Optional TLS client-server comms

Still primitive in that key and cert must be added in a subdirectory 'ssl'; self-signed is fine, so easy if openssl is available. But this must be wrapped up for users before it can be a default (it is not the default for now). Could be hard on e.g. Windows.
9 years ago · 5d3fbe9a74
3 changed files with 29 additions and 7 deletions
--- a/jmclient/jmclient/client_protocol.py
+++ b/jmclient/jmclient/client_protocol.py
@ -1,7 +1,7 @@
 #! /usr/bin/env python
 from __future__ import print_function
 from twisted.python.log import startLogging, err
-from twisted.internet import protocol, reactor
+from twisted.internet import protocol, reactor, ssl
 from twisted.internet.task import LoopingCall
 from twisted.internet.error import (ConnectionLost, ConnectionAborted,
                                    ConnectionClosed, ConnectionDone)
@ -9,6 +9,7 @@ from twisted.python import failure
 from twisted.protocols import amp
 from twisted.internet.protocol import ClientFactory
 from twisted.internet.endpoints import TCP4ClientEndpoint
 from twisted.internet.ssl import ClientContextFactory
 from jmbase import commands
 from sys import stdout
@ -248,6 +249,7 @@ class JMTakerClientProtocolFactory(protocol.ClientFactory):
 def start_reactor(host, port, factory, ish=True, daemon=False): #pragma: no cover
    #(Cannot start the reactor in tests)
    usessl = True if jm_single().config.get("DAEMON", "use_ssl") != 'false' else False
    if daemon:
        try:
            from jmdaemon import JMDaemonServerProtocolFactory
@ -258,7 +260,16 @@ def start_reactor(host, port, factory, ish=True, daemon=False): #pragma: no cove
                       "section of the config. Quitting.")
            return
        dfactory = JMDaemonServerProtocolFactory()
-        reactor.listenTCP(port, dfactory)
+        if usessl:
            reactor.listenSSL(port, dfactory,
                          ssl.DefaultOpenSSLContextFactory(
                              "./ssl/key.pem", "./ssl/cert.pem"))
        else:
            reactor.listenTCP(port, dfactory)
-    reactor.connectTCP(host, port, factory)
+    if usessl:
        ctx = ClientContextFactory()
        reactor.connectSSL(host, port, factory, ctx)
    else:
        reactor.connectTCP(host, port, factory)
    reactor.run(installSignalHandlers=ish)
--- a/jmclient/jmclient/configure.py
+++ b/jmclient/jmclient/configure.py
@ -99,6 +99,9 @@ daemon_port = 27183
 #currently, running the daemon on a remote host is
 #*NOT* supported, so don't change this variable
 daemon_host = localhost
 #by default the client-daemon connection is plaintext, set to 'true' to use TLS;
 #for this, you need to have a valid (self-signed) certificate installed
 use_ssl = false
 [BLOCKCHAIN]
 blockchain_source = blockr
--- a/scripts/joinmarketd.py
+++ b/scripts/joinmarketd.py
@ -1,9 +1,9 @@
 import sys
-from twisted.internet import reactor
+from twisted.internet import reactor, ssl
 from twisted.python.log import startLogging, err
 import jmdaemon
-def startup_joinmarketd(port, finalizer=None, finalizer_args=None):
+def startup_joinmarketd(port, usessl, finalizer=None, finalizer_args=None):
    """Start event loop for joinmarket daemon here.
    Args:
    port : port over which to serve the daemon
@ -12,7 +12,11 @@ def startup_joinmarketd(port, finalizer=None, finalizer_args=None):
    """
    startLogging(sys.stdout)
    factory = jmdaemon.JMDaemonServerProtocolFactory()
-    reactor.listenTCP(port, factory)
+    if usessl:
        reactor.listenSSL(port, factory, ssl.DefaultOpenSSLContextFactory(
                                  "./ssl/key.pem", "./ssl/cert.pem"))
    else:
        reactor.listenTCP(port, factory)
    if finalizer:
        reactor.addSystemEventTrigger("after", "shutdown", finalizer,
                                      finalizer_args)
@ -24,4 +28,8 @@ if __name__ == "__main__":
        port = 27183
    else:
        port = int(sys.argv[1])
-    startup_joinmarketd(port)
+    usessl = False
    if len(sys.argv) > 2:
        if int(sys.argv[2]) != 0:
            usessl = True
    startup_joinmarketd(port, usessl)