easily swappable {tcp, tls, onion} endpoints

ooni · May 4, 2016 · e268de2 · e268de2
1 parent 6f1eb71
commit e268de2
Show file tree

Hide file tree

Showing 4 changed files with 93 additions and 68 deletions.
diff --git a/gen-ssl-key-cert.sh b/gen-ssl-key-cert.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+set -eu
+
+if [ ! -d private ]
+then
+  mkdir private
+fi
+
+openssl req -x509 -newkey rsa:2048 \
+    -keyout private/ssl-key.pem -out private/ssl-cert.pem \
+    -days 400 -nodes -subj '/CN=selfie'
+
+cat private/ssl-key.pem private/ssh-cert.pem > private/ssl-key-and-cert.pem
diff --git a/oonib.conf.example b/oonib.conf.example
@@ -7,7 +7,6 @@ main:
     bouncer_file: data/bouncer.yaml
 
     logfile: null
-    tor_datadir: null
     database_uri: 'sqlite://oonib_test_db.db'
     db_threadpool_size: 10
     tor_binary: null
@@ -28,7 +27,17 @@ main:
     debug: false
     stale_time: 3600
 
-    tor_hidden_service: true
+    tor_hidden_service: false
+    tor_datadir: test_datadir
+
+    bouncer_endpoints:
+    - {type: tls, port: 10443, cert: "private/ssl-key-and-cert.pem"}
+    - {type: tcp, port: 10080}
+    - {type: onion, hsdir: bouncer}
+
+    collector_endpoints:
+    - {type: tls, port: 11443, cert: "private/ssl-key-and-cert.pem"}
+
     report_file_template: '{iso8601_timestamp}-{test_name}-{report_id}-{probe_asn}-{probe_cc}-probe-0.2.0.{ext}'
 helpers:
     http-return-json-headers:

diff --git a/oonib/onion.py b/oonib/onion.py
@@ -53,7 +53,7 @@ def txSetupFailed(failure):
     log.err("Setup failed")
     log.exception(failure)
 
-def startTor(torconfig):
+def configTor(torconfig):
     def updates(prog, tag, summary):
         print("%d%%: %s" % (prog, summary))
 
@@ -89,11 +89,3 @@ def updates(prog, tag, summary):
         config.main.socks_port = socks_port
 
     torconfig.save()
-
-    if config.main.tor_binary is not None:
-        d = launch_tor(torconfig, reactor,
-                       tor_binary=config.main.tor_binary,
-                       progress_updates=updates)
-    else:
-        d = launch_tor(torconfig, reactor, progress_updates=updates)
-    return d
diff --git a/oonib/oonibackend.py b/oonib/oonibackend.py
@@ -11,14 +11,14 @@
 
 from oonib.api import ooniBackend, ooniBouncer
 from oonib.config import config
-from oonib.onion import startTor
+from oonib.onion import configTor
 from oonib.testhelpers import dns_helpers, ssl_helpers
 from oonib.testhelpers import http_helpers, tcp_helpers
 
 import os
 
 from twisted.application import internet, service
-from twisted.internet import reactor
+from twisted.internet import reactor, endpoints, defer, ssl, protocol
 from twisted.names import dns
 
 from txtorcon import TCPHiddenServiceEndpoint, TorConfig
@@ -102,60 +102,71 @@
     multiService.addService(http_return_request_helper)
     http_return_request_helper.startService()
 
-# add the tor collector service here
+def getHSEndpoint(endpoint_config):
+    hsdir = os.path.join(torconfig.DataDirectory, endpoint_config['hsdir'])
+    if LooseVersion(txtorcon_version) >= LooseVersion('0.10.0'):
+        return TCPHiddenServiceEndpoint.global_tor(reactor,
+                                        80,
+                                        hidden_service_dir=hsdir)
+    else:
+        return TCPHiddenServiceEndpoint.global_tor(reactor,
+                                        80,
+                                        data_dir=hsdir)
+
+def getTCPEndpoint(endpoint_config):
+    return endpoints.TCP4ServerEndpoint(reactor, endpoint_config['port'])
+
+def getTLSEndpoint(endpoint_config):
+    with open(endpoint_config['cert'], 'r') as f:
+        cert_data = f.read()
+    certificate = ssl.PrivateCertificate.loadPEM(cert_data)
+    print certificate.inspect()
+    return endpoints.SSL4ServerEndpoint(reactor,
+                                        endpoint_config['port'],
+                                        certificate.options())
+
+def getEndpoint(endpoint_config):
+    if endpoint_config['type'] == 'onion':
+        return getHSEndpoint(endpoint_config)
+    elif endpoint_config['type'] == 'tcp':
+        return getTCPEndpoint(endpoint_config)
+    elif endpoint_config['type'] == 'tls':
+        return getTLSEndpoint(endpoint_config)
+    else:
+        raise Exception("unknown endpoint type")
+
+class Echo(protocol.Protocol):
+    def dataReceived(self, data):
+        self.transport.write('server echoes ' + data)
+
+def createService(endpoint, role, endpoint_config):
+    if role == 'bouncer':
+        factory = ooniBouncer
+    elif role == 'collector':
+        factory = ooniBackend
+    else:
+        raise Exception("unknown service type")
+
+    service = internet.StreamServerEndpointService(
+        endpoint, factory
+    )
+    service.setName("-".join([endpoint_config['type'], role]))
+    multiService.addService(service)
+    service.startService()
+
 if config.main.tor_hidden_service:
     torconfig = TorConfig()
-    d = startTor(torconfig)
-
-    def getHSEndpoint(data_dir):
-        if LooseVersion(txtorcon_version) >= LooseVersion('0.10.0'):
-            return TCPHiddenServiceEndpoint(reactor,
-                                            torconfig,
-                                            80,
-                                            hidden_service_dir=data_dir)
-        else:
-            return TCPHiddenServiceEndpoint(reactor,
-                                            torconfig,
-                                            80,
-                                            data_dir=data_dir)
-
-    def printOnionEndpoint(endpointService):
-        print ("Exposed %s Tor hidden service on httpo://%s" %
-               (endpointService.name, endpointService.endpoint.onion_uri))
-
-    def addCollector(torControlProtocol):
-        data_dir = os.path.join(torconfig.DataDirectory, 'collector')
-        collector_service = internet.StreamServerEndpointService(
-            getHSEndpoint(data_dir), ooniBackend
-        )
-        collector_service.setName('collector')
-        multiService.addService(collector_service)
-        collector_service.startService()
-        return collector_service
-
-    d.addCallback(addCollector)
-    d.addCallback(printOnionEndpoint)
-
-    if ooniBouncer:
-        def addBouncer(torControlProtocol):
-            data_dir = os.path.join(torconfig.DataDirectory, 'bouncer')
-            bouncer_service = internet.StreamServerEndpointService(
-                getHSEndpoint(data_dir), ooniBouncer
-            )
-            bouncer_service.setName('bouncer')
-            multiService.addService(bouncer_service)
-            bouncer_service.startService()
-            return bouncer_service
-
-        d.addCallback(addBouncer)
-        d.addCallback(printOnionEndpoint)
-else:
-    if ooniBouncer:
-        bouncer_service = internet.TCPServer(8888, ooniBouncer,
-                                             interface="127.0.0.1")
-        multiService.addService(bouncer_service)
-        bouncer_service.startService()
-    collector_service = internet.TCPServer(8889, ooniBackend,
-                                           interface="127.0.0.1")
-    multiService.addService(collector_service)
-    collector_service.startService()
+    configTor(torconfig)
+
+if config.main.bouncer_endpoints:
+    for endpoint_config in config.main.bouncer_endpoints:
+        print "Starting bouncer with config %s" % endpoint_config
+        endpoint = getEndpoint(endpoint_config)
+        createService(endpoint, 'bouncer', endpoint_config)
+
+if config.main.bouncer_endpoints:
+    for endpoint_config in config.main.collector_endpoints:
+        print "Starting collector with config %s" % endpoint_config
+        endpoint = getEndpoint(endpoint_config)
+        createService(endpoint, 'collector', endpoint_config)
+