From 272c232efb645c9f7d75556aeb047e13b244c9ed Mon Sep 17 00:00:00 2001 From: madmaxoft Date: Thu, 1 May 2014 11:48:03 +0200 Subject: Implemented SSL connection for WebAdmin. Fixes FS-319. --- src/HTTPServer/HTTPServer.cpp | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) (limited to 'src/HTTPServer/HTTPServer.cpp') diff --git a/src/HTTPServer/HTTPServer.cpp b/src/HTTPServer/HTTPServer.cpp index eaf8405a3..9e3e0a17b 100644 --- a/src/HTTPServer/HTTPServer.cpp +++ b/src/HTTPServer/HTTPServer.cpp @@ -8,6 +8,7 @@ #include "HTTPMessage.h" #include "HTTPConnection.h" #include "HTTPFormParser.h" +#include "SslHTTPConnection.h" @@ -123,8 +124,30 @@ class cDebugCallbacks : cHTTPServer::cHTTPServer(void) : m_ListenThreadIPv4(*this, cSocket::IPv4, "WebServer IPv4"), m_ListenThreadIPv6(*this, cSocket::IPv6, "WebServer IPv6"), - m_Callbacks(NULL) + m_Callbacks(NULL), + m_Cert(new cX509Cert), + m_CertPrivKey(new cPublicKey) { + AString CertFile = cFile::ReadWholeFile("webadmin/httpscert.crt"); + AString KeyFile = cFile::ReadWholeFile("webadmin/httpskey.pem"); + if (!CertFile.empty() && !KeyFile.empty()) + { + int res = m_Cert->Parse(CertFile.data(), CertFile.size()); + if (res == 0) + { + int res2 = m_CertPrivKey->ParsePrivate(KeyFile.data(), KeyFile.size(), ""); + if (res2 != 0) + { + // Reading the private key failed, reset the cert: + LOGWARNING("WebAdmin: Cannot read HTTPS certificate private key: -0x%x", -res2); + m_Cert.reset(); + } + } + else + { + LOGWARNING("WebAdmin: Cannot read HTTPS certificate: -0x%x", -res); + } + } } @@ -195,7 +218,15 @@ void cHTTPServer::Stop(void) void cHTTPServer::OnConnectionAccepted(cSocket & a_Socket) { - cHTTPConnection * Connection = new cHTTPConnection(*this); + cHTTPConnection * Connection; + if (m_Cert.get() != NULL) + { + Connection = new cSslHTTPConnection(*this, m_Cert, m_CertPrivKey); + } + else + { + Connection = new cHTTPConnection(*this); + } m_SocketThreads.AddClient(a_Socket, Connection); cCSLock Lock(m_CSConnections); m_Connections.push_back(Connection); -- cgit v1.2.3 From 1587b21edded56dbfb88150500336c2853b460c6 Mon Sep 17 00:00:00 2001 From: madmaxoft Date: Thu, 1 May 2014 15:21:41 +0200 Subject: Renamed cPublicKey to cCryptoKey. The class can hold both the private key and the public key, bad naming on PolarSSL's part. Also somewhat fixed the cert and key loading in cHTTPServer. --- src/HTTPServer/HTTPServer.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/HTTPServer/HTTPServer.cpp') diff --git a/src/HTTPServer/HTTPServer.cpp b/src/HTTPServer/HTTPServer.cpp index 9e3e0a17b..c45044c66 100644 --- a/src/HTTPServer/HTTPServer.cpp +++ b/src/HTTPServer/HTTPServer.cpp @@ -124,17 +124,17 @@ class cDebugCallbacks : cHTTPServer::cHTTPServer(void) : m_ListenThreadIPv4(*this, cSocket::IPv4, "WebServer IPv4"), m_ListenThreadIPv6(*this, cSocket::IPv6, "WebServer IPv6"), - m_Callbacks(NULL), - m_Cert(new cX509Cert), - m_CertPrivKey(new cPublicKey) + m_Callbacks(NULL) { AString CertFile = cFile::ReadWholeFile("webadmin/httpscert.crt"); AString KeyFile = cFile::ReadWholeFile("webadmin/httpskey.pem"); if (!CertFile.empty() && !KeyFile.empty()) { + m_Cert.reset(new cX509Cert); int res = m_Cert->Parse(CertFile.data(), CertFile.size()); if (res == 0) { + m_CertPrivKey.reset(new cCryptoKey); int res2 = m_CertPrivKey->ParsePrivate(KeyFile.data(), KeyFile.size(), ""); if (res2 != 0) { -- cgit v1.2.3 From 3942ebdcb6e62d8b2fb85fad9144a993a78477a6 Mon Sep 17 00:00:00 2001 From: madmaxoft Date: Fri, 2 May 2014 23:46:06 +0200 Subject: WebAdmin outputs a log message about HTTP / HTTPS status. --- src/HTTPServer/HTTPServer.cpp | 49 +++++++++++++++++++++++++++---------------- 1 file changed, 31 insertions(+), 18 deletions(-) (limited to 'src/HTTPServer/HTTPServer.cpp') diff --git a/src/HTTPServer/HTTPServer.cpp b/src/HTTPServer/HTTPServer.cpp index c45044c66..b78a538a2 100644 --- a/src/HTTPServer/HTTPServer.cpp +++ b/src/HTTPServer/HTTPServer.cpp @@ -126,6 +126,24 @@ cHTTPServer::cHTTPServer(void) : m_ListenThreadIPv6(*this, cSocket::IPv6, "WebServer IPv6"), m_Callbacks(NULL) { +} + + + + + +cHTTPServer::~cHTTPServer() +{ + Stop(); +} + + + + + +bool cHTTPServer::Initialize(const AString & a_PortsIPv4, const AString & a_PortsIPv6) +{ + // Read the HTTPS cert + key: AString CertFile = cFile::ReadWholeFile("webadmin/httpscert.crt"); AString KeyFile = cFile::ReadWholeFile("webadmin/httpskey.pem"); if (!CertFile.empty() && !KeyFile.empty()) @@ -139,32 +157,27 @@ cHTTPServer::cHTTPServer(void) : if (res2 != 0) { // Reading the private key failed, reset the cert: - LOGWARNING("WebAdmin: Cannot read HTTPS certificate private key: -0x%x", -res2); + LOGWARNING("WebServer: Cannot read HTTPS certificate private key: -0x%x", -res2); m_Cert.reset(); } } else { - LOGWARNING("WebAdmin: Cannot read HTTPS certificate: -0x%x", -res); + LOGWARNING("WebServer: Cannot read HTTPS certificate: -0x%x", -res); } } -} - - - - -cHTTPServer::~cHTTPServer() -{ - Stop(); -} - - - - - -bool cHTTPServer::Initialize(const AString & a_PortsIPv4, const AString & a_PortsIPv6) -{ + // Notify the admin about the HTTPS / HTTP status + if (m_Cert.get() == NULL) + { + LOGWARNING("WebServer: The server is running in unsecure HTTP mode."); + } + else + { + LOGINFO("WebServer: The server is running in secure HTTPS mode."); + } + + // Open up requested ports: bool HasAnyPort; HasAnyPort = m_ListenThreadIPv4.Initialize(a_PortsIPv4); HasAnyPort = m_ListenThreadIPv6.Initialize(a_PortsIPv6) || HasAnyPort; -- cgit v1.2.3 From ac1c3ba5d9ee407110700e2c5e9ce1d87e191e29 Mon Sep 17 00:00:00 2001 From: madmaxoft Date: Tue, 6 May 2014 21:43:31 +0200 Subject: Fixed an extra space. --- src/HTTPServer/HTTPServer.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/HTTPServer/HTTPServer.cpp') diff --git a/src/HTTPServer/HTTPServer.cpp b/src/HTTPServer/HTTPServer.cpp index b78a538a2..d288c83c9 100644 --- a/src/HTTPServer/HTTPServer.cpp +++ b/src/HTTPServer/HTTPServer.cpp @@ -150,7 +150,7 @@ bool cHTTPServer::Initialize(const AString & a_PortsIPv4, const AString & a_Port { m_Cert.reset(new cX509Cert); int res = m_Cert->Parse(CertFile.data(), CertFile.size()); - if (res == 0) + if (res == 0) { m_CertPrivKey.reset(new cCryptoKey); int res2 = m_CertPrivKey->ParsePrivate(KeyFile.data(), KeyFile.size(), ""); -- cgit v1.2.3