[Pkg-javascript-commits] [ltx] 97/469: TLS server & credentials support
Jonas Smedegaard
dr at jones.dk
Wed Aug 31 13:01:08 UTC 2016
This is an automated email from the git hooks/post-receive script.
js pushed a commit to branch master
in repository ltx.
commit d374da6a96ddd80a1dffe26503a9b6e9a4cd9b2e
Author: Astro <astro at spaceboyz.net>
Date: Mon Sep 6 21:12:44 2010 +0200
TLS server & credentials support
---
lib/xmpp/connection.js | 2 +-
lib/xmpp/router.js | 15 +++++++++++++++
lib/xmpp/server.js | 25 ++++++++++++++++++++++---
3 files changed, 38 insertions(+), 4 deletions(-)
diff --git a/lib/xmpp/connection.js b/lib/xmpp/connection.js
index d18a4f3..6aaf541 100644
--- a/lib/xmpp/connection.js
+++ b/lib/xmpp/connection.js
@@ -163,7 +163,7 @@ Connection.prototype.onStanza = function(stanza) {
} else if (this.allowTLS &&
stanza.is('proceed', NS_XMPP_TLS)) {
/* Server is waiting for TLS handshake */
- this.setSecure();
+ this.setSecure(this.credentials);
this.addListener('secure', this.startStream);
} else {
this.emit('rawStanza', stanza);
diff --git a/lib/xmpp/router.js b/lib/xmpp/router.js
index 864c8fd..b4a5b9f 100644
--- a/lib/xmpp/router.js
+++ b/lib/xmpp/router.js
@@ -240,10 +240,24 @@ function Router(s2sPort) {
}
exports.Router = Router;
+// Defaults
Router.prototype.rateLimit = 100; // 100 KB/s, it's S2S after all
Router.prototype.maxStanzaSize = 65536; // 64 KB, by convention
Router.prototype.keepAlive = 30 * 1000; // 30s
Router.prototype.streamTimeout = 5 * 60 * 1000; // 5min
+Router.prototype.credentials = undefined; // TLS credentials
+
+// little helper, because dealing with crypto & fs gets unwieldy
+Router.prototype.loadCredentials = function(keyPath, certPath) {
+ var crypto = require('crypto');
+ var fs = require('fs');
+
+ var key = fs.readFileSync(keyPath, 'ascii');
+ var cert = fs.readFileSync(certPath, 'ascii');
+
+ this.credentials = crypto.createCredentials({ key: key,
+ cert: cert });
+};
Router.prototype.acceptConnection = function(inStream) {
var self = this;
@@ -308,6 +322,7 @@ Router.prototype.acceptConnection = function(inStream) {
};
Router.prototype.setupStream = function(stream) {
+ stream.credentials = this.credentials;
stream.maxStanzaSize = this.maxStanzaSize;
StreamShaper.attach(stream, this.rateLimit);
stream.setKeepAlive(true, this.keepAlive);
diff --git a/lib/xmpp/server.js b/lib/xmpp/server.js
index 0ef76f7..1a9f524 100644
--- a/lib/xmpp/server.js
+++ b/lib/xmpp/server.js
@@ -82,7 +82,10 @@ exports.makeIncomingServer = function(self) {
Connection.makeConnection(self);
initServer(self);
- delete self.xmppVersion; // for now, until we support TLS and SASL?
+ // No credentials means we cannot <starttls/> on the server
+ // side. Unfortunately this is required for XMPP 1.0.
+ if (!self.credentials)
+ delete self.xmppVersion;
self.startStream();
self.streamId = generateId();
@@ -94,10 +97,26 @@ exports.makeIncomingServer = function(self) {
if (self.xmppVersion)
tag += " version='" + self.xmppVersion + "'";
tag += ">";
- if (self.xmppVersion == '1.0')
- tag += "<stream:features/>";
+ if (self.xmppVersion == '1.0') {
+ tag += "<stream:features>";
+ if (self.credentials && !self.secureEstablished)
+ tag += "<starttls xmlns='" + Connection.NS_XMPP_TLS + "'/>";
+ tag += "</stream:features>";
+ }
self.send(tag);
});
+ self.addListener('rawStanza', function(stanza) {
+ if (stanza.is('starttls', Connection.NS_XMPP_TLS)) {
+ self.send(new xml.Element('proceed', { xmlns: Connection.NS_XMPP_TLS }));
+ self.stopParser();
+ console.log("setSecure...");
+ self.setSecure(self.credentials);
+ self.addListener('secure', function() {
+ console.log("secure!!!");
+ self.startParser();
+ });
+ }
+ });
return self;
};
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/ltx.git
More information about the Pkg-javascript-commits
mailing list