From 8ca793875318efc8db3339b25bf7fa5ddeeac218 Mon Sep 17 00:00:00 2001 From: BlueWall Date: Sun, 1 May 2011 14:44:09 -0400 Subject: Adding ssl support Adding ssl support for "Out of Band" applications such as the remote admin module or Robust services --- OpenSim/Framework/MainServer.cs | 5 ++ OpenSim/Framework/NetworkServersInfo.cs | 15 +++++ .../Framework/Servers/HttpServer/BaseHttpServer.cs | 14 ++++ .../Region/ClientStack/RegionApplicationBase.cs | 16 +++++ OpenSim/Server/Base/HttpServerBase.cs | 77 +++++++++++++++++++++- bin/OpenSimDefaults.ini | 14 ++++ bin/Robust.ini.example | 21 ++++++ 7 files changed, 160 insertions(+), 2 deletions(-) diff --git a/OpenSim/Framework/MainServer.cs b/OpenSim/Framework/MainServer.cs index 0515b16..a3e0a26 100644 --- a/OpenSim/Framework/MainServer.cs +++ b/OpenSim/Framework/MainServer.cs @@ -52,6 +52,11 @@ namespace OpenSim.Framework return GetHttpServer(port,null); } + public static void AddHttpServer(BaseHttpServer server) + { + m_Servers.Add(server.Port, server); + } + public static IHttpServer GetHttpServer(uint port, IPAddress ipaddr) { if (port == 0) diff --git a/OpenSim/Framework/NetworkServersInfo.cs b/OpenSim/Framework/NetworkServersInfo.cs index b25f8b9..5bb4111 100644 --- a/OpenSim/Framework/NetworkServersInfo.cs +++ b/OpenSim/Framework/NetworkServersInfo.cs @@ -49,6 +49,12 @@ namespace OpenSim.Framework public string HttpSSLCN = ""; public uint httpSSLPort = 9001; + // "Out of band" managemnt https + public bool ssl_listener = false; + public uint https_port = 0; + public string cert_path = String.Empty; + public string cert_pass = String.Empty; + public string MessagingURL = String.Empty; public NetworkServersInfo() @@ -86,6 +92,15 @@ namespace OpenSim.Framework secureInventoryServer = config.Configs["Network"].GetBoolean("secure_inventory_server", true); MessagingURL = config.Configs["Network"].GetString("messaging_server_url", string.Empty); + + // "Out of band management https" + ssl_listener = config.Configs["Network"].GetBoolean("https_listener",false); + if( ssl_listener) + { + cert_path = config.Configs["Network"].GetString("cert_path",String.Empty); + cert_pass = config.Configs["Network"].GetString("cert_pass",String.Empty); + https_port = (uint)config.Configs["Network"].GetInt("https_port", 0); + } } } } diff --git a/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs b/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs index ba89e21..598e5d1 100644 --- a/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs +++ b/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs @@ -32,6 +32,7 @@ using System.Collections.Specialized; using System.IO; using System.Net; using System.Net.Sockets; +using System.Security.Cryptography.X509Certificates; using System.Reflection; using System.Globalization; using System.Text; @@ -72,6 +73,7 @@ namespace OpenSim.Framework.Servers.HttpServer protected uint m_port; protected uint m_sslport; protected bool m_ssl; + private X509Certificate2 m_cert; protected bool m_firstcaps = true; protected string m_SSLCommonName = ""; @@ -123,6 +125,14 @@ namespace OpenSim.Framework.Servers.HttpServer } } + public BaseHttpServer(uint port, bool ssl, string CPath, string CPass) : this (port, ssl) + { + if (m_ssl) + { + m_cert = new X509Certificate2(CPath, CPass); + } + } + /// /// Add a stream handler to the http server. If the handler already exists, then nothing happens. /// @@ -1683,6 +1693,7 @@ namespace OpenSim.Framework.Servers.HttpServer try { //m_httpListener = new HttpListener(); + NotSocketErrors = 0; if (!m_ssl) { @@ -1702,6 +1713,9 @@ namespace OpenSim.Framework.Servers.HttpServer { //m_httpListener.Prefixes.Add("https://+:" + (m_sslport) + "/"); //m_httpListener.Prefixes.Add("http://+:" + m_port + "/"); + m_httpListener2 = CoolHTTPListener.Create(IPAddress.Any, (int)m_port, m_cert); + m_httpListener2.ExceptionThrown += httpServerException; + m_httpListener2.LogWriter = httpserverlog; } m_httpListener2.RequestReceived += OnRequest; diff --git a/OpenSim/Region/ClientStack/RegionApplicationBase.cs b/OpenSim/Region/ClientStack/RegionApplicationBase.cs index ea1317a..6e3a58e 100644 --- a/OpenSim/Region/ClientStack/RegionApplicationBase.cs +++ b/OpenSim/Region/ClientStack/RegionApplicationBase.cs @@ -96,6 +96,22 @@ namespace OpenSim.Region.ClientStack MainServer.Instance = m_httpServer; + // "OOB" Server + if (m_networkServersInfo.ssl_listener) + { + BaseHttpServer server = null; + server = new BaseHttpServer( + m_networkServersInfo.https_port, m_networkServersInfo.ssl_listener, m_networkServersInfo.cert_path, + m_networkServersInfo.cert_pass); + // Add the server to m_Servers + if(server != null) + { + m_log.InfoFormat("[REGION SERVER]: Starting HTTPS server on port {0}", server.Port); + MainServer.AddHttpServer(server); + server.Start(); + } + } + base.StartupSpecific(); } diff --git a/OpenSim/Server/Base/HttpServerBase.cs b/OpenSim/Server/Base/HttpServerBase.cs index 9e4593e..bb5ce96 100644 --- a/OpenSim/Server/Base/HttpServerBase.cs +++ b/OpenSim/Server/Base/HttpServerBase.cs @@ -97,16 +97,76 @@ namespace OpenSim.Server.Base if (port == 0) { - System.Console.WriteLine("Port number not specified or 0, server can't start"); + Thread.CurrentThread.Abort(); } + // + bool ssl_main = networkConfig.GetBoolean("https_main",false); + bool ssl_listener = networkConfig.GetBoolean("https_listener",false); m_consolePort = (uint)networkConfig.GetInt("ConsolePort", 0); m_Port = port; + // + // This is where to make the servers: + // + // + // Make the base server according to the port, etc. + // ADD: Possibility to make main server ssl + // Then, check for https settings and ADD a server to + // m_Servers + // + if ( !ssl_main ) + { + m_HttpServer = new BaseHttpServer(port); - m_HttpServer = new BaseHttpServer(port); + } + else + { + string cert_path = networkConfig.GetString("cert_path",String.Empty); + if ( cert_path == String.Empty ) + { + System.Console.WriteLine("Path to X509 certificate is missing, server can't start."); + Thread.CurrentThread.Abort(); + } + string cert_pass = networkConfig.GetString("cert_pass",String.Empty); + if ( cert_pass == String.Empty ) + { + System.Console.WriteLine("Password for X509 certificate is missing, server can't start."); + Thread.CurrentThread.Abort(); + } + m_HttpServer = new BaseHttpServer(port, ssl_main, cert_path, cert_pass); + } MainServer.Instance = m_HttpServer; + + // If https_listener = true, then add an ssl listener on the https_port... + if ( ssl_listener == true ) { + + uint https_port = (uint)networkConfig.GetInt("https_port", 0); + + string cert_path = networkConfig.GetString("cert_path",String.Empty); + if ( cert_path == String.Empty ) + { + System.Console.WriteLine("Path to X509 certificate is missing, server can't start."); + Thread.CurrentThread.Abort(); + } + string cert_pass = networkConfig.GetString("cert_pass",String.Empty); + if ( cert_pass == String.Empty ) + { + System.Console.WriteLine("Password for X509 certificate is missing, server can't start."); + Thread.CurrentThread.Abort(); + } + // Add our https_server + BaseHttpServer server = null; + server = new BaseHttpServer(https_port, ssl_listener, cert_path, cert_pass); + if (server != null) + { + m_Log.InfoFormat("[SERVER]: Starting HTTPS server on port {0}", https_port); + m_Servers.Add(https_port,server); + } + else + System.Console.WriteLine(String.Format("Failed to start HTTPS server on port {0}",https_port)); + } } protected override void Initialise() @@ -114,6 +174,19 @@ namespace OpenSim.Server.Base m_Log.InfoFormat("[SERVER]: Starting HTTP server on port {0}", m_HttpServer.Port); m_HttpServer.Start(); + if (m_Servers.Count > 0) + { + foreach (BaseHttpServer s in m_Servers.Values) + { + if (!s.UseSSL) + m_Log.InfoFormat("[SERVER]: Starting HTTP server on port {0}", s.Port); + else + m_Log.InfoFormat("[SERVER]: Starting HTTPS server on port {0}", s.Port); + + s.Start(); + } + } + if (MainConsole.Instance is RemoteConsole) { if (m_consolePort == 0) diff --git a/bin/OpenSimDefaults.ini b/bin/OpenSimDefaults.ini index 6d2d54d..2e192f1 100644 --- a/bin/OpenSimDefaults.ini +++ b/bin/OpenSimDefaults.ini @@ -291,6 +291,20 @@ http_listener_sslport = 9001 ; Use this port for SSL connections http_listener_ssl_cert = "" ; Currently unused, but will be used for OSHttpServer + ; HTTPS for "Out of band" management applications such as the remote + ; admin module + ; + ; Create https_listener = "True" will create a listener on the port + ; specified. Provide the path to your server certificate along with it's + ; password + ; https_listener = False + ; Set our listener to this port + ; https_port = 0 + ; Path to X509 certificate + ; cert_path = "path/to/cert.p12" + ; Password for cert + ; cert_pass = "password" + ; Hostname to use in llRequestURL/llRequestSecureURL ; if not defined - default machine name is being used ; (on Windows this mean NETBIOS name - useably only inside local network) diff --git a/bin/Robust.ini.example b/bin/Robust.ini.example index 047e9ee..cc018f8 100644 --- a/bin/Robust.ini.example +++ b/bin/Robust.ini.example @@ -21,6 +21,27 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003 [Network] port = 8003 + + ; HTTPS for "Out of band" management applications such as the remote admin + ; module. May specify https_main = True to make the main http server + ; use https or "False" to make the main server HTTP + ; https_main = False + ; + ; Create https_listener = "True" will create a listener on the port + ; specified. Provide the path to your server certificate along with it's + ; password + ; https_listener = False + ; + ; Set our listener to this port + ; https_port = 0 + ; + ; Path to X509 certificate + ; cert_path = "path/to/cert.p12" + ; + ; Password for cert + ; cert_pass = "password" + + ; * The following are for the remote console ; * They have no effect for the local or basic console types ; * Leave commented to diable logins to the console -- cgit v1.1