Add servers

central_backend/Cargo.toml

@@ -15,3 +15,5 @@ openssl-sys = "0.9.102"
 libc = "0.2.155"
 foreign-types-shared = "0.1.1"
 asn1 = "0.16"
+actix-web = { version = "4", features = ["openssl"] }
+futures = "0.3.30"

central_backend/src/crypto/pki.rs

@@ -34,9 +34,9 @@ pub enum PKIError {
 
 /// Certificate and private key
 pub struct CertData {
-    cert: X509,
-    key: PKey<Private>,
-    crl: Option<PathBuf>,
+    pub cert: X509,
+    pub key: PKey<Private>,
+    pub crl: Option<PathBuf>,
 }
 
 impl CertData {
@@ -50,7 +50,7 @@ impl CertData {
     }
 
     /// Load web CA
-    fn load_web_ca() -> anyhow::Result<Self> {
+    pub fn load_web_ca() -> anyhow::Result<Self> {
         Ok(Self {
             cert: load_certificate_from_file(AppConfig::get().web_ca_cert_path())?,
             key: load_priv_key_from_file(AppConfig::get().web_ca_priv_key_path())?,
@@ -59,7 +59,7 @@ impl CertData {
     }
 
     /// Load devices CA
-    fn load_devices_ca() -> anyhow::Result<Self> {
+    pub fn load_devices_ca() -> anyhow::Result<Self> {
         Ok(Self {
             cert: load_certificate_from_file(AppConfig::get().devices_ca_cert_path())?,
             key: load_priv_key_from_file(AppConfig::get().devices_ca_priv_key_path())?,

central_backend/src/lib.rs

@@ -1,3 +1,4 @@
 pub mod app_config;
 pub mod crypto;
+pub mod server;
 pub mod utils;

central_backend/src/main.rs

@@ -1,8 +1,11 @@
 use central_backend::app_config::AppConfig;
 use central_backend::crypto::pki;
+use central_backend::server::{secure_server, unsecure_server};
 use central_backend::utils::files_utils::create_directory_if_missing;
+use futures::future;
 
-fn main() {
+#[actix_web::main]
+async fn main() -> std::io::Result<()> {
     // Initialize OpenSSL
     openssl_sys::init();
 
@@ -18,4 +21,12 @@ fn main() {
     pki::initialize_server_ca().expect("Failed to initialize server certificate!");
 
     pki::refresh_crls().expect("Failed to initialize Root CA!");
+
+    let s1 = secure_server();
+    let s2 = unsecure_server();
+    future::try_join(s1, s2)
+        .await
+        .expect("Failed to start servers!");
+
+    Ok(())
 }

central_backend/src/server/mod.rs

@@ -0,0 +1,45 @@
+use actix_web::{web, App, HttpServer};
+use openssl::ssl::{SslAcceptor, SslMethod};
+
+use crate::app_config::AppConfig;
+use crate::crypto::pki;
+
+pub mod server_controller;
+
+/// Start unsecure (HTTP) server
+pub async fn unsecure_server() -> anyhow::Result<()> {
+    log::info!(
+        "Unecure server starting to listen on {} for {}",
+        AppConfig::get().unsecure_listen_address,
+        AppConfig::get().unsecure_origin()
+    );
+    HttpServer::new(|| App::new().route("/", web::get().to(server_controller::unsecure_home)))
+        .bind(&AppConfig::get().unsecure_listen_address)?
+        .run()
+        .await?;
+
+    Ok(())
+}
+
+/// Start secure (HTTPS) server
+pub async fn secure_server() -> anyhow::Result<()> {
+    let web_ca = pki::CertData::load_web_ca()?;
+    let server_cert = pki::CertData::load_server()?;
+
+    let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
+    builder.set_private_key(&server_cert.key)?;
+    builder.set_certificate(&server_cert.cert)?;
+    builder.add_extra_chain_cert(web_ca.cert)?;
+
+    log::info!(
+        "Secure server starting to listen on {} for {}",
+        AppConfig::get().listen_address,
+        AppConfig::get().secure_origin()
+    );
+    HttpServer::new(|| App::new().route("/", web::get().to(server_controller::secure_home)))
+        .bind_openssl(&AppConfig::get().listen_address, builder)?
+        .run()
+        .await?;
+
+    Ok(())
+}

central_backend/src/server/server_controller.rs

@@ -0,0 +1,13 @@
+use actix_web::HttpResponse;
+
+pub async fn unsecure_home() -> HttpResponse {
+    HttpResponse::Ok()
+        .content_type("text/plain")
+        .body("SolarEnergy unsecure central backend")
+}
+
+pub async fn secure_home() -> HttpResponse {
+    HttpResponse::Ok()
+        .content_type("text/plain")
+        .body("SolarEnergy secure central backend")
+}