From bc91c473c2ae7ee9bbac2ea99c91c03e37a00b90 Mon Sep 17 00:00:00 2001 From: idk Date: Wed, 8 May 2019 12:23:21 -0400 Subject: [PATCH] HTTP-over-Onionv3 Reseeder --- cmd/reseed.go | 15 ++++++++++++++- reseed/server.go | 26 ++++++++++++++++++++++++-- reseed/utils.go | 2 +- su3/crypto.go | 6 +++--- 4 files changed, 42 insertions(+), 7 deletions(-) diff --git a/cmd/reseed.go b/cmd/reseed.go index 760f540..8b95fab 100644 --- a/cmd/reseed.go +++ b/cmd/reseed.go @@ -6,8 +6,10 @@ import ( "net" "runtime" "time" + "strconv" "github.com/MDrollette/i2p-tools/reseed" + "github.com/cretz/bine/tor" "github.com/codegangsta/cli" ) @@ -25,6 +27,10 @@ func NewReseedCommand() cli.Command { Name: "tlsHost", Usage: "The public hostname used on your TLS certificate", }, + cli.BoolFlag{ + Name: "onion", + Usage: "Present an onionv3 address", + }, cli.StringFlag{ Name: "key", Usage: "Path to your su3 signing private key", @@ -105,6 +111,7 @@ func reseedAction(c *cli.Context) { var tlsCert, tlsKey string tlsHost := c.String("tlsHost") + if tlsHost != "" { tlsKey = c.String("tlsKey") // if no key is specified, default to the host.pem in the current dir @@ -179,7 +186,13 @@ func reseedAction(c *cli.Context) { }() } - if tlsHost != "" && tlsCert != "" && tlsKey != "" { + if c.Bool("onion") { + port, err := strconv.Atoi(c.String("port")) + if err != nil { + log.Fatalln(err.Error()) + } + log.Fatalln(server.ListenAndServeOnion(nil, &tor.ListenConf{LocalPort: port, RemotePorts: []int{80}})) + }else if tlsHost != "" && tlsCert != "" && tlsKey != "" { log.Printf("HTTPS server started on %s\n", server.Addr) log.Fatalln(server.ListenAndServeTLS(tlsCert, tlsKey)) } else { diff --git a/reseed/server.go b/reseed/server.go index 988b530..82d1ef3 100644 --- a/reseed/server.go +++ b/reseed/server.go @@ -2,6 +2,7 @@ package reseed import ( "bytes" + "context" "crypto/tls" "io" "log" @@ -9,7 +10,9 @@ import ( "net/http" "os" "strconv" + "time" + "github.com/cretz/bine/tor" "github.com/gorilla/handlers" "github.com/justinas/alice" "gopkg.in/throttled/throttled.v2" @@ -22,8 +25,9 @@ const ( type Server struct { *http.Server - Reseeder Reseeder - Blacklist *Blacklist + Reseeder Reseeder + Blacklist *Blacklist + OnionListener *tor.OnionService } func NewServer(prefix string, trustProxy bool) *Server { @@ -110,6 +114,24 @@ func (srv *Server) ListenAndServeTLS(certFile, keyFile string) error { return srv.Serve(tlsListener) } +func (srv *Server) ListenAndServeOnion(startConf *tor.StartConf, listenConf *tor.ListenConf) error { + log.Println("Starting and registering onion service, please wait a couple of minutes...") + tor, err := tor.Start(nil, startConf) + if err != nil { + return err + } + defer tor.Close() + + listenCtx, listenCancel := context.WithTimeout(context.Background(), 3*time.Minute) + defer listenCancel() + srv.OnionListener, err = tor.Listen(listenCtx, listenConf) + if err != nil { + return err + } + log.Printf("Onionv3 server started on http://%v.onion\n", srv.OnionListener.ID) + return srv.Serve(srv.OnionListener) +} + func (srv *Server) reseedHandler(w http.ResponseWriter, r *http.Request) { var peer Peer if ip, _, err := net.SplitHostPort(r.RemoteAddr); err == nil { diff --git a/reseed/utils.go b/reseed/utils.go index dac32bf..ac2f8e3 100644 --- a/reseed/utils.go +++ b/reseed/utils.go @@ -60,7 +60,7 @@ func NewTLSCertificate(host string, priv *ecdsa.PrivateKey) ([]byte, error) { KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, BasicConstraintsValid: true, - IsCA: true, + IsCA: true, } hosts := strings.Split(host, ",") diff --git a/su3/crypto.go b/su3/crypto.go index bffec6b..e913430 100644 --- a/su3/crypto.go +++ b/su3/crypto.go @@ -85,9 +85,9 @@ func NewSigningCertificate(signerID string, privateKey *rsa.PrivateKey) ([]byte, template := &x509.Certificate{ BasicConstraintsValid: true, - IsCA: true, - SubjectKeyId: []byte(signerID), - SerialNumber: serialNumber, + IsCA: true, + SubjectKeyId: []byte(signerID), + SerialNumber: serialNumber, Subject: pkix.Name{ Organization: []string{"I2P Anonymous Network"}, OrganizationalUnit: []string{"I2P"},