chore(release): publish packages

- moxxmpp@0.1.2+3
 - moxxmpp_socket_tcp@0.1.2+3

.gitignore

@@ -10,3 +10,6 @@ build/
 # Omit committing pubspec.lock for library packages; see
 # https://dart.dev/guides/libraries/private-files#pubspeclock.
 pubspec.lock
+
+# Omit pubspec override files generated by melos
+**/pubspec_overrides.yaml

README.md

@@ -18,6 +18,10 @@ if a DNS implementation is given, and supports StartTLS.
 To begin, use [melos](https://github.com/invertase/melos) to bootstrap the project: `melos bootstrap`. Then, the example
 can be run with `flutter run` on Linux or Android.
 
+To run the example, make sure that Flutter is correctly set up and working. If you use
+the development shell provided by the NixOS Flake, ensure that `ANDROID_HOME` and
+`ANDROID_AVD_HOME` are pointing to the correct directories.
+
 ## License
 
 See `./LICENSE`.

analysis_options.yaml

@@ -12,3 +12,4 @@ analyzer:
     - "**/*.g.dart"
     - "**/*.freezed.dart"
     - "test/"
+    - "integration_test/"

example/lib/main.dart

@@ -69,7 +69,7 @@ class _MyHomePageState extends State<MyHomePage> {
         RosterManager(),
         PingManager(),
         MessageManager(),
-        PresenceManager(),
+        PresenceManager('http://moxxmpp.example'),
       ])
       ..registerFeatureNegotiators([
         ResourceBindingNegotiator(),
@@ -78,6 +78,7 @@ class _MyHomePageState extends State<MyHomePage> {
         CSINegotiator(),
         RosterFeatureNegotiator(),
         SaslPlainNegotiator(),
+        SaslScramNegotiator(10, '', '', ScramHashType.sha512),
         SaslScramNegotiator(9, '', '', ScramHashType.sha256),
         SaslScramNegotiator(8, '', '', ScramHashType.sha1),
       ]);

example/pubspec.yaml

@@ -16,10 +16,10 @@ dependencies:
     version: 0.1.4+1
   moxxmpp:
     hosted: https://git.polynom.me/api/packages/Moxxy/pub
-    version: 0.1.0
+    version: 0.1.2+3
   moxxmpp_socket_tcp:
     hosted: https://git.polynom.me/api/packages/Moxxy/pub
-    version: 0.1.0
+    version: 0.1.2+3
 
 dev_dependencies:
   flutter_test:

flake.nix

@@ -58,9 +58,7 @@
       CPATH = "${pkgs.xorg.libX11.dev}/include:${pkgs.xorg.xorgproto}/include";
       LD_LIBRARY_PATH = with pkgs; lib.makeLibraryPath [ atk cairo epoxy gdk-pixbuf glib gtk3 harfbuzz pango ];
 
-      ANDROID_HOME = (toString ./.) + "/.android/sdk";
       JAVA_HOME = pinnedJDK;
-      ANDROID_AVD_HOME = (toString ./.) + "/.android/avd";
     };
   });
 }

packages/moxxmpp/.pubignore

@@ -0,0 +1 @@
+pubspec_overrides.yaml

packages/moxxmpp/CHANGELOG.md

@@ -1,3 +1,24 @@
+## 0.1.2+3
+
+ - **FIX**: SASL SCRAM-SHA-{256,512} should now work.
+
+## 0.1.2+2
+
+ - **FIX**: Fix reconnections when the connection is awaited.
+
+## 0.1.2+1
+
+ - **FIX**: A certificate rejection does not crash the connection.
+
+## 0.1.2
+
+ - **FEAT**: Remove Moxxy specific strings.
+
+## 0.1.1
+
+ - **REFACTOR**: Move packages into packages/.
+ - **FEAT**: Fix moxxmpp_socket_tcp's pubspec.
+
 ## 0.1.0
 
 - Initial version copied over from Moxxyv2

packages/moxxmpp/analysis_options.yaml

@@ -1 +1 @@
-include: ../analysis_options.yaml
+include: ../../analysis_options.yaml

packages/moxxmpp/integration_test/failure_reconnection_test.dart

@@ -0,0 +1,55 @@
+import 'package:logging/logging.dart';
+import 'package:moxxmpp/moxxmpp.dart';
+import 'package:moxxmpp_socket_tcp/moxxmpp_socket_tcp.dart';
+import 'package:test/test.dart';
+
+void main() {
+  Logger.root.level = Level.ALL;
+  Logger.root.onRecord.listen((record) {
+    print('${record.level.name}: ${record.time}: ${record.message}');
+  });
+  final log = Logger('FailureReconnectionTest');
+
+  test('Failing an awaited connection', () async {
+    var errors = 0;
+    final connection = XmppConnection(
+      TestingSleepReconnectionPolicy(10),
+      TCPSocketWrapper(false),
+    );
+    connection.registerFeatureNegotiators([
+      StartTlsNegotiator(),
+    ]);
+    connection.registerManagers([
+      DiscoManager(),
+      RosterManager(),
+      PingManager(),
+      MessageManager(),
+      PresenceManager('http://moxxmpp.example'),
+    ]);
+    connection.asBroadcastStream().listen((event) {
+      if (event is ConnectionStateChangedEvent) {
+        if (event.state == XmppConnectionState.error) {
+          errors++;
+        }
+      }
+    });
+
+    connection.setConnectionSettings(
+      ConnectionSettings(
+        jid: JID.fromString('testuser@no-sasl.badxmpp.eu'),
+        password: 'abc123',
+        useDirectTLS: true,
+        allowPlainAuth: true,
+      ),
+    );
+
+    final result = await connection.connectAwaitable();
+    log.info('Connection failed as expected');
+    expect(result.success, false);
+    expect(errors, 1);
+
+    log.info('Waiting 20 seconds for unexpected reconnections');
+    await Future.delayed(const Duration(seconds: 20));
+    expect(errors, 1);
+  }, timeout: Timeout.factor(2));
+}

packages/moxxmpp/lib/src/connection.dart

@@ -163,6 +163,8 @@ class XmppConnection {
   /// Completers for certain actions
   // ignore: use_late_for_private_fields_and_variables
   Completer<XmppConnectionResult>? _connectionCompleter;
+  /// Controls whether an XmppSocketClosureEvent triggers a reconnection.
+  bool _socketClosureTriggersReconnect = true;
 
   /// Negotiators
   final Map<String, XmppFeatureNegotiatorBase> _featureNegotiators;
@@ -350,8 +352,18 @@ class XmppConnection {
       _log.severe('handleError: Called with null');
     } 
 
-    // TODO(Unknown): This may be too harsh for every error
+    // Whenever we encounter an error that would trigger a reconnection attempt while
-    await _setConnectionState(XmppConnectionState.notConnected);
+    // the connection result is being awaited, don't attempt a reconnection but instead
+    // try to gracefully disconnect.
+    if (_connectionCompleter != null) {
+      _log.info('Not triggering reconnection since connection result is being awaited');
+      await _disconnect(triggeredByUser: false, state: XmppConnectionState.error);
+      _connectionCompleter?.complete(const XmppConnectionResult(false));
+      _connectionCompleter = null;
+      return;
+    }
+
+    await _setConnectionState(XmppConnectionState.error);
     await _reconnectionPolicy.onFailure();
   }
 
@@ -360,8 +372,12 @@ class XmppConnection {
     if (event is XmppSocketErrorEvent) {
       await handleError(event.error);
     } else if (event is XmppSocketClosureEvent) {
+      if (_socketClosureTriggersReconnect) {
         _log.fine('Received XmppSocketClosureEvent. Reconnecting...');
         await _reconnectionPolicy.onFailure();
+      } else {
+        _log.fine('Received XmppSocketClosureEvent. No reconnection attempt since _socketClosureTriggersReconnect is false...');
+      }
     }
   }
 
@@ -796,6 +812,9 @@ class XmppConnection {
 
       _updateRoutingState(RoutingState.handleStanzas);
       await _onNegotiationsDone();
+    } else if (_currentNegotiator!.state == NegotiatorState.error) {
+      _log.severe('Negotiator returned an error');
+      await handleError(null);
     }
   }
   
@@ -956,16 +975,31 @@ class XmppConnection {
 
   /// Attempt to gracefully close the session
   Future<void> disconnect() async {
+    await _disconnect(state: XmppConnectionState.notConnected);
+  }
+
+  Future<void> _disconnect({required XmppConnectionState state, bool triggeredByUser = true}) async {
     _reconnectionPolicy.setShouldReconnect(false);
+    _socketClosureTriggersReconnect = false;
+
+    if (triggeredByUser) {
       getPresenceManager().sendUnavailablePresence();
+    }
+
     _socket.prepareDisconnect();
+
+    if (triggeredByUser) {
       sendRawString('</stream:stream>');
-    await _setConnectionState(XmppConnectionState.notConnected);
+    }
+
+    await _setConnectionState(state);
     _socket.close();
 
+    if (triggeredByUser) {
       // Clear Stream Management state, if available
       await getStreamManagementManager()?.resetState();
     }
+  }
   
   /// Make sure that all required managers are registered
   void _runPreConnectionAssertions() {
@@ -1000,7 +1034,7 @@ class XmppConnection {
     }
 
     await _reconnectionPolicy.reset();
-
+    _socketClosureTriggersReconnect = true;
     await _sendEvent(ConnectingEvent());
 
     final smManager = getStreamManagementManager();

packages/moxxmpp/lib/src/managers/namespaces.dart

@@ -1,26 +1,26 @@
-const smManager = 'im.moxxy.streammangementmanager';
+const smManager = 'im.moxxmpp.streammangementmanager';
-const discoManager = 'im.moxxy.discomanager';
+const discoManager = 'im.moxxmpp.discomanager';
-const messageManager = 'im.moxxy.messagemanager';
+const messageManager = 'im.moxxmpp.messagemanager';
-const rosterManager = 'im.moxxy.rostermanager';
+const rosterManager = 'im.moxxmpp.rostermanager';
-const presenceManager = 'im.moxxy.presencemanager';
+const presenceManager = 'im.moxxmpp.presencemanager';
-const csiManager = 'im.moxxy.csimanager';
+const csiManager = 'im.moxxmpp.csimanager';
-const carbonsManager = 'im.moxxy.carbonsmanager';
+const carbonsManager = 'im.moxxmpp.carbonsmanager';
-const vcardManager = 'im.moxxy.vcardmanager';
+const vcardManager = 'im.moxxmpp.vcardmanager';
-const pubsubManager = 'im.moxxy.pubsubmanager';
+const pubsubManager = 'im.moxxmpp.pubsubmanager';
-const userAvatarManager = 'im.moxxy.useravatarmanager';
+const userAvatarManager = 'im.moxxmpp.useravatarmanager';
-const stableIdManager = 'im.moxxy.stableidmanager';
+const stableIdManager = 'im.moxxmpp.stableidmanager';
-const simsManager = 'im.moxxy.simsmanager';
+const simsManager = 'im.moxxmpp.simsmanager';
-const messageDeliveryReceiptManager = 'im.moxxy.messagedeliveryreceiptmanager';
+const messageDeliveryReceiptManager = 'im.moxxmpp.messagedeliveryreceiptmanager';
-const chatMarkerManager = 'im.moxxy.chatmarkermanager';
+const chatMarkerManager = 'im.moxxmpp.chatmarkermanager';
-const oobManager = 'im.moxxy.oobmanager';
+const oobManager = 'im.moxxmpp.oobmanager';
-const sfsManager = 'im.moxxy.sfsmanager';
+const sfsManager = 'im.moxxmpp.sfsmanager';
-const messageRepliesManager = 'im.moxxy.messagerepliesmanager';
+const messageRepliesManager = 'im.moxxmpp.messagerepliesmanager';
-const blockingManager = 'im.moxxy.blockingmanager';
+const blockingManager = 'im.moxxmpp.blockingmanager';
-const httpFileUploadManager = 'im.moxxy.httpfileuploadmanager';
+const httpFileUploadManager = 'im.moxxmpp.httpfileuploadmanager';
-const chatStateManager = 'im.moxxy.chatstatemanager';
+const chatStateManager = 'im.moxxmpp.chatstatemanager';
-const pingManager = 'im.moxxy.ping';
+const pingManager = 'im.moxxmpp.ping';
-const fileUploadNotificationManager = 'im.moxxy.fileuploadnotificationmanager';
+const fileUploadNotificationManager = 'im.moxxmpp.fileuploadnotificationmanager';
-const omemoManager = 'org.moxxy.omemomanager';
+const omemoManager = 'org.moxxmpp.omemomanager';
-const emeManager = 'org.moxxy.ememanager';
+const emeManager = 'org.moxxmpp.ememanager';
-const cryptographicHashManager = 'org.moxxy.cryptographichashmanager';
+const cryptographicHashManager = 'org.moxxmpp.cryptographichashmanager';
-const delayedDeliveryManager = 'org.moxxy.delayeddeliverymanager';
+const delayedDeliveryManager = 'org.moxxmpp.delayeddeliverymanager';

packages/moxxmpp/lib/src/negotiators/namespaces.dart

@@ -1,9 +1,9 @@
-const saslPlainNegotiator = 'im.moxxy.sasl.plain';
+const saslPlainNegotiator = 'im.moxxmpp.sasl.plain';
-const saslScramSha1Negotiator = 'im.moxxy.sasl.scram.sha1';
+const saslScramSha1Negotiator = 'im.moxxmpp.sasl.scram.sha1';
-const saslScramSha256Negotiator = 'im.moxxy.sasl.scram.sha256';
+const saslScramSha256Negotiator = 'im.moxxmpp.sasl.scram.sha256';
-const saslScramSha512Negotiator = 'im.moxxy.sasl.scram.sha512';
+const saslScramSha512Negotiator = 'im.moxxmpp.sasl.scram.sha512';
-const csiNegotiator = 'im.moxxy.xeps.csi';
+const csiNegotiator = 'im.moxxmpp.xeps.csi';
-const rosterNegotiator = 'im.moxxy.core.roster';
+const rosterNegotiator = 'im.moxxmpp.core.roster';
-const resourceBindingNegotiator = 'im.moxxy.core.resource';
+const resourceBindingNegotiator = 'im.moxxmpp.core.resource';
-const streamManagementNegotiator = 'im.moxxy.xeps.sm';
+const streamManagementNegotiator = 'im.moxxmpp.xeps.sm';
-const startTlsNegotiator = 'im.moxxy.core.starttls';
+const startTlsNegotiator = 'im.moxxmpp.core.starttls';

packages/moxxmpp/lib/src/negotiators/sasl/scram.dart

@@ -30,6 +30,17 @@ HashAlgorithm hashFromType(ScramHashType type) {
   }
 }
 
+int pbkdfBitsFromHash(ScramHashType type) {
+  switch (type) {
+    // NOTE: SHA1 is 20 octets long => 20 octets * 8 bits/octet
+    case ScramHashType.sha1: return 160;
+    // NOTE: SHA256 is 32 octets long => 32 octets * 8 bits/octet
+    case ScramHashType.sha256: return 256;
+    // NOTE: SHA512 is 64 octets long => 64 octets * 8 bits/octet
+    case ScramHashType.sha512: return 512;
+  }
+}
+
 const scramSha1Mechanism = 'SCRAM-SHA-1';
 const scramSha256Mechanism = 'SCRAM-SHA-256';
 const scramSha512Mechanism = 'SCRAM-SHA-512';
@@ -106,7 +117,7 @@ class SaslScramNegotiator extends SaslNegotiator {
     final pbkdf2 = Pbkdf2(
       macAlgorithm: Hmac(_hash),
       iterations: iterations,
-      bits: 160, // NOTE: RFC says 20 octets => 20 octets * 8 bits/octet
+      bits: pbkdfBitsFromHash(hashType),
     );
 
     final saltedPasswordRaw = await pbkdf2.deriveKey(

packages/moxxmpp/lib/src/presence.dart

@@ -14,9 +14,11 @@ import 'package:moxxmpp/src/xeps/xep_0115.dart';
 import 'package:moxxmpp/src/xeps/xep_0414.dart';
 
 class PresenceManager extends XmppManagerBase {
-
+  PresenceManager(this._capHashNode) : _capabilityHash = null, super();
-  PresenceManager() : _capabilityHash = null, super();
   String? _capabilityHash;
+  final String _capHashNode;
+
+  String get capabilityHashNode => _capHashNode;
   
   @override
   String getId() => presenceManager;
@@ -93,7 +95,7 @@ class PresenceManager extends XmppManagerBase {
             xmlns: capsXmlns,
             attributes: {
               'hash': 'sha-1',
-              'node': 'http://moxxy.im',
+              'node': _capHashNode,
               'ver': await getCapabilityHash()
             },
           )

packages/moxxmpp/lib/src/reconnect.dart

@@ -93,6 +93,7 @@ class ExponentialBackoffReconnectionPolicy extends ReconnectionPolicy {
     final isReconnecting = await isReconnectionRunning();
     if (shouldReconnect) {
       if (!isReconnecting) {
+        await setIsReconnecting(true);
         await performReconnect!();
       } else {
         // Should never happen.
@@ -117,7 +118,6 @@ class ExponentialBackoffReconnectionPolicy extends ReconnectionPolicy {
   Future<void> onFailure() async {
     _log.finest('Failure occured. Starting exponential backoff');
     _counter++;
-    await setIsReconnecting(true);
 
     if (_timer != null) {
       _timer!.cancel();
@@ -148,3 +148,23 @@ class TestingReconnectionPolicy extends ReconnectionPolicy {
   @override
   Future<void> reset() async {}
 }
+
+/// A reconnection policy for tests that waits a constant number of seconds before
+/// attempting a reconnection.
+@visibleForTesting
+class TestingSleepReconnectionPolicy extends ReconnectionPolicy {
+  TestingSleepReconnectionPolicy(this._sleepAmount) : super();
+  final int _sleepAmount;
+  
+  @override
+  Future<void> onSuccess() async {}
+
+  @override
+  Future<void> onFailure() async {
+    await Future<void>.delayed(Duration(seconds: _sleepAmount));
+    await performReconnect!();
+  }
+
+  @override
+  Future<void> reset() async {}
+}

packages/moxxmpp/lib/src/xeps/xep_0030/xep_0030.dart

@@ -157,7 +157,7 @@ class DiscoManager extends XmppManagerBase {
     final query = stanza.firstTag('query')!;
     final node = query.attributes['node'] as String?;
     final capHash = await presence.getCapabilityHash();
-    final isCapabilityNode = node == 'http://moxxy.im#$capHash';
+    final isCapabilityNode = node == '${presence.capabilityHashNode}#$capHash';
 
     if (!isCapabilityNode && node != null) {
       await getAttributes().sendStanza(Stanza.iq(
@@ -200,7 +200,7 @@ class DiscoManager extends XmppManagerBase {
             xmlns: discoInfoXmlns,
             attributes: {
               ...!isCapabilityNode ? {} : {
-                  'node': 'http://moxxy.im#$capHash'
+                'node': '${presence.capabilityHashNode}#$capHash'
               }
             },
             children: [

packages/moxxmpp/pubspec.yaml

@@ -1,11 +1,11 @@
 name: moxxmpp
 description: A pure-Dart XMPP library
-version: 0.1.0
+version: 0.1.2+3
 homepage: https://codeberg.org/moxxy/moxxmpp
 publish_to: https://git.polynom.me/api/packages/Moxxy/pub
 
 environment:
-  sdk: '>=2.18.0 <3.0.0'
+  sdk: '>=2.17.5 <3.0.0'
 
 dependencies:
   cryptography: ^2.0.5
@@ -29,5 +29,8 @@ dependencies:
 
 dev_dependencies:
   build_runner: ^2.1.11
+  moxxmpp_socket_tcp:
+   hosted: https://git.polynom.me/api/packages/Moxxy/pub
+   version: ^0.1.2+3
   test: ^1.16.0
   very_good_analysis: ^3.0.1

packages/moxxmpp/test/negotiator_test.dart

@@ -60,7 +60,7 @@ void main() {
       StubNegotiator2(),
     ])
     ..registerManagers([
-      PresenceManager(),
+      PresenceManager('http://moxxmpp.example'),
       RosterManager(),
       DiscoManager(),
       PingManager(),

packages/moxxmpp/test/sasl/kv_test.dart

@@ -0,0 +1,27 @@
+import 'package:moxxmpp/src/negotiators/sasl/kv.dart';
+import 'package:moxxmpp/moxxmpp.dart';
+import 'package:test/test.dart';
+
+void main() {
+  test('Test the Key-Value parser', () {
+      final result1 = parseKeyValue('n,,n=user,r=fyko+d2lbbFgONRv9qkxdawL');
+      expect(result1.length, 2);
+      expect(result1['n']!, 'user');
+      expect(result1['r']!, 'fyko+d2lbbFgONRv9qkxdawL');
+
+      final result2 = parseKeyValue('r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096');
+      expect(result2.length, 3);
+      expect(result2['r']!, 'fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j');
+      expect(result2['s']!, 'QSXCR+Q6sek8bf92');
+      expect(result2['i']!, '4096');
+  });
+
+  test("Test the Key-Value parser with '=' as a value", () {
+      final result = parseKeyValue('c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=,o=123');
+      expect(result.length, 4);
+      expect(result['c']!, 'biws');
+      expect(result['r']!, 'fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j');
+      expect(result['p']!, 'v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=');
+      expect(result['o']!, '123');
+  });
+}

packages/moxxmpp/test/sasl/scram_test.dart

@@ -0,0 +1,207 @@
+import 'dart:convert';
+import 'package:hex/hex.dart';
+import 'package:moxxmpp/moxxmpp.dart';
+import 'package:test/test.dart';
+import '../helpers/xmpp.dart';
+
+final scramSha1StreamFeatures = XMLNode(
+  tag: 'stream:features',
+  children: [
+    XMLNode.xmlns(
+      tag: 'mechanisms',
+      xmlns: saslXmlns,
+      children: [
+        XMLNode(
+          tag: 'mechanism',
+          text: 'SCRAM-SHA-1',
+        )
+      ],
+    )
+  ],
+);
+final scramSha256StreamFeatures = XMLNode(
+  tag: 'stream:features',
+  children: [
+    XMLNode.xmlns(
+      tag: 'mechanisms',
+      xmlns: saslXmlns,
+      children: [
+        XMLNode(
+          tag: 'mechanism',
+          text: 'SCRAM-SHA-256',
+        )
+      ],
+    )
+  ],
+);
+
+void main() {
+  final fakeSocket = StubTCPSocket(play: []);
+  test('Test SASL SCRAM-SHA-1', () async {
+      final negotiator = SaslScramNegotiator(0, 'n=user,r=fyko+d2lbbFgONRv9qkxdawL', 'fyko+d2lbbFgONRv9qkxdawL', ScramHashType.sha1);
+      negotiator.register(
+        NegotiatorAttributes(
+          (XMLNode _, {String? redact}) {},
+          () => ConnectionSettings(jid: JID.fromString('user@server'), password: 'pencil', useDirectTLS: true, allowPlainAuth: true),
+          (_) async {},
+          getNegotiatorNullStub,
+          getManagerNullStub,
+          () => JID.fromString('user@server'),
+          () => fakeSocket,
+          () => false,
+        ),
+      );
+
+      expect(
+        HEX.encode(await negotiator.calculateSaltedPassword('QSXCR+Q6sek8bf92', 4096)),
+        '1d96ee3a529b5a5f9e47c01f229a2cb8a6e15f7d',
+      );
+      expect(
+        HEX.encode(
+          await negotiator.calculateClientKey(HEX.decode('1d96ee3a529b5a5f9e47c01f229a2cb8a6e15f7d')),
+        ),
+        'e234c47bf6c36696dd6d852b99aaa2ba26555728',
+      );
+      const authMessage = 'n=user,r=fyko+d2lbbFgONRv9qkxdawL,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096,c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j';
+      expect(
+        HEX.encode(
+          await negotiator.calculateClientSignature(authMessage, HEX.decode('e9d94660c39d65c38fbad91c358f14da0eef2bd6')),
+        ),
+        '5d7138c486b0bfabdf49e3e2da8bd6e5c79db613',
+      );
+      expect(
+        HEX.encode(
+          negotiator.calculateClientProof(HEX.decode('e234c47bf6c36696dd6d852b99aaa2ba26555728'), HEX.decode('5d7138c486b0bfabdf49e3e2da8bd6e5c79db613')),
+        ),
+        'bf45fcbf7073d93d022466c94321745fe1c8e13b',
+      );
+      expect(
+        HEX.encode(
+          await negotiator.calculateServerSignature(authMessage, HEX.decode('0fe09258b3ac852ba502cc62ba903eaacdbf7d31')),
+        ),
+        'ae617da6a57c4bbb2e0286568dae1d251905b0a4',
+      );
+      expect(
+        HEX.encode(
+          await negotiator.calculateServerKey(HEX.decode('1d96ee3a529b5a5f9e47c01f229a2cb8a6e15f7d')),
+        ),
+        '0fe09258b3ac852ba502cc62ba903eaacdbf7d31',
+      );
+      expect(
+        HEX.encode(
+          negotiator.calculateClientProof(
+            HEX.decode('e234c47bf6c36696dd6d852b99aaa2ba26555728'),
+            HEX.decode('5d7138c486b0bfabdf49e3e2da8bd6e5c79db613'),
+          ),
+        ),
+        'bf45fcbf7073d93d022466c94321745fe1c8e13b',
+      );
+
+      expect(await negotiator.calculateChallengeResponse('cj1meWtvK2QybGJiRmdPTlJ2OXFreGRhd0wzcmZjTkhZSlkxWlZ2V1ZzN2oscz1RU1hDUitRNnNlazhiZjkyLGk9NDA5Ng=='), 'c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=');
+  });
+
+  test('Test SASL SCRAM-SHA-256', () async {
+      String? lastMessage;
+      final negotiator = SaslScramNegotiator(0, 'n=user,r=rOprNGfwEbeRWgbNEkqO', 'rOprNGfwEbeRWgbNEkqO', ScramHashType.sha256);
+      negotiator.register(
+        NegotiatorAttributes(
+          (XMLNode n, {String? redact}) => lastMessage = n.innerText(),
+          () => ConnectionSettings(jid: JID.fromString('user@server'), password: 'pencil', useDirectTLS: true, allowPlainAuth: true),
+          (_) async {},
+          getNegotiatorNullStub,
+          getManagerNullStub,
+          () => JID.fromString('user@server'),
+          () => fakeSocket,
+          () => false,
+        ),
+      );
+
+      await negotiator.negotiate(scramSha256StreamFeatures);
+      expect(
+        utf8.decode(base64Decode(lastMessage!)),
+        'n,,n=user,r=rOprNGfwEbeRWgbNEkqO',
+      );
+      
+      await negotiator.negotiate(XMLNode.fromString("<challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cj1yT3ByTkdmd0ViZVJXZ2JORWtxTyVodllEcFdVYTJSYVRDQWZ1eEZJbGopaE5sRiRrMCxzPVcyMlphSjBTTlk3c29Fc1VFamI2Z1E9PSxpPTQwOTY=</challenge>"));
+      expect(
+        utf8.decode(base64Decode(lastMessage!)),
+        'c=biws,r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF\$k0,p=dHzbZapWIk4jUhN+Ute9ytag9zjfMHgsqmmiz7AndVQ=',
+      );
+
+      await negotiator.negotiate(XMLNode.fromString("<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>dj02cnJpVFJCaTIzV3BSUi93dHVwK21NaFVaVW4vZEI1bkxUSlJzamw5NUc0PQ==</success>"));
+
+      expect(negotiator.state, NegotiatorState.done);
+  });
+  
+  test('Test a positive server signature check', () async {
+      final negotiator = SaslScramNegotiator(0, 'n=user,r=fyko+d2lbbFgONRv9qkxdawL', 'fyko+d2lbbFgONRv9qkxdawL', ScramHashType.sha1);
+      negotiator.register(
+        NegotiatorAttributes(
+          (XMLNode _, {String? redact}) {},
+          () => ConnectionSettings(jid: JID.fromString('user@server'), password: 'pencil', useDirectTLS: true, allowPlainAuth: true),
+          (_) async {},
+          getNegotiatorNullStub,
+          getManagerNullStub,
+          () => JID.fromString('user@server'),
+          () => fakeSocket,
+          () => false,
+        ),
+      );
+
+      await negotiator.negotiate(scramSha1StreamFeatures);
+      await negotiator.negotiate(XMLNode.fromString("<challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cj1meWtvK2QybGJiRmdPTlJ2OXFreGRhd0wzcmZjTkhZSlkxWlZ2V1ZzN2oscz1RU1hDUitRNnNlazhiZjkyLGk9NDA5Ng==</challenge>"));
+      await negotiator.negotiate(XMLNode.fromString("<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>dj1ybUY5cHFWOFM3c3VBb1pXamE0ZEpSa0ZzS1E9</success>"));
+
+      expect(negotiator.state, NegotiatorState.done);
+  });
+
+  test('Test a negative server signature check', () async {
+      final negotiator = SaslScramNegotiator(0, 'n=user,r=fyko+d2lbbFgONRv9qkxdawL', 'fyko+d2lbbFgONRv9qkxdawL', ScramHashType.sha1);
+      negotiator.register(
+        NegotiatorAttributes(
+          (XMLNode _, {String? redact}) {},
+          () => ConnectionSettings(jid: JID.fromString('user@server'), password: 'pencil', useDirectTLS: true, allowPlainAuth: true),
+          (_) async {},
+          getNegotiatorNullStub,
+          getManagerNullStub,
+          () => JID.fromString('user@server'),
+          () => fakeSocket,
+          () => false,
+        ),
+      );
+
+      await negotiator.negotiate(scramSha1StreamFeatures);
+      await negotiator.negotiate(XMLNode.fromString("<challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cj1meWtvK2QybGJiRmdPTlJ2OXFreGRhd0wzcmZjTkhZSlkxWlZ2V1ZzN2oscz1RU1hDUitRNnNlazhiZjkyLGk9NDA5Ng==</challenge>"));
+      await negotiator.negotiate(XMLNode.fromString("<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>dj1zbUY5cHFWOFM3c3VBb1pXamE0ZEpSa0ZzS1E9</success>"));
+
+      expect(negotiator.state, NegotiatorState.error);
+  });
+
+  test('Test a resetting the SCRAM negotiator', () async {
+      final negotiator = SaslScramNegotiator(0, 'n=user,r=fyko+d2lbbFgONRv9qkxdawL', 'fyko+d2lbbFgONRv9qkxdawL', ScramHashType.sha1);
+      negotiator.register(
+        NegotiatorAttributes(
+          (XMLNode _, {String? redact}) {},
+          () => ConnectionSettings(jid: JID.fromString('user@server'), password: 'pencil', useDirectTLS: true, allowPlainAuth: true),
+          (_) async {},
+          getNegotiatorNullStub,
+          getManagerNullStub,
+          () => JID.fromString('user@server'),
+          () => fakeSocket,
+          () => false,
+        ),
+      );
+
+      await negotiator.negotiate(scramSha1StreamFeatures);
+      await negotiator.negotiate(XMLNode.fromString("<challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cj1meWtvK2QybGJiRmdPTlJ2OXFreGRhd0wzcmZjTkhZSlkxWlZ2V1ZzN2oscz1RU1hDUitRNnNlazhiZjkyLGk9NDA5Ng==</challenge>"));
+      await negotiator.negotiate(XMLNode.fromString("<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>dj1ybUY5cHFWOFM3c3VBb1pXamE0ZEpSa0ZzS1E9</success>"));
+      expect(negotiator.state, NegotiatorState.done);
+
+      // Reset and try again
+      negotiator.reset();
+      await negotiator.negotiate(scramSha1StreamFeatures);
+      await negotiator.negotiate(XMLNode.fromString("<challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cj1meWtvK2QybGJiRmdPTlJ2OXFreGRhd0wzcmZjTkhZSlkxWlZ2V1ZzN2oscz1RU1hDUitRNnNlazhiZjkyLGk9NDA5Ng==</challenge>"));
+      await negotiator.negotiate(XMLNode.fromString("<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>dj1ybUY5cHFWOFM3c3VBb1pXamE0ZEpSa0ZzS1E9</success>"));
+      expect(negotiator.state, NegotiatorState.done);
+  });
+}

packages/moxxmpp/test/xeps/xep_0030.dart

@@ -53,7 +53,7 @@ void main() {
           ignoreId: true,
         ),
         StringExpectation(
-          "<presence xmlns='jabber:client' from='polynomdivision@test.server/MU29eEZn'><show>chat</show><c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://moxxy.im' ver='QRTBC5cg/oYd+UOTYazSQR4zb/I=' /></presence>",
+          "<presence xmlns='jabber:client' from='polynomdivision@test.server/MU29eEZn'><show>chat</show><c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://moxxmpp.example' ver='QRTBC5cg/oYd+UOTYazSQR4zb/I=' /></presence>",
           '',
         ),
         StanzaExpectation(
@@ -73,7 +73,7 @@ void main() {
         allowPlainAuth: true,
     ),);
     conn.registerManagers([
-      PresenceManager(),
+      PresenceManager('http://moxxmpp.example'),
       RosterManager(),
       DiscoManager(),
       PingManager(),

packages/moxxmpp/test/xeps/xep_0198_test.dart

@@ -242,7 +242,7 @@ void main() {
       ),);
       final sm = StreamManagementManager();
       conn.registerManagers([
-          PresenceManager(),
+          PresenceManager('http://moxxmpp.example'),
           RosterManager(),
           DiscoManager(),
           PingManager(),
@@ -343,7 +343,7 @@ void main() {
             '<enabled xmlns="urn:xmpp:sm:3" id="some-long-sm-id" resume="true" />',
           ),
           StringExpectation(
-            "<presence xmlns='jabber:client' from='polynomdivision@test.server/MU29eEZn'><show>chat</show><c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://moxxy.im' ver='QRTBC5cg/oYd+UOTYazSQR4zb/I=' /></presence>",
+            "<presence xmlns='jabber:client' from='polynomdivision@test.server/MU29eEZn'><show>chat</show><c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://moxxmpp.example' ver='QRTBC5cg/oYd+UOTYazSQR4zb/I=' /></presence>",
             '<iq type="result" />',
           ),
           StanzaExpectation(
@@ -364,7 +364,7 @@ void main() {
       ),);
       final sm = StreamManagementManager();
       conn.registerManagers([
-          PresenceManager(),
+          PresenceManager('http://moxxmpp.example'),
           RosterManager(),
           DiscoManager(),
           PingManager(),
@@ -518,7 +518,7 @@ void main() {
           allowPlainAuth: true,
       ),);
       conn.registerManagers([
-          PresenceManager(),
+          PresenceManager('http://moxxmpp.example'),
           RosterManager(),
           DiscoManager(),
           PingManager(),
@@ -610,7 +610,7 @@ void main() {
           allowPlainAuth: true,
       ),);
       conn.registerManagers([
-          PresenceManager(),
+          PresenceManager('http://moxxmpp.example'),
           RosterManager(),
           DiscoManager(),
           PingManager(),
@@ -702,7 +702,7 @@ void main() {
           allowPlainAuth: true,
       ),);
       conn.registerManagers([
-          PresenceManager(),
+          PresenceManager('http://moxxmpp.example'),
           RosterManager(),
           DiscoManager(),
           PingManager(),

packages/moxxmpp/test/xmpp_test.dart

@@ -104,7 +104,7 @@ void main() {
                   attributes: {
                     // TODO: Somehow make the test ignore this attribute
                     'ver': 'QRTBC5cg/oYd+UOTYazSQR4zb/I=',
-                    'node': 'http://moxxy.im',
+                    'node': 'http://moxxmpp.example',
                     'hash': 'sha-1'
                   },
                 )
@@ -126,7 +126,7 @@ void main() {
           allowPlainAuth: true,
       ),);
       conn.registerManagers([
-        PresenceManager(),
+        PresenceManager('http://moxxmpp.example'),
         RosterManager(),
         DiscoManager(),
         PingManager(),
@@ -180,7 +180,7 @@ void main() {
         allowPlainAuth: true,
       ),);
       conn.registerManagers([
-        PresenceManager(),
+        PresenceManager('http://moxxmpp.example'),
         RosterManager(),
         DiscoManager(),
         PingManager(),
@@ -234,7 +234,7 @@ void main() {
           allowPlainAuth: true,
       ),);
       conn.registerManagers([
-        PresenceManager(),
+        PresenceManager('http://moxxmpp.example'),
         RosterManager(),
         DiscoManager(),
         PingManager(),
@@ -289,7 +289,7 @@ void main() {
         allowPlainAuth: false,
       ),);
       conn.registerManagers([
-        PresenceManager(),
+        PresenceManager('http://moxxmpp.example'),
         RosterManager(),
         DiscoManager(),
         PingManager(),

packages/moxxmpp_socket_tcp/.pubignore

@@ -0,0 +1 @@
+pubspec_overrides.yaml

packages/moxxmpp_socket_tcp/CHANGELOG.md

@@ -1,3 +1,24 @@
+## 0.1.2+3
+
+ - Update a dependency to the latest release.
+
+## 0.1.2+2
+
+ - **FIX**: Fix reconnections when the connection is awaited.
+
+## 0.1.2+1
+
+ - **FIX**: A certificate rejection does not crash the connection.
+
+## 0.1.2
+
+ - **FEAT**: Make onBadCertificate available.
+
+## 0.1.1
+
+ - **REFACTOR**: Move packages into packages/.
+ - **FEAT**: Fix moxxmpp_socket_tcp's pubspec.
+
 ## 0.1.0
 
 - Initial version.

packages/moxxmpp_socket_tcp/analysis_options.yaml

@@ -1,4 +1,4 @@
-include: ../analysis_options.yaml
+include: ../../analysis_options.yaml
 
 analyzer:
   exclude:

packages/moxxmpp_socket_tcp/integration_test/badxmpp_certificate_test.dart

@@ -0,0 +1,64 @@
+import 'package:logging/logging.dart';
+import 'package:moxxmpp/moxxmpp.dart';
+import 'package:moxxmpp_socket_tcp/moxxmpp_socket_tcp.dart';
+import 'package:test/test.dart';
+
+Future<void> _runTest(String domain) async {
+  var gotTLSException = false;
+  final socket = TCPSocketWrapper(false);
+  final log = Logger('TestLogger');
+  socket.getEventStream().listen((event) {
+    if (event is XmppSocketTLSFailedEvent) {
+      log.info('Got XmppSocketTLSFailedEvent from socket');
+      gotTLSException = true;
+    }
+  });
+
+  final connection = XmppConnection(
+    ExponentialBackoffReconnectionPolicy(),
+    socket,
+  );
+  connection.registerFeatureNegotiators([
+    StartTlsNegotiator(),
+  ]);
+  connection.registerManagers([
+    DiscoManager(),
+    RosterManager(),
+    PingManager(),
+    MessageManager(),
+    PresenceManager('http://moxxmpp.example'),
+  ]);
+
+  connection.setConnectionSettings(
+    ConnectionSettings(
+      jid: JID.fromString('testuser@$domain'),
+      password: 'abc123',
+      useDirectTLS: true,
+      allowPlainAuth: true,
+    ),
+  );
+
+  final result = await connection.connectAwaitable();
+  expect(result.success, false);
+  expect(gotTLSException, true);
+}
+
+void main() {
+  Logger.root.level = Level.ALL;
+  Logger.root.onRecord.listen((record) {
+    print('${record.level.name}: ${record.time}: ${record.message}');
+  });
+
+  for (final domain in [
+    'self-signed.badxmpp.eu',
+    'expired.badxmpp.eu',
+    'wrong-name.badxmpp.eu',
+    'missing-chain.badxmpp.eu',
+    // TODO(Unknown): Technically, this one should not fail
+    //'ecdsa.badxmpp.eu',
+  ]) {
+    test('$domain with connectAwaitable', () async {
+      await _runTest(domain);
+    });
+  }
+}

packages/moxxmpp_socket_tcp/lib/moxxmpp_socket_tcp.dart

@@ -1,4 +1,5 @@
 library moxxmpp_socket_tcp;
 
+export 'src/events.dart';
 export 'src/record.dart';
 export 'src/socket.dart';

packages/moxxmpp_socket_tcp/lib/src/events.dart

@@ -0,0 +1,4 @@
+import 'package:moxxmpp/moxxmpp.dart';
+
+/// Triggered when TLS errors occur
+class XmppSocketTLSFailedEvent extends XmppSocketEvent {}

packages/moxxmpp_socket_tcp/lib/src/socket.dart

@@ -4,6 +4,7 @@ import 'dart:io';
 import 'package:logging/logging.dart';
 import 'package:meta/meta.dart';
 import 'package:moxxmpp/moxxmpp.dart';
+import 'package:moxxmpp_socket_tcp/src/events.dart';
 import 'package:moxxmpp_socket_tcp/src/record.dart';
 import 'package:moxxmpp_socket_tcp/src/rfc_2782.dart';
 
@@ -50,11 +51,12 @@ class TCPSocketWrapper extends BaseSocketWrapper {
     return <MoxSrvRecord>[];
   }
 
-  bool _onBadCertificate(dynamic certificate, String domain) {
+  /// Called when we encounter a certificate we cannot verify. [certificate] refers to the certificate
-    _log.fine('Bad certificate: ${certificate.toString()}');
+  /// in question, while [domain] refers to the domain we try to validate the certificate against.
-    //final isExpired = certificate.endValidity.isAfter(DateTime.now());
+  ///
-    // TODO(Unknown): Either validate the certificate ourselves or use a platform native
+  /// Return true if the certificate should be accepted. Return false if it should be rejected.
-    //                hostname verifier (or Dart adds it themselves)
+  @visibleForOverriding
+  bool onBadCertificate(dynamic certificate, String domain) {
     return false;
   }
   
@@ -65,6 +67,7 @@ class TCPSocketWrapper extends BaseSocketWrapper {
       return false;
     }
 
+    var failedDueToTLS = false;
     results.sort(srvRecordSortComparator);
     for (final srv in results) {
       try {
@@ -83,18 +86,26 @@ class TCPSocketWrapper extends BaseSocketWrapper {
           sock,
           host: domain,
           supportedProtocols: const [ xmppClientALPNId ],
-          onBadCertificate: (cert) => _onBadCertificate(cert, domain),
+          onBadCertificate: (cert) => onBadCertificate(cert, domain),
         );
 
         _ignoreSocketClosure = false;
         _secure = true;
         _log.finest('Success!');
         return true;
-      } on SocketException catch(e) {
+      } on Exception catch(e) {
         _log.finest('Failure! $e');
         _ignoreSocketClosure = false;
+
+        if (e is HandshakeException) {
+          failedDueToTLS = true;
         }
       }
+    }
+
+    if (failedDueToTLS) {
+      _eventStream.add(XmppSocketTLSFailedEvent());
+    }
     
     return false;
   }
@@ -117,7 +128,7 @@ class TCPSocketWrapper extends BaseSocketWrapper {
         _ignoreSocketClosure = false;
         _log.finest('Success!');
         return true;
-      } on SocketException catch(e) {
+      } on Exception catch(e) {
         _log.finest('Failure! $e');
         _ignoreSocketClosure = false;
         continue;
@@ -141,7 +152,7 @@ class TCPSocketWrapper extends BaseSocketWrapper {
       );
       _log.finest('Success!');
       return true;
-    } on SocketException catch(e) {
+    } on Exception catch(e) {
       _log.finest('Failure! $e');
       _ignoreSocketClosure = false;
       return false;
@@ -175,15 +186,21 @@ class TCPSocketWrapper extends BaseSocketWrapper {
       _socket = await SecureSocket.secure(
         _socket!,
         supportedProtocols: const [ xmppClientALPNId ],
-        onBadCertificate: (cert) => _onBadCertificate(cert, domain),
+        onBadCertificate: (cert) => onBadCertificate(cert, domain),
       );
 
       _secure = true;
       _ignoreSocketClosure = false;
       _setupStreams();
       return true;
-    } on SocketException {
+    } on Exception catch (e) {
+      _log.severe('Failed to secure socket: $e');
       _ignoreSocketClosure = false;
+
+      if (e is HandshakeException) {
+        _eventStream.add(XmppSocketTLSFailedEvent());
+      }
+
       return false;
     }
   }
@@ -292,7 +309,7 @@ class TCPSocketWrapper extends BaseSocketWrapper {
 
     try {
       _socket!.write(data);
-    } on SocketException catch (e) {
+    } on Exception catch (e) {
       _log.severe(e);
       _eventStream.add(XmppSocketErrorEvent(e));
     }

packages/moxxmpp_socket_tcp/pubspec.yaml

@@ -1,18 +1,18 @@
 name: moxxmpp_socket_tcp
 description: A socket for moxxmpp using TCP that implements the RFC6120 connection algorithm and XEP-0368
-version: 0.1.0
+version: 0.1.2+3
 homepage: https://codeberg.org/moxxy/moxxmpp
 publish_to: https://git.polynom.me/api/packages/Moxxy/pub
 
 environment:
-  sdk: '>=2.18.0 <3.0.0'
+  sdk: '>=2.17.5 <3.0.0'
 
 dependencies:
   logging: ^1.0.2
   meta: ^1.6.0
   moxxmpp:
     hosted: https://git.polynom.me/api/packages/Moxxy/pub
-    version: ^0.1.0
+    version: ^0.1.2+3
 
 dev_dependencies:
   lints: ^2.0.0