aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Framework/Servers/BaseHttpServer.cs
diff options
context:
space:
mode:
authorTeravus Ovares2008-09-14 18:39:17 +0000
committerTeravus Ovares2008-09-14 18:39:17 +0000
commitdbbbec48dfbc51f30953d8a46f4fc8f192bd277c (patch)
tree218f93b95724e8bdc9a9c6e986268f2101c1eb6e /OpenSim/Framework/Servers/BaseHttpServer.cs
parentAdded some further clipping to color- and alpha-values. (diff)
downloadopensim-SC_OLD-dbbbec48dfbc51f30953d8a46f4fc8f192bd277c.zip
opensim-SC_OLD-dbbbec48dfbc51f30953d8a46f4fc8f192bd277c.tar.gz
opensim-SC_OLD-dbbbec48dfbc51f30953d8a46f4fc8f192bd277c.tar.bz2
opensim-SC_OLD-dbbbec48dfbc51f30953d8a46f4fc8f192bd277c.tar.xz
* This update makes configuring SSL a little easier on Windows XP. It also makes it possible to run a HTTPS server on the region. It also has a junk Certification authority for test purposes.
* There are still a lot of things that are hard coded to use http. They need to be fixed. * Also includes directions * A standard junk PEM file to append to app_settings/CA.pem in the client so SSL will work
Diffstat (limited to 'OpenSim/Framework/Servers/BaseHttpServer.cs')
-rw-r--r--OpenSim/Framework/Servers/BaseHttpServer.cs129
1 files changed, 127 insertions, 2 deletions
diff --git a/OpenSim/Framework/Servers/BaseHttpServer.cs b/OpenSim/Framework/Servers/BaseHttpServer.cs
index 181eb92..6cf6744 100644
--- a/OpenSim/Framework/Servers/BaseHttpServer.cs
+++ b/OpenSim/Framework/Servers/BaseHttpServer.cs
@@ -26,12 +26,14 @@
26 */ 26 */
27 27
28using System; 28using System;
29using System.Diagnostics;
29using System.Collections; 30using System.Collections;
30using System.Collections.Generic; 31using System.Collections.Generic;
31using System.IO; 32using System.IO;
32using System.Net; 33using System.Net;
33using System.Net.Sockets; 34using System.Net.Sockets;
34using System.Reflection; 35using System.Reflection;
36using System.Security.Cryptography.X509Certificates;
35using System.Text; 37using System.Text;
36using System.Threading; 38using System.Threading;
37using System.Xml; 39using System.Xml;
@@ -39,6 +41,7 @@ using OpenMetaverse.StructuredData;
39using log4net; 41using log4net;
40using Nwc.XmlRpc; 42using Nwc.XmlRpc;
41 43
44
42namespace OpenSim.Framework.Servers 45namespace OpenSim.Framework.Servers
43{ 46{
44 public class BaseHttpServer 47 public class BaseHttpServer
@@ -55,9 +58,14 @@ namespace OpenSim.Framework.Servers
55 protected Dictionary<string, IHttpAgentHandler> m_agentHandlers = new Dictionary<string, IHttpAgentHandler>(); 58 protected Dictionary<string, IHttpAgentHandler> m_agentHandlers = new Dictionary<string, IHttpAgentHandler>();
56 59
57 protected uint m_port; 60 protected uint m_port;
61 protected uint m_sslport;
58 protected bool m_ssl = false; 62 protected bool m_ssl = false;
59 protected bool m_firstcaps = true; 63 protected bool m_firstcaps = true;
60 64
65 public uint SSLPort
66 {
67 get { return m_sslport; }
68 }
61 public uint Port 69 public uint Port
62 { 70 {
63 get { return m_port; } 71 get { return m_port; }
@@ -72,8 +80,124 @@ namespace OpenSim.Framework.Servers
72 { 80 {
73 m_ssl = ssl; 81 m_ssl = ssl;
74 m_port = port; 82 m_port = port;
83
84 }
85
86 public BaseHttpServer(uint port, bool ssl, uint sslport, string CN)
87 {
88 m_ssl = ssl;
89 m_port = port;
90 if (m_ssl)
91 {
92 bool result = SetupSsl((int)sslport, CN);
93 m_sslport = sslport;
94 }
95 }
96
97
98
99 public bool SetupSsl(int port, string CN)
100 {
101 string searchCN = Environment.MachineName.ToUpper();
102
103 if (CN.Length > 0)
104 searchCN = CN.ToUpper();
105
106 Type t = Type.GetType("Mono.Runtime");
107 if (t != null)
108 {
109 // TODO Mono User Friendly HTTPS setup
110 // if this doesn't exist, then mono people can still manually use httpcfg
111 }
112 else
113 {
114 // Windows.
115 // Search through the store for a certificate with a Common name specified in OpenSim.ini.
116 // We need to find it's hash so we can pass it to httpcfg
117 X509Store store = new X509Store(StoreLocation.LocalMachine);
118 //Use the first cert to configure Ssl
119 store.Open(OpenFlags.ReadOnly);
120 //Assumption is we have certs. If not then this call will fail :(
121 try
122 {
123 bool found = false;
124 //X509Certificate2.CreateFromCertFile("testCert.cer");
125
126 foreach (X509Certificate2 cert in store.Certificates)
127 {
128 String certHash = cert.GetCertHashString();
129 //Only install certs issued for the machine and has the name as the machine name
130 if (cert.Subject.ToUpper().IndexOf(searchCN) >= 0)
131 {
132 string httpcfgparams = String.Format("set ssl -i 0.0.0.0:{1} -c \"MY\" -h {0}", certHash, port);
133 try
134 {
135 found = true;
136
137 ExecuteHttpcfgCommand(httpcfgparams);
138
139 break;
140 }
141 catch (Exception e)
142 {
143 m_log.WarnFormat("[HTTPS]: Automatic HTTPS setup failed. Do you have httpcfg.exe in your path? If not, you can download it in the windowsXP Service Pack 2 Support Tools, here: http://www.microsoft.com/downloads/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en. When you get it installed type, httpcfg {0}", httpcfgparams);
144 return false;
145 }
146 }
147 }
148
149 if (!found)
150 {
151 m_log.WarnFormat("[HTTPS]: We didn't find a certificate that matched the common name {0}. Automatic HTTPS setup failed, you may have certificate errors. To fix this, make sure you generate a certificate request(CSR) using OpenSSL or the IIS snap-in with the common name you specified in opensim.ini. Then get it signed by a certification authority or sign it yourself with OpenSSL and the junkCA. Finally, be sure to import the cert to the 'MY' store(StoreLocation.LocalMachine)", searchCN);
152 return false;
153 }
154
155 }
156 catch (Exception e)
157 {
158 m_log.WarnFormat("[HTTPS]: We didn't any certificates in your LocalMachine certificate store. Automatic HTTPS setup failed, you may have certificate errors. To fix this, make sure you generate a certificate request(CSR) using OpenSSL or the IIS snap-inwith the common name you specified in opensim.ini. Then get it signed by a certification authority or sign it yourself with OpenSSL and the junkCA. Finally, be sure to import the cert to the 'MY' store(StoreLocation.LocalMachine). The configured common name is {0}", searchCN);
159 return false;
160 }
161 finally
162 {
163 if (store != null)
164 {
165 store.Close();
166 }
167 }
168 }
169 return true;
75 } 170 }
76 171
172 private void ExecuteHttpcfgCommand(string p)
173 {
174
175 string file = "httpcfg";
176
177 ProcessStartInfo info = new ProcessStartInfo(file, p);
178 // Redirect output so we can read it.
179 info.RedirectStandardOutput = true;
180 // To redirect, we must not use shell execute.
181 info.UseShellExecute = false;
182
183 // Create and execute the process.
184 Process httpcfgprocess = Process.Start(info);
185 httpcfgprocess.Start();
186 string result = httpcfgprocess.StandardOutput.ReadToEnd();
187 if (result.Contains("HttpSetServiceConfiguration completed with"))
188 {
189 //success
190
191 }
192 else
193 {
194 //fail
195 m_log.WarnFormat("[HTTPS]:Error binding certificate with the requested port. Message:{0}", result);
196 }
197
198 }
199
200
77 /// <summary> 201 /// <summary>
78 /// Add a stream handler to the http server. If the handler already exists, then nothing happens. 202 /// Add a stream handler to the http server. If the handler already exists, then nothing happens.
79 /// </summary> 203 /// </summary>
@@ -907,7 +1031,8 @@ namespace OpenSim.Framework.Servers
907 } 1031 }
908 else 1032 else
909 { 1033 {
910 m_httpListener.Prefixes.Add("https://+:" + m_port + "/"); 1034 m_httpListener.Prefixes.Add("https://+:" + (m_sslport) + "/");
1035 m_httpListener.Prefixes.Add("http://+:" + m_port + "/");
911 } 1036 }
912 m_httpListener.Start(); 1037 m_httpListener.Start();
913 1038
@@ -921,7 +1046,7 @@ namespace OpenSim.Framework.Servers
921 catch (Exception e) 1046 catch (Exception e)
922 { 1047 {
923 m_log.Warn("[HTTPD]: Error - " + e.Message); 1048 m_log.Warn("[HTTPD]: Error - " + e.Message);
924 m_log.Warn("Tip: Do you have permission to listen on port " + m_port + "?"); 1049 m_log.Warn("Tip: Do you have permission to listen on port " + m_port + "," + m_sslport + "?");
925 } 1050 }
926 } 1051 }
927 1052