+#include <Swiften/Base/Algorithm.h>

+#include <Swiften/Client/ClientSessionStanzaChannel.h>

+#include <Swiften/Network/DomainNameResolveError.h>

+#include <Swiften/Network/HTTPConnectProxiedConnectionFactory.h>

+#include <Swiften/Queries/IQRouter.h>

+#include <Swiften/Session/BOSHSessionStream.h>

+#include <Swiften/Session/BasicSessionStream.h>

+#include <Swiften/TLS/CertificateVerificationError.h>

+#include <Swiften/TLS/PKCS12Certificate.h>

+#include <Swiften/TLS/TLSError.h>

+ options.tlsOptions,

+ options.httpTrafficFilter));

+#include <Swiften/Base/foreach.h>

+#include <Swiften/Network/HTTPConnectProxiedConnectionFactory.h>

+#include <Swiften/Network/TLSConnectionFactory.h>

+BOSHConnectionPool::BOSHConnectionPool(const URL& boshURL, DomainNameResolver* realResolver, ConnectionFactory* connectionFactoryParameter, XMLParserFactory* parserFactory, TLSContextFactory* tlsFactory, TimerFactory* timerFactory, EventLoop* eventLoop, const std::string& to, unsigned long long initialRID, const URL& boshHTTPConnectProxyURL, const SafeString& boshHTTPConnectProxyAuthID, const SafeString& boshHTTPConnectProxyAuthPassword, const TLSOptions& tlsOptions, boost::shared_ptr<HTTPTrafficFilter> trafficFilter) :

+ connectionFactory = new HTTPConnectProxiedConnectionFactory(realResolver, connectionFactory, timerFactory, boshHTTPConnectProxyURL.getHost(), URL::getPortOrDefaultPort(boshHTTPConnectProxyURL), boshHTTPConnectProxyAuthID, boshHTTPConnectProxyAuthPassword, trafficFilter);

+ class HTTPConnectProxiedConnectionFactory;

+ class HTTPTrafficFilter;

+ class TLSConnectionFactory;

+ BOSHConnectionPool(const URL& boshURL, DomainNameResolver* resolver, ConnectionFactory* connectionFactory, XMLParserFactory* parserFactory, TLSContextFactory* tlsFactory, TimerFactory* timerFactory, EventLoop* eventLoop, const std::string& to, unsigned long long initialRID, const URL& boshHTTPConnectProxyURL, const SafeString& boshHTTPConnectProxyAuthID, const SafeString& boshHTTPConnectProxyAuthPassword, const TLSOptions& tlsOptions, boost::shared_ptr<HTTPTrafficFilter> trafficFilter = boost::shared_ptr<HTTPTrafficFilter>());

+#include <boost/algorithm/string.hpp>

+#include <Swiften/Base/ByteArray.h>

+#include <Swiften/Base/foreach.h>

+#include <Swiften/Network/HostAddressPort.h>

+HTTPConnectProxiedConnection::~HTTPConnectProxiedConnection() {

+

+}

+

+ httpResponseBuffer_.clear();

+

+ else if (!nextHTTPRequestHeaders_.empty()) {

+ typedef std::pair<std::string, std::string> StringPair;

+ foreach(const StringPair& headerField, nextHTTPRequestHeaders_) {

+ append(data, createSafeByteArray(headerField.first));

+ append(data, createSafeByteArray(": "));

+ append(data, createSafeByteArray(headerField.second));

+ append(data, createSafeByteArray("\r\n"));

+ }

+

+ nextHTTPRequestHeaders_.clear();

+ }

+ std::vector<std::pair<std::string, std::string> > newHeaderFields = trafficFilter_->filterHTTPResponseHeader(statusLine, headerFields);

+ reconnect();

+ nextHTTPRequestHeaders_ = newHeaderFields;

+ class DomainNameResolver;

+ class TimerFactory;

+ virtual ~HTTPConnectProxiedConnection();

+

+ std::vector<std::pair<std::string, std::string> > nextHTTPRequestHeaders_;

+#include <vector>

+ virtual std::vector<std::pair<std::string, std::string> > filterHTTPResponseHeader(const std::string& statusLine, const std::vector<std::pair<std::string, std::string> >& /* responseHeader */) = 0;

+ * Copyright (c) 2012-2015 Isode Limited.

+

+#include <Swiften/Network/HostAddressPort.h>

+

+void ProxiedConnection::reconnect() {

+ if (connected_) {

+ connection_->onDataRead.disconnect(boost::bind(&ProxiedConnection::handleDataRead, shared_from_this(), _1));

+ connection_->onDisconnected.disconnect(boost::bind(&ProxiedConnection::handleDisconnected, shared_from_this(), _1));

+ connection_->disconnect();

+ }

+ connect(server_);

+}

+#include <Swiften/Base/SafeString.h>

+ virtual ~ProxiedConnection();

+ void reconnect();

+

+ * Copyright (c) 2011-2015 Isode Limited.

+#include <boost/bind.hpp>

+#include <boost/lexical_cast.hpp>

+#include <boost/optional.hpp>

+#include <boost/shared_ptr.hpp>

+#include <boost/smart_ptr/make_shared.hpp>

+

+#include <Swiften/EventLoop/DummyEventLoop.h>

+#include <Swiften/Network/BOSHConnection.h>

+#include <Swiften/Network/DummyTimerFactory.h>

+ CPPUNIT_TEST_SUITE_END();

+

+#include <boost/algorithm/string.hpp>

+#include <boost/bind.hpp>

+#include <boost/lexical_cast.hpp>

+#include <boost/optional.hpp>

+#include <boost/shared_ptr.hpp>

+#include <boost/smart_ptr/make_shared.hpp>

+

+#include <Swiften/Base/Log.h>

+#include <Swiften/Base/foreach.h>

+#include <Swiften/EventLoop/DummyEventLoop.h>

+#include <Swiften/Network/DummyTimerFactory.h>

+ virtual std::vector<std::pair<std::string, std::string> > filterHTTPResponseHeader(const std::string& /* statusLine */, const std::vector<std::pair<std::string, std::string> >& response) {

+

+ class ProxyAuthenticationHTTPTrafficFilter : public HTTPTrafficFilter {

+ static std::string to_lower(const std::string& str) {

+ std::string lower = str;

+ boost::algorithm::to_lower(lower);

+ return lower;

+ }

+

+ public:

+ ProxyAuthenticationHTTPTrafficFilter() {}

+ virtual ~ProxyAuthenticationHTTPTrafficFilter() {}

+

+ virtual std::vector<std::pair<std::string, std::string> > filterHTTPResponseHeader(const std::string& statusLine, const std::vector<std::pair<std::string, std::string> >& response) {

+ std::vector<std::pair<std::string, std::string> > filterResponseReturn;

+ std::vector<std::string> statusLineFields;

+ boost::split(statusLineFields, statusLine, boost::is_any_of(" "), boost::token_compress_on);

+

+ int statusCode = boost::lexical_cast<int>(statusLineFields[1]);

+ if (statusCode == 407) {

+ typedef std::pair<std::string, std::string> StrPair;

+ foreach (const StrPair& field, response) {

+ if (to_lower(field.first) == to_lower("Proxy-Authenticate")) {

+ if (field.second.size() >= 6 && field.second.substr(0, 6) == " NTLM ") {

+ filterResponseReturn.push_back(std::pair<std::string, std::string>("Proxy-Authorization", "NTLM TlRMTVNTUAADAAAAGAAYAHIAAAAYABgAigAAABIAEgBIAAAABgAGAFoAAAASABIVNTUAADAAYAAAABAAEACiAAAANYKI4gUBKAoAAAAPTABBAEIAUwBNAE8ASwBFADMAXwBxAGEATABBAEIAUwBNAE8ASwBFADMA0NKq8HYYhj8AAAAAAAAAAAAAAAAAAAAAOIiih3mR+AkyM4r99sy1mdFonCu2ILODro1WTTrJ4b4JcXEzUBA2Ig=="));

+ return filterResponseReturn;

+ }

+ else if (field.second.size() >= 5 && field.second.substr(0, 5) == " NTLM") {

+ filterResponseReturn.push_back(std::pair<std::string, std::string>("Proxy-Authorization", "NTLM TlRMTVNTUAABAAAAt7II4gkACQAxAAAACQAJACgAAAVNTUAADAAFASgKAAAAD0xBQlNNT0tFM1dPUktHUk9VUA=="));

+ return filterResponseReturn;

+ }

+ }

+ }

+

+ return filterResponseReturn;

+ }

+ else {

+ return std::vector<std::pair<std::string, std::string> >();

+ }

+ }

+ };

+ CPPUNIT_TEST(testTrafficFilterNoConnectionReuse);

+ connectFinishedWithError = false;

+ CPPUNIT_ASSERT_EQUAL(createByteArray("CONNECT 2.2.2.2:2345 HTTP/1.1\r\nAuthorization: Negotiate a87421000492aa874209af8bc028\r\n\r\n"), connectionFactory->connections[1]->dataWritten);

+ connectionFactory->connections[1]->dataWritten.clear();

+ CPPUNIT_ASSERT_EQUAL(createByteArray("abcdef"), connectionFactory->connections[1]->dataWritten);

+ }

+

+ void testTrafficFilterNoConnectionReuse() {

+ HTTPConnectProxiedConnection::ref testling = createTestling();

+

+ boost::shared_ptr<ProxyAuthenticationHTTPTrafficFilter> httpTrafficFilter = boost::make_shared<ProxyAuthenticationHTTPTrafficFilter>();

+ testling->setHTTPTrafficFilter(httpTrafficFilter);

+

+ connect(testling, HostAddressPort(HostAddress("2.2.2.2"), 2345));

+

+ // First HTTP CONNECT request assumes the proxy will work.

+ CPPUNIT_ASSERT_EQUAL(createByteArray("CONNECT 2.2.2.2:2345 HTTP/1.1\r\n"

+ "\r\n"), connectionFactory->connections[0]->dataWritten);

+

+ // First reply presents initiator with authentication options.

+ connectionFactory->connections[0]->onDataRead(createSafeByteArrayRef(

+ "HTTP/1.0 407 ProxyAuthentication Required\r\n"

+ "proxy-Authenticate: Negotiate\r\n"

+ "Proxy-Authenticate: Kerberos\r\n"

+ "proxy-Authenticate: NTLM\r\n"

+ "\r\n"));

+ eventLoop->processEvents();

+ CPPUNIT_ASSERT_EQUAL(false, connectFinished);

+ CPPUNIT_ASSERT_EQUAL(false, connectFinishedWithError);

+

+ // The HTTP proxy responds with code 407, so the traffic filter should inject the authentication response on a new connection.

+ CPPUNIT_ASSERT_EQUAL(createByteArray("CONNECT 2.2.2.2:2345 HTTP/1.1\r\n"

+ "Proxy-Authorization: NTLM TlRMTVNTUAABAAAAt7II4gkACQAxAAAACQAJACgAAAVNTUAADAAFASgKAAAAD0xBQlNNT0tFM1dPUktHUk9VUA==\r\n"

+ "\r\n"), connectionFactory->connections[1]->dataWritten);

+

+ // The proxy responds with another authentication step.

+ connectionFactory->connections[1]->onDataRead(createSafeByteArrayRef(

+ "HTTP/1.0 407 ProxyAuthentication Required\r\n"

+ "Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAEAAQADgAAAA1goriluCDYHcYI/sAAAAAAAAAAFQAVABIAAAABQLODgAAAA9TAFAASQBSAEkAVAAxAEIAAgAQAFMAUABJAFIASQBUADEAQgABABAAUwBQAEkAUgBJAFQAMQBCAAQAEABzAHAAaQByAGkAdAAxAGIAAwAQAHMAcABpAHIAaQB0ADEAYgAAAAAA\r\n"

+ "\r\n"));

+ eventLoop->processEvents();

+ CPPUNIT_ASSERT_EQUAL(false, connectFinished);

+ CPPUNIT_ASSERT_EQUAL(false, connectFinishedWithError);

+

+ // Last HTTP request that should succeed. Further traffic will go over the connection of this request.

+ CPPUNIT_ASSERT_EQUAL(createByteArray("CONNECT 2.2.2.2:2345 HTTP/1.1\r\n"

+ "Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAHIAAAAYABgAigAAABIAEgBIAAAABgAGAFoAAAASABIVNTUAADAAYAAAABAAEACiAAAANYKI4gUBKAoAAAAPTABBAEIAUwBNAE8ASwBFADMAXwBxAGEATABBAEIAUwBNAE8ASwBFADMA0NKq8HYYhj8AAAAAAAAAAAAAAAAAAAAAOIiih3mR+AkyM4r99sy1mdFonCu2ILODro1WTTrJ4b4JcXEzUBA2Ig==\r\n"

+ "\r\n"), connectionFactory->connections[2]->dataWritten);

+

+ connectionFactory->connections[2]->onDataRead(createSafeByteArrayRef(

+ "HTTP/1.0 200 OK\r\n"

+ "\r\n"));

+ eventLoop->processEvents();

+

+ // The HTTP CONNECT proxy initialization finished without error.

+ CPPUNIT_ASSERT_EQUAL(true, connectFinished);

+ CPPUNIT_ASSERT_EQUAL(false, connectFinishedWithError);

+

+ // Further traffic is written directly, without interception of the filter.

+ connectionFactory->connections[2]->dataWritten.clear();

+ testling->write(createSafeByteArray("This is some basic data traffic."));

+ CPPUNIT_ASSERT_EQUAL(createByteArray("This is some basic data traffic."), connectionFactory->connections[2]->dataWritten);

+ SWIFT_LOG(debug) << "new connection created" << std::endl;

+ File("Network/UnitTest/DomainNameServiceQueryTest.cpp"),

+#include <Swiften/EventLoop/EventLoop.h>

+#include <Swiften/StreamStack/ConnectionLayer.h>

+#include <Swiften/StreamStack/StreamStack.h>

+#include <Swiften/StreamStack/WhitespacePingLayer.h>

+#include <Swiften/StreamStack/XMPPLayer.h>

+#include <Swiften/TLS/TLSContextFactory.h>

+BOSHSessionStream::BOSHSessionStream(const URL& boshURL,

+ PayloadParserFactoryCollection* payloadParserFactories,

+ PayloadSerializerCollection* payloadSerializers,

+ TLSContextFactory* tlsContextFactory,

+ const TLSOptions& tlsOptions,

+ boost::shared_ptr<HTTPTrafficFilter> trafficFilter) :

+ connectionPool = new BOSHConnectionPool(boshURL, resolver, connectionFactory, xmlParserFactory, tlsContextFactory, timerFactory, eventLoop, to, initialRID, boshHTTPConnectProxyURL, boshHTTPConnectProxyAuthID, boshHTTPConnectProxyAuthPassword, tlsOptions, trafficFilter);

+ class CompressionLayer;

+ class ConnectionLayer;

+ class EventLoop;

+ class HTTPTrafficFilter;

+ class TimerFactory;

+ class XMLParserFactory;

+ class XMPPLayer;

+ const TLSOptions& tlsOptions,

+ boost::shared_ptr<HTTPTrafficFilter> trafficFilter