aboutsummaryrefslogtreecommitdiff
path: root/xmpp-vala
diff options
context:
space:
mode:
Diffstat (limited to 'xmpp-vala')
-rw-r--r--xmpp-vala/src/module/tls.vala96
1 files changed, 0 insertions, 96 deletions
diff --git a/xmpp-vala/src/module/tls.vala b/xmpp-vala/src/module/tls.vala
deleted file mode 100644
index 1b8a5411..00000000
--- a/xmpp-vala/src/module/tls.vala
+++ /dev/null
@@ -1,96 +0,0 @@
-namespace Xmpp.Tls {
- private const string NS_URI = "urn:ietf:params:xml:ns:xmpp-tls";
-
- public class Module : XmppStreamNegotiationModule {
- public static ModuleIdentity<Module> IDENTITY = new ModuleIdentity<Module>(NS_URI, "tls_module");
-
- public signal void invalid_certificate(TlsCertificate peer_cert, TlsCertificateFlags errors);
- public bool require { get; set; default = true; }
- public bool server_supports_tls = false;
- public bool server_requires_tls = false;
- public SocketConnectable? identity = null;
-
- public override void attach(XmppStream stream) {
- stream.received_features_node.connect(this.received_features_node);
- stream.received_nonza.connect(this.received_nonza);
- }
-
- public override void detach(XmppStream stream) {
- stream.received_features_node.disconnect(this.received_features_node);
- stream.received_nonza.disconnect(this.received_nonza);
- }
-
- private void received_nonza(XmppStream stream, StanzaNode node) {
- if (node.ns_uri == NS_URI && node.name == "proceed") {
- try {
- StartTlsXmppStream? tls_xmpp_stream = stream as StartTlsXmppStream;
- var io_stream = tls_xmpp_stream.get_stream();
- if (io_stream == null) return;
- var conn = TlsClientConnection.new(io_stream, identity);
- tls_xmpp_stream.reset_stream(conn);
-
- conn.accept_certificate.connect(on_invalid_certificate);
- var flag = stream.get_flag(Flag.IDENTITY);
- flag.peer_certificate = conn.get_peer_certificate();
- flag.finished = true;
- } catch (Error e) {
- stderr.printf("Failed to start TLS: %s\n", e.message);
- }
- }
- }
-
- private void received_features_node(XmppStream stream) {
- if (stream.has_flag(Flag.IDENTITY)) return;
- if (stream.is_setup_needed()) return;
-
- var starttls = stream.features.get_subnode("starttls", NS_URI);
- if (starttls != null) {
- server_supports_tls = true;
- if (starttls.get_subnode("required") != null || stream.features.get_all_subnodes().size == 1) {
- server_requires_tls = true;
- }
- if (server_requires_tls || require) {
- stream.write(new StanzaNode.build("starttls", NS_URI).add_self_xmlns());
- }
- if (identity == null) {
- identity = new NetworkService("xmpp-client", "tcp", stream.remote_name.to_string());
- }
- stream.add_flag(new Flag());
- }
- }
-
- public bool on_invalid_certificate(TlsCertificate peer_cert, TlsCertificateFlags errors) {
- string error_str = "";
- foreach (var f in new TlsCertificateFlags[]{TlsCertificateFlags.UNKNOWN_CA, TlsCertificateFlags.BAD_IDENTITY,
- TlsCertificateFlags.NOT_ACTIVATED, TlsCertificateFlags.EXPIRED, TlsCertificateFlags.REVOKED,
- TlsCertificateFlags.INSECURE, TlsCertificateFlags.GENERIC_ERROR, TlsCertificateFlags.VALIDATE_ALL}) {
- if (f in errors) {
- error_str += @"$(f), ";
- }
- }
- warning(@"Tls Certificate Errors: $(error_str)");
- invalid_certificate(peer_cert, errors);
- return false;
- }
-
- public override bool mandatory_outstanding(XmppStream stream) {
- return require && (!stream.has_flag(Flag.IDENTITY) || !stream.get_flag(Flag.IDENTITY).finished);
- }
-
- public override bool negotiation_active(XmppStream stream) {
- return stream.has_flag(Flag.IDENTITY) && !stream.get_flag(Flag.IDENTITY).finished;
- }
-
- public override string get_ns() { return NS_URI; }
- public override string get_id() { return IDENTITY.id; }
- }
-
- public class Flag : XmppStreamFlag {
- public static FlagIdentity<Flag> IDENTITY = new FlagIdentity<Flag>(NS_URI, "tls");
- public TlsCertificate? peer_certificate;
- public bool finished { get; set; default=false; }
-
- public override string get_ns() { return NS_URI; }
- public override string get_id() { return IDENTITY.id; }
- }
-}