QUIC agent reads certificate path from configuration file.

Author: jianjunz

source/agent/addons/quic/QuicTransportServer.cc

@@ -21,12 +21,8 @@ Nan::Persistent<v8::Function> QuicTransportServer::s_constructor;
 
 DEFINE_LOGGER(QuicTransportServer, "QuicTransportServer");
 
-// TODO: Certificate and key path is hard coded here. Read them from toml file later.
-const std::string certPath = "/tmp/certs/leaf_cert.pem";
-const std::string keyPath = "/tmp/certs/leaf_cert.pkcs8";
-
-QuicTransportServer::QuicTransportServer(int port, const std::string& certPath, const std::string& keyPath)
-    : m_quicServer(QuicFactory::getQuicTransportFactory()->CreateQuicTransportServer(port, certPath.c_str(), keyPath.c_str()))
+QuicTransportServer::QuicTransportServer(int port, const std::string& pfxPath, const std::string& password)
+    : m_quicServer(QuicFactory::getQuicTransportFactory()->CreateQuicTransportServer(port, pfxPath.c_str(), password.c_str()))
 {
     m_quicServer->SetVisitor(this);
     ELOG_DEBUG("QuicTransportServer::QuicTransportServer");
@@ -52,12 +48,13 @@ NAN_METHOD(QuicTransportServer::newInstance)
         ELOG_DEBUG("Not construct call.");
         return;
     }
-    if (info.Length() == 0) {
-        return Nan::ThrowTypeError("Port is required.");
+    if (info.Length() < 3) {
+        return Nan::ThrowTypeError("No enough arguments are provided.");
     }
-    // Default port number is not specified in https://tools.ietf.org/html/draft-vvv-webtransport-quic-01.
-    int minPort = info[0]->IntegerValue();
-    QuicTransportServer* obj = new QuicTransportServer(minPort, certPath, keyPath);
+    int port = info[0]->IntegerValue();
+    v8::String::Utf8Value pfxPath(Nan::To<v8::String>(info[1]).ToLocalChecked());
+    v8::String::Utf8Value password(Nan::To<v8::String>(info[2]).ToLocalChecked());
+    QuicTransportServer* obj = new QuicTransportServer(port, *pfxPath, *password);
     obj->Wrap(info.This());
     uv_async_init(uv_default_loop(), &obj->m_asyncOnConnection, &QuicTransportServer::onConnectionCallback);
     info.GetReturnValue().Set(info.This());

source/agent/addons/quic/QuicTransportServer.h

@@ -33,7 +33,7 @@ class QuicTransportServer : public Nan::ObjectWrap, owt::quic::QuicTransportServ
     void onClose() override;
 
     QuicTransportServer() = delete;
-    explicit QuicTransportServer(int port, const std::string& certPath, const std::string& keyPath);
+    explicit QuicTransportServer(int port, const std::string& pfxPath, const std::string& password);
 
 private:
     static NAN_METHOD(newInstance);

source/agent/quic/dist.json

@@ -38,6 +38,7 @@
               "webtransport/test/quicTransportServerTest.js"
           ],
           "cert": [
+              "../../../cert/certificate.pfx",
               "../../../cert/.owt.keystore"
           ]
       }

source/agent/quic/index.js

@@ -23,6 +23,8 @@ const QuicTransportStreamPipeline =
     require('./webtransport/quicTransportStreamPipeline');
 const log = logger.getLogger('QuicNode');
 const addon = require('./build/Release/quic');
+const cipher = require('../cipher');
+const path = require('path');
 
 log.info('QUIC transport node.')
 
@@ -42,20 +44,31 @@ module.exports = function (rpcClient, selfRpcId, parentRpcId, clusterWorkerIP) {
         rpcClient.remoteCast(controller, 'onSessionProgress', [sessionId, direction, status]);
     };
 
-    const quicTransportServer =
-        new QuicTransportServer(addon, global.config.quic.port);
-    quicTransportServer.start();
-    quicTransportServer.on('streamadded', (stream) => {
+    const keystore = path.resolve(path.dirname(global.config.quic.keystorePath), cipher.kstore);
+    log.info('before unlock');
+    cipher.unlock(cipher.k, keystore, (error, password) => {
+      log.info('unlocked.');
+      if (error) {
+        log.error('Failed to read certificate and key.');
+        return;
+      }
+      log.info('path is '+path.resolve(global.config.quic.keystorePath));
+      const quicTransportServer = new QuicTransportServer(
+          addon, global.config.quic.port, path.resolve(global.config.quic.keystorePath),
+          password);
+      quicTransportServer.start();
+      quicTransportServer.on('streamadded', (stream) => {
         const conn = connections.getConnection(stream.contentSessionId);
         if (conn) {
-            // TODO: verify transport ID.
-            conn.connection.quicStream(stream);
+          // TODO: verify transport ID.
+          conn.connection.quicStream(stream);
         } else {
           log.warn(
               'Cannot find a pipeline for QUIC stream. Content session ID: ' +
               stream.contentSessionId);
           stream.close();
         }
+      });
     });
 
     const createStreamPipeline =

source/agent/quic/webtransport/quicTransportServer.js

@@ -23,9 +23,9 @@ const zeroUuid = '00000000000000000000000000000000';
 const authenticationTimeout = 10;
 
 module.exports = class QuicTransportServer extends EventEmitter {
-  constructor(addon, port) {
+  constructor(addon, port, pfxPath, password) {
     super();
-    this._server = new addon.QuicTransportServer(port);
+    this._server = new addon.QuicTransportServer(port, pfxPath, password);
     this._connections = new Map(); // Key is transport ID.
     this._streams = new Map(); // Key is content session ID.
     this._unAuthenticatedConnections = []; // When it's authenticated, it will be moved to this.connections.