Make TLS mandatory for server

Add options to pass paths for certificate and private key to CLI
Closes #2
Add test certificate FOR TESTS ONLY!
Fix logger calls

Author: lgrahl

bin/saltyrtc-server

@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 """
-The command line interface for the SaltyRTC Signalling Server.
+The command line interface for the SaltyRTC signalling server.
 """
 import functools
 import asyncio
@@ -38,16 +38,27 @@ def cli(ctx):
 
 
 @cli.command(short_help='Show version information.', help="""
-Show the current version of the SaltyRTC Signalling Server.
+Show the current version of the SaltyRTC signalling server.
 """)
 def version():
     click.echo('Version: {}'.format(_version))
 
 
-@cli.command()
+@cli.command(short_help='Start the signalling server.', help="""
+Start the SaltyRTC signalling server. CERT represents the path to a
+file in PEM format containing the SSL certificate of the server.""")
+@click.argument('cert', type=click.Path(exists=True))
+@click.option('-k', '--keyfile', type=click.Path(exists=True), help="""
+Path to a file that contains the private key. Will be read from
+CERTFILE if not present.
+""")
 @aio_serve
-def serve():
-    yield from server.serve()
+def serve(**arguments):
+    certfile = arguments.get('cert')
+    keyfile = arguments.get('keyfile', None)
+    yield from server.serve(
+        certfile=certfile, keyfile=keyfile
+    )
 
 
 if __name__ == '__main__':

saltyrtc/server/__init__.py

@@ -4,7 +4,7 @@
 import json
 import asyncio
 import enum
-import logging
+import ssl
 
 import websockets
 
@@ -51,7 +51,7 @@ class Path(object):
 
     def __init__(self):
         self.hash = hex(id(self))
-        self.logger = logging.getLogger('signaling.{}'.format(self))
+        self.logger = util.get_logger(self.hash)
         self.key = None
         self._client = asyncio.Future()
         self._server = asyncio.Future()
@@ -333,7 +333,7 @@ def signaling(ws, path):
         if len(path) != config.path_length:
             raise PathError(len(path))
     except PathError as exc:
-        logging.getLogger('signaling').error(exc)
+        util.get_logger().error(exc)
         return
 
     # Create path instance (if necessary)
@@ -371,16 +371,35 @@ def signaling(ws, path):
 
 
 @asyncio.coroutine
-def serve(port=8765, loop=None):
+def serve(certfile, keyfile=None, host=None, port=8765, loop=None):
     """
-    TODO: Describe.
+    Start serving SaltyRTC Signalling Clients.
+
+    Arguments:
+        - `certfile`: Path to a file in PEM format containing the
+          SSL certificate of the server.
+        - `keyfile`: Path to a file that contains the private key.
+          Will be read from `certfile` if not present.
+        - `ssl`: An `ssl.SSLContext` instance for WSS.
+        - `host`: The hostname or IP address the server will listen on.
+          Defaults to all interfaces.
+        - `port`: The port the client should connect to. Defaults to
+          `8765`.
+        - `loop`: A :class:`asyncio.BaseEventLoop` instance.
     """
     # Get loop
     loop = loop if loop is not None else asyncio.get_event_loop()
+    log.debug('Event loop: {}', loop)
+
+    # Create SSL context
+    ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+    ssl_context.load_cert_chain(certfile=certfile, keyfile=keyfile)
+    log.debug('Created SSL context', ssl_context)
 
     # Start server
     log.debug('Starting server')
-    server = yield from websockets.serve(signaling, port=port)
+    server = yield from websockets.serve(
+        signaling, ssl=ssl_context, host=host, port=port)
 
     # Return server
     log.notice('Listening')

tests/cert.pem

@@ -0,0 +1,47 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC4fXu6zFJIaSSV
+pvc39S6i+o54hZujW5zqo2A0YaXmB2RvmCwA8THJVIYaV02Y2DFs4gyFl0p/D/9e
+6dnl9PB7Mo23WRfkoM1/JtXs/FnUkEpSH97ssiOryoikP6urDzaPmMz0ydILM6xO
+A5p4oq4zYgBNN1f8JyYc8FQ2KsZEnTUg0cQxctq09chWxqT1scgc/5ELOfxIDPEk
+I7R9r3GUxZqVPwafljja/KdbBF+fNPiSJkI29d8zkRX7JvFATB/o8bxMbvIljBRa
+FFoHxRRkcmK7Cup1LqyeYRjldCL/q1tfXQ57BUv3w9UILrQdaraQiGwLt3m7OQRX
+Tz1VLxqDAgMBAAECggEAXK7Npf5XqAEKXBRRRk9qan4tbObSVbMElewVvLsBuRol
+ntp34NFLDbXk2P7bANo7mlPFrqdeyY6j4G7jBN+UoI+5Gk8r7bPLCQHdnvz3tA35
+CGDygT7NJNTO6JUEDR/LbUB6Vs+9Mdt3yImO5OP1V+L3+9K95PNV9lvWMpAyouzt
+Et5Tp1wPakGh6/OUXlyz51lZESSyvItP2/WOjUvgkSvdx/khM2If6ONGUtB2DK9y
+AhDhNImIHwdZaScZIC03UBvV3qSnXZ6Jc+aKzUK1Oq+pSXVG4LvLiEMYf0N68yed
+lRh3ar73JtD/Sels7oqlrZOHpqf8AqNCjC92Di8rIQKBgQDa0usmlfD4yrTCaDkq
+UkJWJlT3cnBTxsgq8yWpJv7MPmJ/LiC2pmDnz/Psyq2PPdNsL750bXFkWuEkwe7h
+UuJKUt2FeC5PIY3H5SX3CFKJEr3aPhz/H40EaKM3HTesJuqdZLaJ2b2C7vJotNVH
+HS45VpF0wyR0/rtAdmMxtXctFwKBgQDX1VLEwG11QgvuSDU1k7h0c4frCI3pj39W
+AysPc/gahXja/fCtPoI0v35ssw7uQqv8RwNpmMpkUwPqAQOLYGj/oDGXEgBVXhSz
+AxErM9erGDDZCIaogwz06Ccv7EiTqF6UJDfCl1ciiC3nZ4dnR0bAR8uxkStF1+XS
+r/usGNnZdQKBgQDHptd8TiQdqz0/fz5hGcqCtdiiKJzKIz0wysYazoR9r5HIvjqE
+y8rw1nCVJNs0LVHAjNM1gUGLMcvn8LXWifwDmhWZmGyQMGoe7zkzajl77UihXjiw
+oYXVdu8r8xF/lcZMMr7FiY/6ba9oz00k5D/veseeBAo4YM5SY3HfwdTpowKBgQDS
+g71RLqcUgbEFXuSXN1foLW9arWNNdasrh7eOQPyzUZAJeTowoBF7xXNYLmXXuqvp
+SpJngqGVrOraaNa+MPD4s5Tq1qIAodzqpYkvbEdlGBk89vXwkrImhfEC6yH283gc
+Yh8I63gPtGehlvcYowq9LMnejct5OhVtpDyDJVIGqQKBgQDPrw6+9QUDBxa4OUz+
+aW8raxe+aTPbFlP7N2fPcTwdPWvQkwhpWKpt6fKk+mSTNooIJt5dRif+JrafZ0Z/
+gXFiMnZ+ikv5NSHjd+KjxRshBuTWaDVGqOItFvPC2ipmfcB1KY1WXZZHm7x/myYR
+ATd3dFVClycKsjcz8e0OJaJXaA==
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDETCCAfmgAwIBAgIJAPV4ClYbVNscMA0GCSqGSIb3DQEBCwUAMB8xHTAbBgNV
+BAMMFHNhbHR5cnRjLnNlcnZlci50ZXN0MB4XDTE2MDIyNjIxMjYyNFoXDTE3MDIy
+NTIxMjYyNFowHzEdMBsGA1UEAwwUc2FsdHlydGMuc2VydmVyLnRlc3QwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4fXu6zFJIaSSVpvc39S6i+o54hZuj
+W5zqo2A0YaXmB2RvmCwA8THJVIYaV02Y2DFs4gyFl0p/D/9e6dnl9PB7Mo23WRfk
+oM1/JtXs/FnUkEpSH97ssiOryoikP6urDzaPmMz0ydILM6xOA5p4oq4zYgBNN1f8
+JyYc8FQ2KsZEnTUg0cQxctq09chWxqT1scgc/5ELOfxIDPEkI7R9r3GUxZqVPwaf
+ljja/KdbBF+fNPiSJkI29d8zkRX7JvFATB/o8bxMbvIljBRaFFoHxRRkcmK7Cup1
+LqyeYRjldCL/q1tfXQ57BUv3w9UILrQdaraQiGwLt3m7OQRXTz1VLxqDAgMBAAGj
+UDBOMB0GA1UdDgQWBBSK1uqDP7pwmZoZnkYeyrOXQfIfaTAfBgNVHSMEGDAWgBSK
+1uqDP7pwmZoZnkYeyrOXQfIfaTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA
+A4IBAQB4YPZB8n3or14BdL2Q2hYm5u2tb6lk9cgQFz7rX/HxnJeIjbDvw8vfeieO
+0fs0QRSJRp5wd39nvlSO6r7sbn94ZWHRm5A4lbaCy6efjyF+jMQTyeSJRr/Duz0x
+Vc/KgTO0j4GbagkdRDs0xa2o+TbPY/YYyv/qfkqBiVBqJxO9cZBhn7W/dv0U47F4
++qhNDzpiIoQjeVpug8mHhZ6PIQRTtumv9F3gAeHuIxHTzZUo/zmAAUXhE1JzWwSg
+ajDWZx81f5q0zGH6oAdeFFFtLXOZNF+PYakjqstlsZewy+IEJJRFKH/Ca0Pnlvlw
+8MU82FTjv1HoQF56WClJWxdxi9ya
+-----END CERTIFICATE-----