chore(release): publish packages

- moxxmpp@0.1.2+3
 - moxxmpp_socket_tcp@0.1.2+3

.gitignore

@@ -10,3 +10,6 @@ build/
 # Omit committing pubspec.lock for library packages; see
 # https://dart.dev/guides/libraries/private-files#pubspeclock.
 pubspec.lock
+
+# Omit pubspec override files generated by melos
+**/pubspec_overrides.yaml

README.md

@@ -18,6 +18,10 @@ if a DNS implementation is given, and supports StartTLS.
 To begin, use [melos](https://github.com/invertase/melos) to bootstrap the project: `melos bootstrap`. Then, the example
 can be run with `flutter run` on Linux or Android.
 
+To run the example, make sure that Flutter is correctly set up and working. If you use
+the development shell provided by the NixOS Flake, ensure that `ANDROID_HOME` and
+`ANDROID_AVD_HOME` are pointing to the correct directories.
+
 ## License
 
 See `./LICENSE`.

analysis_options.yaml

@@ -12,3 +12,4 @@ analyzer:
     - "**/*.g.dart"
     - "**/*.freezed.dart"
     - "test/"
+    - "integration_test/"

example/lib/main.dart

@@ -78,6 +78,7 @@ class _MyHomePageState extends State<MyHomePage> {
         CSINegotiator(),
         RosterFeatureNegotiator(),
         SaslPlainNegotiator(),
+        SaslScramNegotiator(10, '', '', ScramHashType.sha512),
         SaslScramNegotiator(9, '', '', ScramHashType.sha256),
         SaslScramNegotiator(8, '', '', ScramHashType.sha1),
       ]);

example/pubspec.yaml

@@ -16,10 +16,10 @@ dependencies:
     version: 0.1.4+1
   moxxmpp:
     hosted: https://git.polynom.me/api/packages/Moxxy/pub
-    version: 0.1.1
+    version: 0.1.2+3
   moxxmpp_socket_tcp:
     hosted: https://git.polynom.me/api/packages/Moxxy/pub
-    version: 0.1.1
+    version: 0.1.2+3
 
 dev_dependencies:
   flutter_test:

flake.nix

@@ -58,9 +58,7 @@
       CPATH = "${pkgs.xorg.libX11.dev}/include:${pkgs.xorg.xorgproto}/include";
       LD_LIBRARY_PATH = with pkgs; lib.makeLibraryPath [ atk cairo epoxy gdk-pixbuf glib gtk3 harfbuzz pango ];
 
-      ANDROID_HOME = (toString ./.) + "/.android/sdk";
       JAVA_HOME = pinnedJDK;
-      ANDROID_AVD_HOME = (toString ./.) + "/.android/avd";
     };
   });
 }

packages/moxxmpp/.pubignore

@@ -0,0 +1 @@
+pubspec_overrides.yaml

packages/moxxmpp/CHANGELOG.md

@@ -1,3 +1,19 @@
+## 0.1.2+3
+
+ - **FIX**: SASL SCRAM-SHA-{256,512} should now work.
+
+## 0.1.2+2
+
+ - **FIX**: Fix reconnections when the connection is awaited.
+
+## 0.1.2+1
+
+ - **FIX**: A certificate rejection does not crash the connection.
+
+## 0.1.2
+
+ - **FEAT**: Remove Moxxy specific strings.
+
 ## 0.1.1
 
  - **REFACTOR**: Move packages into packages/.

packages/moxxmpp/integration_test/failure_reconnection_test.dart

@@ -0,0 +1,55 @@
+import 'package:logging/logging.dart';
+import 'package:moxxmpp/moxxmpp.dart';
+import 'package:moxxmpp_socket_tcp/moxxmpp_socket_tcp.dart';
+import 'package:test/test.dart';
+
+void main() {
+  Logger.root.level = Level.ALL;
+  Logger.root.onRecord.listen((record) {
+    print('${record.level.name}: ${record.time}: ${record.message}');
+  });
+  final log = Logger('FailureReconnectionTest');
+
+  test('Failing an awaited connection', () async {
+    var errors = 0;
+    final connection = XmppConnection(
+      TestingSleepReconnectionPolicy(10),
+      TCPSocketWrapper(false),
+    );
+    connection.registerFeatureNegotiators([
+      StartTlsNegotiator(),
+    ]);
+    connection.registerManagers([
+      DiscoManager(),
+      RosterManager(),
+      PingManager(),
+      MessageManager(),
+      PresenceManager('http://moxxmpp.example'),
+    ]);
+    connection.asBroadcastStream().listen((event) {
+      if (event is ConnectionStateChangedEvent) {
+        if (event.state == XmppConnectionState.error) {
+          errors++;
+        }
+      }
+    });
+
+    connection.setConnectionSettings(
+      ConnectionSettings(
+        jid: JID.fromString('testuser@no-sasl.badxmpp.eu'),
+        password: 'abc123',
+        useDirectTLS: true,
+        allowPlainAuth: true,
+      ),
+    );
+
+    final result = await connection.connectAwaitable();
+    log.info('Connection failed as expected');
+    expect(result.success, false);
+    expect(errors, 1);
+
+    log.info('Waiting 20 seconds for unexpected reconnections');
+    await Future.delayed(const Duration(seconds: 20));
+    expect(errors, 1);
+  }, timeout: Timeout.factor(2));
+}

packages/moxxmpp/lib/src/connection.dart

@@ -163,6 +163,8 @@ class XmppConnection {
   /// Completers for certain actions
   // ignore: use_late_for_private_fields_and_variables
   Completer<XmppConnectionResult>? _connectionCompleter;
+  /// Controls whether an XmppSocketClosureEvent triggers a reconnection.
+  bool _socketClosureTriggersReconnect = true;
 
   /// Negotiators
   final Map<String, XmppFeatureNegotiatorBase> _featureNegotiators;
@@ -350,8 +352,18 @@ class XmppConnection {
       _log.severe('handleError: Called with null');
     } 
 
-    // TODO(Unknown): This may be too harsh for every error
-    await _setConnectionState(XmppConnectionState.notConnected);
+    // Whenever we encounter an error that would trigger a reconnection attempt while
+    // the connection result is being awaited, don't attempt a reconnection but instead
+    // try to gracefully disconnect.
+    if (_connectionCompleter != null) {
+      _log.info('Not triggering reconnection since connection result is being awaited');
+      await _disconnect(triggeredByUser: false, state: XmppConnectionState.error);
+      _connectionCompleter?.complete(const XmppConnectionResult(false));
+      _connectionCompleter = null;
+      return;
+    }
+
+    await _setConnectionState(XmppConnectionState.error);
     await _reconnectionPolicy.onFailure();
   }
 
@@ -360,8 +372,12 @@ class XmppConnection {
     if (event is XmppSocketErrorEvent) {
       await handleError(event.error);
     } else if (event is XmppSocketClosureEvent) {
-      _log.fine('Received XmppSocketClosureEvent. Reconnecting...');
-      await _reconnectionPolicy.onFailure();
+      if (_socketClosureTriggersReconnect) {
+        _log.fine('Received XmppSocketClosureEvent. Reconnecting...');
+        await _reconnectionPolicy.onFailure();
+      } else {
+        _log.fine('Received XmppSocketClosureEvent. No reconnection attempt since _socketClosureTriggersReconnect is false...');
+      }
     }
   }
 
@@ -796,6 +812,9 @@ class XmppConnection {
 
       _updateRoutingState(RoutingState.handleStanzas);
       await _onNegotiationsDone();
+    } else if (_currentNegotiator!.state == NegotiatorState.error) {
+      _log.severe('Negotiator returned an error');
+      await handleError(null);
     }
   }
   
@@ -956,15 +975,30 @@ class XmppConnection {
 
   /// Attempt to gracefully close the session
   Future<void> disconnect() async {
+    await _disconnect(state: XmppConnectionState.notConnected);
+  }
+
+  Future<void> _disconnect({required XmppConnectionState state, bool triggeredByUser = true}) async {
     _reconnectionPolicy.setShouldReconnect(false);
-    getPresenceManager().sendUnavailablePresence();
+    _socketClosureTriggersReconnect = false;
+
+    if (triggeredByUser) {
+      getPresenceManager().sendUnavailablePresence();
+    }
+
     _socket.prepareDisconnect();
-    sendRawString('</stream:stream>');
-    await _setConnectionState(XmppConnectionState.notConnected);
+
+    if (triggeredByUser) {
+      sendRawString('</stream:stream>');
+    }
+
+    await _setConnectionState(state);
     _socket.close();
 
-    // Clear Stream Management state, if available
-    await getStreamManagementManager()?.resetState();
+    if (triggeredByUser) {
+      // Clear Stream Management state, if available
+      await getStreamManagementManager()?.resetState();
+    }
   }
   
   /// Make sure that all required managers are registered
@@ -1000,7 +1034,7 @@ class XmppConnection {
     }
 
     await _reconnectionPolicy.reset();
-
+    _socketClosureTriggersReconnect = true;
     await _sendEvent(ConnectingEvent());
 
     final smManager = getStreamManagementManager();

packages/moxxmpp/lib/src/negotiators/sasl/scram.dart

@@ -30,6 +30,17 @@ HashAlgorithm hashFromType(ScramHashType type) {
   }
 }
 
+int pbkdfBitsFromHash(ScramHashType type) {
+  switch (type) {
+    // NOTE: SHA1 is 20 octets long => 20 octets * 8 bits/octet
+    case ScramHashType.sha1: return 160;
+    // NOTE: SHA256 is 32 octets long => 32 octets * 8 bits/octet
+    case ScramHashType.sha256: return 256;
+    // NOTE: SHA512 is 64 octets long => 64 octets * 8 bits/octet
+    case ScramHashType.sha512: return 512;
+  }
+}
+
 const scramSha1Mechanism = 'SCRAM-SHA-1';
 const scramSha256Mechanism = 'SCRAM-SHA-256';
 const scramSha512Mechanism = 'SCRAM-SHA-512';
@@ -106,7 +117,7 @@ class SaslScramNegotiator extends SaslNegotiator {
     final pbkdf2 = Pbkdf2(
       macAlgorithm: Hmac(_hash),
       iterations: iterations,
-      bits: 160, // NOTE: RFC says 20 octets => 20 octets * 8 bits/octet
+      bits: pbkdfBitsFromHash(hashType),
     );
 
     final saltedPasswordRaw = await pbkdf2.deriveKey(

packages/moxxmpp/lib/src/reconnect.dart

@@ -93,6 +93,7 @@ class ExponentialBackoffReconnectionPolicy extends ReconnectionPolicy {
     final isReconnecting = await isReconnectionRunning();
     if (shouldReconnect) {
       if (!isReconnecting) {
+        await setIsReconnecting(true);
         await performReconnect!();
       } else {
         // Should never happen.
@@ -117,7 +118,6 @@ class ExponentialBackoffReconnectionPolicy extends ReconnectionPolicy {
   Future<void> onFailure() async {
     _log.finest('Failure occured. Starting exponential backoff');
     _counter++;
-    await setIsReconnecting(true);
 
     if (_timer != null) {
       _timer!.cancel();
@@ -148,3 +148,23 @@ class TestingReconnectionPolicy extends ReconnectionPolicy {
   @override
   Future<void> reset() async {}
 }
+
+/// A reconnection policy for tests that waits a constant number of seconds before
+/// attempting a reconnection.
+@visibleForTesting
+class TestingSleepReconnectionPolicy extends ReconnectionPolicy {
+  TestingSleepReconnectionPolicy(this._sleepAmount) : super();
+  final int _sleepAmount;
+  
+  @override
+  Future<void> onSuccess() async {}
+
+  @override
+  Future<void> onFailure() async {
+    await Future<void>.delayed(Duration(seconds: _sleepAmount));
+    await performReconnect!();
+  }
+
+  @override
+  Future<void> reset() async {}
+}

packages/moxxmpp/pubspec.yaml

@@ -1,6 +1,6 @@
 name: moxxmpp
 description: A pure-Dart XMPP library
-version: 0.1.1
+version: 0.1.2+3
 homepage: https://codeberg.org/moxxy/moxxmpp
 publish_to: https://git.polynom.me/api/packages/Moxxy/pub
 
@@ -29,5 +29,8 @@ dependencies:
 
 dev_dependencies:
   build_runner: ^2.1.11
+  moxxmpp_socket_tcp:
+   hosted: https://git.polynom.me/api/packages/Moxxy/pub
+   version: ^0.1.2+3
   test: ^1.16.0
   very_good_analysis: ^3.0.1

packages/moxxmpp/test/sasl/kv_test.dart

@@ -0,0 +1,27 @@
+import 'package:moxxmpp/src/negotiators/sasl/kv.dart';
+import 'package:moxxmpp/moxxmpp.dart';
+import 'package:test/test.dart';
+
+void main() {
+  test('Test the Key-Value parser', () {
+      final result1 = parseKeyValue('n,,n=user,r=fyko+d2lbbFgONRv9qkxdawL');
+      expect(result1.length, 2);
+      expect(result1['n']!, 'user');
+      expect(result1['r']!, 'fyko+d2lbbFgONRv9qkxdawL');
+
+      final result2 = parseKeyValue('r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096');
+      expect(result2.length, 3);
+      expect(result2['r']!, 'fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j');
+      expect(result2['s']!, 'QSXCR+Q6sek8bf92');
+      expect(result2['i']!, '4096');
+  });
+
+  test("Test the Key-Value parser with '=' as a value", () {
+      final result = parseKeyValue('c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=,o=123');
+      expect(result.length, 4);
+      expect(result['c']!, 'biws');
+      expect(result['r']!, 'fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j');
+      expect(result['p']!, 'v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=');
+      expect(result['o']!, '123');
+  });
+}

packages/moxxmpp/test/sasl/scram_test.dart

@@ -0,0 +1,207 @@
+import 'dart:convert';
+import 'package:hex/hex.dart';
+import 'package:moxxmpp/moxxmpp.dart';
+import 'package:test/test.dart';
+import '../helpers/xmpp.dart';
+
+final scramSha1StreamFeatures = XMLNode(
+  tag: 'stream:features',
+  children: [
+    XMLNode.xmlns(
+      tag: 'mechanisms',
+      xmlns: saslXmlns,
+      children: [
+        XMLNode(
+          tag: 'mechanism',
+          text: 'SCRAM-SHA-1',
+        )
+      ],
+    )
+  ],
+);
+final scramSha256StreamFeatures = XMLNode(
+  tag: 'stream:features',
+  children: [
+    XMLNode.xmlns(
+      tag: 'mechanisms',
+      xmlns: saslXmlns,
+      children: [
+        XMLNode(
+          tag: 'mechanism',
+          text: 'SCRAM-SHA-256',
+        )
+      ],
+    )
+  ],
+);
+
+void main() {
+  final fakeSocket = StubTCPSocket(play: []);
+  test('Test SASL SCRAM-SHA-1', () async {
+      final negotiator = SaslScramNegotiator(0, 'n=user,r=fyko+d2lbbFgONRv9qkxdawL', 'fyko+d2lbbFgONRv9qkxdawL', ScramHashType.sha1);
+      negotiator.register(
+        NegotiatorAttributes(
+          (XMLNode _, {String? redact}) {},
+          () => ConnectionSettings(jid: JID.fromString('user@server'), password: 'pencil', useDirectTLS: true, allowPlainAuth: true),
+          (_) async {},
+          getNegotiatorNullStub,
+          getManagerNullStub,
+          () => JID.fromString('user@server'),
+          () => fakeSocket,
+          () => false,
+        ),
+      );
+
+      expect(
+        HEX.encode(await negotiator.calculateSaltedPassword('QSXCR+Q6sek8bf92', 4096)),
+        '1d96ee3a529b5a5f9e47c01f229a2cb8a6e15f7d',
+      );
+      expect(
+        HEX.encode(
+          await negotiator.calculateClientKey(HEX.decode('1d96ee3a529b5a5f9e47c01f229a2cb8a6e15f7d')),
+        ),
+        'e234c47bf6c36696dd6d852b99aaa2ba26555728',
+      );
+      const authMessage = 'n=user,r=fyko+d2lbbFgONRv9qkxdawL,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096,c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j';
+      expect(
+        HEX.encode(
+          await negotiator.calculateClientSignature(authMessage, HEX.decode('e9d94660c39d65c38fbad91c358f14da0eef2bd6')),
+        ),
+        '5d7138c486b0bfabdf49e3e2da8bd6e5c79db613',
+      );
+      expect(
+        HEX.encode(
+          negotiator.calculateClientProof(HEX.decode('e234c47bf6c36696dd6d852b99aaa2ba26555728'), HEX.decode('5d7138c486b0bfabdf49e3e2da8bd6e5c79db613')),
+        ),
+        'bf45fcbf7073d93d022466c94321745fe1c8e13b',
+      );
+      expect(
+        HEX.encode(
+          await negotiator.calculateServerSignature(authMessage, HEX.decode('0fe09258b3ac852ba502cc62ba903eaacdbf7d31')),
+        ),
+        'ae617da6a57c4bbb2e0286568dae1d251905b0a4',
+      );
+      expect(
+        HEX.encode(
+          await negotiator.calculateServerKey(HEX.decode('1d96ee3a529b5a5f9e47c01f229a2cb8a6e15f7d')),
+        ),
+        '0fe09258b3ac852ba502cc62ba903eaacdbf7d31',
+      );
+      expect(
+        HEX.encode(
+          negotiator.calculateClientProof(
+            HEX.decode('e234c47bf6c36696dd6d852b99aaa2ba26555728'),
+            HEX.decode('5d7138c486b0bfabdf49e3e2da8bd6e5c79db613'),
+          ),
+        ),
+        'bf45fcbf7073d93d022466c94321745fe1c8e13b',
+      );
+
+      expect(await negotiator.calculateChallengeResponse('cj1meWtvK2QybGJiRmdPTlJ2OXFreGRhd0wzcmZjTkhZSlkxWlZ2V1ZzN2oscz1RU1hDUitRNnNlazhiZjkyLGk9NDA5Ng=='), 'c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=');
+  });
+
+  test('Test SASL SCRAM-SHA-256', () async {
+      String? lastMessage;
+      final negotiator = SaslScramNegotiator(0, 'n=user,r=rOprNGfwEbeRWgbNEkqO', 'rOprNGfwEbeRWgbNEkqO', ScramHashType.sha256);
+      negotiator.register(
+        NegotiatorAttributes(
+          (XMLNode n, {String? redact}) => lastMessage = n.innerText(),
+          () => ConnectionSettings(jid: JID.fromString('user@server'), password: 'pencil', useDirectTLS: true, allowPlainAuth: true),
+          (_) async {},
+          getNegotiatorNullStub,
+          getManagerNullStub,
+          () => JID.fromString('user@server'),
+          () => fakeSocket,
+          () => false,
+        ),
+      );
+
+      await negotiator.negotiate(scramSha256StreamFeatures);
+      expect(
+        utf8.decode(base64Decode(lastMessage!)),
+        'n,,n=user,r=rOprNGfwEbeRWgbNEkqO',
+      );
+      
+      await negotiator.negotiate(XMLNode.fromString("<challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cj1yT3ByTkdmd0ViZVJXZ2JORWtxTyVodllEcFdVYTJSYVRDQWZ1eEZJbGopaE5sRiRrMCxzPVcyMlphSjBTTlk3c29Fc1VFamI2Z1E9PSxpPTQwOTY=</challenge>"));
+      expect(
+        utf8.decode(base64Decode(lastMessage!)),
+        'c=biws,r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF\$k0,p=dHzbZapWIk4jUhN+Ute9ytag9zjfMHgsqmmiz7AndVQ=',
+      );
+
+      await negotiator.negotiate(XMLNode.fromString("<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>dj02cnJpVFJCaTIzV3BSUi93dHVwK21NaFVaVW4vZEI1bkxUSlJzamw5NUc0PQ==</success>"));
+
+      expect(negotiator.state, NegotiatorState.done);
+  });
+  
+  test('Test a positive server signature check', () async {
+      final negotiator = SaslScramNegotiator(0, 'n=user,r=fyko+d2lbbFgONRv9qkxdawL', 'fyko+d2lbbFgONRv9qkxdawL', ScramHashType.sha1);
+      negotiator.register(
+        NegotiatorAttributes(
+          (XMLNode _, {String? redact}) {},
+          () => ConnectionSettings(jid: JID.fromString('user@server'), password: 'pencil', useDirectTLS: true, allowPlainAuth: true),
+          (_) async {},
+          getNegotiatorNullStub,
+          getManagerNullStub,
+          () => JID.fromString('user@server'),
+          () => fakeSocket,
+          () => false,
+        ),
+      );
+
+      await negotiator.negotiate(scramSha1StreamFeatures);
+      await negotiator.negotiate(XMLNode.fromString("<challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cj1meWtvK2QybGJiRmdPTlJ2OXFreGRhd0wzcmZjTkhZSlkxWlZ2V1ZzN2oscz1RU1hDUitRNnNlazhiZjkyLGk9NDA5Ng==</challenge>"));
+      await negotiator.negotiate(XMLNode.fromString("<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>dj1ybUY5cHFWOFM3c3VBb1pXamE0ZEpSa0ZzS1E9</success>"));
+
+      expect(negotiator.state, NegotiatorState.done);
+  });
+
+  test('Test a negative server signature check', () async {
+      final negotiator = SaslScramNegotiator(0, 'n=user,r=fyko+d2lbbFgONRv9qkxdawL', 'fyko+d2lbbFgONRv9qkxdawL', ScramHashType.sha1);
+      negotiator.register(
+        NegotiatorAttributes(
+          (XMLNode _, {String? redact}) {},
+          () => ConnectionSettings(jid: JID.fromString('user@server'), password: 'pencil', useDirectTLS: true, allowPlainAuth: true),
+          (_) async {},
+          getNegotiatorNullStub,
+          getManagerNullStub,
+          () => JID.fromString('user@server'),
+          () => fakeSocket,
+          () => false,
+        ),
+      );
+
+      await negotiator.negotiate(scramSha1StreamFeatures);
+      await negotiator.negotiate(XMLNode.fromString("<challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cj1meWtvK2QybGJiRmdPTlJ2OXFreGRhd0wzcmZjTkhZSlkxWlZ2V1ZzN2oscz1RU1hDUitRNnNlazhiZjkyLGk9NDA5Ng==</challenge>"));
+      await negotiator.negotiate(XMLNode.fromString("<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>dj1zbUY5cHFWOFM3c3VBb1pXamE0ZEpSa0ZzS1E9</success>"));
+
+      expect(negotiator.state, NegotiatorState.error);
+  });
+
+  test('Test a resetting the SCRAM negotiator', () async {
+      final negotiator = SaslScramNegotiator(0, 'n=user,r=fyko+d2lbbFgONRv9qkxdawL', 'fyko+d2lbbFgONRv9qkxdawL', ScramHashType.sha1);
+      negotiator.register(
+        NegotiatorAttributes(
+          (XMLNode _, {String? redact}) {},
+          () => ConnectionSettings(jid: JID.fromString('user@server'), password: 'pencil', useDirectTLS: true, allowPlainAuth: true),
+          (_) async {},
+          getNegotiatorNullStub,
+          getManagerNullStub,
+          () => JID.fromString('user@server'),
+          () => fakeSocket,
+          () => false,
+        ),
+      );
+
+      await negotiator.negotiate(scramSha1StreamFeatures);
+      await negotiator.negotiate(XMLNode.fromString("<challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cj1meWtvK2QybGJiRmdPTlJ2OXFreGRhd0wzcmZjTkhZSlkxWlZ2V1ZzN2oscz1RU1hDUitRNnNlazhiZjkyLGk9NDA5Ng==</challenge>"));
+      await negotiator.negotiate(XMLNode.fromString("<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>dj1ybUY5cHFWOFM3c3VBb1pXamE0ZEpSa0ZzS1E9</success>"));
+      expect(negotiator.state, NegotiatorState.done);
+
+      // Reset and try again
+      negotiator.reset();
+      await negotiator.negotiate(scramSha1StreamFeatures);
+      await negotiator.negotiate(XMLNode.fromString("<challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cj1meWtvK2QybGJiRmdPTlJ2OXFreGRhd0wzcmZjTkhZSlkxWlZ2V1ZzN2oscz1RU1hDUitRNnNlazhiZjkyLGk9NDA5Ng==</challenge>"));
+      await negotiator.negotiate(XMLNode.fromString("<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>dj1ybUY5cHFWOFM3c3VBb1pXamE0ZEpSa0ZzS1E9</success>"));
+      expect(negotiator.state, NegotiatorState.done);
+  });
+}

packages/moxxmpp_socket_tcp/.pubignore

@@ -0,0 +1 @@
+pubspec_overrides.yaml

packages/moxxmpp_socket_tcp/CHANGELOG.md

@@ -1,3 +1,19 @@
+## 0.1.2+3
+
+ - Update a dependency to the latest release.
+
+## 0.1.2+2
+
+ - **FIX**: Fix reconnections when the connection is awaited.
+
+## 0.1.2+1
+
+ - **FIX**: A certificate rejection does not crash the connection.
+
+## 0.1.2
+
+ - **FEAT**: Make onBadCertificate available.
+
 ## 0.1.1
 
  - **REFACTOR**: Move packages into packages/.

packages/moxxmpp_socket_tcp/integration_test/badxmpp_certificate_test.dart

@@ -0,0 +1,64 @@
+import 'package:logging/logging.dart';
+import 'package:moxxmpp/moxxmpp.dart';
+import 'package:moxxmpp_socket_tcp/moxxmpp_socket_tcp.dart';
+import 'package:test/test.dart';
+
+Future<void> _runTest(String domain) async {
+  var gotTLSException = false;
+  final socket = TCPSocketWrapper(false);
+  final log = Logger('TestLogger');
+  socket.getEventStream().listen((event) {
+    if (event is XmppSocketTLSFailedEvent) {
+      log.info('Got XmppSocketTLSFailedEvent from socket');
+      gotTLSException = true;
+    }
+  });
+
+  final connection = XmppConnection(
+    ExponentialBackoffReconnectionPolicy(),
+    socket,
+  );
+  connection.registerFeatureNegotiators([
+    StartTlsNegotiator(),
+  ]);
+  connection.registerManagers([
+    DiscoManager(),
+    RosterManager(),
+    PingManager(),
+    MessageManager(),
+    PresenceManager('http://moxxmpp.example'),
+  ]);
+
+  connection.setConnectionSettings(
+    ConnectionSettings(
+      jid: JID.fromString('testuser@$domain'),
+      password: 'abc123',
+      useDirectTLS: true,
+      allowPlainAuth: true,
+    ),
+  );
+
+  final result = await connection.connectAwaitable();
+  expect(result.success, false);
+  expect(gotTLSException, true);
+}
+
+void main() {
+  Logger.root.level = Level.ALL;
+  Logger.root.onRecord.listen((record) {
+    print('${record.level.name}: ${record.time}: ${record.message}');
+  });
+
+  for (final domain in [
+    'self-signed.badxmpp.eu',
+    'expired.badxmpp.eu',
+    'wrong-name.badxmpp.eu',
+    'missing-chain.badxmpp.eu',
+    // TODO(Unknown): Technically, this one should not fail
+    //'ecdsa.badxmpp.eu',
+  ]) {
+    test('$domain with connectAwaitable', () async {
+      await _runTest(domain);
+    });
+  }
+}

packages/moxxmpp_socket_tcp/lib/moxxmpp_socket_tcp.dart

@@ -1,4 +1,5 @@
 library moxxmpp_socket_tcp;
 
+export 'src/events.dart';
 export 'src/record.dart';
 export 'src/socket.dart';

packages/moxxmpp_socket_tcp/lib/src/events.dart

@@ -0,0 +1,4 @@
+import 'package:moxxmpp/moxxmpp.dart';
+
+/// Triggered when TLS errors occur
+class XmppSocketTLSFailedEvent extends XmppSocketEvent {}

packages/moxxmpp_socket_tcp/lib/src/socket.dart

@@ -4,6 +4,7 @@ import 'dart:io';
 import 'package:logging/logging.dart';
 import 'package:meta/meta.dart';
 import 'package:moxxmpp/moxxmpp.dart';
+import 'package:moxxmpp_socket_tcp/src/events.dart';
 import 'package:moxxmpp_socket_tcp/src/record.dart';
 import 'package:moxxmpp_socket_tcp/src/rfc_2782.dart';
 
@@ -66,6 +67,7 @@ class TCPSocketWrapper extends BaseSocketWrapper {
       return false;
     }
 
+    var failedDueToTLS = false;
     results.sort(srvRecordSortComparator);
     for (final srv in results) {
       try {
@@ -91,12 +93,20 @@ class TCPSocketWrapper extends BaseSocketWrapper {
         _secure = true;
         _log.finest('Success!');
         return true;
-      } on SocketException catch(e) {
+      } on Exception catch(e) {
         _log.finest('Failure! $e');
         _ignoreSocketClosure = false;
+
+        if (e is HandshakeException) {
+          failedDueToTLS = true;
+        }
       }
     }
 
+    if (failedDueToTLS) {
+      _eventStream.add(XmppSocketTLSFailedEvent());
+    }
+    
     return false;
   }
   
@@ -118,7 +128,7 @@ class TCPSocketWrapper extends BaseSocketWrapper {
         _ignoreSocketClosure = false;
         _log.finest('Success!');
         return true;
-      } on SocketException catch(e) {
+      } on Exception catch(e) {
         _log.finest('Failure! $e');
         _ignoreSocketClosure = false;
         continue;
@@ -142,7 +152,7 @@ class TCPSocketWrapper extends BaseSocketWrapper {
       );
       _log.finest('Success!');
       return true;
-    } on SocketException catch(e) {
+    } on Exception catch(e) {
       _log.finest('Failure! $e');
       _ignoreSocketClosure = false;
       return false;
@@ -183,8 +193,14 @@ class TCPSocketWrapper extends BaseSocketWrapper {
       _ignoreSocketClosure = false;
       _setupStreams();
       return true;
-    } on SocketException {
+    } on Exception catch (e) {
+      _log.severe('Failed to secure socket: $e');
       _ignoreSocketClosure = false;
+
+      if (e is HandshakeException) {
+        _eventStream.add(XmppSocketTLSFailedEvent());
+      }
+
       return false;
     }
   }
@@ -293,7 +309,7 @@ class TCPSocketWrapper extends BaseSocketWrapper {
 
     try {
       _socket!.write(data);
-    } on SocketException catch (e) {
+    } on Exception catch (e) {
       _log.severe(e);
       _eventStream.add(XmppSocketErrorEvent(e));
     }

packages/moxxmpp_socket_tcp/pubspec.yaml

@@ -1,6 +1,6 @@
 name: moxxmpp_socket_tcp
 description: A socket for moxxmpp using TCP that implements the RFC6120 connection algorithm and XEP-0368
-version: 0.1.1
+version: 0.1.2+3
 homepage: https://codeberg.org/moxxy/moxxmpp
 publish_to: https://git.polynom.me/api/packages/Moxxy/pub
 
@@ -12,7 +12,7 @@ dependencies:
   meta: ^1.6.0
   moxxmpp:
     hosted: https://git.polynom.me/api/packages/Moxxy/pub
-    version: ^0.1.1
+    version: ^0.1.2+3
 
 dev_dependencies:
   lints: ^2.0.0