Add SSL capabilities to TCP socket library.

diff --git a/new2/plomrogue/io_tcp.py b/new2/plomrogue/io_tcp.py
index 45bf4471dcce8be7b6c5cdca45b067afebd7313a..78e43f539df4aea810a15c3abe61366d807c4993 100644 (file)
--- a/new2/plomrogue/io_tcp.py
+++ b/new2/plomrogue/io_tcp.py
@@ -100,8 +100,27 @@ class PlomSocket:
 
 
 
 
 
 

+class PlomSocketSSL(PlomSocket):
+
+    def __init__(self, *args, server_side=False, **kwargs):
+        import ssl
+        print('DEBUG', args, kwargs)
+        super().__init__(*args, **kwargs)
+        if server_side:
+            self.socket = ssl.wrap_socket(self.socket, server_side=True,
+                                          certfile="server.pem",
+                                          keyfile="key.pem")
+        else:
+            self.socket = ssl.wrap_socket(self.socket)
+
+
+

 class IO_Handler(socketserver.BaseRequestHandler):
 
 class IO_Handler(socketserver.BaseRequestHandler):
 

+    def __init__(self, *args, socket_class=PlomSocket, **kwargs):
+        self.socket_class = socket_class
+        super().__init__(*args, **kwargs)
+

     def handle(self):
         """Move messages between network socket and game IO loop via queues.
 
     def handle(self):
         """Move messages between network socket and game IO loop via queues.
 


@@ -130,7 +149,10 @@ class IO_Handler(socketserver.BaseRequestHandler):
         import uuid
         import queue
         import threading
         import uuid
         import queue
         import threading

-        plom_socket = PlomSocket(self.request)
+        if self.socket_class == PlomSocketSSL:
+            plom_socket = self.socket_class(self.request, server_side=True)
+        else:
+            plom_socket = self.socket_class(self.request)

         print('CONNECTION FROM:', str(self.client_address))
         connection_id = uuid.uuid4()
         queue_in = queue.Queue()
         print('CONNECTION FROM:', str(self.client_address))
         connection_id = uuid.uuid4()
         queue_in = queue.Queue()


@@ -154,12 +176,31 @@ class IO_Handler(socketserver.BaseRequestHandler):
 
 
 
 
 
 

+class IO_HandlerSSL(IO_Handler):
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, socket_class=PlomSocketSSL, **kwargs)
+
+
+

 class PlomTCPServer(socketserver.ThreadingTCPServer):
 class PlomTCPServer(socketserver.ThreadingTCPServer):

-    """Bind together threaded IO handling server and message queue."""
+    """Bind together threaded IO handling server and message queue.
+
+    By default this only serves to localhost connections.  For remote
+    connections, consider using PlomTCPServerSSL for more security,
+    which defaults to serving all connections.
+
+    """

 
 

-    def __init__(self, queue, port, *args, **kwargs):
-        super().__init__(('0.0.0.0', port), IO_Handler, *args, **kwargs)
+    def __init__(self, queue, port, host='127.0.0.1', io_handler=IO_Handler, *args, **kwargs):
+        super().__init__((host, port), io_handler, *args, **kwargs)

         self.queue_out = queue
         self.daemon_threads = True  # Else, server's threads have daemon=False.
         self.clients = {}
 
         self.queue_out = queue
         self.daemon_threads = True  # Else, server's threads have daemon=False.
         self.clients = {}
 

+
+
+class PlomTCPServerSSL(PlomTCPServer):
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, host='0.0.0.0', io_handler=IO_HandlerSSL, **kwargs)