/* * Copyright (c) 2015 Isode Limited. * All rights reserved. * See the COPYING file for more information. */ #pragma once #include #include #include "Swiften/TLS/TLSServerContext.h" namespace Swift { class SecureTransportServerContext : public TLSServerContext { public: SecureTransportServerContext(bool checkCertificateRevocation); virtual ~SecureTransportServerContext(); virtual void connect(); virtual bool setClientCertificate(CertificateWithKey::ref cert); virtual void handleDataFromNetwork(const SafeByteArray&); virtual void handleDataFromApplication(const SafeByteArray&); virtual std::vector getPeerCertificateChain() const; virtual CertificateVerificationError::ref getPeerCertificateVerificationError() const; virtual ByteArray getFinishMessage() const; private: static OSStatus SSLSocketReadCallback(SSLConnectionRef connection, void *data, size_t *dataLength); static OSStatus SSLSocketWriteCallback(SSLConnectionRef connection, const void *data, size_t *dataLength); private: enum State { None, Handshake, HandshakeDone, Error}; static std::string stateToString(State state); void setState(State newState); static SWIFTEN_SHRPTR_NAMESPACE::shared_ptr nativeToTLSError(OSStatus error); SWIFTEN_SHRPTR_NAMESPACE::shared_ptr CSSMErrorToVerificationError(OSStatus resultCode); void processHandshake(); void verifyServerCertificate(); void fatalError(SWIFTEN_SHRPTR_NAMESPACE::shared_ptr error, SWIFTEN_SHRPTR_NAMESPACE::shared_ptr certificateError); private: SWIFTEN_SHRPTR_NAMESPACE::shared_ptr sslContext_; SafeByteArray readingBuffer_; State state_; CertificateVerificationError::ref verificationError_; CertificateWithKey::ref clientCertificate_; bool checkCertificateRevocation_; }; }