Allow TLS for Wallet APIs (#1626)

* Allow TLS for Wallet APIs

This PR adds an optional support of TLS for wallet APIs. Only PKCS12 format is supported, will address .pem support in next PR and provide some documentation.
Address #1425
This commit is contained in:
hashmap
2018-10-02 09:49:36 +02:00
committed by GitHub
parent d7fbeb2c62
commit 4a6cae0fe6
10 changed files with 96 additions and 31 deletions
+17 -12
View File
@@ -15,7 +15,7 @@
//! Controller for wallet.. instantiates and handles listeners (or single-run
//! invocations) as needed.
//! Still experimental
use api::{ApiServer, BasicAuthMiddleware, Handler, ResponseFuture, Router};
use api::{ApiServer, BasicAuthMiddleware, Handler, ResponseFuture, Router, TLSConfig};
use core::core::Transaction;
use failure::ResultExt;
use futures::future::{err, ok};
@@ -70,6 +70,7 @@ pub fn owner_listener<T: ?Sized, C, K>(
wallet: Box<T>,
addr: &str,
api_secret: Option<String>,
tls_config: Option<TLSConfig>,
) -> Result<(), Error>
where
T: WalletBackend<C, K> + Send + Sync + 'static,
@@ -95,11 +96,11 @@ where
let mut apis = ApiServer::new();
info!(LOGGER, "Starting HTTP Owner API server at {}.", addr);
let socket_addr: SocketAddr = addr.parse().expect("unable to parse socket address");
let api_thread = apis
.start(socket_addr, router)
.context(ErrorKind::GenericError(
"API thread failed to start".to_string(),
))?;
let api_thread =
apis.start(socket_addr, router, tls_config)
.context(ErrorKind::GenericError(
"API thread failed to start".to_string(),
))?;
api_thread
.join()
.map_err(|e| ErrorKind::GenericError(format!("API thread panicked :{:?}", e)).into())
@@ -107,7 +108,11 @@ where
/// Listener version, providing same API but listening for requests on a
/// port and wrapping the calls
pub fn foreign_listener<T: ?Sized, C, K>(wallet: Box<T>, addr: &str) -> Result<(), Error>
pub fn foreign_listener<T: ?Sized, C, K>(
wallet: Box<T>,
addr: &str,
tls_config: Option<TLSConfig>,
) -> Result<(), Error>
where
T: WalletBackend<C, K> + Send + Sync + 'static,
C: WalletClient + 'static,
@@ -123,11 +128,11 @@ where
let mut apis = ApiServer::new();
info!(LOGGER, "Starting HTTP Foreign API server at {}.", addr);
let socket_addr: SocketAddr = addr.parse().expect("unable to parse socket address");
let api_thread = apis
.start(socket_addr, router)
.context(ErrorKind::GenericError(
"API thread failed to start".to_string(),
))?;
let api_thread =
apis.start(socket_addr, router, tls_config)
.context(ErrorKind::GenericError(
"API thread failed to start".to_string(),
))?;
api_thread
.join()
+6
View File
@@ -48,6 +48,10 @@ pub struct WalletConfig {
pub check_node_api_http_addr: String,
// The directory in which wallet files are stored
pub data_file_dir: String,
/// TLS ceritificate file
pub tls_certificate_file: Option<String>,
/// TLS ceritificate password
pub tls_certificate_pass: Option<String>,
}
impl Default for WalletConfig {
@@ -60,6 +64,8 @@ impl Default for WalletConfig {
node_api_secret_path: Some(".api_secret".to_string()),
check_node_api_http_addr: "http://127.0.0.1:13413".to_string(),
data_file_dir: ".".to_string(),
tls_certificate_file: None,
tls_certificate_pass: None,
}
}
}