From 1ecbafb920a7fb87dd3c7d38c8e5ed3560d52183 Mon Sep 17 00:00:00 2001 From: ThomasV Date: Fri, 13 Sep 2019 12:26:27 +0200 Subject: [PATCH] add SSL context to watchtower server --- electrum/daemon.py | 19 ++++++------------- electrum/simple_config.py | 9 +++++++++ 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/electrum/daemon.py b/electrum/daemon.py index b345a6591..145bb2fd1 100644 --- a/electrum/daemon.py +++ b/electrum/daemon.py @@ -34,7 +34,6 @@ import aiohttp from aiohttp import web from base64 import b64decode from collections import defaultdict -import ssl import jsonrpcclient import jsonrpcserver @@ -163,7 +162,7 @@ class WatchTowerServer(Logger): port = self.config.get('watchtower_port', 12345) self.runner = web.AppRunner(self.app) await self.runner.setup() - site = web.TCPSite(self.runner, host, port) + site = web.TCPSite(self.runner, host, port, ssl_context=self.config.get_ssl_context()) await site.start() async def get_ctn(self, *args): @@ -172,7 +171,8 @@ class WatchTowerServer(Logger): async def add_sweep_tx(self, *args): return await self.lnwatcher.sweepstore.add_sweep_tx(*args) -class HttpServer(Logger): + +class PayServer(Logger): def __init__(self, daemon: 'Daemon'): Logger.__init__(self) @@ -191,13 +191,6 @@ class HttpServer(Logger): host = self.config.get('payserver_host', 'localhost') port = self.config.get('payserver_port') root = self.config.get('payserver_root', '/r') - ssl_keyfile = self.config.get('ssl_keyfile') - ssl_certfile = self.config.get('ssl_certfile') - if ssl_keyfile and ssl_certfile: - ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) - ssl_context.load_cert_chain(ssl_certfile, ssl_keyfile) - else: - ssl_context = None app = web.Application() app.add_routes([web.post('/api/create_invoice', self.create_request)]) app.add_routes([web.get('/api/get_invoice', self.get_request)]) @@ -206,7 +199,7 @@ class HttpServer(Logger): app.add_routes([web.static(root, 'electrum/www')]) runner = web.AppRunner(app) await runner.setup() - site = web.TCPSite(runner, port=port, host=host, ssl_context=ssl_context) + site = web.TCPSite(runner, port=port, host=host, ssl_context=self.config.get_ssl_context()) await site.start() async def create_request(self, request): @@ -294,8 +287,8 @@ class Daemon(Logger): jobs.append(self.start_jsonrpc(config, fd)) # request server if self.config.get('payserver_port'): - self.http_server = HttpServer(self) - jobs.append(self.http_server.run()) + self.pay_server = PayServer(self) + jobs.append(self.pay_server.run()) # server-side watchtower self.watchtower = WatchTowerServer(self.network) if self.config.get('watchtower_host') else None if self.watchtower: diff --git a/electrum/simple_config.py b/electrum/simple_config.py index a0946b547..6a518de15 100644 --- a/electrum/simple_config.py +++ b/electrum/simple_config.py @@ -3,6 +3,7 @@ import threading import time import os import stat +import ssl from decimal import Decimal from typing import Union, Optional from numbers import Real @@ -584,6 +585,14 @@ class SimpleConfig(Logger): device = '' return device + def get_ssl_context(self): + ssl_keyfile = self.get('ssl_keyfile') + ssl_certfile = self.get('ssl_certfile') + if ssl_keyfile and ssl_certfile: + ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) + ssl_context.load_cert_chain(ssl_certfile, ssl_keyfile) + return ssl_context + def read_user_config(path): """Parse and store the user config settings in electrum.conf into user_config[]."""