dhtproxy: implement https in server

96992b80 · Seva · 500ae6ef · 96992b80 · 96992b80 · 96992b80
Commit 96992b80 authored Aug 10, 2019 by Seva
--- a/include/opendht/dht_proxy_server.h
+++ b/include/opendht/dht_proxy_server.h
@@ -31,7 +31,11 @@
 #include <memory>
 #include <mutex>
 #include <restinio/all.hpp>
+#ifdef OPENDHT_PROXY_OPENSSL
+#include <restinio/tls.hpp>
+#endif
 #include "http.h"
 #ifdef OPENDHT_JSONCPP
@@ -51,7 +55,12 @@ namespace restinio {
 }
 using RestRouter = restinio::router::express_router_t<>;
+#ifdef OPENDHT_PROXY_OPENSSL
+struct RestRouterTraits : public restinio::default_tls_traits_t
+#else
 struct RestRouterTraits : public restinio::default_traits_t
+#endif
 {
    using timer_manager_t = restinio::asio_timer_manager_t;
    using http_methods_mapper_t = restinio::custom_http_methods_t;
@@ -90,8 +99,8 @@ public:
 #ifdef OPENDHT_PROXY_OPENSSL
       dht::crypto::Identity& identity,
 #endif
-                   std::shared_ptr<DhtRunner> dht, in_port_t port = 8000,
+       std::shared_ptr<DhtRunner> dht, in_port_t port = 8000, const std::string& pushServer = "",
-                   const std::string& pushServer = "", std::shared_ptr<dht::Logger> logger = {});
+       std::shared_ptr<dht::Logger> logger = {});
    virtual ~DhtProxyServer();
@@ -337,6 +346,10 @@ private:
    // http server
    std::thread httpServerThread_;
    std::unique_ptr<restinio::http_server_t<RestRouterTraits>> httpServer_;
+#ifdef OPENDHT_PROXY_OPENSSL
+    std::unique_ptr<const asio::const_buffer> pk_;
+    std::unique_ptr<const asio::const_buffer> cc_;
+#endif
    // http client
    std::pair<std::string, std::string> pushHostPort_;

--- a/src/dht_proxy_server.cpp
+++ b/src/dht_proxy_server.cpp
@@ -50,13 +50,12 @@ DhtProxyServer::DhtProxyServer(
 #ifdef OPENDHT_PROXY_OPENSSL
    dht::crypto::Identity& identity,
 #endif
-                               std::shared_ptr<DhtRunner> dht, in_port_t port,
+    std::shared_ptr<DhtRunner> dht, in_port_t port, const std::string& pushServer,
-                               const std::string& pushServer, std::shared_ptr<dht::Logger> logger
+    std::shared_ptr<dht::Logger> logger
 ):
        dht_(dht), logger_(logger), lockListener_(std::make_shared<std::mutex>()),
        listeners_(std::make_shared<std::map<restinio::connection_id_t, http::ListenerSession>>()),
-        connListener_(std::make_shared<http::ConnectionListener>(
+        connListener_(std::make_shared<http::ConnectionListener>(dht, listeners_, lockListener_, logger)),
-                        dht, listeners_, lockListener_, logger)),
        pushServer_(pushServer)
 {
    if (not dht_)
@@ -80,6 +79,33 @@ DhtProxyServer::DhtProxyServer(
    // build http server
    auto settings = makeHttpServerSettings();
    settings.port(port);
+#ifdef OPENDHT_PROXY_OPENSSL
+    // define tls context
+    asio::ssl::context tls_context { asio::ssl::context::sslv23 };
+    tls_context.set_options(asio::ssl::context::default_workarounds
+                            | asio::ssl::context::no_sslv2
+                            | asio::ssl::context::single_dh_use);
+    // save keys in memory & set in tls context
+    asio::error_code ec;
+    // node private key
+    auto pk = identity.first->serialize(); // returns Blob
+    pk_ = std::make_unique<const asio::const_buffer>(static_cast<void*>(pk.data()),
+                                                    (std::size_t) pk.size());
+    tls_context.use_private_key(*pk_, asio::ssl::context::file_format::pem, ec);
+    if (ec)
+        throw std::runtime_error("Error setting Node private key: " + ec.message());
+    // certificate chain
+    auto cc = identity.second->toString(true/*chain*/);
+    auto ccb = dht::Blob(cc.begin(), cc.end());
+    cc_ = std::make_unique<const asio::const_buffer>(static_cast<void*>(ccb.data()),
+                                                    (std::size_t) ccb.size());
+    tls_context.use_certificate_chain(*cc_, ec);
+    if (ec)
+        throw std::runtime_error("Error setting CA chain file: " + ec.message());
+    settings.tls_context(std::move(tls_context));
+#endif
    httpServer_.reset(new restinio::http_server_t<RestRouterTraits>(
        restinio::own_io_context(),
        std::forward<ServerSettings>(settings)

--- a/tests/dhtproxytester.cpp
+++ b/tests/dhtproxytester.cpp
@@ -41,15 +41,17 @@ DhtProxyTester::setUp() {
    nodeProxy->run(0, /*identity*/{}, /*threaded*/true);
    nodeProxy->bootstrap(nodePeer.getBound());
-#ifdef OPENDHT_PUSH_NOTIFICATIONS
+#ifdef OPENDHT_PROXY_OPENSSL
-    auto ca_tmp = dht::crypto::generateEcIdentity("DHT Node CA");
+    serverCAIdentity = std::make_unique<dht::crypto::Identity>(
-    serverIdentity = dht::crypto::generateIdentity("DHT Node", ca_tmp);
+        dht::crypto::generateEcIdentity("DHT Node CA"));
+    serverIdentity = std::make_unique<dht::crypto::Identity>(
+        dht::crypto::generateIdentity("DHT Node", *serverCAIdentity));
 #endif
    serverProxy = std::unique_ptr<dht::DhtProxyServer>(
        new dht::DhtProxyServer(
 #ifdef OPENDHT_PUSH_NOTIFICATIONS
-            serverIdentity,
+            *serverIdentity,
 #endif
            nodeProxy, 8080, /*pushServer*/"127.0.0.1:8090", logger));

--- a/tests/dhtproxytester.h
+++ b/tests/dhtproxytester.h
@@ -68,7 +68,8 @@ class DhtProxyTester : public CppUnit::TestFixture {
    std::shared_ptr<dht::DhtRunner> nodeProxy;
 #ifdef OPENDHT_PUSH_NOTIFICATIONS
-    dht::crypto::Identity serverIdentity;
+    std::unique_ptr<dht::crypto::Identity> serverIdentity;
+    std::unique_ptr<dht::crypto::Identity> serverCAIdentity;
 #endif
    std::unique_ptr<dht::DhtProxyServer> serverProxy;

--- a/tools/dhtnode.cpp
+++ b/tools/dhtnode.cpp
@@ -228,7 +228,7 @@ void cmd_loop(std::shared_ptr<DhtRunner>& node, dht_params& params
                proxies.emplace(port, std::unique_ptr<DhtProxyServer>(
                    new DhtProxyServer(
 #ifdef OPENDHT_PROXY_OPENSSL
-                        params.id, /* dht::crypto::Identity */
+                        params.id,
 #endif
                        node, port
 #ifdef OPENDHT_PUSH_NOTIFICATIONS
@@ -512,16 +512,19 @@ main(int argc, char **argv)
    setupSignals();
    auto node = std::make_shared<DhtRunner>();
    try {
+#ifndef OPENDHT_PROXY_SERVER
        if (not params.id.first and params.generate_identity) {
-            auto ca_tmp = dht::crypto::generateEcIdentity("DHT Node CA");
+#endif
-            params.id = dht::crypto::generateIdentity("DHT Node", ca_tmp);
+            auto node_ca = std::make_unique<dht::crypto::Identity>(dht::crypto::generateEcIdentity("DHT Node CA"));
+            params.id = dht::crypto::generateIdentity("DHT Node", *node_ca);
            if (not params.save_identity.empty()) {
-                dht::crypto::saveIdentity(ca_tmp, params.save_identity + "_ca", params.privkey_pwd);
+                dht::crypto::saveIdentity(*node_ca, params.save_identity + "_ca", params.privkey_pwd);
                dht::crypto::saveIdentity(params.id, params.save_identity, params.privkey_pwd);
            }
+#ifndef OPENDHT_PROXY_SERVER
        }
+#endif
        dht::DhtRunner::Config config {};
        config.dht_config.node_config.network = params.network;
@@ -562,7 +565,7 @@ main(int argc, char **argv)
            proxies.emplace(params.proxyserver, std::unique_ptr<DhtProxyServer>(
                new DhtProxyServer(
 #ifdef OPENDHT_PROXY_OPENSSL
-                    params.id, /* dht::crypto::Identity */
+                    params.id,
 #endif
                    node, params.proxyserver, params.pushserver, context.logger)));
 #else