From 12876290e4cd07b22140e602a5bf1adc7ad720ec Mon Sep 17 00:00:00 2001
From: Martin Boehm <martin.boehm@1mbsoftware.net>
Date: Wed, 7 Feb 2018 20:42:25 +0100
Subject: [PATCH] Enable SSL support for http and socket.io servers

---
 blockbook.go            |  6 ++++--
 server/https.go         | 24 +++++++++++++++---------
 server/socketio.go      | 37 ++++++++++++++++++++++---------------
 server/static/test.html |  2 +-
 server/testcert.crt     | 17 +++++++++++++++++
 server/testcert.key     |  9 +++++++++
 6 files changed, 68 insertions(+), 27 deletions(-)
 create mode 100644 server/testcert.crt
 create mode 100644 server/testcert.key

diff --git a/blockbook.go b/blockbook.go
index ad7958db..02e79ff3 100644
--- a/blockbook.go
+++ b/blockbook.go
@@ -58,6 +58,8 @@ var (
 
 	socketIoBinding = flag.String("socketio", "", "socketio server binding [address]:port[/path], if missing no socketio server")
 
+	certFiles = flag.String("certfile", "", "to enable SSL specify path to certificate files without extension, expecting <certfile>.crt and <certfile>.key, default no SSL")
+
 	zeroMQBinding = flag.String("zeromq", "", "binding to zeromq, if missing no zeromq connection")
 )
 
@@ -138,7 +140,7 @@ func main() {
 
 	var httpServer *server.HTTPServer
 	if *httpServerBinding != "" {
-		httpServer, err = server.NewHTTPServer(*httpServerBinding, index, mempool)
+		httpServer, err = server.NewHTTPServer(*httpServerBinding, *certFiles, index, mempool)
 		if err != nil {
 			glog.Fatal("https: ", err)
 		}
@@ -156,7 +158,7 @@ func main() {
 
 	var socketIoServer *server.SocketIoServer
 	if *socketIoBinding != "" {
-		socketIoServer, err = server.NewSocketIoServer(*socketIoBinding, index, mempool, chain)
+		socketIoServer, err = server.NewSocketIoServer(*socketIoBinding, *certFiles, index, mempool, chain)
 		if err != nil {
 			glog.Fatal("socketio: ", err)
 		}
diff --git a/server/https.go b/server/https.go
index d01dddb5..90d43510 100644
--- a/server/https.go
+++ b/server/https.go
@@ -18,20 +18,22 @@ import (
 
 // HTTPServer is handle to HttpServer
 type HTTPServer struct {
-	https   *http.Server
-	db      *db.RocksDB
-	mempool *bchain.Mempool
+	https     *http.Server
+	certFiles string
+	db        *db.RocksDB
+	mempool   *bchain.Mempool
 }
 
 // NewHTTPServer creates new REST interface to blockbook and returns its handle
-func NewHTTPServer(httpServerBinding string, db *db.RocksDB, mempool *bchain.Mempool) (*HTTPServer, error) {
+func NewHTTPServer(httpServerBinding string, certFiles string, db *db.RocksDB, mempool *bchain.Mempool) (*HTTPServer, error) {
 	https := &http.Server{
 		Addr: httpServerBinding,
 	}
 	s := &HTTPServer{
-		https:   https,
-		db:      db,
-		mempool: mempool,
+		https:     https,
+		certFiles: certFiles,
+		db:        db,
+		mempool:   mempool,
 	}
 
 	r := mux.NewRouter()
@@ -54,8 +56,12 @@ func NewHTTPServer(httpServerBinding string, db *db.RocksDB, mempool *bchain.Mem
 
 // Run starts the server
 func (s *HTTPServer) Run() error {
-	glog.Infof("http server starting to listen on %s", s.https.Addr)
-	return s.https.ListenAndServe()
+	if s.certFiles == "" {
+		glog.Info("http server starting to listen on http://", s.https.Addr)
+		return s.https.ListenAndServe()
+	}
+	glog.Info("http server starting to listen on https://", s.https.Addr)
+	return s.https.ListenAndServeTLS(fmt.Sprint(s.certFiles, ".crt"), fmt.Sprint(s.certFiles, ".key"))
 }
 
 // Close closes the server
diff --git a/server/socketio.go b/server/socketio.go
index b9be0957..4d5bcb68 100644
--- a/server/socketio.go
+++ b/server/socketio.go
@@ -6,6 +6,7 @@ import (
 	"context"
 	"encoding/json"
 	"errors"
+	"fmt"
 	"net/http"
 	"strings"
 
@@ -16,16 +17,17 @@ import (
 
 // SocketIoServer is handle to SocketIoServer
 type SocketIoServer struct {
-	binding string
-	server  *gosocketio.Server
-	https   *http.Server
-	db      *db.RocksDB
-	mempool *bchain.Mempool
-	chain   *bchain.BitcoinRPC
+	binding   string
+	certFiles string
+	server    *gosocketio.Server
+	https     *http.Server
+	db        *db.RocksDB
+	mempool   *bchain.Mempool
+	chain     *bchain.BitcoinRPC
 }
 
 // NewSocketIoServer creates new SocketIo interface to blockbook and returns its handle
-func NewSocketIoServer(binding string, db *db.RocksDB, mempool *bchain.Mempool, chain *bchain.BitcoinRPC) (*SocketIoServer, error) {
+func NewSocketIoServer(binding string, certFiles string, db *db.RocksDB, mempool *bchain.Mempool, chain *bchain.BitcoinRPC) (*SocketIoServer, error) {
 	server := gosocketio.NewServer(transport.GetDefaultWebsocketTransport())
 
 	server.On(gosocketio.OnConnection, func(c *gosocketio.Channel) {
@@ -54,12 +56,13 @@ func NewSocketIoServer(binding string, db *db.RocksDB, mempool *bchain.Mempool,
 	}
 
 	s := &SocketIoServer{
-		binding: binding,
-		https:   https,
-		server:  server,
-		db:      db,
-		mempool: mempool,
-		chain:   chain,
+		binding:   binding,
+		certFiles: certFiles,
+		https:     https,
+		server:    server,
+		db:        db,
+		mempool:   mempool,
+		chain:     chain,
 	}
 
 	server.On("message", s.onMessage)
@@ -78,8 +81,12 @@ func splitBinding(binding string) (addr string, path string) {
 
 // Run starts the server
 func (s *SocketIoServer) Run() error {
-	glog.Info("socketio server starting to listen on ", s.https.Addr)
-	return s.https.ListenAndServe()
+	if s.certFiles == "" {
+		glog.Info("socketio server starting to listen on ws://", s.https.Addr)
+		return s.https.ListenAndServe()
+	}
+	glog.Info("socketio server starting to listen on wss://", s.https.Addr)
+	return s.https.ListenAndServeTLS(fmt.Sprint(s.certFiles, ".crt"), fmt.Sprint(s.certFiles, ".key"))
 }
 
 // Close closes the server
diff --git a/server/static/test.html b/server/static/test.html
index 5eee039a..4c522374 100644
--- a/server/static/test.html
+++ b/server/static/test.html
@@ -94,7 +94,7 @@
                 <input class="btn btn-secondary" type="button" value="Login" onclick="connect(document.getElementById('serverAddress').value)">
             </div>
             <div class="col-8">
-                <input type="text" class="form-control" id="serverAddress" value="ws://127.0.0.1:8334">
+                <input type="text" class="form-control" id="serverAddress" value="wss://localhost:8334">
             </div>
             <div class="col form-inline">
                 <label id="connectionStatus">not connected</label>
diff --git a/server/testcert.crt b/server/testcert.crt
new file mode 100644
index 00000000..6d5d6094
--- /dev/null
+++ b/server/testcert.crt
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrDCCAjOgAwIBAgIJAL/nDSohF7h4MAkGByqGSM49BAEwXDELMAkGA1UEBhMC
+Q1oxEzARBgNVBAgTClNvbWUtU3RhdGUxDjAMBgNVBAcTBVByYWhhMRQwEgYDVQQK
+EwtTYXRvc2hpTGFiczESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTE4MDIwNzE4NTM1
+MVoXDTI4MDIwNTE4NTM1MVowXDELMAkGA1UEBhMCQ1oxEzARBgNVBAgTClNvbWUt
+U3RhdGUxDjAMBgNVBAcTBVByYWhhMRQwEgYDVQQKEwtTYXRvc2hpTGFiczESMBAG
+A1UEAxMJbG9jYWxob3N0MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAELgxANtLbJkl1
+HGGD1xTMD74Qh+iCh8wiGzxHgeQoHJm/9tahNpfhL3HY+xenJHL+yBzkXfXiFXY0
+TGTDCtr8TXkWRipfal5YCx1YqbdE9w1LqfGKhKuHyqq6Lbb08ZTNo4HBMIG+MB0G
+A1UdDgQWBBT1BiPFYLxpjt9sSbnsiERVVJEuNjCBjgYDVR0jBIGGMIGDgBT1BiPF
+YLxpjt9sSbnsiERVVJEuNqFgpF4wXDELMAkGA1UEBhMCQ1oxEzARBgNVBAgTClNv
+bWUtU3RhdGUxDjAMBgNVBAcTBVByYWhhMRQwEgYDVQQKEwtTYXRvc2hpTGFiczES
+MBAGA1UEAxMJbG9jYWxob3N0ggkAv+cNKiEXuHgwDAYDVR0TBAUwAwEB/zAJBgcq
+hkjOPQQBA2gAMGUCMDib2wFH65i/z7rn9siM/NCyfvZ7h1A3VTfzHNwZgFxelIS5
+T6XOOGIK6Z28PRMgsgIxAPFW9ZpWk/OA9rGxX//WGKIGQsUUmMqsCYUcnN/OJ7+e
+v5T3DRlYynQo6ho1qUjJEg==
+-----END CERTIFICATE-----
diff --git a/server/testcert.key b/server/testcert.key
new file mode 100644
index 00000000..2f193b3e
--- /dev/null
+++ b/server/testcert.key
@@ -0,0 +1,9 @@
+-----BEGIN EC PARAMETERS-----
+BgUrgQQAIg==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDB8MjtZTlPsQbZZGEpTBoW9aOZd+OwFbss6/yOEyKs6gRGrEr98l3CI
+ELOByDQJP+6gBwYFK4EEACKhZANiAAQuDEA20tsmSXUcYYPXFMwPvhCH6IKHzCIb
+PEeB5Cgcmb/21qE2l+Evcdj7F6ckcv7IHORd9eIVdjRMZMMK2vxNeRZGKl9qXlgL
+HVipt0T3DUup8YqEq4fKqrottvTxlM0=
+-----END EC PRIVATE KEY-----