[daemon] Add TLS support

3 files changed, 55 insertions, 19 deletions

diff --git a/server/message.go b/server/message.go
index b8b0631..e814d9d 100644
--- a/server/message.go
+++ b/server/message.go
@@ -46,7 +46,7 @@ func (s *Server) handleMessage(sender net.Conn, connType core.ConnType, msg core
 		log.Println("cannot write to database", err)
 	}
 
-	if addr.Host == s.name {
+	if addr.Host == s.cfg.Name {
 		return s.handleLocalMessage(sender, addr, msg)
 	}
 
diff --git a/server/remote.go b/server/remote.go
index 6f9bd66..e1829b1 100644
--- a/server/remote.go
+++ b/server/remote.go
@@ -102,7 +102,7 @@ func (s *Server) initRemoteConn(name string) (net.Conn, error) {
 		return conn, err
 	}
 
-	auth := core.ServerAuth{Name: s.name}
+	auth := core.ServerAuth{Name: s.cfg.Name}
 	if err := core.Send(conn, auth); err != nil {
 		conn.Close()
 		return conn, err
diff --git a/server/server.go b/server/server.go
index 58714c5..b5840df 100644
--- a/server/server.go
+++ b/server/server.go
@@ -1,6 +1,7 @@
 package server
 
 import (
+	"crypto/tls"
 	"errors"
 	"log"
 	"net"
@@ -10,8 +11,7 @@ import (
 )
 
 type Server struct {
-	listenAddr string
-	name       string
+	cfg        Config
 	users      map[string]User // TODO: Use full address instead of just name
 	servers    map[string]RemoteServer
 	channels   map[string]*Channel
@@ -21,23 +21,66 @@ type Server struct {
 	Storage    Storage
 }
 
-func NewServer(listenAddr string, name string, storage Storage) *Server {
+type Config struct {
+	ListenAddr string
+	Name       string
+	Tls        bool
+	CertPem    []byte
+	KeyPem     []byte
+}
+
+func NewServer(cfg Config, storage Storage) *Server {
 	return &Server{
-		listenAddr: listenAddr,
-		name:       name,
-		users:      make(map[string]User),
-		servers:    make(map[string]RemoteServer),
-		channels:   make(map[string]*Channel),
-		Storage:    storage,
+		cfg:      cfg,
+		Storage:  storage,
+		users:    make(map[string]User),
+		servers:  make(map[string]RemoteServer),
+		channels: make(map[string]*Channel),
 	}
 }
 
 func (s *Server) Start() error {
-	ln, err := net.Listen("tcp", s.listenAddr)
+	if s.cfg.Tls {
+		return s.listenTls()
+	}
+
+	return s.listenPlain()
+}
+
+func (s *Server) AddChannel(name string) {
+	s.channelsMu.Lock()
+	defer s.channelsMu.Unlock()
+	s.channels[name] = NewChannel(name)
+	log.Println("created channel", name)
+}
+
+func (s *Server) listenPlain() error {
+	ln, err := net.Listen("tcp", s.cfg.ListenAddr)
+	if err != nil {
+		return err
+	}
+
+	s.listen(ln)
+	return nil
+}
+
+func (s *Server) listenTls() error {
+	cert, err := tls.X509KeyPair(s.cfg.CertPem, s.cfg.KeyPem)
+	if err != nil {
+		return err
+	}
+
+	cfg := &tls.Config{Certificates: []tls.Certificate{cert}}
+	ln, err := tls.Listen("tcp", s.cfg.ListenAddr, cfg)
 	if err != nil {
 		return err
 	}
 
+	s.listen(ln)
+	return nil
+}
+
+func (s *Server) listen(ln net.Listener) {
 	for {
 		conn, err := ln.Accept()
 		if err != nil {
@@ -50,13 +93,6 @@ func (s *Server) Start() error {
 	}
 }
 
-func (s *Server) AddChannel(name string) {
-	s.channelsMu.Lock()
-	defer s.channelsMu.Unlock()
-	s.channels[name] = NewChannel(name)
-	log.Println("created channel", name)
-}
-
 func (s *Server) handleConn(conn net.Conn) {
 	defer conn.Close()