diff options
author | Teravus Ovares | 2008-09-14 18:39:17 +0000 |
---|---|---|
committer | Teravus Ovares | 2008-09-14 18:39:17 +0000 |
commit | dbbbec48dfbc51f30953d8a46f4fc8f192bd277c (patch) | |
tree | 218f93b95724e8bdc9a9c6e986268f2101c1eb6e /OpenSim/Framework/Servers/BaseHttpServer.cs | |
parent | Added some further clipping to color- and alpha-values. (diff) | |
download | opensim-SC-dbbbec48dfbc51f30953d8a46f4fc8f192bd277c.zip opensim-SC-dbbbec48dfbc51f30953d8a46f4fc8f192bd277c.tar.gz opensim-SC-dbbbec48dfbc51f30953d8a46f4fc8f192bd277c.tar.bz2 opensim-SC-dbbbec48dfbc51f30953d8a46f4fc8f192bd277c.tar.xz |
* This update makes configuring SSL a little easier on Windows XP. It also makes it possible to run a HTTPS server on the region. It also has a junk Certification authority for test purposes.
* There are still a lot of things that are hard coded to use http. They need to be fixed.
* Also includes directions
* A standard junk PEM file to append to app_settings/CA.pem in the client so SSL will work
Diffstat (limited to '')
-rw-r--r-- | OpenSim/Framework/Servers/BaseHttpServer.cs | 129 |
1 files changed, 127 insertions, 2 deletions
diff --git a/OpenSim/Framework/Servers/BaseHttpServer.cs b/OpenSim/Framework/Servers/BaseHttpServer.cs index 181eb92..6cf6744 100644 --- a/OpenSim/Framework/Servers/BaseHttpServer.cs +++ b/OpenSim/Framework/Servers/BaseHttpServer.cs | |||
@@ -26,12 +26,14 @@ | |||
26 | */ | 26 | */ |
27 | 27 | ||
28 | using System; | 28 | using System; |
29 | using System.Diagnostics; | ||
29 | using System.Collections; | 30 | using System.Collections; |
30 | using System.Collections.Generic; | 31 | using System.Collections.Generic; |
31 | using System.IO; | 32 | using System.IO; |
32 | using System.Net; | 33 | using System.Net; |
33 | using System.Net.Sockets; | 34 | using System.Net.Sockets; |
34 | using System.Reflection; | 35 | using System.Reflection; |
36 | using System.Security.Cryptography.X509Certificates; | ||
35 | using System.Text; | 37 | using System.Text; |
36 | using System.Threading; | 38 | using System.Threading; |
37 | using System.Xml; | 39 | using System.Xml; |
@@ -39,6 +41,7 @@ using OpenMetaverse.StructuredData; | |||
39 | using log4net; | 41 | using log4net; |
40 | using Nwc.XmlRpc; | 42 | using Nwc.XmlRpc; |
41 | 43 | ||
44 | |||
42 | namespace OpenSim.Framework.Servers | 45 | namespace OpenSim.Framework.Servers |
43 | { | 46 | { |
44 | public class BaseHttpServer | 47 | public class BaseHttpServer |
@@ -55,9 +58,14 @@ namespace OpenSim.Framework.Servers | |||
55 | protected Dictionary<string, IHttpAgentHandler> m_agentHandlers = new Dictionary<string, IHttpAgentHandler>(); | 58 | protected Dictionary<string, IHttpAgentHandler> m_agentHandlers = new Dictionary<string, IHttpAgentHandler>(); |
56 | 59 | ||
57 | protected uint m_port; | 60 | protected uint m_port; |
61 | protected uint m_sslport; | ||
58 | protected bool m_ssl = false; | 62 | protected bool m_ssl = false; |
59 | protected bool m_firstcaps = true; | 63 | protected bool m_firstcaps = true; |
60 | 64 | ||
65 | public uint SSLPort | ||
66 | { | ||
67 | get { return m_sslport; } | ||
68 | } | ||
61 | public uint Port | 69 | public uint Port |
62 | { | 70 | { |
63 | get { return m_port; } | 71 | get { return m_port; } |
@@ -72,8 +80,124 @@ namespace OpenSim.Framework.Servers | |||
72 | { | 80 | { |
73 | m_ssl = ssl; | 81 | m_ssl = ssl; |
74 | m_port = port; | 82 | m_port = port; |
83 | |||
84 | } | ||
85 | |||
86 | public BaseHttpServer(uint port, bool ssl, uint sslport, string CN) | ||
87 | { | ||
88 | m_ssl = ssl; | ||
89 | m_port = port; | ||
90 | if (m_ssl) | ||
91 | { | ||
92 | bool result = SetupSsl((int)sslport, CN); | ||
93 | m_sslport = sslport; | ||
94 | } | ||
95 | } | ||
96 | |||
97 | |||
98 | |||
99 | public bool SetupSsl(int port, string CN) | ||
100 | { | ||
101 | string searchCN = Environment.MachineName.ToUpper(); | ||
102 | |||
103 | if (CN.Length > 0) | ||
104 | searchCN = CN.ToUpper(); | ||
105 | |||
106 | Type t = Type.GetType("Mono.Runtime"); | ||
107 | if (t != null) | ||
108 | { | ||
109 | // TODO Mono User Friendly HTTPS setup | ||
110 | // if this doesn't exist, then mono people can still manually use httpcfg | ||
111 | } | ||
112 | else | ||
113 | { | ||
114 | // Windows. | ||
115 | // Search through the store for a certificate with a Common name specified in OpenSim.ini. | ||
116 | // We need to find it's hash so we can pass it to httpcfg | ||
117 | X509Store store = new X509Store(StoreLocation.LocalMachine); | ||
118 | //Use the first cert to configure Ssl | ||
119 | store.Open(OpenFlags.ReadOnly); | ||
120 | //Assumption is we have certs. If not then this call will fail :( | ||
121 | try | ||
122 | { | ||
123 | bool found = false; | ||
124 | //X509Certificate2.CreateFromCertFile("testCert.cer"); | ||
125 | |||
126 | foreach (X509Certificate2 cert in store.Certificates) | ||
127 | { | ||
128 | String certHash = cert.GetCertHashString(); | ||
129 | //Only install certs issued for the machine and has the name as the machine name | ||
130 | if (cert.Subject.ToUpper().IndexOf(searchCN) >= 0) | ||
131 | { | ||
132 | string httpcfgparams = String.Format("set ssl -i 0.0.0.0:{1} -c \"MY\" -h {0}", certHash, port); | ||
133 | try | ||
134 | { | ||
135 | found = true; | ||
136 | |||
137 | ExecuteHttpcfgCommand(httpcfgparams); | ||
138 | |||
139 | break; | ||
140 | } | ||
141 | catch (Exception e) | ||
142 | { | ||
143 | m_log.WarnFormat("[HTTPS]: Automatic HTTPS setup failed. Do you have httpcfg.exe in your path? If not, you can download it in the windowsXP Service Pack 2 Support Tools, here: http://www.microsoft.com/downloads/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en. When you get it installed type, httpcfg {0}", httpcfgparams); | ||
144 | return false; | ||
145 | } | ||
146 | } | ||
147 | } | ||
148 | |||
149 | if (!found) | ||
150 | { | ||
151 | m_log.WarnFormat("[HTTPS]: We didn't find a certificate that matched the common name {0}. Automatic HTTPS setup failed, you may have certificate errors. To fix this, make sure you generate a certificate request(CSR) using OpenSSL or the IIS snap-in with the common name you specified in opensim.ini. Then get it signed by a certification authority or sign it yourself with OpenSSL and the junkCA. Finally, be sure to import the cert to the 'MY' store(StoreLocation.LocalMachine)", searchCN); | ||
152 | return false; | ||
153 | } | ||
154 | |||
155 | } | ||
156 | catch (Exception e) | ||
157 | { | ||
158 | m_log.WarnFormat("[HTTPS]: We didn't any certificates in your LocalMachine certificate store. Automatic HTTPS setup failed, you may have certificate errors. To fix this, make sure you generate a certificate request(CSR) using OpenSSL or the IIS snap-inwith the common name you specified in opensim.ini. Then get it signed by a certification authority or sign it yourself with OpenSSL and the junkCA. Finally, be sure to import the cert to the 'MY' store(StoreLocation.LocalMachine). The configured common name is {0}", searchCN); | ||
159 | return false; | ||
160 | } | ||
161 | finally | ||
162 | { | ||
163 | if (store != null) | ||
164 | { | ||
165 | store.Close(); | ||
166 | } | ||
167 | } | ||
168 | } | ||
169 | return true; | ||
75 | } | 170 | } |
76 | 171 | ||
172 | private void ExecuteHttpcfgCommand(string p) | ||
173 | { | ||
174 | |||
175 | string file = "httpcfg"; | ||
176 | |||
177 | ProcessStartInfo info = new ProcessStartInfo(file, p); | ||
178 | // Redirect output so we can read it. | ||
179 | info.RedirectStandardOutput = true; | ||
180 | // To redirect, we must not use shell execute. | ||
181 | info.UseShellExecute = false; | ||
182 | |||
183 | // Create and execute the process. | ||
184 | Process httpcfgprocess = Process.Start(info); | ||
185 | httpcfgprocess.Start(); | ||
186 | string result = httpcfgprocess.StandardOutput.ReadToEnd(); | ||
187 | if (result.Contains("HttpSetServiceConfiguration completed with")) | ||
188 | { | ||
189 | //success | ||
190 | |||
191 | } | ||
192 | else | ||
193 | { | ||
194 | //fail | ||
195 | m_log.WarnFormat("[HTTPS]:Error binding certificate with the requested port. Message:{0}", result); | ||
196 | } | ||
197 | |||
198 | } | ||
199 | |||
200 | |||
77 | /// <summary> | 201 | /// <summary> |
78 | /// Add a stream handler to the http server. If the handler already exists, then nothing happens. | 202 | /// Add a stream handler to the http server. If the handler already exists, then nothing happens. |
79 | /// </summary> | 203 | /// </summary> |
@@ -907,7 +1031,8 @@ namespace OpenSim.Framework.Servers | |||
907 | } | 1031 | } |
908 | else | 1032 | else |
909 | { | 1033 | { |
910 | m_httpListener.Prefixes.Add("https://+:" + m_port + "/"); | 1034 | m_httpListener.Prefixes.Add("https://+:" + (m_sslport) + "/"); |
1035 | m_httpListener.Prefixes.Add("http://+:" + m_port + "/"); | ||
911 | } | 1036 | } |
912 | m_httpListener.Start(); | 1037 | m_httpListener.Start(); |
913 | 1038 | ||
@@ -921,7 +1046,7 @@ namespace OpenSim.Framework.Servers | |||
921 | catch (Exception e) | 1046 | catch (Exception e) |
922 | { | 1047 | { |
923 | m_log.Warn("[HTTPD]: Error - " + e.Message); | 1048 | m_log.Warn("[HTTPD]: Error - " + e.Message); |
924 | m_log.Warn("Tip: Do you have permission to listen on port " + m_port + "?"); | 1049 | m_log.Warn("Tip: Do you have permission to listen on port " + m_port + "," + m_sslport + "?"); |
925 | } | 1050 | } |
926 | } | 1051 | } |
927 | 1052 | ||