mirror of
https://github.com/EvernodeXRPL/hpcore.git
synced 2026-04-29 15:37:59 +00:00
Added TLS on/off flag for user port.
This commit is contained in:
ravinsp
@@ -10,7 +10,8 @@ namespace comm
|
||||
{
|
||||
|
||||
int comm_server::start(
|
||||
const uint16_t port, const char *domain_socket_name, const SESSION_TYPE session_type, const bool is_binary, const bool use_size_header,
|
||||
const uint16_t port, const char *domain_socket_name, const SESSION_TYPE session_type,
|
||||
const bool is_binary, const bool use_size_header, const bool require_tls,
|
||||
const uint64_t (&metric_thresholds)[4], const std::set<conf::ip_port_pair> &req_known_remotes, const uint64_t max_msg_size)
|
||||
{
|
||||
int accept_fd = open_domain_socket(domain_socket_name);
|
||||
@@ -23,7 +24,7 @@ namespace comm
|
||||
inbound_message_processor_thread = std::thread(&comm_server::inbound_message_processor_loop, this, session_type);
|
||||
|
||||
return start_websocketd_process(port, domain_socket_name, is_binary,
|
||||
use_size_header, max_msg_size);
|
||||
use_size_header, require_tls, max_msg_size);
|
||||
}
|
||||
|
||||
return -1;
|
||||
@@ -258,8 +259,8 @@ namespace comm
|
||||
}
|
||||
|
||||
int comm_server::start_websocketd_process(
|
||||
const uint16_t port, const char *domain_socket_name,
|
||||
const bool is_binary, const bool use_size_header, const uint64_t max_msg_size)
|
||||
const uint16_t port, const char *domain_socket_name, const bool is_binary,
|
||||
const bool use_size_header, const bool require_tls, const uint64_t max_msg_size)
|
||||
{
|
||||
// setup pipe for firewall
|
||||
int firewall_pipe[2]; // parent to child pipe
|
||||
@@ -313,13 +314,18 @@ namespace comm
|
||||
|
||||
// Fill process args.
|
||||
args_vec.push_back(conf::ctx.websocketd_exe_path);
|
||||
|
||||
if (require_tls)
|
||||
{
|
||||
args_vec.push_back("--ssl");
|
||||
args_vec.push_back("--sslcert");
|
||||
args_vec.push_back(conf::ctx.tls_cert_file);
|
||||
args_vec.push_back("--sslkey");
|
||||
args_vec.push_back(conf::ctx.tls_key_file);
|
||||
}
|
||||
|
||||
args_vec.push_back("--port");
|
||||
args_vec.push_back(std::to_string(port));
|
||||
args_vec.push_back("--ssl");
|
||||
args_vec.push_back("--sslcert");
|
||||
args_vec.push_back(conf::ctx.tls_cert_file);
|
||||
args_vec.push_back("--sslkey");
|
||||
args_vec.push_back(conf::ctx.tls_key_file);
|
||||
args_vec.push_back(is_binary ? "--binary=true" : "--binary=false");
|
||||
args_vec.push_back(use_size_header ? "--sizeheader=true" : "--sizeheader=false");
|
||||
args_vec.push_back(std::string("--maxframe=").append(max_msg_size_str));
|
||||
|
||||
@@ -11,8 +11,8 @@ namespace comm
|
||||
class comm_server
|
||||
{
|
||||
pid_t websocketd_pid = 0;
|
||||
int firewall_out = -1; // at some point we may want to listen for firewall_in but at the moment unimplemented
|
||||
std::thread watchdog_thread; // Connection watcher thread.
|
||||
int firewall_out = -1; // at some point we may want to listen for firewall_in but at the moment unimplemented
|
||||
std::thread watchdog_thread; // Connection watcher thread.
|
||||
std::thread inbound_message_processor_thread; // Incoming message processor thread.
|
||||
bool should_stop_listening = false;
|
||||
|
||||
@@ -32,8 +32,8 @@ namespace comm
|
||||
void inbound_message_processor_loop(const SESSION_TYPE session_type);
|
||||
|
||||
int start_websocketd_process(
|
||||
const uint16_t port, const char *domain_socket_name,
|
||||
const bool is_binary, const bool use_size_header, const uint64_t max_msg_size);
|
||||
const uint16_t port, const char *domain_socket_name, const bool is_binary,
|
||||
const bool use_size_header, const bool require_tls, const uint64_t max_msg_size);
|
||||
|
||||
int poll_fds(pollfd *pollfds, const int accept_fd, const std::unordered_map<int, comm_session> &sessions);
|
||||
|
||||
@@ -52,7 +52,8 @@ namespace comm
|
||||
public:
|
||||
// Start accepting incoming connections
|
||||
int start(
|
||||
const uint16_t port, const char *domain_socket_name, const SESSION_TYPE session_type, const bool is_binary, const bool use_size_header,
|
||||
const uint16_t port, const char *domain_socket_name, const SESSION_TYPE session_type,
|
||||
const bool is_binary, const bool use_size_header, const bool require_tls,
|
||||
const uint64_t (&metric_thresholds)[4], const std::set<conf::ip_port_pair> &req_known_remotes, const uint64_t max_msg_size);
|
||||
void stop();
|
||||
void firewall_ban(std::string_view ip, const bool unban);
|
||||
|
||||
@@ -90,6 +90,7 @@ namespace conf
|
||||
cfg.peerport = 22860;
|
||||
cfg.roundtime = 1000;
|
||||
cfg.pubport = 8080;
|
||||
cfg.pubtls = true;
|
||||
|
||||
#ifndef NDEBUG
|
||||
cfg.loglevel_type = conf::LOG_SEVERITY::DEBUG;
|
||||
@@ -275,6 +276,9 @@ namespace conf
|
||||
cfg.pubport = d["pubport"].as<int>();
|
||||
cfg.roundtime = d["roundtime"].as<int>();
|
||||
|
||||
if (d.contains("pubtls")) // For backwards compatibility.
|
||||
cfg.pubtls = d["pubtls"].as<bool>();
|
||||
|
||||
cfg.pubmaxsize = d["pubmaxsize"].as<uint64_t>();
|
||||
cfg.pubmaxcpm = d["pubmaxcpm"].as<uint64_t>();
|
||||
cfg.pubmaxbadmpm = d["pubmaxbadmpm"].as<uint64_t>();
|
||||
@@ -343,6 +347,7 @@ namespace conf
|
||||
d.insert_or_assign("pubport", cfg.pubport);
|
||||
d.insert_or_assign("roundtime", cfg.roundtime);
|
||||
|
||||
d.insert_or_assign("pubtls", cfg.pubtls);
|
||||
d.insert_or_assign("pubmaxsize", cfg.pubmaxsize);
|
||||
d.insert_or_assign("pubmaxcpm", cfg.pubmaxcpm);
|
||||
d.insert_or_assign("pubmaxbadmpm", cfg.pubmaxbadmpm);
|
||||
|
||||
51
src/conf.hpp
51
src/conf.hpp
@@ -40,15 +40,15 @@ namespace conf
|
||||
std::string websocat_exe_path; // Websocketd executable file path.
|
||||
std::string hpfs_exe_path; // hpfs executable file path.
|
||||
|
||||
std::string contract_dir; // Contract base directory full path
|
||||
std::string hist_dir; // Contract ledger history dir full path
|
||||
std::string state_dir; // Contract state maintenence path (hpfs path)
|
||||
std::string state_rw_dir; // Contract executation read/write state path.
|
||||
std::string log_dir; // Contract log dir full path
|
||||
std::string config_dir; // Contract config dir full path
|
||||
std::string config_file; // Full path to the contract config file
|
||||
std::string tls_key_file; // Full path to the tls secret key file
|
||||
std::string tls_cert_file; // Full path to the tls certificate
|
||||
std::string contract_dir; // Contract base directory full path
|
||||
std::string hist_dir; // Contract ledger history dir full path
|
||||
std::string state_dir; // Contract state maintenence path (hpfs path)
|
||||
std::string state_rw_dir; // Contract executation read/write state path.
|
||||
std::string log_dir; // Contract log dir full path
|
||||
std::string config_dir; // Contract config dir full path
|
||||
std::string config_file; // Full path to the contract config file
|
||||
std::string tls_key_file; // Full path to the tls secret key file
|
||||
std::string tls_cert_file; // Full path to the tls certificate
|
||||
};
|
||||
|
||||
// Holds all the contract config values.
|
||||
@@ -56,27 +56,28 @@ namespace conf
|
||||
{
|
||||
// Config elements which are initialized in memory (these are not directly loaded from the config file)
|
||||
|
||||
std::string pubkey; // Contract public key bytes
|
||||
std::string seckey; // Contract secret key bytes
|
||||
std::vector<std::string> runtime_binexec_args; // Contract binary execution args used during runtime.
|
||||
std::vector<std::string> runtime_appbill_args; // Appbill execution args used during runtime.
|
||||
std::string pubkey; // Contract public key bytes
|
||||
std::string seckey; // Contract secret key bytes
|
||||
std::vector<std::string> runtime_binexec_args; // Contract binary execution args used during runtime.
|
||||
std::vector<std::string> runtime_appbill_args; // Appbill execution args used during runtime.
|
||||
OPERATING_MODE current_mode = OPERATING_MODE::OBSERVER; // Current operating mode of the contract (Observer/Proposer)
|
||||
|
||||
// Config elements which are loaded from the config file.
|
||||
|
||||
OPERATING_MODE startup_mode = OPERATING_MODE::OBSERVER; // Configured startup operating mode of the contract (Observer/Proposer).
|
||||
std::string pubkeyhex; // Contract hex public key
|
||||
std::string seckeyhex; // Contract hex secret key
|
||||
std::string binary; // Full path to the contract binary
|
||||
std::string binargs; // CLI arguments to pass to the contract binary
|
||||
std::string appbill; // binary to execute for appbill
|
||||
std::string appbillargs; // any arguments to supply to appbill binary by default
|
||||
std::set<ip_port_pair> peers; // Set of peers keyed by "<ip address>:<port>" concatenated format
|
||||
std::unordered_set<std::string> unl; // Unique node list (list of binary public keys)
|
||||
uint16_t peerport = 0; // Listening port for peer connections
|
||||
uint16_t roundtime = 0; // Consensus round time in ms
|
||||
uint16_t pubport = 0; // Listening port for public user connections
|
||||
std::string pubkeyhex; // Contract hex public key
|
||||
std::string seckeyhex; // Contract hex secret key
|
||||
std::string binary; // Full path to the contract binary
|
||||
std::string binargs; // CLI arguments to pass to the contract binary
|
||||
std::string appbill; // binary to execute for appbill
|
||||
std::string appbillargs; // any arguments to supply to appbill binary by default
|
||||
std::set<ip_port_pair> peers; // Set of peers keyed by "<ip address>:<port>" concatenated format
|
||||
std::unordered_set<std::string> unl; // Unique node list (list of binary public keys)
|
||||
uint16_t peerport = 0; // Listening port for peer connections
|
||||
uint16_t roundtime = 0; // Consensus round time in ms
|
||||
uint16_t pubport = 0; // Listening port for public user connections
|
||||
|
||||
bool pubtls = true; // Whether user connections are secured with TLS.
|
||||
uint64_t pubmaxsize = 0; // User message max size in bytes
|
||||
uint64_t pubmaxcpm = 0; // User message rate (characters(bytes) per minute)
|
||||
uint64_t pubmaxbadmpm = 0; // User bad messages per minute
|
||||
@@ -90,7 +91,7 @@ namespace conf
|
||||
uint16_t peermaxcons = 0; // Max inbound peer connections
|
||||
|
||||
std::string loglevel; // Log severity level (debug, info, warn, error)
|
||||
LOG_SEVERITY loglevel_type; // Log severity level enum (debug, info, warn, error)
|
||||
LOG_SEVERITY loglevel_type; // Log severity level enum (debug, info, warn, error)
|
||||
std::unordered_set<std::string> loggers; // List of enabled loggers (console, file)
|
||||
};
|
||||
|
||||
|
||||
@@ -48,7 +48,8 @@ namespace p2p
|
||||
int start_peer_connections()
|
||||
{
|
||||
if (ctx.listener.start(
|
||||
conf::cfg.peerport, ".sock-peer", comm::SESSION_TYPE::PEER, true, false, metric_thresholds, conf::cfg.peers, conf::cfg.peermaxsize) == -1)
|
||||
conf::cfg.peerport, ".sock-peer", comm::SESSION_TYPE::PEER,
|
||||
true, false, true, metric_thresholds, conf::cfg.peers, conf::cfg.peermaxsize) == -1)
|
||||
return -1;
|
||||
|
||||
LOG_INFO << "Started listening for peer connections on " << std::to_string(conf::cfg.peerport);
|
||||
|
||||
@@ -56,7 +56,8 @@ namespace usr
|
||||
int start_listening()
|
||||
{
|
||||
if (ctx.listener.start(
|
||||
conf::cfg.pubport, ".sock-user", comm::SESSION_TYPE::USER, true, true, metric_thresholds, std::set<conf::ip_port_pair>(), conf::cfg.pubmaxsize) == -1)
|
||||
conf::cfg.pubport, ".sock-user", comm::SESSION_TYPE::USER,
|
||||
true, true, conf::cfg.pubtls, metric_thresholds, std::set<conf::ip_port_pair>(), conf::cfg.pubmaxsize) == -1)
|
||||
return -1;
|
||||
|
||||
LOG_INFO << "Started listening for user connections on " << std::to_string(conf::cfg.pubport);
|
||||
@@ -108,7 +109,7 @@ namespace usr
|
||||
session.issued_challenge.clear(); // Remove the stored challenge
|
||||
|
||||
LOG_DEBUG << "User connection " << session.uniqueid.substr(0, 10) << " authenticated. Public key "
|
||||
<< userpubkeyhex;
|
||||
<< userpubkeyhex;
|
||||
return 0;
|
||||
}
|
||||
else
|
||||
|
||||
Reference in New Issue
Block a user