* rfc: client certificates for high volume clients (opertors' chat relays, notification servers, service bots)
* client certificates types (WIP)
* parameterize Transport
* protocol/schema/api changes
* agent API
* rename command
* agent subscriptions return local ClientServiceId to chat
* verify transmissions
* fix receiving client certificates, refactor
* ntf server: remove shared queue for all notification subscriptions (#1543)
* ntf server: remove shared queue for all notification subscriptions
* wait for subscriber with timeout
* safer
* refactor
* log
* remove unused
* WIP service subscriptions and associations, refactor
* process service subscriptions
* rename
* simplify switching subscriptions
* SMP service handshake with additional server handshake response
* notification delivery and STM persistence for services
* smp server: database storage, store log, fix encoding for STORE error, replace String with Text in locks and error
* stats
* more stats
* rename SMP commands
* service subscriptions in ntf server agent (tests fail)
* fix
* refactor
* exports
* subscribe ntf server as service for associated queues
* test ntf service connection, fix SOKS response, fix service associations not removed in STM storage
* INI option to support services
* ntf server: downgrade subscriptions when service is no longer supported, track counts of subscribed queues
* smp protocol: include service certificate fingerprint in the string signed over with entity key (TODO two tests fail)
* fix test
* ntf server prometheus stats, use Int64 in SOKS/ENDS responses (to avoid conversions), additional error status for ntf subscription
* update RFC
* refactor useServiceAuth to avoid ad hoc decisions about which commands use service signatures, and to prohibit service signatures on other commands
* remove duplicate service signature syntax check from checkCredentials, it is checked in verifyTransmission
* service errors, todos
* fix checkCredentials in ntf server, service errors
* refactor service auth
* refactor
* service agent: store returned queue count instead of expected
* refactor serverThread
* refactor serviceSig
* rename
* refactor, rename, test repeat NSUB service association
* respond with error to SUBS
* smp server: export/import service records between database and store log
* comment
* comments
* ghc 8.10.7
* parameterize transport by peer type (client/server)
* LogDebug level when test is retried
* support "flipped" HTTP2, fix test retry to avoid retrying pending tests
* move sync to the end of the tests
* smp-server: Allow serving HTTPS and transport on the same port
* update rfc
* servers: refactor TLS credentials
* provide server credentials in SNI hook
* determine TLS server params dynamically, when starting the server
* remove alpn from TransportServerConfig to decide it dynamically where server is started
* diff
* combine HTTP and SMP on the shared port
* Update to SockAddr
* Fix params and web.https parser
* Switch fork urls
* WIP: add smpServerTestStatic test
* Update warp-tls repo
* shared connection tests
* cleanup
* Add protocol tests
* rename cert file, enable both ports and web by default
* terminate with message on missing credentials
* test cert file
* client option to use port 443 as default SMP port
* use SNI in non-SMP clients
* supported
* remove TODO
* advice
* fix test build
* Add RSA-4096 check for web creds, fix test
* Remove directory listing from static app
* message
* messages
* update log tests
---------
Co-authored-by: IC Rainbow <aenor.realm@gmail.com>
* servers: refactor TLS credentials
* provide server credentials in SNI hook
* determine TLS server params dynamically, when starting the server
* remove alpn from TransportServerConfig to decide it dynamically where server is started
* agent: support socks proxy without isolate-by-auth, with and without credentials
* add unit tests
* make xftp use correct SOCKS credentials
* rename
* support ipv6 in brackets, test parsing
* constant
* textToHostMode
* space
* smp: command authorization
* fix encoding, most tests
* remove old tests
* authorize via crypto_box
* extract authenticator to Crypto module
* make TransmissionAuth Maybe
* rfc
* support authenticators in NTF protocol, test matrix (no backwards compatibility yet from new clients to old servers)
* fix/add tests, add version config to "small" agent
* separate client and server versions for SMP protocol
* test batching SMP v7
* do not send session ID in each transmission
* refactor auth verification in the server, split tests
* server "warm up" fixes timing test
* uncomment SUB timing test
* comments, disable two timing tests
* rename version
* increase auth timing test failure threshold
* use different algorithms to authorize snd/rcv commands, use random correlation ID
* transport: fetch and store server certificate (#985)
* THandleParams (WIP, does not compile)
* transport: fetch and store server certificate
* smp: add getOnlinePubKey example to smpClientHandshake
* add server certs and sign authPub
* cleanup
* update
* style
* load server certs from test fixtures
* sign ntf authPubKey
* fix onServerCertificate
* increase delay before sending messages
* require certificate with key in SMP server handshake
---------
Co-authored-by: Evgeny Poberezkin <evgeny@poberezkin.com>
* remove dhSecret from THandle
* remove v8, merge all changes to one version
* parameterize THandle
* rfc: transmission ecnryption
* Revert "parameterize THandle"
This reverts commit 75adfc94fb.
* use batch syntax for ntf server commands
* separate encodeTransmission when there is no key
* typo
Co-authored-by: spaced4ndy <8711996+spaced4ndy@users.noreply.github.com>
* rename
* diff
---------
Co-authored-by: Alexander Bondarenko <486682+dpwiz@users.noreply.github.com>
Co-authored-by: spaced4ndy <8711996+spaced4ndy@users.noreply.github.com>
* store SMP client version per queue
* use versioned format for queue addresses (not compatible with v1)
* multiple server hosts in queue URI/data, versioned encoding (cross-version tests fail)
* choose server host based on socksProxy setting
* test works
* multiple server addresses mostly work
* add onion hosts for provided servers
* update SMP hosts
* SMP v3: encrypt message timestamp and flags together with the body between server and recipient
* v3 tests
* update protocol doc
* add test for max size message
* delay in notifications test
* simplify v3
* encrypt server message to the recipient when sent
* refactor
* exit on error restoring the messages
* refactor, increase test timeout
* style
* add prints to the test
* remove error from unsafeMaxLenBS
* update protocol
* lint, improve test, change func param
* APN push client (WIP)
* APNS push client works
* TODO comments
* comment
* send notification and process the response
* config
* e2e encryption for notification parameter
* read apns key filename and ID from env
* connect APNS client to server, fix notification JSON encoding to use dash case
* do not connect to APNS on start to pass CI tests
* fix CI test
* remove redundant import
* notifications: protocol
* update protocol to include subscription ID and DH public key
* update protocol, started server
* add notification server subscription DH key
* use the same command type in notifications protocol, protocol parsing, server frame
* remove empty files
* use TCP keep-alive instead of SMP protocol PING
* update header files
* use CInt
* use Int again
* use network-3.1.2.7
* use https in cabal.project
* confitional keep-alive parameters to work on mac
* pass keep-alive opts via client/agent options
* remove space
