add tls to server

src/moonchan/client/client.go

@@ -16,11 +16,14 @@ var debugRPC = flag.Bool("debug_rpc", true, "Debug RPC")
 
 type Client struct {
 	host string
-	c    http.Client
+	c    *http.Client
 }
 
-func NewClient(host string) *Client {
-	return &Client{host: host}
+func NewClient(c *http.Client, host string) *Client {
+	return &Client{
+		host: host,
+		c:    c,
+	}
 }
 
 func (c *Client) post(path string, req, resp interface{}) error {

src/moonchan/cmd/mcclient/client.go

@@ -1,11 +1,13 @@
 package main
 
 import (
+	"crypto/tls"
 	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"flag"
 	"fmt"
+	"net/http"
 	"os"
 	"strconv"
 
@@ -70,16 +72,42 @@ func loadkey(s *State, n int) (*btcec.PrivateKey, *btcutil.AddressPubKey, error)
 	return privKey, pubkey, nil
 }
 
+func getHttpClient() *http.Client {
+	if *testnet {
+		tr := &http.Transport{
+			TLSClientConfig: &tls.Config{
+				InsecureSkipVerify: true,
+			},
+		}
+		return &http.Client{Transport: tr}
+	} else {
+		return http.DefaultClient
+	}
+}
+
 func getClient(id string) *client.Client {
 	host := globalState.Channels[id].Host
-	return client.NewClient(host)
+	c := getHttpClient()
+	return client.NewClient(c, host)
+}
+
+func getResolver() *resolver.Resolver {
+	r := resolver.NewResolver()
+	r.Client = getHttpClient()
+
+	if *testnet {
+		r.DefaultPort = 3211
+	}
+
+	return r
 }
 
 func create(args []string) error {
 	domain := args[0]
 	outputAddr := args[1]
 
-	hostURL, err := resolver.Resolve(domain)
+	r := getResolver()
+	hostURL, err := r.Resolve(domain)
 	if err != nil {
 		return err
 	}
@@ -97,7 +125,8 @@ func create(args []string) error {
 		return err
 	}
 
-	c := client.NewClient(host)
+	httpClient := getHttpClient()
+	c := client.NewClient(httpClient, host)
 	var req models.CreateRequest
 	req.SenderPubKey = s.State.SenderPubKey.PubKey().SerializeCompressed()
 	req.SenderOutput = s.State.SenderOutput

src/moonchan/cmd/mcserver/server.go

@@ -19,6 +19,10 @@ var xprivkey = flag.String("privkey", "tprv8ZgxMBicQKsPe4s4h67jp6E3zhvfLRU6gnfrH
 var bitcoindHost = flag.String("bitcoind_host", "localhost:18332", "")
 var bitcoindUsername = flag.String("bitcoind_username", "username", "")
 var bitcoindPassword = flag.String("bitcoind_password", "password", "")
+var listenAddr = flag.String("listen", ":3211", "Address to listen on")
+var externalURL = flag.String("external_url", "https://example.com:3211", "External server URL")
+var tlsCert = flag.String("tls_cert", "tls/cert.pem", "TLS certificate")
+var tlsKey = flag.String("tls_key", "tls/key.pem", "TLS key")
 
 func getnet() *chaincfg.Params {
 	if *testnet {
@@ -96,10 +100,18 @@ func main() {
 	http.HandleFunc("/details", wrap(ss, detailsHandler))
 	http.HandleFunc("/close", wrap(ss, closeHandler))
 
+	if *externalURL != "" {
+		http.HandleFunc("/moonchan.json", domainHandler)
+	}
+
 	http.HandleFunc("/api/create", wrap(ss, rpcCreateHandler))
 	http.HandleFunc("/api/open", wrap(ss, rpcOpenHandler))
 	http.HandleFunc("/api/send", wrap(ss, rpcSendHandler))
 	http.HandleFunc("/api/close", wrap(ss, rpcCloseHandler))
 
-	log.Fatal(http.ListenAndServe(":3211", nil))
+	if *tlsCert == "" {
+		log.Fatal(http.ListenAndServe(*listenAddr, nil))
+	} else {
+		log.Fatal(http.ListenAndServeTLS(*listenAddr, *tlsCert, *tlsKey, nil))
+	}
 }

src/moonchan/cmd/mcserver/web.go

@@ -9,6 +9,7 @@ import (
 	"sort"
 
 	"moonchan/models"
+	"moonchan/resolver"
 	"moonchan/storage"
 )
 
@@ -157,3 +158,12 @@ func closeHandler(ss *ServerState, w http.ResponseWriter, r *http.Request) {
 
 	w.Write([]byte(hex.EncodeToString(resp.CloseTx)))
 }
+
+func domainHandler(w http.ResponseWriter, r *http.Request) {
+	d := resolver.Domain{
+		Receivers: []resolver.DomainReceiver{
+			{URL: *externalURL},
+		},
+	}
+	json.NewEncoder(w).Encode(d)
+}

src/moonchan/resolver/resolver.go

@@ -5,6 +5,7 @@ import (
 	"errors"
 	"net/http"
 	"net/url"
+	"strconv"
 	"strings"
 )
 
@@ -16,7 +17,19 @@ type Domain struct {
 	Receivers []DomainReceiver `json:"receivers"`
 }
 
-func Resolve(domain string) (*url.URL, error) {
+type Resolver struct {
+	Client      *http.Client
+	DefaultPort int
+}
+
+func NewResolver() *Resolver {
+	var c http.Client
+	return &Resolver{
+		Client: &c,
+	}
+}
+
+func (r *Resolver) Resolve(domain string) (*url.URL, error) {
 	if u, err := url.Parse(domain); err == nil {
 		if u.Scheme != "" {
 			return u, nil
@@ -28,7 +41,11 @@ func Resolve(domain string) (*url.URL, error) {
 	rurl.Host = domain
 	rurl.Path = "/moonchan.json"
 
-	resp, err := http.Get(rurl.String())
+	if r.DefaultPort != 0 {
+		rurl.Host += ":" + strconv.Itoa(r.DefaultPort)
+	}
+
+	resp, err := r.Client.Get(rurl.String())
 	if err != nil {
 		return nil, err
 	}

tls/cert.pem

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID+jCCAuKgAwIBAgIJAKuBcZ4bkly5MA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNV
+BAYTAlhYMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxFDASBgNVBAMTC2V4YW1wbGUuY29tMB4XDTE3MDMyNTE4
+MTIyNFoXDTE4MDMyNTE4MTIyNFowWzELMAkGA1UEBhMCWFgxEzARBgNVBAgTClNv
+bWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEUMBIG
+A1UEAxMLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCyUX7S3I6X6Ul/6iV6erbUrKqb9zr14gpZ0qpRyryFfJZh/xPRZsVN0C4DVqu+
+0s9hOns0gpYjq8wNMyG7DGigjSGzMLNVC6KxJCg7wEzMkgGHxB48proE7oiJN1ny
+wlPNHhGKRPVZpMwPKW5c/d+o4vtumQhIRUQgJhJr1jNWAJUNwPN1W6lpVYAys6IN
+UdzoRu+g0P8fBvLQb/M2rptq2ckvAn9mBvAniSFeUr6GBXEHW1vWdk36Rx4TvKdq
+rnDbd4BWJM2MZZbPaC6Ep3fBeljnjywWveiUwFolJB4QKHqaZGF6Ew7+nDGfiEQ9
+Hw0oGDktkU3OGUOalzDhl32BAgMBAAGjgcAwgb0wHQYDVR0OBBYEFMaJbx6N71R8
+lsKLKb6qs4uCVGfrMIGNBgNVHSMEgYUwgYKAFMaJbx6N71R8lsKLKb6qs4uCVGfr
+oV+kXTBbMQswCQYDVQQGEwJYWDETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UE
+ChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRQwEgYDVQQDEwtleGFtcGxlLmNv
+bYIJAKuBcZ4bkly5MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAEKJ
+lajmMyeacD3xtdrgDyBopBkH8hPabH9Zz0PxCm8PSB568ne/xdpWaJ7nbgGmERhi
+xlHl7mtKM9Gt60YXJSFkh0HMgihceOCdPiaj0gLhNwA3snCk6SK8DjXFAl/nPzTy
+k+jSbkU4UARjn5hxpO4qFtCzwDQ7EYraJyuf+8vkdWhWBzDESTRoiyYJRDNSMS85
+dlinKVhaOaJ2nl4Dfb1QjZlDbv5ld9DYwqcq5ftVgt6bIHYjKLglPprZFwQx6UUh
+oow+qpKjiV08HCBNsgI0mQAXyFYP3GHELT4cV9aqDbkExFauxDEV2GsWtyDcHzDF
+NMvVvF2uPCXqodLAXnU=
+-----END CERTIFICATE-----

tls/key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAslF+0tyOl+lJf+olenq21Kyqm/c69eIKWdKqUcq8hXyWYf8T
+0WbFTdAuA1arvtLPYTp7NIKWI6vMDTMhuwxooI0hszCzVQuisSQoO8BMzJIBh8Qe
+PKa6BO6IiTdZ8sJTzR4RikT1WaTMDyluXP3fqOL7bpkISEVEICYSa9YzVgCVDcDz
+dVupaVWAMrOiDVHc6EbvoND/Hwby0G/zNq6batnJLwJ/ZgbwJ4khXlK+hgVxB1tb
+1nZN+kceE7ynaq5w23eAViTNjGWWz2guhKd3wXpY548sFr3olMBaJSQeECh6mmRh
+ehMO/pwxn4hEPR8NKBg5LZFNzhlDmpcw4Zd9gQIDAQABAoIBAGpkUWUCD1n36NCX
+JXFkUj2mH80av2UBTue018YhTkXexeMGTA6+YK5CrZF0Xthl8zGxsNztpSL3V7Hw
+dgmiJ7LTQe4l+nmdjZ5fUloELE5KNvuIOfo6B/b1UyV7jwFWjKVvcUusRS8NMmtB
+bwWwu4eKljWwvM5R9Ymw7YDFtq9yfhNhw7Qfe7h9oXfAnBhLRR3xr+hc277ShRv2
+RQj+1nV1tOx8vaHVNoGWug3B57XaeA89ulzObFWGtWbhQ0Pb2PFDrTymj4thgKrM
+QFg1kyyDdaw54f/xF3zihfVIEYqzM7nME3i+5ZYG1viqJNGfXtS/ciFRTnlDPLHZ
+ZqMJEHkCgYEA4sajgJGyPilJ1drFfpqNNlyo92u+dQNgZ/8NosU5nhrZOW2D/3Fj
+DDRBnCvUz+0Ftqf+hJI70sL86EUC8/34V0XdWPwo3VMIeFWRcw3rsREdr9FqGw4N
+EJDbt+D7IxXM8Rrvm/xzZXAEzZArOrZzwRG6gpbswJSJjqdRxsraLbcCgYEAyUw8
+Xp7fF5R3cSqLym3+NykDqIEJ3t4HVVAV021H5cEouzaiiJti4G+V2cfyVz8EHXTW
+kJ8A87utE5vZ29NE3wi1BOzi94foVW3neNNcVpqiiq8z90rY8PWYLDZfOSf42Fsz
+RGRZlM9j/ZOrq3lCeiNXImLSEVAfx6rjGg5BrocCgYEAgEhf224Px2wx0WDVUZ35
+/eOCzZvMfILxeULlosswociMUxkpj0nD/vZcmwyMcSaikcYMi0/xuXMGABpx5jYn
+0q653Qmf0DuVUgUNp2kbh+mnwnqTLETRjSp0sFr7lchSS52yJ6oyWRJ6FRLV8Xue
+lXwC5rabrQEZo3HxJ6Q+sZcCgYAgYUD8v3WHZ3xnGb7uyw6vdMt/2XHrBbAMSxuX
+rOZ50L5qjvlKHCSlkY17QKx82EgjLN4u2UTf7/qBQvqiX7OeZNopdqlzw8rdoxYu
+22DpFWq8AD7Nsp5+9CKMShq7KPDgbJssjy/RviKJca2VoaXN281yXI8J9eeGyLhL
+QqvSFQKBgH0tactVoi5mgiF9O3Kh/jeyXSiDrrldpM8I2C3nU2LAzOAOgQl+upW9
+82CMg3PIzDz+PfmRO2ja951OcWJlbUfX1HiMtGxnaEDS665TwY5/Dj34etxR2qDL
+/JlgaJqyFpQGI5BPn9jRuC9gA2MLyjdpjCh4OgMRWj1YjAniLHNU
+-----END RSA PRIVATE KEY-----