支持ssl加密链接

zuosixiaoxiongmao · Sep 5, 2018 · b1f5bab · b1f5bab
1 parent 55815ef
commit b1f5bab
Show file tree

Hide file tree

Showing 4 changed files with 52 additions and 3 deletions.
diff --git a/im.cfg.sample b/im.cfg.sample
@@ -1,5 +1,9 @@
 #服务监听端口
 port=23000
+
+#ssl监听端口 可选项
+ssl_port=24430
+
 #存储服务器地址 "服务器1的ip:port 服务器2的ip:port ..." 多个存储服务器之间用空格隔开，顺序要保证一致
 storage_rpc_pool=127.0.0.1:13333
 

diff --git a/im/config.go b/im/config.go
@@ -28,6 +28,7 @@ const DEFAULT_GROUP_DELIVER_COUNT = 4
 
 type Config struct {
 	port                int
+	ssl_port            int
 	mysqldb_datasource  string
 	mysqldb_appdatasource  string
 	pending_root        string
@@ -107,6 +108,7 @@ func read_cfg(cfg_path string) *Config {
 	}
 
 	config.port = get_int(app_cfg, "port")
+	config.ssl_port = int(get_opt_int(app_cfg, "ssl_port"))
 	config.http_listen_address = get_string(app_cfg, "http_listen_address")
 	config.rpc_listen_address = get_string(app_cfg, "rpc_listen_address")
 	config.redis_address = get_string(app_cfg, "redis_address")

diff --git a/im/im.go b/im/im.go
@@ -27,6 +27,7 @@ import "math/rand"
 import "net/http"
 import "path"
 import "sync/atomic"
+import "crypto/tls"
 import "github.com/gomodule/redigo/redis"
 import log "github.com/golang/glog"
 import "github.com/valyala/gorpc"
@@ -76,11 +77,18 @@ func init() {
 }
 
 func handle_client(conn net.Conn) {
-	log.Infoln("handle_client")
+	log.Infoln("handle new connection")
 	client := NewClient(conn)
 	client.Run()
 }
 
+func handle_ssl_client(conn net.Conn) {
+	log.Infoln("handle new ssl connection")
+	client := NewClient(conn)
+	client.Run()
+}
+
+
 func Listen(f func(net.Conn), port int) {
 	listen_addr := fmt.Sprintf("0.0.0.0:%d", port)
 	listen, err := net.Listen("tcp", listen_addr)
@@ -108,6 +116,30 @@ func ListenClient() {
 	Listen(handle_client, config.port)
 }
 
+func ListenSSL(port int, cert_file, key_file string) {
+	cert, err := tls.LoadX509KeyPair(cert_file, key_file)
+	if err != nil {
+		log.Fatal("load cert err:", err)
+		return
+	}
+	config := &tls.Config{Certificates: []tls.Certificate{cert}}
+	addr := fmt.Sprintf(":%d", port)
+	listen, err := tls.Listen("tcp", addr, config)
+	if err != nil {
+		log.Fatal("ssl listen err:", err)
+	}
+
+	log.Infof("ssl listen...")
+	for {
+		conn, err := listen.Accept()
+		if err != nil {
+			log.Fatal("ssl accept err:", err)
+		}
+		handle_ssl_client(conn)
+	}
+}
+
+
 func NewRedisPool(server, password string, db int) *redis.Pool {
 	return &redis.Pool{
 		MaxIdle:     100,
@@ -547,6 +579,9 @@ func main() {
 	go StartSocketIO(config.socket_io_address, config.tls_address, 
 		config.cert_file, config.key_file)
 
+	if config.ssl_port > 0 && len(config.cert_file) > 0 && len(config.key_file) > 0 {
+		go ListenSSL(config.ssl_port, config.cert_file, config.key_file)
+	}
 	ListenClient()
 	log.Infof("exit")
 }
diff --git a/tests/client.py b/tests/client.py
@@ -9,6 +9,7 @@
 import base64
 import md5
 import sys
+import ssl
 from protocol import *
 
 KEFU_APP_ID = 1453
@@ -21,6 +22,7 @@
 HOST = "127.0.0.1"
 URL = "http://dev.api.gobelieve.io"
 
+SSL = True
 
 def _login(appid, app_secret, uid):
     url = URL + "/auth/grant"
@@ -45,8 +47,14 @@ def kefu_login(uid):
 
 def _connect_server(token, port):
     seq = 0
-    address = (HOST, port)
-    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    if SSL:
+        address = (HOST, 24430)
+        sock_fd = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        sock = ssl.wrap_socket(sock_fd)
+    else:
+        address = (HOST, port)
+        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+
     print "connect address:", address
     sock.connect(address)
     auth = AuthenticationToken()