From 28411b5995553eb3a50c826c55517b4c610959c2 Mon Sep 17 00:00:00 2001
From: Linus Jahn <lnj@kaidan.im>
Date: Sat, 14 Dec 2019 22:47:28 +0100
Subject: Move TLS negotiation into new QXmppTlsManager

---
 src/client/QXmppTlsManager.cpp | 74 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)
 create mode 100644 src/client/QXmppTlsManager.cpp

(limited to 'src/client/QXmppTlsManager.cpp')

diff --git a/src/client/QXmppTlsManager.cpp b/src/client/QXmppTlsManager.cpp
new file mode 100644
index 00000000..0301e20c
--- /dev/null
+++ b/src/client/QXmppTlsManager.cpp
@@ -0,0 +1,74 @@
+/*
+ * Copyright (C) 2008-2019 The QXmpp developers
+ *
+ * Authors:
+ *  Linus Jahn
+ *
+ * Source:
+ *  https://github.com/qxmpp-project/qxmpp
+ *
+ * This file is a part of QXmpp library.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ */
+
+#include "QXmppTlsManager.h"
+
+#include "QXmppConstants_p.h"
+#include "QXmppClient.h"
+#include "QXmppStreamFeatures.h"
+#include "QXmppStartTlsPacket.h"
+
+#include <QDomElement>
+
+QXmppTlsManager::QXmppTlsManager() = default;
+
+bool QXmppTlsManager::handleStanza(const QDomElement &stanza)
+{
+    if (QXmppStreamFeatures::isStreamFeatures(stanza) && !client()->isSocketEncrypted()) {
+        QXmppStreamFeatures features;
+        features.parse(stanza);
+
+        // determine TLS mode to use
+        const QXmppConfiguration::StreamSecurityMode localSecurity = client()->configuration().streamSecurityMode();
+        const QXmppStreamFeatures::Mode remoteSecurity = features.tlsMode();
+        if (!client()->socketSupportsSsl() &&
+            (localSecurity == QXmppConfiguration::TLSRequired ||
+             remoteSecurity == QXmppStreamFeatures::Required)) {
+            warning("Disconnecting since TLS is required, but SSL support is not available");
+            client()->disconnectFromServer();
+            return true;
+        }
+        if (localSecurity == QXmppConfiguration::TLSRequired &&
+            remoteSecurity == QXmppStreamFeatures::Disabled) {
+            warning("Disconnecting since TLS is required, but not supported by the server");
+            client()->disconnectFromServer();
+            return true;
+        }
+
+        if (client()->socketSupportsSsl() &&
+            localSecurity != QXmppConfiguration::TLSDisabled &&
+            remoteSecurity != QXmppStreamFeatures::Disabled) {
+            // enable TLS since it is supported by both parties
+            client()->sendPacket(QXmppStartTlsPacket());
+            return true;
+        }
+    }
+
+    if (QXmppStartTlsPacket::isStartTlsPacket(stanza, QXmppStartTlsPacket::Proceed)) {
+        debug("Starting encryption");
+        client()->startSocketEncryption();
+        return true;
+    }
+
+    return false;
+}
-- 
cgit v1.2.3