Fixed admin password being boolean.

Added the hostname of the public server in order to send ICCC messages over TLS and HTTP/2

ConfigurationDB/CheckConfiguration.go

@@ -14,13 +14,21 @@ func checkConfiguration() {
 	CheckSingleConfigurationPresentsAndAddIfMissing(`DefaultLanguageCode`, `en-GB`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerBinding`, `127.0.0.1:60000`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerEnabled`, `True`)
+	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerPassword`, ``)
+	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerUseTLS`, `False`)
+	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerTLSCertificateName`, `certificateAdmin.pem`)
+	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerTLSPrivateKey`, `privateKeyAdmin.pem`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerReadTimeoutSeconds`, `10`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerWriteTimeoutSeconds`, `10`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerMaxHeaderLenBytes`, `10485760`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`PublicWebServerPort`, `50000`)
+	CheckSingleConfigurationPresentsAndAddIfMissing(`PublicWebServerHostname`, `www.my-site.domain`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`PublicWebServerReadTimeoutSeconds`, `10`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`PublicWebServerWriteTimeoutSeconds`, `10`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`PublicWebServerMaxHeaderLenBytes`, `1048576`)
+	CheckSingleConfigurationPresentsAndAddIfMissing(`PublicWebServerUseTLS`, `False`)
+	CheckSingleConfigurationPresentsAndAddIfMissing(`PublicWebServerTLSCertificateName`, `certificatePublic.pem`)
+	CheckSingleConfigurationPresentsAndAddIfMissing(`PublicWebServerTLSPrivateKey`, `privateKeyPublic.pem`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`InternalCommPassword`, `please replace this with e.g. a random GUID, etc.`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`CustomerDBHost`, `localhost:27017`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`CustomerDBDatabase`, `Ocean`)

ConfigurationDB/ConnectDatabase.go

@@ -14,7 +14,7 @@ func connectDatabase(config Meta.Configuration) {
 	defer func() {
 		if err := recover(); err != nil {
 			fmt.Printf("[Error] Was not able to connect to the configuration database: %s. Please read https://github.com/SommerEngineering/Ocean.\n", err)
-			os.Exit(0)
+			os.Exit(1)
 		}
 	}()
 
@@ -22,7 +22,7 @@ func connectDatabase(config Meta.Configuration) {
 	if newSession, errDial := mgo.Dial(config.ConfigDBHostname); errDial != nil {
 		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.SeverityUnknown, LM.ImpactUnknown, LM.MessageNameDATABASE, `It was not possible to connect to the MongoDB host `+config.ConfigDBHostname, errDial.Error())
 		fmt.Printf("[Error] Was not able to connect to the configuration database: %s. Please read https://github.com/SommerEngineering/Ocean.\n", errDial.Error())
-		os.Exit(0)
+		os.Exit(1)
 	} else {
 		session = newSession
 	}
@@ -34,7 +34,7 @@ func connectDatabase(config Meta.Configuration) {
 	if errLogin := db.Login(config.ConfigDBConfigurationCollectionUsername, config.ConfigDBConfigurationCollectionPassword); errLogin != nil {
 		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelSECURITY, LM.SeverityUnknown, LM.ImpactUnknown, LM.MessageNameDATABASE, `It was not possible to login the user `+config.ConfigDBConfigurationCollectionUsername, errLogin.Error())
 		fmt.Printf("[Error] Was not able to connect to the configuration database: %s. Please read https://github.com/SommerEngineering/Ocean.\n", errLogin.Error())
-		os.Exit(0)
+		os.Exit(1)
 	}
 
 	// In case of write operations, wait for the majority of servers to be done:

CustomerDB/ConnectDatabase.go

@@ -13,7 +13,7 @@ func connectDatabase(host, username, password, database string) {
 	defer func() {
 		if err := recover(); err != nil {
 			fmt.Printf("[Error] Was not able to connect to the customer database: %s. Please read https://github.com/SommerEngineering/Ocean.\n", err)
-			os.Exit(0)
+			os.Exit(2)
 		}
 	}()
 
@@ -21,7 +21,7 @@ func connectDatabase(host, username, password, database string) {
 	if newSession, errDial := mgo.Dial(host); errDial != nil {
 		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.SeverityUnknown, LM.ImpactUnknown, LM.MessageNameDATABASE, `It was not possible to connect to the MongoDB host `+host, errDial.Error())
 		fmt.Printf("[Error] Was not able to connect to the customer database: %s. Please read https://github.com/SommerEngineering/Ocean.\n", errDial.Error())
-		os.Exit(0)
+		os.Exit(2)
 	} else {
 		mainSession = newSession
 	}
@@ -31,14 +31,14 @@ func connectDatabase(host, username, password, database string) {
 	if db == nil {
 		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.SeverityCritical, LM.ImpactCritical, LM.MessageNameDATABASE, `Was not able to get the customer database.`)
 		fmt.Printf("[Error] Was not able to connect to the customer database. Please read https://github.com/SommerEngineering/Ocean.\n")
-		os.Exit(0)
+		os.Exit(2)
 	}
 
 	// Login:
 	if errLogin := db.Login(username, password); errLogin != nil {
 		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelSECURITY, LM.SeverityUnknown, LM.ImpactUnknown, LM.MessageNameDATABASE, `It was not possible to login the user `+databaseUsername, errLogin.Error())
 		fmt.Printf("[Error] Was not able to connect to the customer database: %s. Please read https://github.com/SommerEngineering/Ocean.\n", errLogin.Error())
-		os.Exit(0)
+		os.Exit(2)
 	}
 
 	// In case of write operations, wait for the majority of servers to be done:
@@ -53,7 +53,7 @@ func connectDatabase(host, username, password, database string) {
 	if gridFS == nil {
 		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.SeverityCritical, LM.ImpactCritical, LM.MessageNameDATABASE, `Was not able to get the GridFS from the database.`)
 		fmt.Printf("[Error] Was not able to connect to the customer database. Please read https://github.com/SommerEngineering/Ocean.\n")
-		os.Exit(0)
+		os.Exit(2)
 	}
 
 	// Ensure the indexes for the GridFS:

Handlers/AddHandler.go

@@ -2,9 +2,11 @@ package Handlers
 
 import (
 	"fmt"
+	"net/http"
+
+	"github.com/SommerEngineering/Ocean/ConfigurationDB"
 	"github.com/SommerEngineering/Ocean/Log"
 	LM "github.com/SommerEngineering/Ocean/Log/Meta"
-	"net/http"
 )
 
 // Function to add a new public handler.
@@ -32,5 +34,5 @@ func AddAdminHandler(pattern string, handler func(http.ResponseWriter, *http.Req
 	}()
 
 	// Add the handler:
-	muxAdmin.HandleFunc(pattern, handler)
+	muxAdmin.HandleFunc(pattern, BasicAuth(handler, `admin`, ConfigurationDB.Read(`AdminWebServerPassword`), `Please enter your username and password for this site`))
 }

Handlers/BasicAuth.go

@@ -0,0 +1,30 @@
+package Handlers
+
+import (
+	"crypto/subtle"
+	"net/http"
+)
+
+// BasicAuth wraps a handler requiring HTTP basic auth for it using the given
+// username and password and the specified realm, which shouldn't contain quotes.
+//
+// Most web browser display a dialog with something like:
+//
+//    The website says: "<realm>"
+//
+// Which is really stupid so you may want to set the realm to a message rather than
+// an actual realm.
+//
+// Taken from on http://stackoverflow.com/questions/21936332/idiomatic-way-of-requiring-http-basic-auth-in-go/39591234#39591234
+func BasicAuth(handler http.HandlerFunc, username, password, realm string) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user, pass, ok := r.BasicAuth()
+		if !ok || subtle.ConstantTimeCompare([]byte(user), []byte(username)) != 1 || subtle.ConstantTimeCompare([]byte(pass), []byte(password)) != 1 {
+			w.Header().Set("WWW-Authenticate", `Basic realm="`+realm+`"`)
+			w.WriteHeader(401)
+			w.Write([]byte(http.StatusText(401)))
+			return
+		}
+		handler(w, r)
+	}
+}

ICCC/HTTPConnector.go

@@ -56,7 +56,7 @@ func ICCCHandler(response http.ResponseWriter, request *http.Request) {
 
 	if listener == nil {
 		// Case: No such listener
-		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelWARN, LM.SeverityCritical, LM.ImpactUnknown, LM.MessageNameCONFIGURATION, `Was not able to find the correct listener for these ICCC message.`, `channel=`+channel, `command`+command, `hostname=`+Tools.ThisHostname())
+		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelWARN, LM.SeverityCritical, LM.ImpactUnknown, LM.MessageNameCONFIGURATION, `Was not able to find the correct listener for these ICCC message.`, `channel=`+channel, `command=`+command, `hostname=`+Tools.ThisHostname())
 		http.NotFound(response, request)
 	} else {
 		// Case: Everything is fine => deliver the message and read the answer:

ICCC/Init.go

@@ -2,9 +2,11 @@ package ICCC
 
 import (
 	"container/list"
+	"github.com/SommerEngineering/Ocean/ConfigurationDB"
 	"github.com/SommerEngineering/Ocean/Log"
 	LM "github.com/SommerEngineering/Ocean/Log/Meta"
 	"github.com/SommerEngineering/Ocean/Tools"
+	"strings"
 )
 
 // Init this package.
@@ -22,6 +24,13 @@ func init() {
 	// Using the local IP address:
 	correctAddressWithPort = Tools.LocalIPAddressAndPort()
 
+	// Determine the correct protocol:
+	if publicTLSEnabled := ConfigurationDB.Read(`PublicWebServerUseTLS`); strings.ToLower(publicTLSEnabled) == `true` {
+		activeProtocol = "https://"
+	} else {
+		activeProtocol = "http://"
+	}
+
 	// Init the database:
 	initDB()
 

ICCC/RegisterListener2Database.go

@@ -2,6 +2,7 @@ package ICCC
 
 import (
 	"fmt"
+	"github.com/SommerEngineering/Ocean/ConfigurationDB"
 	"github.com/SommerEngineering/Ocean/ICCC/Scheme"
 	"github.com/SommerEngineering/Ocean/Log"
 	LM "github.com/SommerEngineering/Ocean/Log/Meta"
@@ -10,7 +11,7 @@ import (
 
 // The internal function to register an listener to ICCC.
 func registerListener2Database(channel, command, ipAddressPort string, isActive bool, kind byte) {
-	Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameSTARTUP, `Register this ICCC command in to the database.`, `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort, fmt.Sprintf("isActive=%v", isActive))
+	Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameSTARTUP, `Register this ICCC command in to the database.`, `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort, fmt.Sprintf("isActive=%v", isActive), `Hostname=`+ConfigurationDB.Read(`PublicWebServerHostname`))
 
 	entry := Scheme.Listener{}
 	entry.Channel = channel
@@ -18,28 +19,29 @@ func registerListener2Database(channel, command, ipAddressPort string, isActive
 	entry.IsActive = isActive
 	entry.IPAddressPort = ipAddressPort
 	entry.Kind = kind
+	entry.Hostname = ConfigurationDB.Read(`PublicWebServerHostname`)
 
 	//
 	// Case: Exists?
 	//
-	selection := bson.D{{`Channel`, channel}, {`Command`, command}, {`IPAddressPort`, ipAddressPort}}
+	selection := bson.D{{`Channel`, channel}, {`Command`, command}, {`IPAddressPort`, ipAddressPort}, {`Hostname`, entry.Hostname}}
 	count1, _ := collectionListener.Find(selection).Count()
 	if count1 == 1 {
 		//
 		// Case: Exist but maybe not active
 		//
 		collectionListener.Update(selection, entry)
-		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameCONFIGURATION, `Updating the existing ICCC command.`, `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort)
+		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameCONFIGURATION, `Updating the existing ICCC command.`, `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort, `Hostname=`+ConfigurationDB.Read(`PublicWebServerHostname`))
 		return
 	}
 
 	//
 	// Case: Not exist
 	//
-	Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelWARN, LM.SeverityCritical, LM.ImpactNone, LM.MessageNameCONFIGURATION, `This ICCC command is not known.`, `Create now a new entry!`, `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort)
+	Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelWARN, LM.SeverityCritical, LM.ImpactNone, LM.MessageNameCONFIGURATION, `This ICCC command is not known.`, `Create now a new entry!`, `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort, `Hostname=`+ConfigurationDB.Read(`PublicWebServerHostname`))
 	if err := collectionListener.Insert(entry); err != nil {
-		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.SeverityCritical, LM.ImpactCritical, LM.MessageNameDATABASE, `It was not possible to add this ICCC command!`, err.Error(), `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort)
+		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.SeverityCritical, LM.ImpactCritical, LM.MessageNameDATABASE, `It was not possible to add this ICCC command!`, err.Error(), `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort, `Hostname=`+ConfigurationDB.Read(`PublicWebServerHostname`))
 	} else {
-		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameCONFIGURATION, `This ICCC command is now known and active.`, `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort)
+		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameCONFIGURATION, `This ICCC command is now known and active.`, `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort, `Hostname=`+ConfigurationDB.Read(`PublicWebServerHostname`))
 	}
 }

ICCC/Scheme/Listener.go

@@ -7,4 +7,5 @@ type Listener struct {
 	IsActive      bool   `bson:"IsActive"`
 	IPAddressPort string `bson:"IPAddressPort"`
 	Kind          byte   `bson:"Kind"`
+	Hostname      string `bson:"Hostname"`
 }

ICCC/Send.go

@@ -16,7 +16,7 @@ func sendMessage(listener Scheme.Listener, data map[string][]string) (result map
 	valuesHTTP := signMessage(data)
 
 	// Try to deliver the message:
-	if response, err := http.PostForm(`http://`+listener.IPAddressPort+`/ICCC`, valuesHTTP); err != nil {
+	if response, err := http.PostForm(activeProtocol+listener.Hostname+`/ICCC`, valuesHTTP); err != nil {
 		// Case: Was not possible to deliver.
 		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.SeverityCritical, LM.ImpactUnknown, LM.MessageNameNETWORK, `Was not able to send the ICCC message.`, err.Error())
 	} else {

ICCC/SignMessage.go

@@ -6,6 +6,7 @@ import (
 	"github.com/SommerEngineering/Ocean/Tools"
 	"net/url"
 	"sort"
+	"strings"
 )
 
 // Sign a message to secure it.
@@ -32,7 +33,7 @@ func signMessage(data map[string][]string) (result url.Values) {
 	// Now, loop over all the data:
 	for _, key := range keys {
 		// Get the value:
-		value := data[key]
+		value := data[key][0]
 
 		// Hash each key and value:
 		fmt.Fprintf(hash, "key=%s :: value=%s\n", key, value)
@@ -42,6 +43,6 @@ func signMessage(data map[string][]string) (result url.Values) {
 	result = url.Values(data)
 
 	// Append the sign:
-	result.Add(`checksum`, fmt.Sprintf("%x", hash.Sum(nil)))
+	result.Add(`checksum`, strings.ToUpper(fmt.Sprintf("%x", hash.Sum(nil))))
 	return
 }

ICCC/Variables.go

@@ -37,4 +37,5 @@ var (
 	startCacheTimerLock       sync.Mutex                                                    = sync.Mutex{}                                                                         // Mutex for the start timer
 	cacheTimerRunning         bool                                                          = false                                                                                // Is the timer running?
 	correctAddressWithPort    string                                                        = ``                                                                                   // The IP address and port of the this local server
+	activeProtocol            string                                                        = `http://`
 )

Log/DeviceDatabase/InitDB.go

@@ -18,7 +18,7 @@ func initDatabase() {
 	defer func() {
 		if err := recover(); err != nil {
 			fmt.Printf("[Error] Was not able to connect to the logging database: %s. Please read https://github.com/SommerEngineering/Ocean.\n", err)
-			os.Exit(0)
+			os.Exit(2)
 		}
 	}()
 
@@ -57,7 +57,7 @@ func initDatabase() {
 	if newSession, errDial := mgo.Dial(databaseHost); errDial != nil {
 		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.SeverityUnknown, LM.ImpactUnknown, LM.MessageNameDATABASE, `It was not possible to connect to the MongoDB host `+databaseHost, errDial.Error())
 		fmt.Printf("[Error] Was not able to connect to the logging database: %s. Please read https://github.com/SommerEngineering/Ocean.\n", errDial.Error())
-		os.Exit(0)
+		os.Exit(2)
 	} else {
 		logDBSession = newSession
 	}
@@ -69,7 +69,7 @@ func initDatabase() {
 	if errLogin := logDB.Login(databaseUsername, databasePassword); errLogin != nil {
 		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelSECURITY, LM.SeverityUnknown, LM.ImpactUnknown, LM.MessageNameDATABASE, `It was not possible to login the user `+databaseUsername, errLogin.Error())
 		fmt.Printf("[Error] Was not able to connect to the logging database: %s. Please read https://github.com/SommerEngineering/Ocean.\n", errLogin.Error())
-		os.Exit(0)
+		os.Exit(2)
 	}
 
 	// Get the collection:

Log/GetProjectName.go

@@ -0,0 +1,7 @@
+package Log
+
+// This function provides the project name for e.g. logging events
+// coming trough the ICCC.
+func GetProjectName() string {
+	return projectName
+}

Log/Handlers.go

@@ -121,10 +121,16 @@ func clearEntry(entry Meta.Entry) (result Meta.Entry) {
 // Remove white spaces from the parameters.
 func clearParameters(oldParameters []string) (result []string) {
 	for n := 0; n < len(oldParameters); n++ {
+		// Remove white spaces:
 		oldParameters[n] = removeWhitespaces(oldParameters[n])
+
+		// Is content left after removing?
+		if oldParameters[n] != `` {
+			// Yes, some content is still there. Thus, commit this entry:
+			result = append(result, oldParameters[n])
+		}
 	}
 
-	result = oldParameters
 	return
 }
 

Log/ICCCLog/ICCCNewLogEventReceiver.go

@@ -30,6 +30,7 @@ func ICCCNewLogEventReceiver(data map[string][]string) (result map[string][]stri
 
 		// Provide a log entry:
 		logEntry := LM.Entry{}
+		logEntry.Project = Log.GetProjectName()
 		logEntry.Sender = LM.Sender(messageData.Sender)
 		logEntry.Category = LM.ParseCategory(messageData.Category)
 		logEntry.Level = LM.ParseLevel(messageData.Level)

README.md

@@ -91,7 +91,10 @@ exit
 * Finnaly, start Ocean again. The system should now run fine. Please have a look at the ICCC startup logging messages.
 
 ### Use Ocean as distributed messaging broker
-For this case, you can now start your other ICCC components. This are e.g. some Java, Python or C# programs which are using the Ocean ICCC drivers. These drivers currently under development and they will be available soon.
+For this case, you can now start your other ICCC components. This are e.g. some Java, Python or C# programs which are using the Ocean ICCC drivers. These drivers currently under development and they will be available soon. **The next priority:** OceanPy, the ICCC driver for Python.
+
+**Available ICCC drivers:**
+- [OceanNET - ICCC with .NET and C#](https://github.com/SommerEngineering/OceanNET)
 
 ### Use Ocean as framework e.g. for websites
 For this case, an example project with documentation is available here: https://github.com/SommerEngineering/Example003

StaticFiles/FindAndReadFile.go

@@ -3,10 +3,12 @@ package StaticFiles
 import (
 	"archive/zip"
 	"bytes"
+	"github.com/SommerEngineering/Ocean/ConfigurationDB"
 	"github.com/SommerEngineering/Ocean/Log"
 	LM "github.com/SommerEngineering/Ocean/Log/Meta"
 	"github.com/SommerEngineering/Ocean/Shutdown"
 	"io/ioutil"
+	"strings"
 )
 
 // Try to read a static file.
@@ -17,6 +19,40 @@ func FindAndReadFile(filename string) (result []byte) {
 		return
 	}
 
+	//
+	// Ensure that the TLS keys are secure and save:
+	//
+	if strings.ToLower(filename) == strings.ToLower(ConfigurationDB.Read(`AdminWebServerTLSCertificateName`)) {
+		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelSECURITY, LM.SeverityNone, LM.ImpactNone, LM.MessageNameREQUEST, `Someone tried to read the TLS certificate of the admin server. The attempt was inhibited.`)
+		return
+	}
+
+	if strings.ToLower(filename) == strings.ToLower(ConfigurationDB.Read(`AdminWebServerTLSPrivateKey`)) {
+		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelSECURITY, LM.SeverityNone, LM.ImpactNone, LM.MessageNameREQUEST, `Someone tried to read the TLS certificate's private key of the admin server. The attempt was inhibited.`)
+		return
+	}
+
+	if strings.ToLower(filename) == strings.ToLower(ConfigurationDB.Read(`PublicWebServerTLSCertificateName`)) {
+		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelSECURITY, LM.SeverityNone, LM.ImpactNone, LM.MessageNameREQUEST, `Someone tried to read the TLS certificate of the public server. The attempt was inhibited.`)
+		return
+	}
+
+	if strings.ToLower(filename) == strings.ToLower(ConfigurationDB.Read(`PublicWebServerTLSPrivateKey`)) {
+		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelSECURITY, LM.SeverityNone, LM.ImpactNone, LM.MessageNameREQUEST, `Someone tried to read the TLS certificate's private key of the public server. The attempt was inhibited.`)
+		return
+	}
+
+	result = FindAndReadFileINTERNAL(filename)
+	return
+}
+
+func FindAndReadFileINTERNAL(filename string) (result []byte) {
+
+	// Case: The system goes down.
+	if Shutdown.IsDown() {
+		return
+	}
+
 	// Prepare the path:
 	path := filename
 

System/ICCCComponentStartUpMessageReceiver.go

@@ -29,7 +29,7 @@ func icccComponentStartUpMessageReceiver(data map[string][]string) (result map[s
 		messageData := obj.(SystemMessages.ICCCComponentStartUpMessage)
 
 		// Provide a log entry:
-		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameSTARTUP, `ICCC message: The external component is now up and ready.`, fmt.Sprintf("ipAddressPort=%s", messageData.IPAddressPort), fmt.Sprintf("name=", messageData.Name), fmt.Sprintf("version=", messageData.Version))
+		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameSTARTUP, `ICCC message: The external component is now up and ready.`, fmt.Sprintf("ipAddressPort='%s'", messageData.IPAddressPort), fmt.Sprintf("name='%s'", messageData.Name), fmt.Sprintf("version='%s'", messageData.Version))
 
 		// An answer is necessary:
 		return ICCC.Message2Data("", "", SystemMessages.AnswerACK)

System/ICCCOceanStartUpMessageReceiver.go

@@ -29,7 +29,7 @@ func icccOceanStartUpMessageReceiver(data map[string][]string) (result map[strin
 		messageData := obj.(SystemMessages.ICCCOceanStartUpMessage)
 
 		// Provide a log entry:
-		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameSTARTUP, `ICCC message: The Ocean server is now up and ready.`, fmt.Sprintf("public server=%s", messageData.PublicIPAddressPort), fmt.Sprintf("admin server=%s", messageData.AdminIPAddressPort), fmt.Sprintf("Ocean's version=%s", messageData.OceanVersion))
+		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameSTARTUP, `ICCC message: The Ocean server is now up and ready.`, fmt.Sprintf("public server='%s'", messageData.PublicIPAddressPort), fmt.Sprintf("admin server='%s'", messageData.AdminIPAddressPort), fmt.Sprintf("Ocean's version='%s'", messageData.OceanVersion))
 
 		// An answer is necessary:
 		return ICCC.Message2Data("", "", SystemMessages.AnswerACK)

System/InitSystem.go

@@ -105,7 +105,7 @@ func initSystem() {
 	ICCC.Registrar(ICCC.ChannelICCC, `ICCC::DeleteListener`, ICCC.ICCCDeleteListenerReceiver)
 	ICCC.Registrar(ICCC.ChannelICCC, `ICCC::DeleteHost`, ICCC.ICCCDeleteHostReceiver)
 	ICCC.Registrar(ICCC.ChannelICCC, `ICCC::ListenerUpdate`, ICCC.ICCCListenerUpdateReceiver)
-	ICCC.Registrar(ICCC.ChannelICCC, `Ping::Ping`, ICCC.ICCCPingReceiver)
+	ICCC.Registrar(ICCC.ChannelPING, `Ping::Ping`, ICCC.ICCCPingReceiver)
 	ICCC.Registrar(ICCC.ChannelSYSTEM, `System::Version`, ICCC.ICCCGetVersionReceiver)
 	ICCC.Registrar(ICCC.ChannelICCC, `ICCC::GetHosts`, ICCC.ICCCGetHostsReceiver)
 	ICCC.Registrar(ICCC.ChannelICCC, `ICCC::GetListeners`, ICCC.ICCCGetListenersReceiver)

System/Version/Variables.go

@@ -1,5 +1,5 @@
 package Version
 
 var (
-	oceansVersion string = `2.0.3` // Ocean's current version
+	oceansVersion string = `2.1.3` // Ocean's current version
 )

Templates/Add.go

@@ -0,0 +1,7 @@
+package Templates
+
+//AddTemplate adds a template to the template cache so it can be used by ProcessHTML
+func AddTemplate(src string) error {
+	_, err := templates.Parse(src)
+	return err
+}

Tools/Random.go

@@ -20,6 +20,5 @@ func RandomFloat64() (rnd float64) {
 // Gets a random UUID (v4).
 func RandomGUID() (guidString string) {
 	guidString = uuid.NewV4().String()
-	guidString = guidString[1 : len(guidString)-1]
 	return
 }

WebServer/Init.go

@@ -6,8 +6,12 @@ import (
 	"github.com/SommerEngineering/Ocean/Handlers"
 	"github.com/SommerEngineering/Ocean/Log"
 	LM "github.com/SommerEngineering/Ocean/Log/Meta"
+	"github.com/SommerEngineering/Ocean/StaticFiles"
 	"github.com/SommerEngineering/Ocean/Tools"
+	"io/ioutil"
 	"net/http"
+	"os"
+	"path/filepath"
 	"strconv"
 	"strings"
 	"time"
@@ -64,6 +68,32 @@ func init() {
 		serverPublic.MaxHeaderBytes = maxHeaderBytes
 	}
 
+	// Is TLS configured?
+	if publicTLSEnabled := ConfigurationDB.Read(`PublicWebServerUseTLS`); strings.ToLower(publicTLSEnabled) == `true` {
+
+		// TLS is enabled. Copy the certificate and private key to the source directory.
+		publicTLSCertificate := StaticFiles.FindAndReadFileINTERNAL(ConfigurationDB.Read(`PublicWebServerTLSCertificateName`))
+		publicTLSPrivateKey := StaticFiles.FindAndReadFileINTERNAL(ConfigurationDB.Read(`PublicWebServerTLSPrivateKey`))
+
+		// Access to the working directory?
+		currentDir, dirError := os.Getwd()
+		if dirError != nil {
+			Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.MessageNameCONFIGURATION, `Was not able to read the working directory. Thus, cannot store the TLS certificates!`, dirError.Error())
+		} else {
+			// Build the filenames:
+			pathCertificate := filepath.Join(currentDir, ConfigurationDB.Read(`PublicWebServerTLSCertificateName`))
+			pathPrivateKey := filepath.Join(currentDir, ConfigurationDB.Read(`PublicWebServerTLSPrivateKey`))
+
+			// Write the files:
+			if writeError := ioutil.WriteFile(pathCertificate, publicTLSCertificate, 0660); writeError != nil {
+				Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.MessageNameCONFIGURATION, `Was not able to write the TLS certificate to the working directory.`, writeError.Error())
+			}
+			if writeError := ioutil.WriteFile(pathPrivateKey, publicTLSPrivateKey, 0660); writeError != nil {
+				Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.MessageNameCONFIGURATION, `Was not able to write the TLS private key to the working directory.`, writeError.Error())
+			}
+		}
+	}
+
 	// Is the private web server (i.e. administration server) enabled?
 	if strings.ToLower(ConfigurationDB.Read(`AdminWebServerEnabled`)) == `true` {
 
@@ -105,6 +135,32 @@ func init() {
 			Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameCONFIGURATION, fmt.Sprintf("The admin web server's max. header size was set to %d bytes.", maxHeaderBytes))
 			serverAdmin.MaxHeaderBytes = maxHeaderBytes
 		}
+
+		// Is TLS configured?
+		if adminTLSEnabled := ConfigurationDB.Read(`AdminWebServerUseTLS`); strings.ToLower(adminTLSEnabled) == `true` {
+
+			// TLS is enabled. Copy the certificate and private key to the source directory.
+			adminTLSCertificate := StaticFiles.FindAndReadFileINTERNAL(ConfigurationDB.Read(`AdminWebServerTLSCertificateName`))
+			adminTLSPrivateKey := StaticFiles.FindAndReadFileINTERNAL(ConfigurationDB.Read(`AdminWebServerTLSPrivateKey`))
+
+			// Access to the working directory?
+			currentDir, dirError := os.Getwd()
+			if dirError != nil {
+				Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.MessageNameCONFIGURATION, `Was not able to read the working directory. Thus, cannot store the TLS certificates!`, dirError.Error())
+			} else {
+				// Build the filenames:
+				pathCertificate := filepath.Join(currentDir, ConfigurationDB.Read(`AdminWebServerTLSCertificateName`))
+				pathPrivateKey := filepath.Join(currentDir, ConfigurationDB.Read(`AdminWebServerTLSPrivateKey`))
+
+				// Write the files:
+				if writeError := ioutil.WriteFile(pathCertificate, adminTLSCertificate, 0660); writeError != nil {
+					Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.MessageNameCONFIGURATION, `Was not able to write the TLS certificate to the working directory.`, writeError.Error())
+				}
+				if writeError := ioutil.WriteFile(pathPrivateKey, adminTLSPrivateKey, 0660); writeError != nil {
+					Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.MessageNameCONFIGURATION, `Was not able to write the TLS private key to the working directory.`, writeError.Error())
+				}
+			}
+		}
 	} else {
 		// Private web server is disabled:
 		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameSTARTUP, `The admin web server is disabled.`)

WebServer/Start.go

@@ -2,11 +2,13 @@ package WebServer
 
 import (
 	"fmt"
+	"github.com/SommerEngineering/Ocean/ConfigurationDB"
 	"github.com/SommerEngineering/Ocean/ICCC"
 	"github.com/SommerEngineering/Ocean/ICCC/SystemMessages"
 	"github.com/SommerEngineering/Ocean/Log"
 	LM "github.com/SommerEngineering/Ocean/Log/Meta"
 	"github.com/SommerEngineering/Ocean/System/Version"
+	"strings"
 )
 
 func Start() {
@@ -19,15 +21,28 @@ func Start() {
 	if serverPublic != nil {
 		data.PublicIPAddressPort = serverPublicAddressPort
 		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameSTARTUP, `Public web server is now listening.`, `Configuration for hostname and port.`, serverPublicAddressPort)
+
+		// Is TLS configured?
+		if publicTLSEnabled := ConfigurationDB.Read(`PublicWebServerUseTLS`); strings.ToLower(publicTLSEnabled) == `true` {
+			go serverPublic.ListenAndServeTLS(ConfigurationDB.Read(`PublicWebServerTLSCertificateName`), ConfigurationDB.Read(`PublicWebServerTLSPrivateKey`))
+		} else {
 			go serverPublic.ListenAndServe()
 		}
 
+	}
+
 	// Start the private web server:
 	if serverAdmin != nil {
 		data.AdminIPAddressPort = serverAdminAddressPort
 		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameSTARTUP, `Admin web server is now listening.`, `Configuration for hostname and port.`, serverAdminAddressPort)
+
+		// Is TLS configured?
+		if adminTLSEnabled := ConfigurationDB.Read(`AdminWebServerUseTLS`); strings.ToLower(adminTLSEnabled) == `true` {
+			go serverAdmin.ListenAndServeTLS(ConfigurationDB.Read(`AdminWebServerTLSCertificateName`), ConfigurationDB.Read(`AdminWebServerTLSPrivateKey`))
+		} else {
 			go serverAdmin.ListenAndServe()
 		}
+	}
 
 	// Notify the whole cluster, that this server is now up and ready:
 	answers := ICCC.WriteMessage2All(ICCC.ChannelSTARTUP, `System::OceanStart`, ICCC.KindALL, data, SystemMessages.ICCCDefaultAnswer{})