From: Christian Heller Date: Mon, 2 Nov 2020 02:50:13 +0000 (+0100) Subject: Add SSL capabilities to TCP socket library. X-Git-Url: https://plomlompom.com/repos/%7B%7Bdb.prefix%7D%7D/%7B%7Bprefix%7D%7D/%7B%7Bprefix%7D%7D/do_todos?a=commitdiff_plain;h=f01848a97bb686e2b9c823cdf7fc6b59072dbd79;p=plomrogue2-experiments Add SSL capabilities to TCP socket library. --- diff --git a/new2/plomrogue/io_tcp.py b/new2/plomrogue/io_tcp.py index 45bf447..78e43f5 100644 --- a/new2/plomrogue/io_tcp.py +++ b/new2/plomrogue/io_tcp.py @@ -100,8 +100,27 @@ class PlomSocket: +class PlomSocketSSL(PlomSocket): + + def __init__(self, *args, server_side=False, **kwargs): + import ssl + print('DEBUG', args, kwargs) + super().__init__(*args, **kwargs) + if server_side: + self.socket = ssl.wrap_socket(self.socket, server_side=True, + certfile="server.pem", + keyfile="key.pem") + else: + self.socket = ssl.wrap_socket(self.socket) + + + class IO_Handler(socketserver.BaseRequestHandler): + def __init__(self, *args, socket_class=PlomSocket, **kwargs): + self.socket_class = socket_class + super().__init__(*args, **kwargs) + def handle(self): """Move messages between network socket and game IO loop via queues. @@ -130,7 +149,10 @@ class IO_Handler(socketserver.BaseRequestHandler): import uuid import queue import threading - plom_socket = PlomSocket(self.request) + if self.socket_class == PlomSocketSSL: + plom_socket = self.socket_class(self.request, server_side=True) + else: + plom_socket = self.socket_class(self.request) print('CONNECTION FROM:', str(self.client_address)) connection_id = uuid.uuid4() queue_in = queue.Queue() @@ -154,12 +176,31 @@ class IO_Handler(socketserver.BaseRequestHandler): +class IO_HandlerSSL(IO_Handler): + + def __init__(self, *args, **kwargs): + super().__init__(*args, socket_class=PlomSocketSSL, **kwargs) + + + class PlomTCPServer(socketserver.ThreadingTCPServer): - """Bind together threaded IO handling server and message queue.""" + """Bind together threaded IO handling server and message queue. + + By default this only serves to localhost connections. For remote + connections, consider using PlomTCPServerSSL for more security, + which defaults to serving all connections. + + """ - def __init__(self, queue, port, *args, **kwargs): - super().__init__(('0.0.0.0', port), IO_Handler, *args, **kwargs) + def __init__(self, queue, port, host='127.0.0.1', io_handler=IO_Handler, *args, **kwargs): + super().__init__((host, port), io_handler, *args, **kwargs) self.queue_out = queue self.daemon_threads = True # Else, server's threads have daemon=False. self.clients = {} + + +class PlomTCPServerSSL(PlomTCPServer): + + def __init__(self, *args, **kwargs): + super().__init__(*args, host='0.0.0.0', io_handler=IO_HandlerSSL, **kwargs)