Add support for TLS/HTTPS on both the client and the server

At the moment the server side doesn't support SSL for the web end. The tty_sender supports TLS for the server connection, which is specified via a command line argument. The websockets connection on the frontend side is using an address based on the window.location.protocol (ws:// or wss://)
6 years ago · 602259cdd8
parent caaf694b6c
commit 602259cdd8
2 changed files with 37 additions and 7 deletions
--- a/frontend/src/main.js
+++ b/frontend/src/main.js
@ -20,8 +20,15 @@ var term = new Terminal({
 var derivedKey = pbkdf2.pbkdf2Sync('password', 'salt', 4096, 32, 'sha256');
 console.log(derivedKey);

-var wsAddress = 'ws://' + window.location.host + window.ttyInitialData.wsPath;
-var connection = new WebSocket(wsAddress);
+let wsAddress = "";
+if (window.location.protocol === "https:") {
+   wsAddress = 'wss://';
+} else {
+    wsAddress = "ws://";
+}
+
+wsAddress += window.location.host + window.ttyInitialData.wsPath;
+let connection = new WebSocket(wsAddress);



--- a/tty-sender/main.go
+++ b/tty-sender/main.go
@ -2,6 +2,8 @@ package main

 import (
 	"bufio"
+	"crypto/tls"
+	"crypto/x509"
 	"encoding/json"
 	"flag"
 	"fmt"
@ -20,6 +22,7 @@ func main() {
 	commandName := flag.String("command", "bash", "The command to run")
 	commandArgs := flag.String("args", "", "The command arguments")
 	logFileName := flag.String("logfile", "-", "The name of the file to log")
+	useTLS := flag.Bool("useTLS", true, "Use TLS to connect to the server")
 	server := flag.String("server", "localhost:7654", "tty-proxyserver address")
 	flag.Parse()

@ -36,18 +39,38 @@ func main() {

 	// TODO: check we are running inside a tty environment, and exit if not

-	tcpConn, err := net.Dial("tcp", *server)
-	if err != nil {
-		fmt.Printf("Cannot connect to the server (%s): %s", *server, err.Error())
-		return
+	var rawConnection io.ReadWriteCloser
+	if *useTLS {
+		roots, err := x509.SystemCertPool()
+		if err != nil {
+			fmt.Printf("Cannot connect to the server (%s): %s", *server, err.Error())
+			return
+		}
+		rawConnection, err = tls.Dial("tcp", *server, &tls.Config{RootCAs: roots})
+		if err != nil {
+			fmt.Printf("Cannot connect (TLS) to the server (%s): %s", *server, err.Error())
+			return
+		}
+	} else {
+		var err error
+		rawConnection, err = net.Dial("tcp", *server)
+		if err != nil {
+			fmt.Printf("Cannot connect to the server (%s): %s", *server, err.Error())
+			return
+		}
 	}

-	serverConnection := common.NewTTYProtocolConn(tcpConn)
+	serverConnection := common.NewTTYProtocolConn(rawConnection)
 	reply, err := serverConnection.InitSender(common.SenderSessionInfo{
 		Salt:              "salt",
 		PasswordVerifierA: "PV_A",
 	})

+	if err != nil {
+		fmt.Printf("Cannot initialise the protocol connection: %s", err.Error())
+		return
+	}
+
 	log.Infof("Web terminal: %s", reply.URLWebReadWrite)

 	// Display the session information to the user, before showing any output from the command.