add SSL context to watchtower server

5 years ago · 1ecbafb920
2 changed files with 15 additions and 13 deletions
--- a/electrum/daemon.py
+++ b/electrum/daemon.py
@ -34,7 +34,6 @@ import aiohttp
 from aiohttp import web
 from base64 import b64decode
 from collections import defaultdict
-import ssl

 import jsonrpcclient
 import jsonrpcserver
@ -163,7 +162,7 @@ class WatchTowerServer(Logger):
        port = self.config.get('watchtower_port', 12345)
        self.runner = web.AppRunner(self.app)
        await self.runner.setup()
-        site = web.TCPSite(self.runner, host, port)
+        site = web.TCPSite(self.runner, host, port, ssl_context=self.config.get_ssl_context())
        await site.start()

    async def get_ctn(self, *args):
@ -172,7 +171,8 @@ class WatchTowerServer(Logger):
    async def add_sweep_tx(self, *args):
        return await self.lnwatcher.sweepstore.add_sweep_tx(*args)

-class HttpServer(Logger):
+
+class PayServer(Logger):

    def __init__(self, daemon: 'Daemon'):
        Logger.__init__(self)
@ -191,13 +191,6 @@ class HttpServer(Logger):
        host = self.config.get('payserver_host', 'localhost')
        port = self.config.get('payserver_port')
        root = self.config.get('payserver_root', '/r')
-        ssl_keyfile = self.config.get('ssl_keyfile')
-        ssl_certfile = self.config.get('ssl_certfile')
-        if ssl_keyfile and ssl_certfile:
-            ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
-            ssl_context.load_cert_chain(ssl_certfile, ssl_keyfile)
-        else:
-            ssl_context = None
        app = web.Application()
        app.add_routes([web.post('/api/create_invoice', self.create_request)])
        app.add_routes([web.get('/api/get_invoice', self.get_request)])
@ -206,7 +199,7 @@ class HttpServer(Logger):
        app.add_routes([web.static(root, 'electrum/www')])
        runner = web.AppRunner(app)
        await runner.setup()
-        site = web.TCPSite(runner, port=port, host=host, ssl_context=ssl_context)
+        site = web.TCPSite(runner, port=port, host=host, ssl_context=self.config.get_ssl_context())
        await site.start()

    async def create_request(self, request):
@ -294,8 +287,8 @@ class Daemon(Logger):
            jobs.append(self.start_jsonrpc(config, fd))
        # request server
        if self.config.get('payserver_port'):
-            self.http_server = HttpServer(self)
-            jobs.append(self.http_server.run())
+            self.pay_server = PayServer(self)
+            jobs.append(self.pay_server.run())
        # server-side watchtower
        self.watchtower = WatchTowerServer(self.network) if self.config.get('watchtower_host') else None
        if self.watchtower:
--- a/electrum/simple_config.py
+++ b/electrum/simple_config.py
@ -3,6 +3,7 @@ import threading
 import time
 import os
 import stat
+import ssl
 from decimal import Decimal
 from typing import Union, Optional
 from numbers import Real
@ -584,6 +585,14 @@ class SimpleConfig(Logger):
            device = ''
        return device

+    def get_ssl_context(self):
+        ssl_keyfile = self.get('ssl_keyfile')
+        ssl_certfile = self.get('ssl_certfile')
+        if ssl_keyfile and ssl_certfile:
+            ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+            ssl_context.load_cert_chain(ssl_certfile, ssl_keyfile)
+            return ssl_context
+

 def read_user_config(path):
    """Parse and store the user config settings in electrum.conf into user_config[]."""