diff options
author | Tobias Markmann <tm@ayena.de> | 2015-10-23 14:31:09 (GMT) |
---|---|---|
committer | Swift Review <review@swift.im> | 2015-10-30 17:37:59 (GMT) |
commit | 4a6950af0f324091553f7ab7271de45721b8667f (patch) | |
tree | ed595c54d3d7e3047ed0a5f452ce95dfc188051a /Swiften/TLS/SecureTransport/SecureTransportContext.h | |
parent | 7f321edd9ada1f531b1fbc3325ef61449218f40c (diff) | |
download | swift-4a6950af0f324091553f7ab7271de45721b8667f.zip swift-4a6950af0f324091553f7ab7271de45721b8667f.tar.bz2 |
Add support for OS X Secure Transport TLS backend
Added integration tests for certificate validation and
revocation behavior checking.
Test-Information:
Tested client login over TLS against Prosody and M-Link.
Verified client certificate authentication works against
M-Link.
Change-Id: I6ad870f17adbf279f3bac913a3076909308a0021
Diffstat (limited to 'Swiften/TLS/SecureTransport/SecureTransportContext.h')
-rw-r--r-- | Swiften/TLS/SecureTransport/SecureTransportContext.h | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/Swiften/TLS/SecureTransport/SecureTransportContext.h b/Swiften/TLS/SecureTransport/SecureTransportContext.h new file mode 100644 index 0000000..aa17c66 --- /dev/null +++ b/Swiften/TLS/SecureTransport/SecureTransportContext.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2015 Isode Limited. + * All rights reserved. + * See the COPYING file for more information. + */ + +#pragma once + +#include <Security/SecureTransport.h> + +#include <Swiften/TLS/TLSContext.h> + +namespace Swift { + +class SecureTransportContext : public TLSContext { + public: + SecureTransportContext(bool checkCertificateRevocation); + virtual ~SecureTransportContext(); + + virtual void connect(); + + virtual bool setClientCertificate(CertificateWithKey::ref cert); + + virtual void handleDataFromNetwork(const SafeByteArray&); + virtual void handleDataFromApplication(const SafeByteArray&); + + virtual std::vector<Certificate::ref> getPeerCertificateChain() const; + virtual CertificateVerificationError::ref getPeerCertificateVerificationError() const; + + virtual ByteArray getFinishMessage() const; + + private: + static OSStatus SSLSocketReadCallback(SSLConnectionRef connection, void *data, size_t *dataLength); + static OSStatus SSLSocketWriteCallback(SSLConnectionRef connection, const void *data, size_t *dataLength); + + private: + enum State { None, Handshake, HandshakeDone, Error}; + static std::string stateToString(State state); + void setState(State newState); + + static boost::shared_ptr<TLSError> nativeToTLSError(OSStatus error); + boost::shared_ptr<CertificateVerificationError> CSSMErrorToVerificationError(OSStatus resultCode); + + void processHandshake(); + void verifyServerCertificate(); + + void fatalError(boost::shared_ptr<TLSError> error, boost::shared_ptr<CertificateVerificationError> certificateError); + + private: + boost::shared_ptr<SSLContext> sslContext_; + SafeByteArray readingBuffer_; + State state_; + CertificateVerificationError::ref verificationError_; + CertificateWithKey::ref clientCertificate_; + bool checkCertificateRevocation_; +}; + +} |