From 8ca793875318efc8db3339b25bf7fa5ddeeac218 Mon Sep 17 00:00:00 2001
From: BlueWall
Date: Sun, 1 May 2011 14:44:09 -0400
Subject: Adding ssl support
Adding ssl support for "Out of Band" applications such as the remote
admin module or Robust services
---
OpenSim/Framework/MainServer.cs | 5 ++
OpenSim/Framework/NetworkServersInfo.cs | 15 +++++
.../Framework/Servers/HttpServer/BaseHttpServer.cs | 14 ++++
.../Region/ClientStack/RegionApplicationBase.cs | 16 +++++
OpenSim/Server/Base/HttpServerBase.cs | 77 +++++++++++++++++++++-
bin/OpenSimDefaults.ini | 14 ++++
bin/Robust.ini.example | 21 ++++++
7 files changed, 160 insertions(+), 2 deletions(-)
diff --git a/OpenSim/Framework/MainServer.cs b/OpenSim/Framework/MainServer.cs
index 0515b16..a3e0a26 100644
--- a/OpenSim/Framework/MainServer.cs
+++ b/OpenSim/Framework/MainServer.cs
@@ -52,6 +52,11 @@ namespace OpenSim.Framework
return GetHttpServer(port,null);
}
+ public static void AddHttpServer(BaseHttpServer server)
+ {
+ m_Servers.Add(server.Port, server);
+ }
+
public static IHttpServer GetHttpServer(uint port, IPAddress ipaddr)
{
if (port == 0)
diff --git a/OpenSim/Framework/NetworkServersInfo.cs b/OpenSim/Framework/NetworkServersInfo.cs
index b25f8b9..5bb4111 100644
--- a/OpenSim/Framework/NetworkServersInfo.cs
+++ b/OpenSim/Framework/NetworkServersInfo.cs
@@ -49,6 +49,12 @@ namespace OpenSim.Framework
public string HttpSSLCN = "";
public uint httpSSLPort = 9001;
+ // "Out of band" managemnt https
+ public bool ssl_listener = false;
+ public uint https_port = 0;
+ public string cert_path = String.Empty;
+ public string cert_pass = String.Empty;
+
public string MessagingURL = String.Empty;
public NetworkServersInfo()
@@ -86,6 +92,15 @@ namespace OpenSim.Framework
secureInventoryServer = config.Configs["Network"].GetBoolean("secure_inventory_server", true);
MessagingURL = config.Configs["Network"].GetString("messaging_server_url", string.Empty);
+
+ // "Out of band management https"
+ ssl_listener = config.Configs["Network"].GetBoolean("https_listener",false);
+ if( ssl_listener)
+ {
+ cert_path = config.Configs["Network"].GetString("cert_path",String.Empty);
+ cert_pass = config.Configs["Network"].GetString("cert_pass",String.Empty);
+ https_port = (uint)config.Configs["Network"].GetInt("https_port", 0);
+ }
}
}
}
diff --git a/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs b/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs
index ba89e21..598e5d1 100644
--- a/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs
+++ b/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs
@@ -32,6 +32,7 @@ using System.Collections.Specialized;
using System.IO;
using System.Net;
using System.Net.Sockets;
+using System.Security.Cryptography.X509Certificates;
using System.Reflection;
using System.Globalization;
using System.Text;
@@ -72,6 +73,7 @@ namespace OpenSim.Framework.Servers.HttpServer
protected uint m_port;
protected uint m_sslport;
protected bool m_ssl;
+ private X509Certificate2 m_cert;
protected bool m_firstcaps = true;
protected string m_SSLCommonName = "";
@@ -123,6 +125,14 @@ namespace OpenSim.Framework.Servers.HttpServer
}
}
+ public BaseHttpServer(uint port, bool ssl, string CPath, string CPass) : this (port, ssl)
+ {
+ if (m_ssl)
+ {
+ m_cert = new X509Certificate2(CPath, CPass);
+ }
+ }
+
/// <summary>
/// Add a stream handler to the http server. If the handler already exists, then nothing happens.
/// </summary>
@@ -1683,6 +1693,7 @@ namespace OpenSim.Framework.Servers.HttpServer
try
{
//m_httpListener = new HttpListener();
+
NotSocketErrors = 0;
if (!m_ssl)
{
@@ -1702,6 +1713,9 @@ namespace OpenSim.Framework.Servers.HttpServer
{
//m_httpListener.Prefixes.Add("https://+:" + (m_sslport) + "/");
//m_httpListener.Prefixes.Add("http://+:" + m_port + "/");
+ m_httpListener2 = CoolHTTPListener.Create(IPAddress.Any, (int)m_port, m_cert);
+ m_httpListener2.ExceptionThrown += httpServerException;
+ m_httpListener2.LogWriter = httpserverlog;
}
m_httpListener2.RequestReceived += OnRequest;
diff --git a/OpenSim/Region/ClientStack/RegionApplicationBase.cs b/OpenSim/Region/ClientStack/RegionApplicationBase.cs
index ea1317a..6e3a58e 100644
--- a/OpenSim/Region/ClientStack/RegionApplicationBase.cs
+++ b/OpenSim/Region/ClientStack/RegionApplicationBase.cs
@@ -96,6 +96,22 @@ namespace OpenSim.Region.ClientStack
MainServer.Instance = m_httpServer;
+ // "OOB" Server
+ if (m_networkServersInfo.ssl_listener)
+ {
+ BaseHttpServer server = null;
+ server = new BaseHttpServer(
+ m_networkServersInfo.https_port, m_networkServersInfo.ssl_listener, m_networkServersInfo.cert_path,
+ m_networkServersInfo.cert_pass);
+ // Add the server to m_Servers
+ if(server != null)
+ {
+ m_log.InfoFormat("[REGION SERVER]: Starting HTTPS server on port {0}", server.Port);
+ MainServer.AddHttpServer(server);
+ server.Start();
+ }
+ }
+
base.StartupSpecific();
}
diff --git a/OpenSim/Server/Base/HttpServerBase.cs b/OpenSim/Server/Base/HttpServerBase.cs
index 9e4593e..bb5ce96 100644
--- a/OpenSim/Server/Base/HttpServerBase.cs
+++ b/OpenSim/Server/Base/HttpServerBase.cs
@@ -97,16 +97,76 @@ namespace OpenSim.Server.Base
if (port == 0)
{
- System.Console.WriteLine("Port number not specified or 0, server can't start");
+
Thread.CurrentThread.Abort();
}
+ //
+ bool ssl_main = networkConfig.GetBoolean("https_main",false);
+ bool ssl_listener = networkConfig.GetBoolean("https_listener",false);
m_consolePort = (uint)networkConfig.GetInt("ConsolePort", 0);
m_Port = port;
+ //
+ // This is where to make the servers:
+ //
+ //
+ // Make the base server according to the port, etc.
+ // ADD: Possibility to make main server ssl
+ // Then, check for https settings and ADD a server to
+ // m_Servers
+ //
+ if ( !ssl_main )
+ {
+ m_HttpServer = new BaseHttpServer(port);
- m_HttpServer = new BaseHttpServer(port);
+ }
+ else
+ {
+ string cert_path = networkConfig.GetString("cert_path",String.Empty);
+ if ( cert_path == String.Empty )
+ {
+ System.Console.WriteLine("Path to X509 certificate is missing, server can't start.");
+ Thread.CurrentThread.Abort();
+ }
+ string cert_pass = networkConfig.GetString("cert_pass",String.Empty);
+ if ( cert_pass == String.Empty )
+ {
+ System.Console.WriteLine("Password for X509 certificate is missing, server can't start.");
+ Thread.CurrentThread.Abort();
+ }
+ m_HttpServer = new BaseHttpServer(port, ssl_main, cert_path, cert_pass);
+ }
MainServer.Instance = m_HttpServer;
+
+ // If https_listener = true, then add an ssl listener on the https_port...
+ if ( ssl_listener == true ) {
+
+ uint https_port = (uint)networkConfig.GetInt("https_port", 0);
+
+ string cert_path = networkConfig.GetString("cert_path",String.Empty);
+ if ( cert_path == String.Empty )
+ {
+ System.Console.WriteLine("Path to X509 certificate is missing, server can't start.");
+ Thread.CurrentThread.Abort();
+ }
+ string cert_pass = networkConfig.GetString("cert_pass",String.Empty);
+ if ( cert_pass == String.Empty )
+ {
+ System.Console.WriteLine("Password for X509 certificate is missing, server can't start.");
+ Thread.CurrentThread.Abort();
+ }
+ // Add our https_server
+ BaseHttpServer server = null;
+ server = new BaseHttpServer(https_port, ssl_listener, cert_path, cert_pass);
+ if (server != null)
+ {
+ m_Log.InfoFormat("[SERVER]: Starting HTTPS server on port {0}", https_port);
+ m_Servers.Add(https_port,server);
+ }
+ else
+ System.Console.WriteLine(String.Format("Failed to start HTTPS server on port {0}",https_port));
+ }
}
protected override void Initialise()
@@ -114,6 +174,19 @@ namespace OpenSim.Server.Base
m_Log.InfoFormat("[SERVER]: Starting HTTP server on port {0}", m_HttpServer.Port);
m_HttpServer.Start();
+ if (m_Servers.Count > 0)
+ {
+ foreach (BaseHttpServer s in m_Servers.Values)
+ {
+ if (!s.UseSSL)
+ m_Log.InfoFormat("[SERVER]: Starting HTTP server on port {0}", s.Port);
+ else
+ m_Log.InfoFormat("[SERVER]: Starting HTTPS server on port {0}", s.Port);
+
+ s.Start();
+ }
+ }
+
if (MainConsole.Instance is RemoteConsole)
{
if (m_consolePort == 0)
diff --git a/bin/OpenSimDefaults.ini b/bin/OpenSimDefaults.ini
index 6d2d54d..2e192f1 100644
--- a/bin/OpenSimDefaults.ini
+++ b/bin/OpenSimDefaults.ini
@@ -291,6 +291,20 @@
http_listener_sslport = 9001 ; Use this port for SSL connections
http_listener_ssl_cert = "" ; Currently unused, but will be used for OSHttpServer
+ ; HTTPS for "Out of band" management applications such as the remote
+ ; admin module
+ ;
+ ; Create https_listener = "True" will create a listener on the port
+ ; specified. Provide the path to your server certificate along with it's
+ ; password
+ ; https_listener = False
+ ; Set our listener to this port
+ ; https_port = 0
+ ; Path to X509 certificate
+ ; cert_path = "path/to/cert.p12"
+ ; Password for cert
+ ; cert_pass = "password"
+
; Hostname to use in llRequestURL/llRequestSecureURL
; if not defined - default machine name is being used
; (on Windows this mean NETBIOS name - useably only inside local network)
diff --git a/bin/Robust.ini.example b/bin/Robust.ini.example
index 047e9ee..cc018f8 100644
--- a/bin/Robust.ini.example
+++ b/bin/Robust.ini.example
@@ -21,6 +21,27 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003
[Network]
port = 8003
+
+ ; HTTPS for "Out of band" management applications such as the remote admin
+ ; module. May specify https_main = True to make the main http server
+ ; use https or "False" to make the main server HTTP
+ ; https_main = False
+ ;
+ ; Create https_listener = "True" will create a listener on the port
+ ; specified. Provide the path to your server certificate along with it's
+ ; password
+ ; https_listener = False
+ ;
+ ; Set our listener to this port
+ ; https_port = 0
+ ;
+ ; Path to X509 certificate
+ ; cert_path = "path/to/cert.p12"
+ ;
+ ; Password for cert
+ ; cert_pass = "password"
+
+
; * The following are for the remote console
; * They have no effect for the local or basic console types
; * Leave commented to diable logins to the console
--
cgit v1.1