Enable TLS

WebOfTrust · Nov 22, 2023 · 2d54cce · 2d54cce
1 parent 54970c7
commit 2d54cce
Showing 1 changed file with 44 additions and 3 deletions.
diff --git a/src/vlei/server.py b/src/vlei/server.py
@@ -7,7 +7,7 @@
 
 import falcon
 from hio.base import doing
-from hio.core import http
+from hio.core import http, tcp
 
 from vlei.app import serving
 
@@ -28,11 +28,52 @@
                     action='store', dest="oobiDir",
                     required=True,
                     help="Directory of OOBIs to serve")
+parser.add_argument("--keypath", action="store", required=False, default=None,
+                    help="TLS server private key file")
+parser.add_argument("--certpath", action="store", required=False, default=None,
+                    help="TLS server signed certificate (public key) file")
+parser.add_argument("--cafilepath", action="store", required=False, default=None,
+                    help="TLS server CA certificate chain")
+
+
+def createHttpServer(port, app, keypath=None, certpath=None, cafilepath=None):
+    """
+    Create an HTTP or HTTPS server depending on whether TLS key material is present
+
+    Parameters:
+        port (int)         : port to listen on for all HTTP(s) server instances
+        app (falcon.App)   : application instance to pass to the http.Server instance
+        keypath (string)   : the file path to the TLS private key
+        certpath (string)  : the file path to the TLS signed certificate (public key)
+        cafilepath (string): the file path to the TLS CA certificate chain file
+    Returns:
+        hio.core.http.Server
+    """
+    if keypath is not None and certpath is not None and cafilepath is not None:
+        servant = tcp.ServerTls(certify=False,
+                                keypath=keypath,
+                                certpath=certpath,
+                                cafilepath=cafilepath,
+                                port=port)
+        server = http.Server(port=port, app=app, servant=servant)
+    else:
+        server = http.Server(port=port, app=app)
+    return server
 
 
 def launch(args):
     app = falcon.App()
-    server = http.Server(port=int(args.http), app=app)
+    port = int(args.http)
+    keypath = args.keypath
+    certpath = args.certpath
+    cafilepath = args.cafilepath
+    if keypath is not None and certpath is not None and cafilepath is not None:
+        print(f"Starting on port {port} with TLS enabled")
+    else:
+        print(f"Starting on port {port} with TLS disabled")
+    server = createHttpServer(port=int(args.http), app=app,
+                              keypath=args.keypath, certpath=args.certpath,
+                              cafilepath=args.cafilepath)
     if not server.reopen():
         raise RuntimeError(f"cannot create http server on port {int(args.http)}")
     httpServerDoer = http.ServerDoer(server=server)
@@ -52,4 +93,4 @@ def main():
 
 
 if __name__ == "__main__":
-    main()
+    main()