ws_ssl.c

// Copyright (c) 2014 Cesanta Software
// All rights reserved
//
// This example demostrates proxying of WebSocket traffic, regardless of the
// protocol (ws:// or wss://).
// To use this example:
//    1. configure your browser to use a proxy on port 2014
//    2. import certs/ws1_ca.pem and certs/ws2_ca.pem into the trusted
//       certificates list on your browser
//    3. make && ./ws_ssl
//    4. Point your browser to http://ws_ssl.com
//  A page with 4 sections should appear, showing websocket echoes

#include "net_skeleton.h"
#include "mongoose.h"
#include "ssl_wrapper.h"

#define S1_PEM  "certs/ws1_server.pem"
#define C1_PEM  "certs/ws1_client.pem"
#define CA1_PEM "certs/ws1_ca.pem"
#define S2_PEM  "certs/ws2_server.pem"
#define C2_PEM  "certs/ws2_client.pem"
#define CA2_PEM "certs/ws2_ca.pem"

struct config {
  const char *uri;
  const char *wrapper_server_addr;
  const char *wrapper_client_addr;
  const char *target_addr;
};

static struct config s_wrappers[] = {
  {
    "ws1:80",
    "tcp://127.0.0.1:7001",
    "tcp://127.0.0.1:7001",
    "tcp://127.0.0.1:9001"
  },
  {
    "ws1:443",
    "ssl://127.0.0.1:7002:" S1_PEM,
    "tcp://127.0.0.1:7002",
    "tcp://127.0.0.1:9001"
  },
  {
    "ws2:80",
    "tcp://127.0.0.1:7003",
    "tcp://127.0.0.1:7003",
    "ssl://127.0.0.1:9002:" C2_PEM ":" CA2_PEM
  },
  {
    "ws2:443",
    "ssl://127.0.0.1:7004:" S2_PEM,
    "tcp://127.0.0.1:7004",
    "ssl://127.0.0.1:9002:" C2_PEM ":" CA2_PEM
  },
};

static int s_received_signal = 0;

static void signal_handler(int sig_num) {
  signal(sig_num, signal_handler);
  s_received_signal = sig_num;
}

static int ev_handler(struct mg_connection *conn, enum mg_event ev) {
  int i;

  switch (ev) {
    case MG_AUTH:
      return MG_TRUE;

    case MG_REQUEST:
      printf("==> [%s] [%s]\n", conn->request_method, conn->uri);

      if (strcmp(conn->request_method, "CONNECT") == 0) {
        // Iterate over configured wrappers, see if we can use one of them
        for (i = 0; i < (int) ARRAY_SIZE(s_wrappers); i++) {
          if (strcmp(conn->uri, s_wrappers[i].uri) == 0) {
            mg_forward(conn, s_wrappers[i].wrapper_client_addr);
            return MG_MORE;
          }
        }

        // No suitable wrappers found. Disallow that CONNECT request.
        mg_send_status(conn, 405);
        return MG_TRUE;
      }

      // Not a CONNECT request, serve HTML file.
      mg_send_file(conn, "ws_ssl.html", NULL);
      return MG_MORE;

    default:
      return MG_FALSE;
  }
}

static int ws_handler(struct mg_connection *conn, enum mg_event ev) {
  switch (ev) {
    case MG_AUTH:
      return MG_TRUE;
    case MG_REQUEST:
      if (conn->is_websocket) {
        // Simple websocket echo server
        mg_websocket_write(conn, WEBSOCKET_OPCODE_TEXT,
                           conn->content, conn->content_len);
      } else {
        mg_printf_data(conn, "%s", "websocket connection expected");
      }
      return MG_TRUE;
    default:
      return MG_FALSE;
  }
}

static void *serve_thread_func(void *param) {
  struct mg_server *server = (struct mg_server *) param;
  printf("Listening on port %s\n", mg_get_option(server, "listening_port"));
  while (s_received_signal == 0) {
    mg_poll_server(server, 1000);
  }
  mg_destroy_server(&server);
  return NULL;
}

static void *wrapper_thread_func(void *param) {
  struct config *c = (struct config *) param;
  const char *err_msg;
  void *wrapper;

  wrapper = ssl_wrapper_init(c->wrapper_server_addr, c->target_addr, &err_msg);
  if (wrapper == NULL) {
    fprintf(stderr, "Error: %s\n", err_msg);
    exit(EXIT_FAILURE);
  }
  //((struct ns_mgr *) wrapper)->hexdump_file = "/dev/stderr";
  ssl_wrapper_serve(wrapper, &s_received_signal);

  return NULL;
}

int main(void) {
  struct mg_server *proxy_server = mg_create_server(NULL, ev_handler);
  struct mg_server *ws1_server = mg_create_server(NULL, ws_handler);
  struct mg_server *ws2_server = mg_create_server(NULL, ws_handler);
  size_t i;

  ((struct ns_mgr *) proxy_server)->hexdump_file = "/dev/stderr";

  // Configure proxy server to listen on port 2014
  mg_set_option(proxy_server, "listening_port", "2014");
  //mg_set_option(proxy_server, "enable_proxy", "yes");

  // Configure two websocket echo servers:
  //    ws1 is WS, listening on 9001
  //    ws2 is WSS, listening on 9002
  // Note that HTML page thinks that ws1 is WSS, and ws2 is WS,
  // where in reality it is vice versa and proxy server makes the decision.
  mg_set_option(ws1_server, "listening_port", "tcp://127.0.0.1:9001");
  mg_set_option(ws2_server, "listening_port",
                "ssl://127.0.0.1:9002:" S2_PEM ":" CA2_PEM);

  // Setup signal handlers
  signal(SIGTERM, signal_handler);
  signal(SIGINT, signal_handler);

  // Start SSL wrappers, each in it's own thread
  for (i = 0; i < ARRAY_SIZE(s_wrappers); i++) {
    ns_start_thread(wrapper_thread_func, &s_wrappers[i]);
  }

  // Start websocket servers in separate threads
  mg_start_thread(serve_thread_func, ws1_server);
  mg_start_thread(serve_thread_func, ws2_server);

  // Finally, start proxy server in this thread: this call blocks
  serve_thread_func(proxy_server);

  printf("Existing on signal %d\n", s_received_signal);
  return EXIT_SUCCESS;
}