From 16636ff6e2bff3658e0843eee9dfad440771b62f Mon Sep 17 00:00:00 2001
From: Mattes D <github@xoft.cz>
Date: Thu, 12 Feb 2015 20:05:55 +0100
Subject: LuaAPI: Added client TLS support for TCP links.

---
 MCServer/Plugins/APIDump/Classes/Network.lua | 11 ++++++-
 MCServer/Plugins/NetworkTest/Info.lua        |  6 ++++
 MCServer/Plugins/NetworkTest/NetworkTest.lua | 44 ++++++++++++++++++++++++++++
 3 files changed, 60 insertions(+), 1 deletion(-)

(limited to 'MCServer/Plugins')

diff --git a/MCServer/Plugins/APIDump/Classes/Network.lua b/MCServer/Plugins/APIDump/Classes/Network.lua
index 065a743d8..ace6c2449 100644
--- a/MCServer/Plugins/APIDump/Classes/Network.lua
+++ b/MCServer/Plugins/APIDump/Classes/Network.lua
@@ -282,7 +282,15 @@ g_Server = nil
 			calling {{cNetwork}}:Connect() to connect to a remote server, or by listening using
 			{{cNetwork}}:Listen() and accepting incoming connections. The links are callback-based - when an event
 			such as incoming data or remote disconnect happens on the link, a specific callback is called. See the
-			additional information in {{cNetwork}} documentation for details.
+			additional information in {{cNetwork}} documentation for details.</p>
+			<p>
+			The link can also optionally perform TLS encryption. Plugins can use the StartTLSClient() function to
+			start the TLS handshake as the client side. Since that call, the OnReceivedData() callback is
+			overridden internally so that the data is first routed through the TLS decryptor, and the plugin's
+			callback is only called for the decrypted data, once it starts arriving. The Send function changes its
+			behavior so that the data written by the plugin is first encrypted and only then sent over the
+			network. Note that calling Send() before the TLS handshake finishes is supported, but the data is
+			queued internally and only sent once the TLS handshake is completed.
 		]],
 		
 		Functions =
@@ -292,6 +300,7 @@ g_Server = nil
 			GetRemoteIP = { Params = "", Return = "string", Notes = "Returns the IP address of the remote endpoint of the TCP connection." },
 			GetRemotePort = { Params = "", Return = "number", Notes = "Returns the port of the remote endpoint of the TCP connection." },
 			Send = { Params = "Data", Return = "", Notes = "Sends the data (raw string) to the remote peer. The data is sent asynchronously and there is no report on the success of the send operation, other than the connection being closed or reset by the underlying OS." },
+			StartTLSClient = { Params = "OwnCert, OwnPrivateKey, OwnPrivateKeyPassword", Return = "", Notes = "Starts a TLS handshake on the link, as a client side of the TLS. The Own___ parameters specify the client certificate and its corresponding private key and password; all three parameters are optional and no client certificate is presented to the remote peer if they are not used or all empty. Once the TLS handshake is started by this call, all incoming data is first decrypted before being sent to the OnReceivedData callback, and all outgoing data is queued until the TLS handshake completes, and then sent encrypted over the link." },
 		},
 	},  -- cTCPLink
 
diff --git a/MCServer/Plugins/NetworkTest/Info.lua b/MCServer/Plugins/NetworkTest/Info.lua
index f366fd1be..c3c2ea8fc 100644
--- a/MCServer/Plugins/NetworkTest/Info.lua
+++ b/MCServer/Plugins/NetworkTest/Info.lua
@@ -84,6 +84,12 @@ g_PluginInfo =
 					},
 				},  -- lookup
 				
+				wasc =
+				{
+					HelpString = "Requests the webadmin homepage using https",
+					Handler = HandleConsoleNetWasc,
+				},  -- wasc
+				
 			},  -- Subcommands
 		},  -- net
 	},
diff --git a/MCServer/Plugins/NetworkTest/NetworkTest.lua b/MCServer/Plugins/NetworkTest/NetworkTest.lua
index 7932f4b88..21f89c7f9 100644
--- a/MCServer/Plugins/NetworkTest/NetworkTest.lua
+++ b/MCServer/Plugins/NetworkTest/NetworkTest.lua
@@ -252,3 +252,47 @@ end
 
 
 
+
+function HandleConsoleNetWasc(a_Split)
+	local Callbacks =
+	{
+		OnConnected = function (a_Link)
+			LOG("Connected to webadmin, starting TLS...")
+			local res, msg = a_Link:StartTLSClient("", "", "")
+			if not(res) then
+				LOG("Failed to start TLS client: " .. msg)
+				return
+			end
+			-- We need to send a keep-alive due to #1737
+			a_Link:Send("GET / HTTP/1.0\r\nHost: localhost\r\nConnection: keep-alive\r\n\r\n")
+		end,
+		
+		OnError = function (a_Link, a_ErrorCode, a_ErrorMsg)
+			LOG("Connection to webadmin failed: " .. a_ErrorCode .. " (" .. a_ErrorMsg .. ")")
+		end,
+		
+		OnReceivedData = function (a_Link, a_Data)
+			LOG("Received data from webadmin:\r\n" .. a_Data)
+			
+			-- Close the link once all the data is received:
+			if (a_Data == "0\r\n\r\n") then  -- Poor man's end-of-data detection; works on localhost
+				-- TODO: The Close() method is not yet exported to Lua
+				-- a_Link:Close()
+			end
+		end,
+		
+		OnRemoteClosed = function (a_Link)
+			LOG("Connection to webadmin was closed")
+		end,
+	}
+	
+	if not(cNetwork:Connect("localhost", "8080", Callbacks)) then
+		LOG("Canot connect to webadmin")
+	end
+	
+	return true
+end
+
+
+
+
-- 
cgit v1.2.3