diff --git a/src/comm/comm_server.cpp b/src/comm/comm_server.cpp index 36c90df3..5726dfaa 100644 --- a/src/comm/comm_server.cpp +++ b/src/comm/comm_server.cpp @@ -10,7 +10,8 @@ namespace comm { int comm_server::start( - const uint16_t port, const char *domain_socket_name, const SESSION_TYPE session_type, const bool is_binary, const bool use_size_header, + const uint16_t port, const char *domain_socket_name, const SESSION_TYPE session_type, + const bool is_binary, const bool use_size_header, const bool require_tls, const uint64_t (&metric_thresholds)[4], const std::set &req_known_remotes, const uint64_t max_msg_size) { int accept_fd = open_domain_socket(domain_socket_name); @@ -23,7 +24,7 @@ namespace comm inbound_message_processor_thread = std::thread(&comm_server::inbound_message_processor_loop, this, session_type); return start_websocketd_process(port, domain_socket_name, is_binary, - use_size_header, max_msg_size); + use_size_header, require_tls, max_msg_size); } return -1; @@ -258,8 +259,8 @@ namespace comm } int comm_server::start_websocketd_process( - const uint16_t port, const char *domain_socket_name, - const bool is_binary, const bool use_size_header, const uint64_t max_msg_size) + const uint16_t port, const char *domain_socket_name, const bool is_binary, + const bool use_size_header, const bool require_tls, const uint64_t max_msg_size) { // setup pipe for firewall int firewall_pipe[2]; // parent to child pipe @@ -313,13 +314,18 @@ namespace comm // Fill process args. args_vec.push_back(conf::ctx.websocketd_exe_path); + + if (require_tls) + { + args_vec.push_back("--ssl"); + args_vec.push_back("--sslcert"); + args_vec.push_back(conf::ctx.tls_cert_file); + args_vec.push_back("--sslkey"); + args_vec.push_back(conf::ctx.tls_key_file); + } + args_vec.push_back("--port"); args_vec.push_back(std::to_string(port)); - args_vec.push_back("--ssl"); - args_vec.push_back("--sslcert"); - args_vec.push_back(conf::ctx.tls_cert_file); - args_vec.push_back("--sslkey"); - args_vec.push_back(conf::ctx.tls_key_file); args_vec.push_back(is_binary ? "--binary=true" : "--binary=false"); args_vec.push_back(use_size_header ? "--sizeheader=true" : "--sizeheader=false"); args_vec.push_back(std::string("--maxframe=").append(max_msg_size_str)); diff --git a/src/comm/comm_server.hpp b/src/comm/comm_server.hpp index 59a81dca..ec5368ac 100644 --- a/src/comm/comm_server.hpp +++ b/src/comm/comm_server.hpp @@ -11,8 +11,8 @@ namespace comm class comm_server { pid_t websocketd_pid = 0; - int firewall_out = -1; // at some point we may want to listen for firewall_in but at the moment unimplemented - std::thread watchdog_thread; // Connection watcher thread. + int firewall_out = -1; // at some point we may want to listen for firewall_in but at the moment unimplemented + std::thread watchdog_thread; // Connection watcher thread. std::thread inbound_message_processor_thread; // Incoming message processor thread. bool should_stop_listening = false; @@ -32,8 +32,8 @@ namespace comm void inbound_message_processor_loop(const SESSION_TYPE session_type); int start_websocketd_process( - const uint16_t port, const char *domain_socket_name, - const bool is_binary, const bool use_size_header, const uint64_t max_msg_size); + const uint16_t port, const char *domain_socket_name, const bool is_binary, + const bool use_size_header, const bool require_tls, const uint64_t max_msg_size); int poll_fds(pollfd *pollfds, const int accept_fd, const std::unordered_map &sessions); @@ -52,7 +52,8 @@ namespace comm public: // Start accepting incoming connections int start( - const uint16_t port, const char *domain_socket_name, const SESSION_TYPE session_type, const bool is_binary, const bool use_size_header, + const uint16_t port, const char *domain_socket_name, const SESSION_TYPE session_type, + const bool is_binary, const bool use_size_header, const bool require_tls, const uint64_t (&metric_thresholds)[4], const std::set &req_known_remotes, const uint64_t max_msg_size); void stop(); void firewall_ban(std::string_view ip, const bool unban); diff --git a/src/conf.cpp b/src/conf.cpp index b1dbc8b1..03e841ba 100644 --- a/src/conf.cpp +++ b/src/conf.cpp @@ -90,6 +90,7 @@ namespace conf cfg.peerport = 22860; cfg.roundtime = 1000; cfg.pubport = 8080; + cfg.pubtls = true; #ifndef NDEBUG cfg.loglevel_type = conf::LOG_SEVERITY::DEBUG; @@ -275,6 +276,9 @@ namespace conf cfg.pubport = d["pubport"].as(); cfg.roundtime = d["roundtime"].as(); + if (d.contains("pubtls")) // For backwards compatibility. + cfg.pubtls = d["pubtls"].as(); + cfg.pubmaxsize = d["pubmaxsize"].as(); cfg.pubmaxcpm = d["pubmaxcpm"].as(); cfg.pubmaxbadmpm = d["pubmaxbadmpm"].as(); @@ -343,6 +347,7 @@ namespace conf d.insert_or_assign("pubport", cfg.pubport); d.insert_or_assign("roundtime", cfg.roundtime); + d.insert_or_assign("pubtls", cfg.pubtls); d.insert_or_assign("pubmaxsize", cfg.pubmaxsize); d.insert_or_assign("pubmaxcpm", cfg.pubmaxcpm); d.insert_or_assign("pubmaxbadmpm", cfg.pubmaxbadmpm); diff --git a/src/conf.hpp b/src/conf.hpp index 3c281fdd..52e0d2dc 100644 --- a/src/conf.hpp +++ b/src/conf.hpp @@ -40,15 +40,15 @@ namespace conf std::string websocat_exe_path; // Websocketd executable file path. std::string hpfs_exe_path; // hpfs executable file path. - std::string contract_dir; // Contract base directory full path - std::string hist_dir; // Contract ledger history dir full path - std::string state_dir; // Contract state maintenence path (hpfs path) - std::string state_rw_dir; // Contract executation read/write state path. - std::string log_dir; // Contract log dir full path - std::string config_dir; // Contract config dir full path - std::string config_file; // Full path to the contract config file - std::string tls_key_file; // Full path to the tls secret key file - std::string tls_cert_file; // Full path to the tls certificate + std::string contract_dir; // Contract base directory full path + std::string hist_dir; // Contract ledger history dir full path + std::string state_dir; // Contract state maintenence path (hpfs path) + std::string state_rw_dir; // Contract executation read/write state path. + std::string log_dir; // Contract log dir full path + std::string config_dir; // Contract config dir full path + std::string config_file; // Full path to the contract config file + std::string tls_key_file; // Full path to the tls secret key file + std::string tls_cert_file; // Full path to the tls certificate }; // Holds all the contract config values. @@ -56,27 +56,28 @@ namespace conf { // Config elements which are initialized in memory (these are not directly loaded from the config file) - std::string pubkey; // Contract public key bytes - std::string seckey; // Contract secret key bytes - std::vector runtime_binexec_args; // Contract binary execution args used during runtime. - std::vector runtime_appbill_args; // Appbill execution args used during runtime. + std::string pubkey; // Contract public key bytes + std::string seckey; // Contract secret key bytes + std::vector runtime_binexec_args; // Contract binary execution args used during runtime. + std::vector runtime_appbill_args; // Appbill execution args used during runtime. OPERATING_MODE current_mode = OPERATING_MODE::OBSERVER; // Current operating mode of the contract (Observer/Proposer) // Config elements which are loaded from the config file. OPERATING_MODE startup_mode = OPERATING_MODE::OBSERVER; // Configured startup operating mode of the contract (Observer/Proposer). - std::string pubkeyhex; // Contract hex public key - std::string seckeyhex; // Contract hex secret key - std::string binary; // Full path to the contract binary - std::string binargs; // CLI arguments to pass to the contract binary - std::string appbill; // binary to execute for appbill - std::string appbillargs; // any arguments to supply to appbill binary by default - std::set peers; // Set of peers keyed by ":" concatenated format - std::unordered_set unl; // Unique node list (list of binary public keys) - uint16_t peerport = 0; // Listening port for peer connections - uint16_t roundtime = 0; // Consensus round time in ms - uint16_t pubport = 0; // Listening port for public user connections + std::string pubkeyhex; // Contract hex public key + std::string seckeyhex; // Contract hex secret key + std::string binary; // Full path to the contract binary + std::string binargs; // CLI arguments to pass to the contract binary + std::string appbill; // binary to execute for appbill + std::string appbillargs; // any arguments to supply to appbill binary by default + std::set peers; // Set of peers keyed by ":" concatenated format + std::unordered_set unl; // Unique node list (list of binary public keys) + uint16_t peerport = 0; // Listening port for peer connections + uint16_t roundtime = 0; // Consensus round time in ms + uint16_t pubport = 0; // Listening port for public user connections + bool pubtls = true; // Whether user connections are secured with TLS. uint64_t pubmaxsize = 0; // User message max size in bytes uint64_t pubmaxcpm = 0; // User message rate (characters(bytes) per minute) uint64_t pubmaxbadmpm = 0; // User bad messages per minute @@ -90,7 +91,7 @@ namespace conf uint16_t peermaxcons = 0; // Max inbound peer connections std::string loglevel; // Log severity level (debug, info, warn, error) - LOG_SEVERITY loglevel_type; // Log severity level enum (debug, info, warn, error) + LOG_SEVERITY loglevel_type; // Log severity level enum (debug, info, warn, error) std::unordered_set loggers; // List of enabled loggers (console, file) }; diff --git a/src/p2p/p2p.cpp b/src/p2p/p2p.cpp index cb3a33f0..e7be4875 100644 --- a/src/p2p/p2p.cpp +++ b/src/p2p/p2p.cpp @@ -48,7 +48,8 @@ namespace p2p int start_peer_connections() { if (ctx.listener.start( - conf::cfg.peerport, ".sock-peer", comm::SESSION_TYPE::PEER, true, false, metric_thresholds, conf::cfg.peers, conf::cfg.peermaxsize) == -1) + conf::cfg.peerport, ".sock-peer", comm::SESSION_TYPE::PEER, + true, false, true, metric_thresholds, conf::cfg.peers, conf::cfg.peermaxsize) == -1) return -1; LOG_INFO << "Started listening for peer connections on " << std::to_string(conf::cfg.peerport); diff --git a/src/usr/usr.cpp b/src/usr/usr.cpp index 6ca980d9..6ac6dc2c 100644 --- a/src/usr/usr.cpp +++ b/src/usr/usr.cpp @@ -56,7 +56,8 @@ namespace usr int start_listening() { if (ctx.listener.start( - conf::cfg.pubport, ".sock-user", comm::SESSION_TYPE::USER, true, true, metric_thresholds, std::set(), conf::cfg.pubmaxsize) == -1) + conf::cfg.pubport, ".sock-user", comm::SESSION_TYPE::USER, + true, true, conf::cfg.pubtls, metric_thresholds, std::set(), conf::cfg.pubmaxsize) == -1) return -1; LOG_INFO << "Started listening for user connections on " << std::to_string(conf::cfg.pubport); @@ -108,7 +109,7 @@ namespace usr session.issued_challenge.clear(); // Remove the stored challenge LOG_DEBUG << "User connection " << session.uniqueid.substr(0, 10) << " authenticated. Public key " - << userpubkeyhex; + << userpubkeyhex; return 0; } else