Add SSL capabilities to TCP socket library.

author Christian Heller <c.heller@plomlompom.de>

Mon, 2 Nov 2020 02:50:13 +0000 (03:50 +0100)

committer Christian Heller <c.heller@plomlompom.de>

Mon, 2 Nov 2020 02:50:13 +0000 (03:50 +0100)
author Christian Heller <c.heller@plomlompom.de>
Mon, 2 Nov 2020 02:50:13 +0000 (03:50 +0100)
committer Christian Heller <c.heller@plomlompom.de>
Mon, 2 Nov 2020 02:50:13 +0000 (03:50 +0100)
diff --git a/new2/plomrogue/io_tcp.py b/new2/plomrogue/io_tcp.py

index 45bf4471dcce8be7b6c5cdca45b067afebd7313a..78e43f539df4aea810a15c3abe61366d807c4993 100644 (file)
--- a/new2/plomrogue/io_tcp.py
+++ b/new2/plomrogue/io_tcp.py
@@ -100,8 +100,27 @@ class PlomSocket:
  
  
  
+class PlomSocketSSL(PlomSocket):
+
+    def __init__(self, *args, server_side=False, **kwargs):
+        import ssl
+        print('DEBUG', args, kwargs)
+        super().__init__(*args, **kwargs)
+        if server_side:
+            self.socket = ssl.wrap_socket(self.socket, server_side=True,
+                                          certfile="server.pem",
+                                          keyfile="key.pem")
+        else:
+            self.socket = ssl.wrap_socket(self.socket)
+
+
+
  class IO_Handler(socketserver.BaseRequestHandler):
  
+    def __init__(self, *args, socket_class=PlomSocket, **kwargs):
+        self.socket_class = socket_class
+        super().__init__(*args, **kwargs)
+
      def handle(self):
          """Move messages between network socket and game IO loop via queues.
  
@@ -130,7 +149,10 @@ class IO_Handler(socketserver.BaseRequestHandler):
          import uuid
          import queue
          import threading
-        plom_socket = PlomSocket(self.request)
+        if self.socket_class == PlomSocketSSL:
+            plom_socket = self.socket_class(self.request, server_side=True)
+        else:
+            plom_socket = self.socket_class(self.request)
          print('CONNECTION FROM:', str(self.client_address))
          connection_id = uuid.uuid4()
          queue_in = queue.Queue()
@@ -154,12 +176,31 @@ class IO_Handler(socketserver.BaseRequestHandler):
  
  
  
+class IO_HandlerSSL(IO_Handler):
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, socket_class=PlomSocketSSL, **kwargs)
+
+
+
  class PlomTCPServer(socketserver.ThreadingTCPServer):
-    """Bind together threaded IO handling server and message queue."""
+    """Bind together threaded IO handling server and message queue.
+
+    By default this only serves to localhost connections.  For remote
+    connections, consider using PlomTCPServerSSL for more security,
+    which defaults to serving all connections.
+
+    """
  
-    def __init__(self, queue, port, *args, **kwargs):
-        super().__init__(('0.0.0.0', port), IO_Handler, *args, **kwargs)
+    def __init__(self, queue, port, host='127.0.0.1', io_handler=IO_Handler, *args, **kwargs):
+        super().__init__((host, port), io_handler, *args, **kwargs)
          self.queue_out = queue
          self.daemon_threads = True  # Else, server's threads have daemon=False.
          self.clients = {}
  
+
+
+class PlomTCPServerSSL(PlomTCPServer):
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, host='0.0.0.0', io_handler=IO_HandlerSSL, **kwargs)
author	Christian Heller <c.heller@plomlompom.de>
	Mon, 2 Nov 2020 02:50:13 +0000 (03:50 +0100)
committer	Christian Heller <c.heller@plomlompom.de>
	Mon, 2 Nov 2020 02:50:13 +0000 (03:50 +0100)