+;;; Buttonify urls
+
+(defconst elpher-url-regex
+ "\\([a-zA-Z]+\\)://\\([a-zA-Z0-9.-]*[a-zA-Z0-9-]\\|\\[[a-zA-Z0-9:]+\\]\\)\\(:[0-9]+\\)?\\(/\\([0-9a-zA-Z_~?/@|:.%#=&-]*[0-9a-zA-Z_~?/@|#-]\\)?\\)?"
+ "Regexp used to locate and buttonify URLs in text files loaded by elpher.")
+
+(defun elpher-buttonify-urls (string)
+ "Turn substrings which look like urls in STRING into clickable buttons."
+ (with-temp-buffer
+ (insert string)
+ (goto-char (point-min))
+ (while (re-search-forward elpher-url-regex nil t)
+ (let ((page (elpher-page-from-url (substring-no-properties (match-string 0)))))
+ (make-text-button (match-beginning 0)
+ (match-end 0)
+ 'elpher-page page
+ 'action #'elpher-click-link
+ 'follow-link t
+ 'help-echo #'elpher--page-button-help
+ 'face 'button)))
+ (buffer-string)))
+
+;;; ANSI colors or XTerm colors (application and filtering)
+
+(or (require 'xterm-color nil t)
+ (require 'ansi-color))
+
+(defalias 'elpher-color-filter-apply
+ (if (fboundp 'xterm-color-filter)
+ (lambda (s)
+ (let ((_xterm-color-render nil))
+ (xterm-color-filter s)))
+ #'ansi-color-filter-apply)
+ "A function to filter out ANSI escape sequences.")
+
+(defalias 'elpher-color-apply
+ (if (fboundp 'xterm-color-filter)
+ #'xterm-color-filter
+ #'ansi-color-apply)
+ "A function to apply ANSI escape sequences.")
+
+;;; Processing text for display
+
+(defun elpher-process-text-for-display (string)
+ "Perform any desired processing of STRING prior to display as text.
+Currently includes buttonifying URLs and processing ANSI escape codes."
+ (elpher-buttonify-urls (if elpher-filter-ansi-from-text
+ (elpher-color-filter-apply string)
+ (elpher-color-apply string))))
+
+
+;;; Network error reporting
+;;
+
+(defun elpher-network-error (address error)
+ "Display ERROR message following unsuccessful negotiation with ADDRESS.
+ERROR can be either an error object or a string."
+ (elpher-with-clean-buffer
+ (insert (propertize "\n---- ERROR -----\n\n" 'face 'error)
+ "When attempting to retrieve " (elpher-address-to-url address) ":\n"
+ (if (stringp error) error (error-message-string error)) "\n"
+ (propertize "\n----------------\n\n" 'face 'error)
+ "Press 'u' to return to the previous page.")))
+
+
+;;; General network communication
+;;
+
+(defvar elpher-network-timer nil
+ "Timer used for network connections.")
+
+(defvar elpher-use-tls nil
+ "If non-nil, use TLS to communicate with gopher servers.")
+
+(defvar elpher-client-certificate nil
+ "If non-nil, contains client certificate details to use for TLS connections.")
+
+(defun elpher-process-cleanup ()
+ "Immediately shut down any extant elpher process and timers."
+ (let ((p (get-process "elpher-process")))
+ (if p (delete-process p)))
+ (if (timerp elpher-network-timer)
+ (cancel-timer elpher-network-timer)))
+
+(defun elpher-make-network-timer (thunk)
+ "Create a timer to run the THUNK after `elpher-connection-timeout' seconds.
+This is just a wraper around `run-at-time' which additionally sets the
+buffer-local variable `elpher-network-timer' to allow
+`elpher-process-cleanup' to also clear the timer."
+ (let ((timer (run-at-time elpher-connection-timeout nil thunk)))
+ (setq-local elpher-network-timer timer)
+ timer))
+
+(defun elpher-get-host-response (address default-port query-string response-processor
+ &optional use-tls force-ipv4)
+ "Generic function for retrieving data from ADDRESS.
+
+When ADDRESS lacks a specific port, DEFAULT-PORT is used instead.
+QUERY-STRING is a string sent to the host specified by ADDRESS to
+illicet a response. This response is passed as an argument to the
+function RESPONSE-PROCESSOR.
+
+If non-nil, USE-TLS specifies that the connection is to be made over
+TLS. If set to gemini, the certificate verification will be disabled
+unless `elpher-gemini-TLS-cert-checks' is non-nil.
+
+If non-nil, FORCE-IPV4 causes the network connection to be made over
+ipv4 only. (The default behaviour when this is not set depends on
+the host operating system and the local network capabilities.)"
+ (if (and use-tls (not (gnutls-available-p)))
+ (error "Use of TLS requires Emacs to be compiled with GNU TLS support")
+ (unless (< (elpher-address-port address) 65536)
+ (error "Cannot establish network connection: port number > 65536"))
+ (when (and (eq use-tls 'gemini) (not elpher-gemini-TLS-cert-checks))
+ (setq-local network-security-level 'low)
+ (setq-local gnutls-verify-error nil))
+ (condition-case nil
+ (let* ((kill-buffer-query-functions nil)
+ (port (elpher-address-port address))
+ (host (elpher-address-host address))
+ (service (if (> port 0) port default-port))
+ (response-string-parts nil)
+ (bytes-received 0)
+ (hkbytes-received 0)
+ (socks (or elpher-socks-always (string-suffix-p ".onion" host)))
+ (gnutls-params (list :type 'gnutls-x509pki
+ :hostname host
+ :keylist
+ (elpher-get-current-keylist address)))
+ (timer (elpher-make-network-timer
+ (lambda ()
+ (elpher-process-cleanup)
+ (cond
+ ; Try again with IPv4
+ ((not (or elpher-ipv4-always force-ipv4 socks))
+ (message "Connection timed out. Retrying with IPv4.")
+ (elpher-get-host-response address default-port
+ query-string
+ response-processor
+ use-tls t))
+ ((and use-tls
+ (not (eq use-tls 'gemini))
+ (or elpher-auto-disengage-TLS
+ (y-or-n-p
+ "TLS connetion failed. Disable TLS mode and retry? ")))
+ (setq elpher-use-tls nil)
+ (elpher-get-host-response address default-port
+ query-string
+ response-processor
+ nil force-ipv4))
+ (t
+ (elpher-network-error address "Connection time-out."))))))
+ (proc (if socks (socks-open-network-stream "elpher-process" nil host service)
+ (make-network-process :name "elpher-process"
+ :host host
+ :family (and (or force-ipv4
+ elpher-ipv4-always)
+ 'ipv4)
+ :service service
+ :buffer nil
+ :nowait t
+ :tls-parameters
+ (and use-tls
+ (cons 'gnutls-x509pki
+ (apply #'gnutls-boot-parameters
+ gnutls-params)))))))
+ (setq elpher-network-timer timer)
+ (set-process-coding-system proc 'binary 'binary)
+ (set-process-query-on-exit-flag proc nil)
+ (elpher-buffer-message (concat "Connecting to " host "..."
+ " (press 'u' to abort)"))
+ (set-process-filter proc
+ (lambda (_proc string)
+ (when timer
+ (cancel-timer timer)
+ (setq timer nil))
+ (setq bytes-received (+ bytes-received (length string)))
+ (let ((new-hkbytes-received (/ bytes-received 102400)))
+ (when (> new-hkbytes-received hkbytes-received)
+ (setq hkbytes-received new-hkbytes-received)
+ (elpher-buffer-message
+ (concat "("
+ (number-to-string (/ hkbytes-received 10.0))
+ " MB read)")
+ 1)))
+ (setq response-string-parts
+ (cons string response-string-parts))))
+ (set-process-sentinel proc
+ (lambda (proc event)
+ (when timer
+ (cancel-timer timer))
+ (condition-case the-error
+ (cond
+ ((string-prefix-p "open" event) ; request URL
+ (elpher-buffer-message
+ (concat "Connected to " host ". Receiving data..."
+ " (press 'u' to abort)"))
+ (let ((inhibit-eol-conversion t))
+ (process-send-string proc query-string)))
+ ((string-prefix-p "deleted" event)) ; do nothing
+ ((and (not response-string-parts)
+ (not (or elpher-ipv4-always force-ipv4 socks)))
+ ; Try again with IPv4
+ (message "Connection failed. Retrying with IPv4.")
+ (elpher-get-host-response address default-port
+ query-string
+ response-processor
+ use-tls t))
+ (response-string-parts
+ (elpher-with-clean-buffer
+ (insert "Data received. Rendering..."))
+ (funcall response-processor
+ (apply #'concat (reverse response-string-parts)))
+ (elpher-restore-pos))
+ (t
+ (error "No response from server")))
+ (error
+ (elpher-network-error address the-error)))))
+ (when socks
+ (if use-tls (apply #'gnutls-negotiate :process proc gnutls-params))
+ (funcall (process-sentinel proc) proc "open\n")))
+ (error
+ (elpher-process-cleanup)
+ (error "Error initiating connection to server")))))
+
+
+;;; Client-side TLS Certificate Management
+;;
+
+(defun elpher-generate-certificate (common-name key-file cert-file &optional temporary)
+ "Generate a key and a self-signed client TLS certificate using openssl.
+
+The Common Name field of the certificate is set to COMMON-NAME. The
+arguments KEY-FILE and CERT-FILE should contain the absolute paths of
+the key and certificate files to write.
+
+If TEMPORARY is non-nil, the certificate will be given an exporation
+period of one day, and the key and certificate files will be deleted
+when the certificate is no longer needed for the current session.