/* * Copyright (c) 2010-2016 Isode Limited. * All rights reserved. * See the COPYING file for more information. */ #pragma once #include #include #include #include #include #include #include #include #include #include #include namespace Swift { class ClientAuthenticator; class CertificateTrustChecker; class IDNConverter; class CryptoProvider; class SWIFTEN_API ClientSession : public boost::enable_shared_from_this { public: enum State { Initial, WaitingForStreamStart, Negotiating, Compressing, WaitingForEncrypt, Encrypting, WaitingForCredentials, Authenticating, EnablingSessionManagement, BindingResource, StartingSession, Initialized, Finishing, Finished }; struct Error : public Swift::Error { enum Type { AuthenticationFailedError, CompressionFailedError, ServerVerificationFailedError, NoSupportedAuthMechanismsError, UnexpectedElementError, ResourceBindError, SessionStartError, TLSClientCertificateError, TLSError, StreamError } type; boost::shared_ptr errorCode; Error(Type type) : type(type) {} }; enum UseTLS { NeverUseTLS, UseTLSWhenAvailable, RequireTLS }; ~ClientSession(); static boost::shared_ptr create(const JID& jid, boost::shared_ptr stream, IDNConverter* idnConverter, CryptoProvider* crypto) { return boost::shared_ptr(new ClientSession(jid, stream, idnConverter, crypto)); } State getState() const { return state; } void setAllowPLAINOverNonTLS(bool b) { allowPLAINOverNonTLS = b; } void setUseStreamCompression(bool b) { useStreamCompression = b; } void setUseTLS(UseTLS b) { useTLS = b; } void setUseAcks(bool b) { useAcks = b; } bool getStreamManagementEnabled() const { // Explicitly convert to bool. In C++11, it would be cleaner to // compare to nullptr. return static_cast(stanzaAckRequester_); } bool getRosterVersioningSupported() const { return rosterVersioningSupported; } std::vector getPeerCertificateChain() const { return stream->getPeerCertificateChain(); } const JID& getLocalJID() const { return localJID; } void start(); void finish(); bool isFinished() const { return getState() == Finished; } void sendCredentials(const SafeByteArray& password); void sendStanza(boost::shared_ptr); void setCertificateTrustChecker(CertificateTrustChecker* checker) { certificateTrustChecker = checker; } void setSingleSignOn(bool b) { singleSignOn = b; } /** * Sets the port number used in Kerberos authentication * Does not affect network connectivity. */ void setAuthenticationPort(int i) { authenticationPort = i; } public: boost::signal onNeedCredentials; boost::signal onInitialized; boost::signal)> onFinished; boost::signal)> onStanzaReceived; boost::signal)> onStanzaAcked; private: ClientSession( const JID& jid, boost::shared_ptr, IDNConverter* idnConverter, CryptoProvider* crypto); void finishSession(Error::Type error); void finishSession(boost::shared_ptr error); JID getRemoteJID() const { return JID("", localJID.getDomain()); } void sendStreamHeader(); void handleElement(boost::shared_ptr); void handleStreamStart(const ProtocolHeader&); void handleStreamClosed(boost::shared_ptr); void handleTLSEncrypted(); bool checkState(State); void continueSessionInitialization(); void requestAck(); void handleStanzaAcked(boost::shared_ptr stanza); void ack(unsigned int handledStanzasCount); void continueAfterTLSEncrypted(); void checkTrustOrFinish(const std::vector& certificateChain, boost::shared_ptr error); private: JID localJID; State state; boost::shared_ptr stream; IDNConverter* idnConverter; CryptoProvider* crypto; bool allowPLAINOverNonTLS; bool useStreamCompression; UseTLS useTLS; bool useAcks; bool needSessionStart; bool needResourceBind; bool needAcking; bool rosterVersioningSupported; ClientAuthenticator* authenticator; boost::shared_ptr stanzaAckRequester_; boost::shared_ptr stanzaAckResponder_; boost::shared_ptr error_; CertificateTrustChecker* certificateTrustChecker; bool singleSignOn; int authenticationPort; }; }