#include <Swiften/Crypto/CryptoProvider.h>

#include <Swiften/Elements/AuthChallenge.h>

#include <Swiften/Elements/AuthFailure.h>

#include <Swiften/Elements/AuthRequest.h>

#include <Swiften/Elements/AuthResponse.h>

#include <Swiften/Elements/AuthSuccess.h>

#include <Swiften/Elements/CompressFailure.h>

#include <Swiften/Elements/CompressRequest.h>

#include <Swiften/Elements/Compressed.h>

#include <Swiften/Elements/EnableStreamManagement.h>

#include <Swiften/Elements/IQ.h>

#include <Swiften/Elements/ProtocolHeader.h>

#include <Swiften/Elements/ResourceBind.h>

#include <Swiften/Elements/StanzaAck.h>

#include <Swiften/Elements/StanzaAckRequest.h>

#include <Swiften/Elements/StartSession.h>

#include <Swiften/Elements/StartTLSFailure.h>

#include <Swiften/Elements/StartTLSRequest.h>

#include <Swiften/Elements/StreamError.h>

#include <Swiften/Elements/StreamFeatures.h>

#include <Swiften/Elements/StreamManagementEnabled.h>

#include <Swiften/Elements/StreamManagementFailed.h>

#include <Swiften/Elements/TLSProceed.h>

#include <Swiften/Network/Timer.h>

#include <Swiften/Network/TimerFactory.h>

#include <Swiften/SASL/DIGESTMD5ClientAuthenticator.h>

#include <Swiften/SASL/EXTERNALClientAuthenticator.h>

#include <Swiften/SASL/PLAINClientAuthenticator.h>

#include <Swiften/SASL/SCRAMSHA1ClientAuthenticator.h>

#include <Swiften/Session/SessionStream.h>

#include <Swiften/StreamManagement/StanzaAckRequester.h>

#include <Swiften/StreamManagement/StanzaAckResponder.h>

#include <Swiften/TLS/CertificateTrustChecker.h>

#include <Swiften/TLS/ServerIdentityVerifier.h>

#ifdef SWIFTEN_PLATFORM_WIN32

#include <Swiften/Base/WindowsRegistry.h>

#include <Swiften/SASL/WindowsGSSAPIClientAuthenticator.h>

#endif

#define CHECK_STATE_OR_RETURN(a) \

if (!checkState(a)) { return; }

namespace Swift {

ClientSession::ClientSession(

const JID& jid,

std::shared_ptr<SessionStream> stream,

IDNConverter* idnConverter,

CryptoProvider* crypto,

TimerFactory* timerFactory) :

localJID(jid),

state(State::Initial),

stream(stream),

idnConverter(idnConverter),

crypto(crypto),

timerFactory(timerFactory),

allowPLAINOverNonTLS(false),

useStreamCompression(true),

useTLS(UseTLSWhenAvailable),

state = State::EnablingSessionManagement;

stream->writeElement(std::make_shared<EnableStreamManagement>());

}

else if (needSessionStart) {

state = State::StartingSession;

sendStanza(IQ::createRequest(IQ::Set, JID(), "session-start", std::make_shared<StartSession>()));

}

else {

state = State::Initialized;

onInitialized();

}

}

bool ClientSession::checkState(State state) {

if (this->state != state) {

finishSession(Error::UnexpectedElementError);

return false;

}

return true;

}

void ClientSession::sendCredentials(const SafeByteArray& password) {

assert(state == State::WaitingForCredentials);

assert(authenticator);

state = State::Authenticating;

authenticator->setCredentials(localJID.getNode(), password);

stream->writeElement(std::make_shared<AuthRequest>(authenticator->getName(), authenticator->getResponse()));

}

void ClientSession::handleTLSEncrypted() {

std::vector<Certificate::ref> certificateChain = stream->getPeerCertificateChain();

std::shared_ptr<CertificateVerificationError> verificationError = stream->getPeerCertificateVerificationError();

if (verificationError) {

checkTrustOrFinish(certificateChain, verificationError);

}

else {

ServerIdentityVerifier identityVerifier(localJID, idnConverter);

if (!certificateChain.empty() && identityVerifier.certificateVerifies(certificateChain[0])) {

continueAfterTLSEncrypted();

}

else {

checkTrustOrFinish(certificateChain, std::make_shared<CertificateVerificationError>(CertificateVerificationError::InvalidServerIdentity));

}

}

}

void ClientSession::checkTrustOrFinish(const std::vector<Certificate::ref>& certificateChain, std::shared_ptr<CertificateVerificationError> error) {

if (certificateTrustChecker && certificateTrustChecker->isCertificateTrusted(certificateChain)) {

}

else {

finishSession(error);

}

}

void ClientSession::initiateShutdown(bool sendFooter) {

if (!streamShutdownTimeout) {

streamShutdownTimeout = timerFactory->createTimer(sessionShutdownTimeoutInMilliseconds);

streamShutdownTimeout->onTick.connect(boost::bind(&ClientSession::handleStreamShutdownTimeout, shared_from_this()));

streamShutdownTimeout->start();

}

if (sendFooter) {

stream->writeFooter();

}

if (state == State::Finishing) {

// The other side already send </stream>; we can close the socket.

stream->close();

}

else {

state = State::Finishing;

}

}

void ClientSession::continueAfterTLSEncrypted() {

}

void ClientSession::handleStreamClosed(std::shared_ptr<Swift::Error> streamError) {

State previousState = state;

state = State::Finished;

if (streamShutdownTimeout) {

streamShutdownTimeout->stop();

streamShutdownTimeout.reset();

}

if (stanzaAckRequester_) {

stanzaAckRequester_->onRequestAck.disconnect(boost::bind(&ClientSession::requestAck, shared_from_this()));

stanzaAckRequester_->onStanzaAcked.disconnect(boost::bind(&ClientSession::handleStanzaAcked, shared_from_this(), _1));

stanzaAckRequester_.reset();

}

if (stanzaAckResponder_) {

stanzaAckResponder_->onAck.disconnect(boost::bind(&ClientSession::ack, shared_from_this(), _1));

stanzaAckResponder_.reset();

}

stream->setWhitespacePingEnabled(false);

stream->onStreamStartReceived.disconnect(boost::bind(&ClientSession::handleStreamStart, shared_from_this(), _1));

stream->onStreamEndReceived.disconnect(boost::bind(&ClientSession::handleStreamEnd, shared_from_this()));

stream->onElementReceived.disconnect(boost::bind(&ClientSession::handleElement, shared_from_this(), _1));

stream->onClosed.disconnect(boost::bind(&ClientSession::handleStreamClosed, shared_from_this(), _1));

stream->onTLSEncrypted.disconnect(boost::bind(&ClientSession::handleTLSEncrypted, shared_from_this()));

if (previousState == State::Finishing) {

onFinished(error_);

}

else {

onFinished(streamError);

}

}

void ClientSession::handleStreamShutdownTimeout() {

handleStreamClosed(std::shared_ptr<Swift::Error>());

}

void ClientSession::finish() {

if (state != State::Finishing && state != State::Finished) {

finishSession(std::shared_ptr<Error>());

}

else {

SWIFT_LOG(warning) << "Session already finished or finishing." << std::endl;

}

}

void ClientSession::finishSession(Error::Type error) {

finishSession(std::make_shared<Swift::ClientSession::Error>(error));

}

void ClientSession::finishSession(std::shared_ptr<Swift::Error> error) {

if (!error_) {

error_ = error;

}

else {

}

assert(stream->isOpen());

if (stanzaAckResponder_) {

stanzaAckResponder_->handleAckRequestReceived();

}

if (authenticator) {

delete authenticator;

authenticator = nullptr;

}

// Immidiately close TCP connection without stream closure.

if (std::dynamic_pointer_cast<CertificateVerificationError>(error)) {

state = State::Finishing;

initiateShutdown(false);

}

else {

if (state == State::Finishing) {

initiateShutdown(true);

}

else if (state != State::Finished) {

initiateShutdown(true);

}

}

}

void ClientSession::requestAck() {

stream->writeElement(std::make_shared<StanzaAckRequest>());

}

void ClientSession::handleStanzaAcked(std::shared_ptr<Stanza> stanza) {

onStanzaAcked(stanza);

else {

pendingTerminate = true;

std::vector<BOSHConnection::ref> connectionCopies = connections;

for (auto&& connection : connectionCopies) {

if (connection) {

connection->disconnect();

}

}

}

}

void BOSHConnectionPool::handleSessionStarted(const std::string& sessionID, size_t requests) {

sid = sessionID;

requestLimit = requests;

onSessionStarted();

}

void BOSHConnectionPool::handleConnectFinished(bool error, BOSHConnection::ref connection) {

if (error) {

onSessionTerminated(std::make_shared<BOSHError>(BOSHError::UndefinedCondition));

/*TODO: We can probably manage to not terminate the stream here and use the rid/ack retry

* logic to just swallow the error and try again (some number of tries).

*/

}

else {

if (connection->getPeerCertificate() && pinnedCertificateChain_.empty()) {

pinnedCertificateChain_ = connection->getPeerCertificateChain();

}

if (!pinnedCertificateChain_.empty()) {

lastVerificationError_ = connection->getPeerCertificateVerificationError();

}

if (sid.empty()) {

connection->startStream(to, rid);

}

if (pendingRestart) {

restartStream();

}

tryToSendQueuedData();

}

}

BOSHConnection::ref BOSHConnectionPool::getSuitableConnection() {

BOSHConnection::ref suitableConnection;

for (auto&& connection : connections) {

if (connection->isReadyToSend()) {

suitableConnection = connection;

break;

}

}

if (!suitableConnection && connections.size() < requestLimit) {

/* This is not a suitable connection because it won't have yet connected and added TLS if needed. */

BOSHConnection::ref newConnection = createConnection();

newConnection->setSID(sid);

}

assert(connections.size() <= requestLimit);

assert((!suitableConnection) || suitableConnection->isReadyToSend());

return suitableConnection;

}

#include <Swiften/Network/BOSHConnection.h>

#include <Swiften/TLS/CertificateWithKey.h>

#include <Swiften/TLS/TLSOptions.h>

namespace Swift {

class CachingDomainNameResolver;

class EventLoop;

class HTTPConnectProxiedConnectionFactory;

class HTTPTrafficFilter;

class TLSContextFactory;

class CachingDomainNameResolver;

class EventLoop;

class SWIFTEN_API BOSHConnectionPool : public boost::signals2::trackable {

public:

BOSHConnectionPool(const URL& boshURL, DomainNameResolver* resolver, ConnectionFactory* connectionFactory, XMLParserFactory* parserFactory, TLSContextFactory* tlsFactory, TimerFactory* timerFactory, EventLoop* eventLoop, const std::string& to, unsigned long long initialRID, const URL& boshHTTPConnectProxyURL, const SafeString& boshHTTPConnectProxyAuthID, const SafeString& boshHTTPConnectProxyAuthPassword, const TLSOptions& tlsOptions, std::shared_ptr<HTTPTrafficFilter> trafficFilter = std::shared_ptr<HTTPTrafficFilter>());

~BOSHConnectionPool();

void open();

void write(const SafeByteArray& data);

void writeFooter();

void close();

void restartStream();

void setTLSCertificate(CertificateWithKey::ref certWithKey);

bool isTLSEncrypted() const;

Certificate::ref getPeerCertificate() const;

std::vector<Certificate::ref> getPeerCertificateChain() const;

std::shared_ptr<CertificateVerificationError> getPeerCertificateVerificationError() const;

boost::signals2::signal<void (BOSHError::ref)> onSessionTerminated;

boost::signals2::signal<void ()> onSessionStarted;

boost::signals2::signal<void (const SafeByteArray&)> onXMPPDataRead;

boost::signals2::signal<void (const SafeByteArray&)> onBOSHDataRead;

boost::signals2::signal<void (const SafeByteArray&)> onBOSHDataWritten;

private:

void handleDataRead(const SafeByteArray& data);

void handleSessionStarted(const std::string& sid, size_t requests);

void handleBOSHDataRead(const SafeByteArray& data);

void handleBOSHDataWritten(const SafeByteArray& data);

void handleSessionTerminated(BOSHError::ref condition);

void handleConnectFinished(bool, BOSHConnection::ref connection);

void handleConnectionDisconnected(bool error, BOSHConnection::ref connection);

void handleHTTPError(const std::string& errorCode);

private:

BOSHConnection::ref createConnection();

void destroyConnection(BOSHConnection::ref connection);

void tryToSendQueuedData();

BOSHConnection::ref getSuitableConnection();

private:

URL boshURL;

ConnectionFactory* connectionFactory;

XMLParserFactory* xmlParserFactory;

TimerFactory* timerFactory;

std::vector<BOSHConnection::ref> connections;

std::string sid;

unsigned long long rid;

BOSHSessionStream::BOSHSessionStream(const URL& boshURL,

PayloadParserFactoryCollection* payloadParserFactories,

PayloadSerializerCollection* payloadSerializers,

ConnectionFactory* connectionFactory,

TLSContextFactory* tlsContextFactory,

TimerFactory* timerFactory,

XMLParserFactory* xmlParserFactory,

EventLoop* eventLoop,

DomainNameResolver* resolver,

const std::string& to,

const URL& boshHTTPConnectProxyURL,

const SafeString& boshHTTPConnectProxyAuthID,

const SafeString& boshHTTPConnectProxyAuthPassword,

const TLSOptions& tlsOptions,

std::shared_ptr<HTTPTrafficFilter> trafficFilter) :

available(false),

eventLoop(eventLoop),

firstHeader(true) {

boost::mt19937 random;

boost::uniform_int<unsigned long long> dist(0, (1LL<<53) - 1);

random.seed(static_cast<unsigned int>(time(nullptr)));

unsigned long long initialRID = boost::variate_generator<boost::mt19937&, boost::uniform_int<unsigned long long> >(random, dist)();

connectionPool = new BOSHConnectionPool(boshURL, resolver, connectionFactory, xmlParserFactory, tlsContextFactory, timerFactory, eventLoop, to, initialRID, boshHTTPConnectProxyURL, boshHTTPConnectProxyAuthID, boshHTTPConnectProxyAuthPassword, tlsOptions, trafficFilter);

connectionPool->onSessionTerminated.connect(boost::bind(&BOSHSessionStream::handlePoolSessionTerminated, this, _1));

connectionPool->onSessionStarted.connect(boost::bind(&BOSHSessionStream::handlePoolSessionStarted, this));

connectionPool->onXMPPDataRead.connect(boost::bind(&BOSHSessionStream::handlePoolXMPPDataRead, this, _1));

connectionPool->onBOSHDataRead.connect(boost::bind(&BOSHSessionStream::handlePoolBOSHDataRead, this, _1));

connectionPool->onBOSHDataWritten.connect(boost::bind(&BOSHSessionStream::handlePoolBOSHDataWritten, this, _1));

xmppLayer = new XMPPLayer(payloadParserFactories, payloadSerializers, xmlParserFactory, ClientStreamType, true);

xmppLayer->onStreamStart.connect(boost::bind(&BOSHSessionStream::handleStreamStartReceived, this, _1));

xmppLayer->onElement.connect(boost::bind(&BOSHSessionStream::handleElementReceived, this, _1));

xmppLayer->onError.connect(boost::bind(&BOSHSessionStream::handleXMPPError, this));

xmppLayer->onWriteData.connect(boost::bind(&BOSHSessionStream::handleXMPPLayerDataWritten, this, _1));

available = true;

}

BOSHSessionStream::~BOSHSessionStream() {

BOSHSessionStream::close();

connectionPool->onSessionTerminated.disconnect(boost::bind(&BOSHSessionStream::handlePoolSessionTerminated, this, _1));

connectionPool->onSessionStarted.disconnect(boost::bind(&BOSHSessionStream::handlePoolSessionStarted, this));

connectionPool->onXMPPDataRead.disconnect(boost::bind(&BOSHSessionStream::handlePoolXMPPDataRead, this, _1));

connectionPool->onBOSHDataRead.disconnect(boost::bind(&BOSHSessionStream::handlePoolBOSHDataRead, this, _1));

connectionPool->onBOSHDataWritten.disconnect(boost::bind(&BOSHSessionStream::handlePoolBOSHDataWritten, this, _1));

delete connectionPool;

connectionPool = nullptr;

xmppLayer->onStreamStart.disconnect(boost::bind(&BOSHSessionStream::handleStreamStartReceived, this, _1));

xmppLayer->onElement.disconnect(boost::bind(&BOSHSessionStream::handleElementReceived, this, _1));

xmppLayer->onError.disconnect(boost::bind(&BOSHSessionStream::handleXMPPError, this));

xmppLayer->onWriteData.disconnect(boost::bind(&BOSHSessionStream::handleXMPPLayerDataWritten, this, _1));

delete xmppLayer;

xmppLayer = nullptr;

}

void BOSHSessionStream::open() {

connectionPool->setTLSCertificate(getTLSCertificate());

connectionPool->open();

}

void BOSHSessionStream::handlePoolXMPPDataRead(const SafeByteArray& data) {

xmppLayer->handleDataRead(data);

}

void BOSHSessionStream::writeElement(std::shared_ptr<ToplevelElement> element) {

assert(available);

xmppLayer->writeElement(element);

}

void BOSHSessionStream::writeFooter() {

connectionPool->writeFooter();

}

void BOSHSessionStream::writeData(const std::string& data) {

assert(available);

void BOSHSessionStream::setWhitespacePingEnabled(bool /*enabled*/) {

return;

}

void BOSHSessionStream::resetXMPPParser() {

xmppLayer->resetParser();

}

void BOSHSessionStream::handleStreamStartReceived(const ProtocolHeader& header) {

onStreamStartReceived(header);

}

void BOSHSessionStream::handleElementReceived(std::shared_ptr<ToplevelElement> element) {

onElementReceived(element);

}

void BOSHSessionStream::handleXMPPError() {

available = false;

onClosed(std::make_shared<SessionStreamError>(SessionStreamError::ParseError));

}

void BOSHSessionStream::handlePoolSessionStarted() {

fakeStreamHeaderReceipt();

}

void BOSHSessionStream::handlePoolSessionTerminated(BOSHError::ref error) {

eventLoop->postEvent(boost::bind(&BOSHSessionStream::fakeStreamFooterReceipt, this, error), shared_from_this());

}

void BOSHSessionStream::writeHeader(const ProtocolHeader& header) {

streamHeader = header;

/*First time we're told to do this, don't (the sending of the initial header is handled on connect)

On subsequent requests we should restart the stream the BOSH way.

*/

if (!firstHeader) {

eventLoop->postEvent(boost::bind(&BOSHSessionStream::fakeStreamHeaderReceipt, this), shared_from_this());

eventLoop->postEvent(boost::bind(&BOSHConnectionPool::restartStream, connectionPool), shared_from_this());

}

firstHeader = false;

}

void BOSHSessionStream::fakeStreamHeaderReceipt() {

std::stringstream header;

header << "<stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' from='";

header << streamHeader.getTo() << "' id='dummy' version='1.0'>";

xmppLayer->handleDataRead(createSafeByteArray(header.str()));

}

void BOSHSessionStream::fakeStreamFooterReceipt(BOSHError::ref error) {

std::string footer("</stream:stream>");

xmppLayer->handleDataRead(createSafeByteArray(footer));

onClosed(error);

}

void BOSHSessionStream::handleXMPPLayerDataWritten(const SafeByteArray& data) {

eventLoop->postEvent(boost::bind(&BOSHConnectionPool::write, connectionPool, data), shared_from_this());

}

virtual void writeHeader(const ProtocolHeader& header);

virtual void writeElement(std::shared_ptr<ToplevelElement>);

virtual void writeFooter();

virtual void writeData(const std::string& data);

virtual bool supportsZLibCompression();

virtual void addZLibCompression();

virtual bool supportsTLSEncryption();

virtual void addTLSEncryption();

virtual bool isTLSEncrypted();

virtual Certificate::ref getPeerCertificate() const;

virtual std::vector<Certificate::ref> getPeerCertificateChain() const;

virtual std::shared_ptr<CertificateVerificationError> getPeerCertificateVerificationError() const;

virtual ByteArray getTLSFinishMessage() const;

virtual void setWhitespacePingEnabled(bool);

virtual void resetXMPPParser();

private:

void handleXMPPError();

void handleStreamStartReceived(const ProtocolHeader&);

void handleElementReceived(std::shared_ptr<ToplevelElement>);

void handlePoolXMPPDataRead(const SafeByteArray& data);

void handleXMPPLayerDataWritten(const SafeByteArray& data);

void handlePoolSessionStarted();

void handlePoolBOSHDataRead(const SafeByteArray& data);

void handlePoolBOSHDataWritten(const SafeByteArray& data);

void handlePoolSessionTerminated(BOSHError::ref condition);

private:

void fakeStreamHeaderReceipt();

void fakeStreamFooterReceipt(BOSHError::ref error);

private:

BOSHConnectionPool* connectionPool;

bool available;

XMPPLayer* xmppLayer;

ProtocolHeader streamHeader;

EventLoop* eventLoop;

bool firstHeader;

};

}