HTTP-over-Onionv3 Reseeder

2019-05-08 12:23:21 -04:00
parent e7d4585361
commit bc91c473c2
4 changed files with 42 additions and 7 deletions
--- a/cmd/reseed.go
+++ b/cmd/reseed.go
@@ -6,8 +6,10 @@ import (
 	"net"
 	"runtime"
 	"time"
+    "strconv"

 	"github.com/MDrollette/i2p-tools/reseed"
+    "github.com/cretz/bine/tor"
 	"github.com/codegangsta/cli"
 )

@@ -25,6 +27,10 @@ func NewReseedCommand() cli.Command {
 				Name:  "tlsHost",
 				Usage: "The public hostname used on your TLS certificate",
 			},
+			cli.BoolFlag{
+				Name:  "onion",
+				Usage: "Present an onionv3 address",
+			},
 			cli.StringFlag{
 				Name:  "key",
 				Usage: "Path to your su3 signing private key",
@@ -105,6 +111,7 @@ func reseedAction(c *cli.Context) {

 	var tlsCert, tlsKey string
 	tlsHost := c.String("tlsHost")
+
 	if tlsHost != "" {
 		tlsKey = c.String("tlsKey")
 		// if no key is specified, default to the host.pem in the current dir
@@ -179,7 +186,13 @@ func reseedAction(c *cli.Context) {
 		}()
 	}

-	if tlsHost != "" && tlsCert != "" && tlsKey != "" {
+    if c.Bool("onion") {
+        port, err := strconv.Atoi(c.String("port"))
+        if err != nil {
+            log.Fatalln(err.Error())
+        }
+        log.Fatalln(server.ListenAndServeOnion(nil, &tor.ListenConf{LocalPort: port, RemotePorts: []int{80}}))
+    }else if tlsHost != "" && tlsCert != "" && tlsKey != "" {
 		log.Printf("HTTPS server started on %s\n", server.Addr)
 		log.Fatalln(server.ListenAndServeTLS(tlsCert, tlsKey))
 	} else {
--- a/reseed/server.go
+++ b/reseed/server.go
@@ -2,6 +2,7 @@ package reseed

 import (
 	"bytes"
+	"context"
 	"crypto/tls"
 	"io"
 	"log"
@@ -9,7 +10,9 @@ import (
 	"net/http"
 	"os"
 	"strconv"
+	"time"

+	"github.com/cretz/bine/tor"
 	"github.com/gorilla/handlers"
 	"github.com/justinas/alice"
 	"gopkg.in/throttled/throttled.v2"
@@ -22,8 +25,9 @@ const (

 type Server struct {
 	*http.Server
-	Reseeder  Reseeder
-	Blacklist *Blacklist
+	Reseeder      Reseeder
+	Blacklist     *Blacklist
+	OnionListener *tor.OnionService
 }

 func NewServer(prefix string, trustProxy bool) *Server {
@@ -110,6 +114,24 @@ func (srv *Server) ListenAndServeTLS(certFile, keyFile string) error {
 	return srv.Serve(tlsListener)
 }

+func (srv *Server) ListenAndServeOnion(startConf *tor.StartConf, listenConf *tor.ListenConf) error {
+	log.Println("Starting and registering onion service, please wait a couple of minutes...")
+	tor, err := tor.Start(nil, startConf)
+	if err != nil {
+		return err
+	}
+	defer tor.Close()
+
+	listenCtx, listenCancel := context.WithTimeout(context.Background(), 3*time.Minute)
+	defer listenCancel()
+	srv.OnionListener, err = tor.Listen(listenCtx, listenConf)
+	if err != nil {
+		return err
+	}
+	log.Printf("Onionv3 server started on http://%v.onion\n", srv.OnionListener.ID)
+	return srv.Serve(srv.OnionListener)
+}
+
 func (srv *Server) reseedHandler(w http.ResponseWriter, r *http.Request) {
 	var peer Peer
 	if ip, _, err := net.SplitHostPort(r.RemoteAddr); err == nil {
--- a/reseed/utils.go
+++ b/reseed/utils.go
@@ -60,7 +60,7 @@ func NewTLSCertificate(host string, priv *ecdsa.PrivateKey) ([]byte, error) {
 		KeyUsage:              x509.KeyUsageCertSign | x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
 		BasicConstraintsValid: true,
-		IsCA: true,
+		IsCA:                  true,
 	}

 	hosts := strings.Split(host, ",")
--- a/su3/crypto.go
+++ b/su3/crypto.go
@@ -85,9 +85,9 @@ func NewSigningCertificate(signerID string, privateKey *rsa.PrivateKey) ([]byte,

 	template := &x509.Certificate{
 		BasicConstraintsValid: true,
-		IsCA:         true,
-		SubjectKeyId: []byte(signerID),
-		SerialNumber: serialNumber,
+		IsCA:                  true,
+		SubjectKeyId:          []byte(signerID),
+		SerialNumber:          serialNumber,
 		Subject: pkix.Name{
 			Organization:       []string{"I2P Anonymous Network"},
 			OrganizationalUnit: []string{"I2P"},