Adding ssl support

Adding ssl support for "Out of Band" applications such as the remote
	admin module or Robust services

OpenSim/Framework/MainServer.cs

@@ -52,6 +52,11 @@ namespace OpenSim.Framework
             return GetHttpServer(port,null);
         }
 
+        public static void AddHttpServer(BaseHttpServer server)
+        {
+            m_Servers.Add(server.Port, server);
+        }
+
         public static IHttpServer GetHttpServer(uint port, IPAddress ipaddr)
         {
             if (port == 0)

OpenSim/Framework/NetworkServersInfo.cs

@@ -49,6 +49,12 @@ namespace OpenSim.Framework
         public string HttpSSLCN = "";
         public uint httpSSLPort = 9001;
 
+        // "Out of band" managemnt https
+        public bool ssl_listener = false;
+        public uint https_port = 0;
+        public string cert_path = String.Empty;
+        public string cert_pass = String.Empty;
+
         public string MessagingURL = String.Empty;
 
         public NetworkServersInfo()
@@ -86,6 +92,15 @@ namespace OpenSim.Framework
             secureInventoryServer = config.Configs["Network"].GetBoolean("secure_inventory_server", true);
 
             MessagingURL = config.Configs["Network"].GetString("messaging_server_url", string.Empty);
+
+            // "Out of band management https"
+            ssl_listener = config.Configs["Network"].GetBoolean("https_listener",false);
+            if( ssl_listener)
+            {
+                cert_path = config.Configs["Network"].GetString("cert_path",String.Empty);
+                cert_pass = config.Configs["Network"].GetString("cert_pass",String.Empty);
+                https_port = (uint)config.Configs["Network"].GetInt("https_port", 0);
+            }
         }
     }
 }

OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs

@@ -32,6 +32,7 @@ using System.Collections.Specialized;
 using System.IO;
 using System.Net;
 using System.Net.Sockets;
+using System.Security.Cryptography.X509Certificates;
 using System.Reflection;
 using System.Globalization;
 using System.Text;
@@ -72,6 +73,7 @@ namespace OpenSim.Framework.Servers.HttpServer
         protected uint m_port;
         protected uint m_sslport;
         protected bool m_ssl;
+        private X509Certificate2 m_cert;
         protected bool m_firstcaps = true;
         protected string m_SSLCommonName = "";
 
@@ -123,6 +125,14 @@ namespace OpenSim.Framework.Servers.HttpServer
             }
         }
 
+        public BaseHttpServer(uint port, bool ssl, string CPath, string CPass) : this (port, ssl)
+        {
+            if (m_ssl)
+            {
+                m_cert = new X509Certificate2(CPath, CPass);
+            }
+        }
+
         /// <summary>
         /// Add a stream handler to the http server.  If the handler already exists, then nothing happens.
         /// </summary>
@@ -1683,6 +1693,7 @@ namespace OpenSim.Framework.Servers.HttpServer
             try
             {
                 //m_httpListener = new HttpListener();
+
                 NotSocketErrors = 0;
                 if (!m_ssl)
                 {
@@ -1702,6 +1713,9 @@ namespace OpenSim.Framework.Servers.HttpServer
                 {
                     //m_httpListener.Prefixes.Add("https://+:" + (m_sslport) + "/");
                     //m_httpListener.Prefixes.Add("http://+:" + m_port + "/");
+                    m_httpListener2 = CoolHTTPListener.Create(IPAddress.Any, (int)m_port, m_cert);
+                    m_httpListener2.ExceptionThrown += httpServerException;
+                    m_httpListener2.LogWriter = httpserverlog;
                 }
 
                 m_httpListener2.RequestReceived += OnRequest;

OpenSim/Region/ClientStack/RegionApplicationBase.cs

@@ -96,6 +96,22 @@ namespace OpenSim.Region.ClientStack
 
             MainServer.Instance = m_httpServer;
 
+            // "OOB" Server
+            if (m_networkServersInfo.ssl_listener)
+            {
+                BaseHttpServer server = null;
+                server = new BaseHttpServer(
+                    m_networkServersInfo.https_port, m_networkServersInfo.ssl_listener, m_networkServersInfo.cert_path,
+                    m_networkServersInfo.cert_pass);
+                // Add the server to m_Servers
+                if(server != null)
+                {
+                    m_log.InfoFormat("[REGION SERVER]: Starting HTTPS server on port {0}", server.Port);
+                    MainServer.AddHttpServer(server);
+                    server.Start();
+                }
+            }
+
             base.StartupSpecific();
         }
 

OpenSim/Server/Base/HttpServerBase.cs

@@ -97,16 +97,76 @@ namespace OpenSim.Server.Base
 
             if (port == 0)
             {
-                System.Console.WriteLine("Port number not specified or 0, server can't start");
+
                 Thread.CurrentThread.Abort();
             }
+            //
+            bool ssl_main = networkConfig.GetBoolean("https_main",false);
+            bool ssl_listener = networkConfig.GetBoolean("https_listener",false);
 
             m_consolePort = (uint)networkConfig.GetInt("ConsolePort", 0);
             m_Port = port;
+            //
+            // This is where to make the servers:
+            //
+            //
+            // Make the base server according to the port, etc.
+            // ADD: Possibility to make main server ssl
+            // Then, check for https settings and ADD a server to
+            // m_Servers
+            //
+            if ( !ssl_main )
+            {
+                m_HttpServer = new BaseHttpServer(port);
 
-            m_HttpServer = new BaseHttpServer(port);
+            }
+            else
+            {
+                string cert_path = networkConfig.GetString("cert_path",String.Empty);
+                if ( cert_path == String.Empty )
+                {
+                    System.Console.WriteLine("Path to X509 certificate is missing, server can't start.");
+                    Thread.CurrentThread.Abort();
+                }
+                string cert_pass = networkConfig.GetString("cert_pass",String.Empty);
+                if ( cert_pass == String.Empty )
+                {
+                    System.Console.WriteLine("Password for X509 certificate is missing, server can't start.");
+                    Thread.CurrentThread.Abort();
+                }
+                m_HttpServer = new BaseHttpServer(port, ssl_main, cert_path, cert_pass);
+            }
 
             MainServer.Instance = m_HttpServer;
+
+            // If https_listener = true, then add an ssl listener on the https_port...
+            if ( ssl_listener == true ) {
+
+                uint https_port = (uint)networkConfig.GetInt("https_port", 0);
+
+                string cert_path = networkConfig.GetString("cert_path",String.Empty);
+                if ( cert_path == String.Empty )
+                {
+                    System.Console.WriteLine("Path to X509 certificate is missing, server can't start.");
+                    Thread.CurrentThread.Abort();
+                }
+                string cert_pass = networkConfig.GetString("cert_pass",String.Empty);
+                if ( cert_pass == String.Empty )
+                {
+                    System.Console.WriteLine("Password for X509 certificate is missing, server can't start.");
+                    Thread.CurrentThread.Abort();
+                }
+                // Add our https_server
+                BaseHttpServer server = null;
+                server = new BaseHttpServer(https_port, ssl_listener, cert_path, cert_pass);
+                if (server != null)
+                {
+                    m_Log.InfoFormat("[SERVER]: Starting HTTPS server on port {0}", https_port);
+                    m_Servers.Add(https_port,server);
+                }
+                else
+                    System.Console.WriteLine(String.Format("Failed to start HTTPS server on port {0}",https_port));
+            }
         }
 
         protected override void Initialise()
@@ -114,6 +174,19 @@ namespace OpenSim.Server.Base
             m_Log.InfoFormat("[SERVER]: Starting HTTP server on port {0}", m_HttpServer.Port);
             m_HttpServer.Start();
 
+            if (m_Servers.Count > 0)
+            {
+                foreach (BaseHttpServer s in m_Servers.Values)
+                {
+                    if (!s.UseSSL)
+                        m_Log.InfoFormat("[SERVER]: Starting HTTP server on port {0}", s.Port);
+                    else
+                        m_Log.InfoFormat("[SERVER]: Starting HTTPS server on port {0}", s.Port);
+
+                    s.Start();
+                }
+            }
+
             if (MainConsole.Instance is RemoteConsole)
             {
                 if (m_consolePort == 0)

bin/OpenSimDefaults.ini

@@ -291,6 +291,20 @@
     http_listener_sslport = 9001 ; Use this port for SSL connections
     http_listener_ssl_cert = "" ; Currently unused, but will be used for OSHttpServer
 
+    ; HTTPS for "Out of band" management applications such as the remote 
+    ; admin module
+    ;
+    ; Create https_listener = "True" will create a listener on the port
+    ; specified. Provide the path to your server certificate along with it's
+    ; password
+    ; https_listener = False
+    ; Set our listener to this port
+    ; https_port = 0
+    ; Path to X509 certificate
+    ; cert_path = "path/to/cert.p12"
+    ; Password for cert
+    ; cert_pass = "password"
+
     ; Hostname to use in llRequestURL/llRequestSecureURL
     ; if not defined - default machine name is being used
     ; (on Windows this mean NETBIOS name - useably only inside local network)

bin/Robust.ini.example

@@ -21,6 +21,27 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003
 [Network]
     port = 8003
 
+
+    ; HTTPS for "Out of band" management applications such as the remote admin
+    ; module. May specify https_main = True to make the main http server
+    ; use https or "False" to make the main server HTTP
+    ; https_main = False
+    ;
+    ; Create https_listener = "True" will create a listener on the port
+    ; specified. Provide the path to your server certificate along with it's
+    ; password
+    ; https_listener = False
+    ;
+    ; Set our listener to this port
+    ; https_port = 0
+    ;
+    ; Path to X509 certificate
+    ; cert_path = "path/to/cert.p12"
+    ;
+    ; Password for cert
+    ; cert_pass = "password"
+
+
 ; * The following are for the remote console
 ; * They have no effect for the local or basic console types
 ; * Leave commented to diable logins to the console