adba870534
Use a TLSOptions configuration object which is created via static functions. - "TLSOptions.client": uses the standard CA and common name verification. - "TLSOptions.client_unsafe": uses optional CA verification (i.e. if specified) - "TLSOptions.server": is the standard server configuration (chain + key) This will allow us to expand the TLS configuration options to include e.g. mutual authentication without bloating the classes that uses StreamPeerTLS and PacketPeerDTLS as underlying peers.
166 lines
6.0 KiB
XML
166 lines
6.0 KiB
XML
<?xml version="1.0" encoding="UTF-8" ?>
|
|
<class name="DTLSServer" inherits="RefCounted" version="4.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="../class.xsd">
|
|
<brief_description>
|
|
Helper class to implement a DTLS server.
|
|
</brief_description>
|
|
<description>
|
|
This class is used to store the state of a DTLS server. Upon [method setup] it converts connected [PacketPeerUDP] to [PacketPeerDTLS] accepting them via [method take_connection] as DTLS clients. Under the hood, this class is used to store the DTLS state and cookies of the server. The reason of why the state and cookies are needed is outside of the scope of this documentation.
|
|
Below a small example of how to use it:
|
|
[codeblocks]
|
|
[gdscript]
|
|
# server_node.gd
|
|
extends Node
|
|
|
|
var dtls := DTLSServer.new()
|
|
var server := UDPServer.new()
|
|
var peers = []
|
|
|
|
func _ready():
|
|
server.listen(4242)
|
|
var key = load("key.key") # Your private key.
|
|
var cert = load("cert.crt") # Your X509 certificate.
|
|
dtls.setup(key, cert)
|
|
|
|
func _process(delta):
|
|
while server.is_connection_available():
|
|
var peer : PacketPeerUDP = server.take_connection()
|
|
var dtls_peer : PacketPeerDTLS = dtls.take_connection(peer)
|
|
if dtls_peer.get_status() != PacketPeerDTLS.STATUS_HANDSHAKING:
|
|
continue # It is normal that 50% of the connections fails due to cookie exchange.
|
|
print("Peer connected!")
|
|
peers.append(dtls_peer)
|
|
|
|
for p in peers:
|
|
p.poll() # Must poll to update the state.
|
|
if p.get_status() == PacketPeerDTLS.STATUS_CONNECTED:
|
|
while p.get_available_packet_count() > 0:
|
|
print("Received message from client: %s" % p.get_packet().get_string_from_utf8())
|
|
p.put_packet("Hello DTLS client".to_utf8())
|
|
[/gdscript]
|
|
[csharp]
|
|
using Godot;
|
|
using System;
|
|
// ServerNode.cs
|
|
public class ServerNode : Node
|
|
{
|
|
public DTLSServer Dtls = new DTLSServer();
|
|
public UDPServer Server = new UDPServer();
|
|
public Godot.Collections.Array<PacketPeerDTLS> Peers = new Godot.Collections.Array<PacketPeerDTLS>();
|
|
public override void _Ready()
|
|
{
|
|
Server.Listen(4242);
|
|
var key = GD.Load<CryptoKey>("key.key"); // Your private key.
|
|
var cert = GD.Load<X509Certificate>("cert.crt"); // Your X509 certificate.
|
|
Dtls.Setup(key, cert);
|
|
}
|
|
|
|
public override void _Process(float delta)
|
|
{
|
|
while (Server.IsConnectionAvailable())
|
|
{
|
|
PacketPeerUDP peer = Server.TakeConnection();
|
|
PacketPeerDTLS dtlsPeer = Dtls.TakeConnection(peer);
|
|
if (dtlsPeer.GetStatus() != PacketPeerDTLS.Status.Handshaking)
|
|
{
|
|
continue; // It is normal that 50% of the connections fails due to cookie exchange.
|
|
}
|
|
GD.Print("Peer connected!");
|
|
Peers.Add(dtlsPeer);
|
|
}
|
|
|
|
foreach (var p in Peers)
|
|
{
|
|
p.Poll(); // Must poll to update the state.
|
|
if (p.GetStatus() == PacketPeerDTLS.Status.Connected)
|
|
{
|
|
while (p.GetAvailablePacketCount() > 0)
|
|
{
|
|
GD.Print("Received Message From Client: " + p.GetPacket().GetStringFromUTF8());
|
|
p.PutPacket("Hello Dtls Client".ToUTF8());
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[/csharp]
|
|
[/codeblocks]
|
|
[codeblocks]
|
|
[gdscript]
|
|
# client_node.gd
|
|
extends Node
|
|
|
|
var dtls := PacketPeerDTLS.new()
|
|
var udp := PacketPeerUDP.new()
|
|
var connected = false
|
|
|
|
func _ready():
|
|
udp.connect_to_host("127.0.0.1", 4242)
|
|
dtls.connect_to_peer(udp, false) # Use true in production for certificate validation!
|
|
|
|
func _process(delta):
|
|
dtls.poll()
|
|
if dtls.get_status() == PacketPeerDTLS.STATUS_CONNECTED:
|
|
if !connected:
|
|
# Try to contact server
|
|
dtls.put_packet("The answer is... 42!".to_utf8())
|
|
while dtls.get_available_packet_count() > 0:
|
|
print("Connected: %s" % dtls.get_packet().get_string_from_utf8())
|
|
connected = true
|
|
[/gdscript]
|
|
[csharp]
|
|
using Godot;
|
|
using System.Text;
|
|
// ClientNode.cs
|
|
public class ClientNode : Node
|
|
{
|
|
public PacketPeerDTLS Dtls = new PacketPeerDTLS();
|
|
public PacketPeerUDP Udp = new PacketPeerUDP();
|
|
public bool Connected = false;
|
|
public override void _Ready()
|
|
{
|
|
Udp.ConnectToHost("127.0.0.1", 4242);
|
|
Dtls.ConnectToPeer(Udp, false); // Use true in production for certificate validation!
|
|
}
|
|
|
|
public override void _Process(float delta)
|
|
{
|
|
Dtls.Poll();
|
|
if (Dtls.GetStatus() == PacketPeerDTLS.Status.Connected)
|
|
{
|
|
if (!Connected)
|
|
{
|
|
// Try to contact server
|
|
Dtls.PutPacket("The Answer Is..42!".ToUTF8());
|
|
}
|
|
while (Dtls.GetAvailablePacketCount() > 0)
|
|
{
|
|
GD.Print("Connected: " + Dtls.GetPacket().GetStringFromUTF8());
|
|
Connected = true;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[/csharp]
|
|
[/codeblocks]
|
|
</description>
|
|
<tutorials>
|
|
</tutorials>
|
|
<methods>
|
|
<method name="setup">
|
|
<return type="int" enum="Error" />
|
|
<param index="0" name="server_options" type="TLSOptions" />
|
|
<description>
|
|
Setup the DTLS server to use the given [param server_options]. See [method TLSOptions.server].
|
|
</description>
|
|
</method>
|
|
<method name="take_connection">
|
|
<return type="PacketPeerDTLS" />
|
|
<param index="0" name="udp_peer" type="PacketPeerUDP" />
|
|
<description>
|
|
Try to initiate the DTLS handshake with the given [param udp_peer] which must be already connected (see [method PacketPeerUDP.connect_to_host]).
|
|
[b]Note:[/b] You must check that the state of the return PacketPeerUDP is [constant PacketPeerDTLS.STATUS_HANDSHAKING], as it is normal that 50% of the new connections will be invalid due to cookie exchange.
|
|
</description>
|
|
</method>
|
|
</methods>
|
|
</class>
|