Fixed admin password being boolean.

Added the hostname of the public server in order to send ICCC messages over TLS and HTTP/2

ConfigurationDB/CheckConfiguration.go

@@ -14,13 +14,21 @@ func checkConfiguration() {
 	CheckSingleConfigurationPresentsAndAddIfMissing(`DefaultLanguageCode`, `en-GB`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerBinding`, `127.0.0.1:60000`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerEnabled`, `True`)
+	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerPassword`, ``)
+	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerUseTLS`, `False`)
+	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerTLSCertificateName`, `certificateAdmin.pem`)
+	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerTLSPrivateKey`, `privateKeyAdmin.pem`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerReadTimeoutSeconds`, `10`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerWriteTimeoutSeconds`, `10`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerMaxHeaderLenBytes`, `10485760`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`PublicWebServerPort`, `50000`)
+	CheckSingleConfigurationPresentsAndAddIfMissing(`PublicWebServerHostname`, `www.my-site.domain`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`PublicWebServerReadTimeoutSeconds`, `10`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`PublicWebServerWriteTimeoutSeconds`, `10`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`PublicWebServerMaxHeaderLenBytes`, `1048576`)
+	CheckSingleConfigurationPresentsAndAddIfMissing(`PublicWebServerUseTLS`, `False`)
+	CheckSingleConfigurationPresentsAndAddIfMissing(`PublicWebServerTLSCertificateName`, `certificatePublic.pem`)
+	CheckSingleConfigurationPresentsAndAddIfMissing(`PublicWebServerTLSPrivateKey`, `privateKeyPublic.pem`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`InternalCommPassword`, `please replace this with e.g. a random GUID, etc.`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`CustomerDBHost`, `localhost:27017`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`CustomerDBDatabase`, `Ocean`)

ConfigurationDB/ConnectDatabase.go

@@ -14,7 +14,7 @@ func connectDatabase(config Meta.Configuration) {
 	defer func() {
 		if err := recover(); err != nil {
 			fmt.Printf("[Error] Was not able to connect to the configuration database: %s. Please read https://github.com/SommerEngineering/Ocean.\n", err)
-			os.Exit(0)
+			os.Exit(1)
 		}
 	}()
 
@@ -22,7 +22,7 @@ func connectDatabase(config Meta.Configuration) {
 	if newSession, errDial := mgo.Dial(config.ConfigDBHostname); errDial != nil {
 		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.SeverityUnknown, LM.ImpactUnknown, LM.MessageNameDATABASE, `It was not possible to connect to the MongoDB host `+config.ConfigDBHostname, errDial.Error())
 		fmt.Printf("[Error] Was not able to connect to the configuration database: %s. Please read https://github.com/SommerEngineering/Ocean.\n", errDial.Error())
-		os.Exit(0)
+		os.Exit(1)
 	} else {
 		session = newSession
 	}
@@ -34,7 +34,7 @@ func connectDatabase(config Meta.Configuration) {
 	if errLogin := db.Login(config.ConfigDBConfigurationCollectionUsername, config.ConfigDBConfigurationCollectionPassword); errLogin != nil {
 		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelSECURITY, LM.SeverityUnknown, LM.ImpactUnknown, LM.MessageNameDATABASE, `It was not possible to login the user `+config.ConfigDBConfigurationCollectionUsername, errLogin.Error())
 		fmt.Printf("[Error] Was not able to connect to the configuration database: %s. Please read https://github.com/SommerEngineering/Ocean.\n", errLogin.Error())
-		os.Exit(0)
+		os.Exit(1)
 	}
 
 	// In case of write operations, wait for the majority of servers to be done:

CustomerDB/ConnectDatabase.go

@@ -13,7 +13,7 @@ func connectDatabase(host, username, password, database string) {
 	defer func() {
 		if err := recover(); err != nil {
 			fmt.Printf("[Error] Was not able to connect to the customer database: %s. Please read https://github.com/SommerEngineering/Ocean.\n", err)
-			os.Exit(0)
+			os.Exit(2)
 		}
 	}()
 
@@ -21,7 +21,7 @@ func connectDatabase(host, username, password, database string) {
 	if newSession, errDial := mgo.Dial(host); errDial != nil {
 		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.SeverityUnknown, LM.ImpactUnknown, LM.MessageNameDATABASE, `It was not possible to connect to the MongoDB host `+host, errDial.Error())
 		fmt.Printf("[Error] Was not able to connect to the customer database: %s. Please read https://github.com/SommerEngineering/Ocean.\n", errDial.Error())
-		os.Exit(0)
+		os.Exit(2)
 	} else {
 		mainSession = newSession
 	}
@@ -31,14 +31,14 @@ func connectDatabase(host, username, password, database string) {
 	if db == nil {
 		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.SeverityCritical, LM.ImpactCritical, LM.MessageNameDATABASE, `Was not able to get the customer database.`)
 		fmt.Printf("[Error] Was not able to connect to the customer database. Please read https://github.com/SommerEngineering/Ocean.\n")
-		os.Exit(0)
+		os.Exit(2)
 	}
 
 	// Login:
 	if errLogin := db.Login(username, password); errLogin != nil {
 		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelSECURITY, LM.SeverityUnknown, LM.ImpactUnknown, LM.MessageNameDATABASE, `It was not possible to login the user `+databaseUsername, errLogin.Error())
 		fmt.Printf("[Error] Was not able to connect to the customer database: %s. Please read https://github.com/SommerEngineering/Ocean.\n", errLogin.Error())
-		os.Exit(0)
+		os.Exit(2)
 	}
 
 	// In case of write operations, wait for the majority of servers to be done:
@@ -53,7 +53,7 @@ func connectDatabase(host, username, password, database string) {
 	if gridFS == nil {
 		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.SeverityCritical, LM.ImpactCritical, LM.MessageNameDATABASE, `Was not able to get the GridFS from the database.`)
 		fmt.Printf("[Error] Was not able to connect to the customer database. Please read https://github.com/SommerEngineering/Ocean.\n")
-		os.Exit(0)
+		os.Exit(2)
 	}
 
 	// Ensure the indexes for the GridFS:

Handlers/AddHandler.go

@@ -1,36 +1,38 @@
-package Handlers
+package Handlers
-
+
-import (
+import (
-	"fmt"
+	"fmt"
-	"github.com/SommerEngineering/Ocean/Log"
+	"net/http"
-	LM "github.com/SommerEngineering/Ocean/Log/Meta"
+
-	"net/http"
+	"github.com/SommerEngineering/Ocean/ConfigurationDB"
-)
+	"github.com/SommerEngineering/Ocean/Log"
-
+	LM "github.com/SommerEngineering/Ocean/Log/Meta"
-// Function to add a new public handler.
+)
-func AddPublicHandler(pattern string, handler func(http.ResponseWriter, *http.Request)) {
+
-	// In case of an error, catch the error:
+// Function to add a new public handler.
-	defer func() {
+func AddPublicHandler(pattern string, handler func(http.ResponseWriter, *http.Request)) {
-		if err := recover(); err != nil {
+	// In case of an error, catch the error:
-			Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.SeverityUnknown, LM.ImpactUnknown, LM.MessageNameSTATE, fmt.Sprintf("Was not able to add a public handler, because the path '%s' is already in use. %s", pattern, err))
+	defer func() {
-			return
+		if err := recover(); err != nil {
-		}
+			Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.SeverityUnknown, LM.ImpactUnknown, LM.MessageNameSTATE, fmt.Sprintf("Was not able to add a public handler, because the path '%s' is already in use. %s", pattern, err))
-	}()
+			return
-
+		}
-	// Add the handler:
+	}()
-	muxPublic.HandleFunc(pattern, handler)
+
-}
+	// Add the handler:
-
+	muxPublic.HandleFunc(pattern, handler)
-// Function to add a new private handler.
+}
-func AddAdminHandler(pattern string, handler func(http.ResponseWriter, *http.Request)) {
+
-	// In case of an error, catch the error:
+// Function to add a new private handler.
-	defer func() {
+func AddAdminHandler(pattern string, handler func(http.ResponseWriter, *http.Request)) {
-		if err := recover(); err != nil {
+	// In case of an error, catch the error:
-			Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.SeverityUnknown, LM.ImpactUnknown, LM.MessageNameSTATE, fmt.Sprintf("Was not able to add a private admin handler, because the path '%s' is already in use. %s", pattern, err))
+	defer func() {
-			return
+		if err := recover(); err != nil {
-		}
+			Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.SeverityUnknown, LM.ImpactUnknown, LM.MessageNameSTATE, fmt.Sprintf("Was not able to add a private admin handler, because the path '%s' is already in use. %s", pattern, err))
-	}()
+			return
-
+		}
-	// Add the handler:
+	}()
-	muxAdmin.HandleFunc(pattern, handler)
+
-}
+	// Add the handler:
+	muxAdmin.HandleFunc(pattern, BasicAuth(handler, `admin`, ConfigurationDB.Read(`AdminWebServerPassword`), `Please enter your username and password for this site`))
+}

Handlers/BasicAuth.go

@@ -0,0 +1,30 @@
+package Handlers
+
+import (
+	"crypto/subtle"
+	"net/http"
+)
+
+// BasicAuth wraps a handler requiring HTTP basic auth for it using the given
+// username and password and the specified realm, which shouldn't contain quotes.
+//
+// Most web browser display a dialog with something like:
+//
+//    The website says: "<realm>"
+//
+// Which is really stupid so you may want to set the realm to a message rather than
+// an actual realm.
+//
+// Taken from on http://stackoverflow.com/questions/21936332/idiomatic-way-of-requiring-http-basic-auth-in-go/39591234#39591234
+func BasicAuth(handler http.HandlerFunc, username, password, realm string) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user, pass, ok := r.BasicAuth()
+		if !ok || subtle.ConstantTimeCompare([]byte(user), []byte(username)) != 1 || subtle.ConstantTimeCompare([]byte(pass), []byte(password)) != 1 {
+			w.Header().Set("WWW-Authenticate", `Basic realm="`+realm+`"`)
+			w.WriteHeader(401)
+			w.Write([]byte(http.StatusText(401)))
+			return
+		}
+		handler(w, r)
+	}
+}

ICCC/HTTPConnector.go

@@ -56,7 +56,7 @@ func ICCCHandler(response http.ResponseWriter, request *http.Request) {
 
 	if listener == nil {
 		// Case: No such listener
-		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelWARN, LM.SeverityCritical, LM.ImpactUnknown, LM.MessageNameCONFIGURATION, `Was not able to find the correct listener for these ICCC message.`, `channel=`+channel, `command`+command, `hostname=`+Tools.ThisHostname())
+		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelWARN, LM.SeverityCritical, LM.ImpactUnknown, LM.MessageNameCONFIGURATION, `Was not able to find the correct listener for these ICCC message.`, `channel=`+channel, `command=`+command, `hostname=`+Tools.ThisHostname())
 		http.NotFound(response, request)
 	} else {
 		// Case: Everything is fine => deliver the message and read the answer:

ICCC/Init.go

@@ -2,9 +2,11 @@ package ICCC
 
 import (
 	"container/list"
+	"github.com/SommerEngineering/Ocean/ConfigurationDB"
 	"github.com/SommerEngineering/Ocean/Log"
 	LM "github.com/SommerEngineering/Ocean/Log/Meta"
 	"github.com/SommerEngineering/Ocean/Tools"
+	"strings"
 )
 
 // Init this package.
@@ -22,6 +24,13 @@ func init() {
 	// Using the local IP address:
 	correctAddressWithPort = Tools.LocalIPAddressAndPort()
 
+	// Determine the correct protocol:
+	if publicTLSEnabled := ConfigurationDB.Read(`PublicWebServerUseTLS`); strings.ToLower(publicTLSEnabled) == `true` {
+		activeProtocol = "https://"
+	} else {
+		activeProtocol = "http://"
+	}
+
 	// Init the database:
 	initDB()
 

ICCC/RegisterListener2Database.go

@@ -1,45 +1,47 @@
-package ICCC
+package ICCC
-
+
-import (
+import (
-	"fmt"
+	"fmt"
-	"github.com/SommerEngineering/Ocean/ICCC/Scheme"
+	"github.com/SommerEngineering/Ocean/ConfigurationDB"
-	"github.com/SommerEngineering/Ocean/Log"
+	"github.com/SommerEngineering/Ocean/ICCC/Scheme"
-	LM "github.com/SommerEngineering/Ocean/Log/Meta"
+	"github.com/SommerEngineering/Ocean/Log"
-	"gopkg.in/mgo.v2/bson"
+	LM "github.com/SommerEngineering/Ocean/Log/Meta"
-)
+	"gopkg.in/mgo.v2/bson"
-
+)
-// The internal function to register an listener to ICCC.
+
-func registerListener2Database(channel, command, ipAddressPort string, isActive bool, kind byte) {
+// The internal function to register an listener to ICCC.
-	Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameSTARTUP, `Register this ICCC command in to the database.`, `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort, fmt.Sprintf("isActive=%v", isActive))
+func registerListener2Database(channel, command, ipAddressPort string, isActive bool, kind byte) {
-
+	Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameSTARTUP, `Register this ICCC command in to the database.`, `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort, fmt.Sprintf("isActive=%v", isActive), `Hostname=`+ConfigurationDB.Read(`PublicWebServerHostname`))
-	entry := Scheme.Listener{}
+
-	entry.Channel = channel
+	entry := Scheme.Listener{}
-	entry.Command = command
+	entry.Channel = channel
-	entry.IsActive = isActive
+	entry.Command = command
-	entry.IPAddressPort = ipAddressPort
+	entry.IsActive = isActive
-	entry.Kind = kind
+	entry.IPAddressPort = ipAddressPort
-
+	entry.Kind = kind
-	//
+	entry.Hostname = ConfigurationDB.Read(`PublicWebServerHostname`)
-	// Case: Exists?
+
-	//
+	//
-	selection := bson.D{{`Channel`, channel}, {`Command`, command}, {`IPAddressPort`, ipAddressPort}}
+	// Case: Exists?
-	count1, _ := collectionListener.Find(selection).Count()
+	//
-	if count1 == 1 {
+	selection := bson.D{{`Channel`, channel}, {`Command`, command}, {`IPAddressPort`, ipAddressPort}, {`Hostname`, entry.Hostname}}
-		//
+	count1, _ := collectionListener.Find(selection).Count()
-		// Case: Exist but maybe not active
+	if count1 == 1 {
-		//
+		//
-		collectionListener.Update(selection, entry)
+		// Case: Exist but maybe not active
-		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameCONFIGURATION, `Updating the existing ICCC command.`, `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort)
+		//
-		return
+		collectionListener.Update(selection, entry)
-	}
+		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameCONFIGURATION, `Updating the existing ICCC command.`, `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort, `Hostname=`+ConfigurationDB.Read(`PublicWebServerHostname`))
-
+		return
-	//
+	}
-	// Case: Not exist
+
-	//
+	//
-	Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelWARN, LM.SeverityCritical, LM.ImpactNone, LM.MessageNameCONFIGURATION, `This ICCC command is not known.`, `Create now a new entry!`, `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort)
+	// Case: Not exist
-	if err := collectionListener.Insert(entry); err != nil {
+	//
-		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.SeverityCritical, LM.ImpactCritical, LM.MessageNameDATABASE, `It was not possible to add this ICCC command!`, err.Error(), `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort)
+	Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelWARN, LM.SeverityCritical, LM.ImpactNone, LM.MessageNameCONFIGURATION, `This ICCC command is not known.`, `Create now a new entry!`, `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort, `Hostname=`+ConfigurationDB.Read(`PublicWebServerHostname`))
-	} else {
+	if err := collectionListener.Insert(entry); err != nil {
-		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameCONFIGURATION, `This ICCC command is now known and active.`, `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort)
+		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.SeverityCritical, LM.ImpactCritical, LM.MessageNameDATABASE, `It was not possible to add this ICCC command!`, err.Error(), `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort, `Hostname=`+ConfigurationDB.Read(`PublicWebServerHostname`))
-	}
+	} else {
-}
+		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameCONFIGURATION, `This ICCC command is now known and active.`, `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort, `Hostname=`+ConfigurationDB.Read(`PublicWebServerHostname`))
+	}
+}

ICCC/Scheme/Listener.go

@@ -7,4 +7,5 @@ type Listener struct {
 	IsActive      bool   `bson:"IsActive"`
 	IPAddressPort string `bson:"IPAddressPort"`
 	Kind          byte   `bson:"Kind"`
+	Hostname      string `bson:"Hostname"`
 }

ICCC/Send.go

@@ -16,7 +16,7 @@ func sendMessage(listener Scheme.Listener, data map[string][]string) (result map
 	valuesHTTP := signMessage(data)
 
 	// Try to deliver the message:
-	if response, err := http.PostForm(`http://`+listener.IPAddressPort+`/ICCC`, valuesHTTP); err != nil {
+	if response, err := http.PostForm(activeProtocol+listener.Hostname+`/ICCC`, valuesHTTP); err != nil {
 		// Case: Was not possible to deliver.
 		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.SeverityCritical, LM.ImpactUnknown, LM.MessageNameNETWORK, `Was not able to send the ICCC message.`, err.Error())
 	} else {

ICCC/Variables.go

@@ -37,4 +37,5 @@ var (
 	startCacheTimerLock       sync.Mutex                                                    = sync.Mutex{}                                                                         // Mutex for the start timer
 	cacheTimerRunning         bool                                                          = false                                                                                // Is the timer running?
 	correctAddressWithPort    string                                                        = ``                                                                                   // The IP address and port of the this local server
+	activeProtocol            string                                                        = `http://`
 )

Log/DeviceDatabase/InitDB.go

@@ -18,7 +18,7 @@ func initDatabase() {
 	defer func() {
 		if err := recover(); err != nil {
 			fmt.Printf("[Error] Was not able to connect to the logging database: %s. Please read https://github.com/SommerEngineering/Ocean.\n", err)
-			os.Exit(0)
+			os.Exit(2)
 		}
 	}()
 
@@ -57,7 +57,7 @@ func initDatabase() {
 	if newSession, errDial := mgo.Dial(databaseHost); errDial != nil {
 		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.SeverityUnknown, LM.ImpactUnknown, LM.MessageNameDATABASE, `It was not possible to connect to the MongoDB host `+databaseHost, errDial.Error())
 		fmt.Printf("[Error] Was not able to connect to the logging database: %s. Please read https://github.com/SommerEngineering/Ocean.\n", errDial.Error())
-		os.Exit(0)
+		os.Exit(2)
 	} else {
 		logDBSession = newSession
 	}
@@ -69,7 +69,7 @@ func initDatabase() {
 	if errLogin := logDB.Login(databaseUsername, databasePassword); errLogin != nil {
 		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelSECURITY, LM.SeverityUnknown, LM.ImpactUnknown, LM.MessageNameDATABASE, `It was not possible to login the user `+databaseUsername, errLogin.Error())
 		fmt.Printf("[Error] Was not able to connect to the logging database: %s. Please read https://github.com/SommerEngineering/Ocean.\n", errLogin.Error())
-		os.Exit(0)
+		os.Exit(2)
 	}
 
 	// Get the collection:

README.md

@@ -49,11 +49,11 @@ The second configuration file is **configuration.json**. It contains the configu
 
 ```JSON
 {
-	"ConfigDBHostname" : "127.0.0.1:27017",
+   "ConfigDBHostname" : "127.0.0.1:27017",
-	"ConfigDBDatabase" : "MyOcean",
+   "ConfigDBDatabase" : "MyOcean",
-	"ConfigDBConfigurationCollection" : "Configuration",
+   "ConfigDBConfigurationCollection" : "Configuration",
-	"ConfigDBConfigurationCollectionUsername" : "MyOceanConfig",
+   "ConfigDBConfigurationCollectionUsername" : "MyOceanConfig",
-	"ConfigDBConfigurationCollectionPassword" : "PWD"
+   "ConfigDBConfigurationCollectionPassword" : "PWD"
 }
 ```
 The `ConfigDBConfigurationCollection` collection gets automatically created. After both files are present and the MongoDB database or database cluster is running, Ocean is able to start. The database can and should be empty. Ocean does the configuration automatically. Due to this minimal local configuration and the distributed configuration database, the deployment of additional Ocean servers can be achieved by using e.g. data center scripts, etc.
@@ -91,7 +91,10 @@ exit
 * Finnaly, start Ocean again. The system should now run fine. Please have a look at the ICCC startup logging messages.
 
 ### Use Ocean as distributed messaging broker
-For this case, you can now start your other ICCC components. This are e.g. some Java, Python or C# programs which are using the Ocean ICCC drivers. These drivers currently under development and they will be available soon.
+For this case, you can now start your other ICCC components. This are e.g. some Java, Python or C# programs which are using the Ocean ICCC drivers. These drivers currently under development and they will be available soon. **The next priority:** OceanPy, the ICCC driver for Python.
+
+**Available ICCC drivers:**
+- [OceanNET - ICCC with .NET and C#](https://github.com/SommerEngineering/OceanNET)
 
 ### Use Ocean as framework e.g. for websites
 For this case, an example project with documentation is available here: https://github.com/SommerEngineering/Example003

StaticFiles/FindAndReadFile.go

@@ -3,10 +3,12 @@ package StaticFiles
 import (
 	"archive/zip"
 	"bytes"
+	"github.com/SommerEngineering/Ocean/ConfigurationDB"
 	"github.com/SommerEngineering/Ocean/Log"
 	LM "github.com/SommerEngineering/Ocean/Log/Meta"
 	"github.com/SommerEngineering/Ocean/Shutdown"
 	"io/ioutil"
+	"strings"
 )
 
 // Try to read a static file.
@@ -17,6 +19,40 @@ func FindAndReadFile(filename string) (result []byte) {
 		return
 	}
 
+	//
+	// Ensure that the TLS keys are secure and save:
+	//
+	if strings.ToLower(filename) == strings.ToLower(ConfigurationDB.Read(`AdminWebServerTLSCertificateName`)) {
+		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelSECURITY, LM.SeverityNone, LM.ImpactNone, LM.MessageNameREQUEST, `Someone tried to read the TLS certificate of the admin server. The attempt was inhibited.`)
+		return
+	}
+
+	if strings.ToLower(filename) == strings.ToLower(ConfigurationDB.Read(`AdminWebServerTLSPrivateKey`)) {
+		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelSECURITY, LM.SeverityNone, LM.ImpactNone, LM.MessageNameREQUEST, `Someone tried to read the TLS certificate's private key of the admin server. The attempt was inhibited.`)
+		return
+	}
+
+	if strings.ToLower(filename) == strings.ToLower(ConfigurationDB.Read(`PublicWebServerTLSCertificateName`)) {
+		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelSECURITY, LM.SeverityNone, LM.ImpactNone, LM.MessageNameREQUEST, `Someone tried to read the TLS certificate of the public server. The attempt was inhibited.`)
+		return
+	}
+
+	if strings.ToLower(filename) == strings.ToLower(ConfigurationDB.Read(`PublicWebServerTLSPrivateKey`)) {
+		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelSECURITY, LM.SeverityNone, LM.ImpactNone, LM.MessageNameREQUEST, `Someone tried to read the TLS certificate's private key of the public server. The attempt was inhibited.`)
+		return
+	}
+
+	result = FindAndReadFileINTERNAL(filename)
+	return
+}
+
+func FindAndReadFileINTERNAL(filename string) (result []byte) {
+
+	// Case: The system goes down.
+	if Shutdown.IsDown() {
+		return
+	}
+
 	// Prepare the path:
 	path := filename
 

System/ICCCComponentStartUpMessageReceiver.go

@@ -29,7 +29,7 @@ func icccComponentStartUpMessageReceiver(data map[string][]string) (result map[s
 		messageData := obj.(SystemMessages.ICCCComponentStartUpMessage)
 
 		// Provide a log entry:
-		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameSTARTUP, `ICCC message: The external component is now up and ready.`, fmt.Sprintf("ipAddressPort=%s", messageData.IPAddressPort), fmt.Sprintf("name=", messageData.Name), fmt.Sprintf("version=", messageData.Version))
+		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameSTARTUP, `ICCC message: The external component is now up and ready.`, fmt.Sprintf("ipAddressPort='%s'", messageData.IPAddressPort), fmt.Sprintf("name='%s'", messageData.Name), fmt.Sprintf("version='%s'", messageData.Version))
 
 		// An answer is necessary:
 		return ICCC.Message2Data("", "", SystemMessages.AnswerACK)

System/ICCCOceanStartUpMessageReceiver.go

@@ -29,7 +29,7 @@ func icccOceanStartUpMessageReceiver(data map[string][]string) (result map[strin
 		messageData := obj.(SystemMessages.ICCCOceanStartUpMessage)
 
 		// Provide a log entry:
-		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameSTARTUP, `ICCC message: The Ocean server is now up and ready.`, fmt.Sprintf("public server=%s", messageData.PublicIPAddressPort), fmt.Sprintf("admin server=%s", messageData.AdminIPAddressPort), fmt.Sprintf("Ocean's version=%s", messageData.OceanVersion))
+		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameSTARTUP, `ICCC message: The Ocean server is now up and ready.`, fmt.Sprintf("public server='%s'", messageData.PublicIPAddressPort), fmt.Sprintf("admin server='%s'", messageData.AdminIPAddressPort), fmt.Sprintf("Ocean's version='%s'", messageData.OceanVersion))
 
 		// An answer is necessary:
 		return ICCC.Message2Data("", "", SystemMessages.AnswerACK)

System/InitSystem.go

@@ -105,7 +105,7 @@ func initSystem() {
 	ICCC.Registrar(ICCC.ChannelICCC, `ICCC::DeleteListener`, ICCC.ICCCDeleteListenerReceiver)
 	ICCC.Registrar(ICCC.ChannelICCC, `ICCC::DeleteHost`, ICCC.ICCCDeleteHostReceiver)
 	ICCC.Registrar(ICCC.ChannelICCC, `ICCC::ListenerUpdate`, ICCC.ICCCListenerUpdateReceiver)
-	ICCC.Registrar(ICCC.ChannelICCC, `Ping::Ping`, ICCC.ICCCPingReceiver)
+	ICCC.Registrar(ICCC.ChannelPING, `Ping::Ping`, ICCC.ICCCPingReceiver)
 	ICCC.Registrar(ICCC.ChannelSYSTEM, `System::Version`, ICCC.ICCCGetVersionReceiver)
 	ICCC.Registrar(ICCC.ChannelICCC, `ICCC::GetHosts`, ICCC.ICCCGetHostsReceiver)
 	ICCC.Registrar(ICCC.ChannelICCC, `ICCC::GetListeners`, ICCC.ICCCGetListenersReceiver)

System/Version/Variables.go

@@ -1,5 +1,5 @@
 package Version
 
 var (
-	oceansVersion string = `2.0.4` // Ocean's current version
+	oceansVersion string = `2.1.3` // Ocean's current version
 )

Templates/Add.go

@@ -0,0 +1,7 @@
+package Templates
+
+//AddTemplate adds a template to the template cache so it can be used by ProcessHTML
+func AddTemplate(src string) error {
+	_, err := templates.Parse(src)
+	return err
+}

Tools/Random.go

@@ -20,6 +20,5 @@ func RandomFloat64() (rnd float64) {
 // Gets a random UUID (v4).
 func RandomGUID() (guidString string) {
 	guidString = uuid.NewV4().String()
-	guidString = guidString[1 : len(guidString)-1]
 	return
 }

WebServer/Init.go

@@ -6,8 +6,12 @@ import (
 	"github.com/SommerEngineering/Ocean/Handlers"
 	"github.com/SommerEngineering/Ocean/Log"
 	LM "github.com/SommerEngineering/Ocean/Log/Meta"
+	"github.com/SommerEngineering/Ocean/StaticFiles"
 	"github.com/SommerEngineering/Ocean/Tools"
+	"io/ioutil"
 	"net/http"
+	"os"
+	"path/filepath"
 	"strconv"
 	"strings"
 	"time"
@@ -64,6 +68,32 @@ func init() {
 		serverPublic.MaxHeaderBytes = maxHeaderBytes
 	}
 
+	// Is TLS configured?
+	if publicTLSEnabled := ConfigurationDB.Read(`PublicWebServerUseTLS`); strings.ToLower(publicTLSEnabled) == `true` {
+
+		// TLS is enabled. Copy the certificate and private key to the source directory.
+		publicTLSCertificate := StaticFiles.FindAndReadFileINTERNAL(ConfigurationDB.Read(`PublicWebServerTLSCertificateName`))
+		publicTLSPrivateKey := StaticFiles.FindAndReadFileINTERNAL(ConfigurationDB.Read(`PublicWebServerTLSPrivateKey`))
+
+		// Access to the working directory?
+		currentDir, dirError := os.Getwd()
+		if dirError != nil {
+			Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.MessageNameCONFIGURATION, `Was not able to read the working directory. Thus, cannot store the TLS certificates!`, dirError.Error())
+		} else {
+			// Build the filenames:
+			pathCertificate := filepath.Join(currentDir, ConfigurationDB.Read(`PublicWebServerTLSCertificateName`))
+			pathPrivateKey := filepath.Join(currentDir, ConfigurationDB.Read(`PublicWebServerTLSPrivateKey`))
+
+			// Write the files:
+			if writeError := ioutil.WriteFile(pathCertificate, publicTLSCertificate, 0660); writeError != nil {
+				Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.MessageNameCONFIGURATION, `Was not able to write the TLS certificate to the working directory.`, writeError.Error())
+			}
+			if writeError := ioutil.WriteFile(pathPrivateKey, publicTLSPrivateKey, 0660); writeError != nil {
+				Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.MessageNameCONFIGURATION, `Was not able to write the TLS private key to the working directory.`, writeError.Error())
+			}
+		}
+	}
+
 	// Is the private web server (i.e. administration server) enabled?
 	if strings.ToLower(ConfigurationDB.Read(`AdminWebServerEnabled`)) == `true` {
 
@@ -105,6 +135,32 @@ func init() {
 			Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameCONFIGURATION, fmt.Sprintf("The admin web server's max. header size was set to %d bytes.", maxHeaderBytes))
 			serverAdmin.MaxHeaderBytes = maxHeaderBytes
 		}
+
+		// Is TLS configured?
+		if adminTLSEnabled := ConfigurationDB.Read(`AdminWebServerUseTLS`); strings.ToLower(adminTLSEnabled) == `true` {
+
+			// TLS is enabled. Copy the certificate and private key to the source directory.
+			adminTLSCertificate := StaticFiles.FindAndReadFileINTERNAL(ConfigurationDB.Read(`AdminWebServerTLSCertificateName`))
+			adminTLSPrivateKey := StaticFiles.FindAndReadFileINTERNAL(ConfigurationDB.Read(`AdminWebServerTLSPrivateKey`))
+
+			// Access to the working directory?
+			currentDir, dirError := os.Getwd()
+			if dirError != nil {
+				Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.MessageNameCONFIGURATION, `Was not able to read the working directory. Thus, cannot store the TLS certificates!`, dirError.Error())
+			} else {
+				// Build the filenames:
+				pathCertificate := filepath.Join(currentDir, ConfigurationDB.Read(`AdminWebServerTLSCertificateName`))
+				pathPrivateKey := filepath.Join(currentDir, ConfigurationDB.Read(`AdminWebServerTLSPrivateKey`))
+
+				// Write the files:
+				if writeError := ioutil.WriteFile(pathCertificate, adminTLSCertificate, 0660); writeError != nil {
+					Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.MessageNameCONFIGURATION, `Was not able to write the TLS certificate to the working directory.`, writeError.Error())
+				}
+				if writeError := ioutil.WriteFile(pathPrivateKey, adminTLSPrivateKey, 0660); writeError != nil {
+					Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.MessageNameCONFIGURATION, `Was not able to write the TLS private key to the working directory.`, writeError.Error())
+				}
+			}
+		}
 	} else {
 		// Private web server is disabled:
 		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameSTARTUP, `The admin web server is disabled.`)

WebServer/Start.go

@@ -2,11 +2,13 @@ package WebServer
 
 import (
 	"fmt"
+	"github.com/SommerEngineering/Ocean/ConfigurationDB"
 	"github.com/SommerEngineering/Ocean/ICCC"
 	"github.com/SommerEngineering/Ocean/ICCC/SystemMessages"
 	"github.com/SommerEngineering/Ocean/Log"
 	LM "github.com/SommerEngineering/Ocean/Log/Meta"
 	"github.com/SommerEngineering/Ocean/System/Version"
+	"strings"
 )
 
 func Start() {
@@ -19,14 +21,27 @@ func Start() {
 	if serverPublic != nil {
 		data.PublicIPAddressPort = serverPublicAddressPort
 		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameSTARTUP, `Public web server is now listening.`, `Configuration for hostname and port.`, serverPublicAddressPort)
-		go serverPublic.ListenAndServe()
+
+		// Is TLS configured?
+		if publicTLSEnabled := ConfigurationDB.Read(`PublicWebServerUseTLS`); strings.ToLower(publicTLSEnabled) == `true` {
+			go serverPublic.ListenAndServeTLS(ConfigurationDB.Read(`PublicWebServerTLSCertificateName`), ConfigurationDB.Read(`PublicWebServerTLSPrivateKey`))
+		} else {
+			go serverPublic.ListenAndServe()
+		}
+
 	}
 
 	// Start the private web server:
 	if serverAdmin != nil {
 		data.AdminIPAddressPort = serverAdminAddressPort
 		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameSTARTUP, `Admin web server is now listening.`, `Configuration for hostname and port.`, serverAdminAddressPort)
-		go serverAdmin.ListenAndServe()
+
+		// Is TLS configured?
+		if adminTLSEnabled := ConfigurationDB.Read(`AdminWebServerUseTLS`); strings.ToLower(adminTLSEnabled) == `true` {
+			go serverAdmin.ListenAndServeTLS(ConfigurationDB.Read(`AdminWebServerTLSCertificateName`), ConfigurationDB.Read(`AdminWebServerTLSPrivateKey`))
+		} else {
+			go serverAdmin.ListenAndServe()
+		}
 	}
 
 	// Notify the whole cluster, that this server is now up and ready: