechanismsError);

}

}

else {

// Start the session

rosterVersioningSupported = streamFeatures->hasRosterVersioning();

stream->setWhitespacePingEnabled(true);

needSessionStart = streamFeatures->hasSession();

needResourceBind = streamFeatures->hasResourceBind();

needAcking = streamFeatures->hasStreamManagement() && useAcks;

if (!needResourceBind) {

// Resource binding is a MUST

finishSession(Error::ResourceBindError);

}

else {

continueSessionInitialization();

}

}

}

else if (boost::dynamic_pointer_cast<Compressed>(element)) {

checkState(Compressing);

state = WaitingForStreamStart;

stream->addZLibCompression();

stream->resetXMPPParser();

sendStreamHeader();

}

else if (boost::dynamic_pointer_cast<CompressFailure>(element)) {