diff --git a/clients/nodejs/index.js b/clients/nodejs/index.js index 3aebd5f38..0d4ee42b3 100644 --- a/clients/nodejs/index.js +++ b/clients/nodejs/index.js @@ -170,7 +170,7 @@ const $ = {}; const clientConfigBuilder = Nimiq.Client.Configuration.builder(); clientConfigBuilder.protocol(config.protocol, config.host, config.port, config.tls.key, config.tls.cert); - if (config.reverseProxy.enabled) clientConfigBuilder.reverseProxy(config.reverseProxy.port, config.reverseProxy.header, ...config.reverseProxy.addresses); + if (config.reverseProxy.enabled) clientConfigBuilder.reverseProxy(config.reverseProxy.port, config.reverseProxy.header, config.reverseProxy.terminatesSsl, ...config.reverseProxy.addresses); if (config.passive) clientConfigBuilder.feature(Nimiq.Client.Feature.PASSIVE); if (config.type === 'full' || config.type === 'light') clientConfigBuilder.feature(Nimiq.Client.Feature.MEMPOOL); const clientConfig = clientConfigBuilder.build(); @@ -200,7 +200,7 @@ const $ = {}; $.mempool = $.consensus.mempool; $.network = $.consensus.network; - Nimiq.Log.i(TAG, `Peer address: ${networkConfig.peerAddress.toString()} - public key: ${networkConfig.keyPair.publicKey.toHex()}`); + Nimiq.Log.i(TAG, `Peer address: ${networkConfig.publicPeerAddress.toString()} - public key: ${networkConfig.keyPair.publicKey.toHex()}`); // TODO: Wallet key. $.walletStore = await new Nimiq.WalletStore(); diff --git a/clients/nodejs/modules/Config.js b/clients/nodejs/modules/Config.js index e4eb11d22..05c456c00 100644 --- a/clients/nodejs/modules/Config.js +++ b/clients/nodejs/modules/Config.js @@ -22,7 +22,7 @@ const TAG = 'Config'; * @property {{enabled: boolean, port: number}} uiServer * @property {{enabled: boolean, port: number, password: string}} metricsServer * @property {{seed: string, address: string}} wallet - * @property {{enabled: boolean, port: number, address: string, addresses: Array., header: string}} reverseProxy + * @property {{enabled: boolean, port: number, address: string, addresses: Array., header: string, terminatesSsl: boolean}} reverseProxy * @property {{level: string, tags: object}} log * @property {Array.<{host: string, port: number, publicKey: string, protocol: string}>} seedPeers * @property {object} constantOverrides @@ -83,7 +83,8 @@ const DEFAULT_CONFIG = /** @type {Config} */ { port: 8444, address: '::ffff:127.0.0.1', // deprecated addresses: [], - header: 'x-forwarded-for' + header: 'x-forwarded-for', + terminatesSsl: false }, log: { level: 'info', @@ -163,7 +164,8 @@ const CONFIG_TYPES = { port: 'number', address: 'string', // deprecated addresses: {type: 'array', inner: 'string'}, - header: 'string' + header: 'string', + terminatesSsl: 'boolean' } }, log: { diff --git a/clients/nodejs/modules/MetricsServer.js b/clients/nodejs/modules/MetricsServer.js index 49e004be8..eee66edbb 100644 --- a/clients/nodejs/modules/MetricsServer.js +++ b/clients/nodejs/modules/MetricsServer.js @@ -79,7 +79,7 @@ class MetricsServer { get _desc() { return { - peer: this._network._networkConfig.peerAddress.toString() + peer: this._network._networkConfig.internalPeerAddress.toString() }; } diff --git a/clients/nodejs/sample.conf b/clients/nodejs/sample.conf index ed2da67ea..6e434d0ec 100644 --- a/clients/nodejs/sample.conf +++ b/clients/nodejs/sample.conf @@ -191,6 +191,10 @@ // Possible values: any valid HTTP header name // Default: "x-forwarded-for" //header: "x-forwarded-for" + + // Set termination of SSL on the reverse proxy. + // Default: false + //terminatesSsl: true, }, // Configure log output. All output will go to STDOUT. diff --git a/dist/types.d.ts b/dist/types.d.ts index 71d253122..4f3b7a715 100644 --- a/dist/types.d.ts +++ b/dist/types.d.ts @@ -131,7 +131,7 @@ declare class ClientConfigurationBuilder { public volatile(volatile?: boolean): this; public blockConfirmations(confirmations: number): this; public feature(...feature: Client.Feature[]): this; - public reverseProxy(port: number, header: string, ...addresses: string[]): this; + public reverseProxy(port: number, header: string, terminatesSsl: boolean, ...addresses: string[]): this; public build(): Client.Configuration; public instantiateClient(): Client; } @@ -4014,13 +4014,13 @@ export class NetworkConfig { export class WsNetworkConfig extends NetworkConfig { public protocol: number; public port: number; - public reverseProxy: { enabled: boolean, port: number, addresses: string[], header: string }; + public reverseProxy: { enabled: boolean, port: number, addresses: string[], header: string, terminatesSsl: boolean }; public peerAddress: WsPeerAddress | WssPeerAddress; public secure: boolean; constructor( host: string, port: number, - reverseProxy: { enabled: boolean, port: number, addresses: string[], header: string }, + reverseProxy: { enabled: boolean, port: number, addresses: string[], header: string, terminatesSsl: boolean }, ); } @@ -4031,7 +4031,7 @@ export class WssNetworkConfig extends WsNetworkConfig { port: number, key: string, cert: string, - reverseProxy: { enabled: boolean, port: number, addresses: string[], header: string }, + reverseProxy: { enabled: boolean, port: number, addresses: string[], header: string, terminatesSsl: boolean }, ); } diff --git a/src/main/generic/api/Configuration.js b/src/main/generic/api/Configuration.js index e63b32007..37b6211ce 100644 --- a/src/main/generic/api/Configuration.js +++ b/src/main/generic/api/Configuration.js @@ -184,15 +184,17 @@ Client.ConfigurationBuilder = class ConfigurationBuilder { /** * @param {number} port * @param {string} header + * @param {boolean} terminatesSsl * @param {...string} addresses * @returns {Client.ConfigurationBuilder} */ - reverseProxy(port, header, ...addresses) { + reverseProxy(port, header, terminatesSsl, ...addresses) { if (this._protocol !== 'ws' && this._protocol !== 'wss') throw new Error('Protocol must be ws or wss for reverse proxy.'); this._reverseProxy = { enabled: true, port: this._requiredType(port, 'port', 'number'), header: this._requiredType(header, 'header', 'string'), + terminatesSsl, addresses: addresses }; return this; diff --git a/src/main/generic/api/NetworkClient.js b/src/main/generic/api/NetworkClient.js index f24c7a1e4..952d7a8e1 100644 --- a/src/main/generic/api/NetworkClient.js +++ b/src/main/generic/api/NetworkClient.js @@ -63,7 +63,7 @@ Client.Network = class Network { */ async getOwnAddress() { const consensus = await this._client._consensus; - return new Client.BasicAddress(consensus.network.config.peerAddress); + return new Client.BasicAddress(consensus.network.config.publicPeerAddress); } /** diff --git a/src/main/generic/network/NetworkConfig.js b/src/main/generic/network/NetworkConfig.js index 2d235b8c2..07467c2e9 100644 --- a/src/main/generic/network/NetworkConfig.js +++ b/src/main/generic/network/NetworkConfig.js @@ -128,7 +128,14 @@ class NetworkConfig { /** * @type {PeerAddress} */ - get peerAddress() { + get internalPeerAddress() { + throw new Error('Not implemented'); + } + + /** + * @type {PeerAddress} + */ + get publicPeerAddress() { throw new Error('Not implemented'); } @@ -157,7 +164,7 @@ class WsNetworkConfig extends NetworkConfig { * @constructor * @param {string} host * @param {number} port - * @param {{enabled: boolean, port: number, addresses: Array., header: string}} reverseProxy + * @param {{enabled: boolean, port: number, addresses: Array., header: string, terminatesSsl: boolean}} reverseProxy */ constructor(host, port, reverseProxy) { super(Protocol.WS | Protocol.WSS); @@ -182,7 +189,7 @@ class WsNetworkConfig extends NetworkConfig { } /** - * @type {{enabled: boolean, port: number, addresses: Array., header: string}} + * @type {{enabled: boolean, port: number, addresses: Array., header: string, terminatesSsl: boolean}} */ get reverseProxy() { return this._reverseProxy; @@ -192,13 +199,41 @@ class WsNetworkConfig extends NetworkConfig { * @type {WsPeerAddress|WssPeerAddress} * @override */ - get peerAddress() { + get internalPeerAddress() { if (!this._services || !this._keyPair) { throw new Error('PeerAddress is not configured.'); } - const port = this._reverseProxy.enabled ? this._reverseProxy.port : this._port; const peerAddress = new WsPeerAddress( + this._services.provided, Date.now(), NetAddress.UNSPECIFIED, + this.publicKey, /*distance*/ 0, + this._host, this._port); + + if (!peerAddress.globallyReachable()) { + throw new Error('PeerAddress not globally reachable.'); + } + + peerAddress.signature = Signature.create(this._keyPair.privateKey, this.publicKey, peerAddress.serializeContent()); + return peerAddress; + } + + /** + * @type {WsPeerAddress|WssPeerAddress} + * @override + */ + get publicPeerAddress() { + if (!this._services || !this._keyPair) { + throw new Error('PeerAddress is not configured.'); + } + + const port = this._reverseProxy.enabled ? this._reverseProxy.port : this._port; + let _PeerAddress; + if (this._reverseProxy.enabled && this._reverseProxy.terminatesSsl) { + _PeerAddress = WssPeerAddress; + } else { + _PeerAddress = WsPeerAddress; + } + const peerAddress = new _PeerAddress( this._services.provided, Date.now(), NetAddress.UNSPECIFIED, this.publicKey, /*distance*/ 0, this._host, port); @@ -260,7 +295,29 @@ class WssNetworkConfig extends WsNetworkConfig { * @type {WsPeerAddress|WssPeerAddress} * @override */ - get peerAddress() { + get internalPeerAddress() { + if (!this._services || !this._keyPair) { + throw new Error('PeerAddress is not configured.'); + } + + const peerAddress = new WssPeerAddress( + this._services.provided, Date.now(), NetAddress.UNSPECIFIED, + this.publicKey, /*distance*/ 0, + this._host, this._port); + + if (!peerAddress.globallyReachable()) { + throw new Error('PeerAddress not globally reachable.'); + } + + peerAddress.signature = Signature.create(this._keyPair.privateKey, this.publicKey, peerAddress.serializeContent()); + return peerAddress; + } + + /** + * @type {WsPeerAddress|WssPeerAddress} + * @override + */ + get publicPeerAddress() { if (!this._services || !this._keyPair) { throw new Error('PeerAddress is not configured.'); } @@ -321,7 +378,7 @@ class RtcNetworkConfig extends NetworkConfig { * @type {RtcPeerAddress} * @override */ - get peerAddress() { + get internalPeerAddress() { if (!this._services || !this._keyPair) { throw new Error('PeerAddress is not configured.'); } @@ -332,6 +389,14 @@ class RtcNetworkConfig extends NetworkConfig { peerAddress.signature = Signature.create(this._keyPair.privateKey, this.publicKey, peerAddress.serializeContent()); return peerAddress; } + + /** + * @type {RtcPeerAddress} + * @override + */ + get publicPeerAddress() { + return this.internalPeerAddress; + } } Class.register(RtcNetworkConfig); @@ -356,7 +421,7 @@ class DumbNetworkConfig extends NetworkConfig { * @type {DumbPeerAddress} * @override */ - get peerAddress() { + get internalPeerAddress() { if (!this._services || !this._keyPair) { throw new Error('PeerAddress is not configured.'); } @@ -367,5 +432,13 @@ class DumbNetworkConfig extends NetworkConfig { peerAddress.signature = Signature.create(this._keyPair.privateKey, this.publicKey, peerAddress.serializeContent()); return peerAddress; } + + /** + * @type {DumbPeerAddress} + * @override + */ + get publicPeerAddress() { + return this.internalPeerAddress; + } } Class.register(DumbNetworkConfig); diff --git a/src/main/generic/network/address/PeerAddressBook.js b/src/main/generic/network/address/PeerAddressBook.js index 9c965362e..649196db1 100644 --- a/src/main/generic/network/address/PeerAddressBook.js +++ b/src/main/generic/network/address/PeerAddressBook.js @@ -303,7 +303,7 @@ class PeerAddressBook extends Observable { */ _add(channel, peerAddress) { // Ignore our own address. - if (this._networkConfig.peerAddress.equals(peerAddress)) { + if (this._networkConfig.publicPeerAddress.equals(peerAddress)) { return false; } diff --git a/src/main/generic/network/connection/ConnectionPool.js b/src/main/generic/network/connection/ConnectionPool.js index 43cf964da..596fce986 100644 --- a/src/main/generic/network/connection/ConnectionPool.js +++ b/src/main/generic/network/connection/ConnectionPool.js @@ -546,7 +546,7 @@ class ConnectionPool extends Observable { case PeerConnectionState.NEGOTIATING: // The peer with the lower peerId accepts this connection and closes his stored connection. - if (this._networkConfig.peerAddress.peerId.compare(peer.peerAddress.peerId) < 0) { + if (this._networkConfig.publicPeerAddress.peerId.compare(peer.peerAddress.peerId) < 0) { storedConnection.peerChannel.close(CloseType.SIMULTANEOUS_CONNECTION, 'simultaneous connection (post handshake) - lower peerId'); Assert.that(!this.getConnectionByPeerAddress(peer.peerAddress), 'PeerConnection not removed'); diff --git a/src/main/generic/network/connection/NetworkAgent.js b/src/main/generic/network/connection/NetworkAgent.js index a407ed17f..7ee06db24 100644 --- a/src/main/generic/network/connection/NetworkAgent.js +++ b/src/main/generic/network/connection/NetworkAgent.js @@ -130,7 +130,7 @@ class NetworkAgent extends Observable { // Kick off the handshake by telling the peer our version, network address & blockchain head hash. // Some browsers (Firefox, Safari) send the data-channel-open event too early, so sending the version message might fail. // Try again in this case. - if (!this._channel.version(this._networkConfig.peerAddress, this._blockchain.headHash, this._challengeNonce, this._networkConfig.appAgent)) { + if (!this._channel.version(this._networkConfig.publicPeerAddress, this._blockchain.headHash, this._challengeNonce, this._networkConfig.appAgent)) { this._versionAttempts++; if (this._versionAttempts >= NetworkAgent.VERSION_ATTEMPTS_MAX || this._channel.closed) { this._channel.close(CloseType.SENDING_OF_VERSION_MESSAGE_FAILED, 'sending of version message failed'); @@ -303,7 +303,7 @@ class NetworkAgent extends Observable { } // Verify signature - const data = BufferUtils.concatTypedArrays(this._networkConfig.peerAddress.peerId.serialize(), this._challengeNonce); + const data = BufferUtils.concatTypedArrays(this._networkConfig.publicPeerAddress.peerId.serialize(), this._challengeNonce); if (!msg.signature.verify(msg.publicKey, data)) { this._channel.close(CloseType.INVALID_SIGNATURE_IN_VERACK_MESSAGE, 'Invalid signature in verack message'); return; @@ -330,7 +330,7 @@ class NetworkAgent extends Observable { // Regularly announce our address. this._timers.setInterval('announce-addr', - () => this._channel.addr([this._networkConfig.peerAddress]), + () => this._channel.addr([this._networkConfig.publicPeerAddress]), NetworkAgent.ANNOUNCE_ADDR_INTERVAL); // Tell listeners that the handshake with this peer succeeded. diff --git a/src/main/generic/network/websocket/WebSocketConnector.js b/src/main/generic/network/websocket/WebSocketConnector.js index 4a35c7809..ca122b2c8 100644 --- a/src/main/generic/network/websocket/WebSocketConnector.js +++ b/src/main/generic/network/websocket/WebSocketConnector.js @@ -12,11 +12,11 @@ class WebSocketConnector extends Observable { this._protocolPrefix = protocolPrefix; this._networkConfig = networkConfig; - if (networkConfig.peerAddress.protocol === this._protocol) { + if (networkConfig.internalPeerAddress.protocol === this._protocol) { this._wss = WebSocketFactory.newWebSocketServer(networkConfig); this._wss.on('connection', (ws, req) => this._onConnection(ws, req)); - Log.d(WebSocketConnector, `${this._protocolPrefix.toUpperCase()}-Connector listening on port ${networkConfig.peerAddress.port}`); + Log.d(WebSocketConnector, `${this._protocolPrefix.toUpperCase()}-Connector listening on port ${networkConfig.internalPeerAddress.port}`); } /** @type {HashMap.} */ diff --git a/src/test/specs/generic/DummyData.spec.js b/src/test/specs/generic/DummyData.spec.js index aa98bc5dc..8571db953 100644 --- a/src/test/specs/generic/DummyData.spec.js +++ b/src/test/specs/generic/DummyData.spec.js @@ -119,7 +119,7 @@ Dummy.partialSignatureTestVectors = [ const offlineTarget = typeof WssNetworkConfig === 'undefined'; if (!offlineTarget) { - Dummy.NETCONFIG = new WssNetworkConfig('node1.test', 9000, 'key1', 'cert1', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for'}); + Dummy.NETCONFIG = new WssNetworkConfig('node1.test', 9000, 'key1', 'cert1', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for', terminatesSsl: false}); Dummy.NETCONFIG._keyPair = KeyPair.fromHex('ab05e735f870ff4482a997eab757ea78f8a83356ea443ac68969824184b82903a5ea83e7ee0c8c7ad863c3ceffd31a63679e1ea34a5f89e3ae0f90c5d281d4a900'); } diff --git a/src/test/specs/generic/api/Client.spec.js b/src/test/specs/generic/api/Client.spec.js index 0894dee9c..3f8381550 100644 --- a/src/test/specs/generic/api/Client.spec.js +++ b/src/test/specs/generic/api/Client.spec.js @@ -8,7 +8,7 @@ describe('Client', () => { const name = 'volatile' + consensus.charAt(0).toUpperCase() + consensus.slice(1); const promise = Consensus[name](); promise.then((c) => { - Log.d('Client.spec', `${consensus}-consensus uses ${c.network.config.peerAddress}`); + Log.d('Client.spec', `${consensus}-consensus uses ${c.network.config.publicPeerAddress}`); }); return promise; } diff --git a/src/test/specs/generic/consensus/light/LightConsensus.spec.js b/src/test/specs/generic/consensus/light/LightConsensus.spec.js index f1faeace2..e9cd65ab4 100644 --- a/src/test/specs/generic/consensus/light/LightConsensus.spec.js +++ b/src/test/specs/generic/consensus/light/LightConsensus.spec.js @@ -43,7 +43,7 @@ describe('LightConsensus', () => { }); await blockchain2.pushBlock(block); } - const netConfig2 = new WssNetworkConfig('node2.test', 8080, 'key2', 'cert2', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for'}); + const netConfig2 = new WssNetworkConfig('node2.test', 8080, 'key2', 'cert2', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for', terminatesSsl: false}); const consensus2 = await Consensus.volatileFull(netConfig2); consensus2.network.allowInboundConnections = true; await copyChain(blockchain2, consensus2.blockchain); @@ -61,7 +61,7 @@ describe('LightConsensus', () => { expect(consensus3.blockchain.height).toBe(9); // Connect to peer 2. - consensus3.network._connections.connectOutbound(netConfig2.peerAddress); + consensus3.network._connections.connectOutbound(netConfig2.publicPeerAddress); setTimeout(() => { expect(consensus1.blockchain.head.equals(blockchain2.head)).toBe(true); diff --git a/src/test/specs/generic/network/ConnectionPool.spec.js b/src/test/specs/generic/network/ConnectionPool.spec.js index 174bd3219..485f5cda4 100644 --- a/src/test/specs/generic/network/ConnectionPool.spec.js +++ b/src/test/specs/generic/network/ConnectionPool.spec.js @@ -54,7 +54,7 @@ describe('ConnectionPool', () => { const consensus1 = await Consensus.volatileFull(netConfig1); consensus1.network.connect(); - await createPeers(5, netConfig1.peerAddress); + await createPeers(5, netConfig1.publicPeerAddress); expect(consensus1.network.peerCount).toBe(5); @@ -84,14 +84,14 @@ describe('ConnectionPool', () => { const consensus1 = await Consensus.volatileFull(netConfig1); consensus1.network.connect(); - await createPeers(5, netConfig1.peerAddress); + await createPeers(5, netConfig1.publicPeerAddress); expect(consensus1.network.peerCount).toBe(5); // Advance the clock to make connection scores drop below the inbound exchange threshold. MockClock.tick(15 * 60 * 1000); - await createPeers(1, netConfig1.peerAddress); + await createPeers(1, netConfig1.publicPeerAddress); expect(consensus1.network.peerCount).toBe(5); @@ -223,7 +223,7 @@ describe('ConnectionPool', () => { const consensus1 = await Consensus.volatileFull(netConfig1); consensus1.network.connect(); - const netConfig2 = new WssNetworkConfig('node2.test', 8080, 'key2', 'cert2', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for'}); + const netConfig2 = new WssNetworkConfig('node2.test', 8080, 'key2', 'cert2', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for', terminatesSsl: false}); const consensus2 = await Consensus.volatileFull(netConfig2); consensus2.network.connect(); @@ -231,7 +231,7 @@ describe('ConnectionPool', () => { expect(consensus1.network.peerCount).toBe(1); expect(consensus2.network.peerCount).toBe(1); - const netConfig3 = new WssNetworkConfig('node3.test', 8080, 'key3', 'cert3', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for'}); + const netConfig3 = new WssNetworkConfig('node3.test', 8080, 'key3', 'cert3', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for', terminatesSsl: false}); const consensus3 = await Consensus.volatileFull(netConfig3); // Allow inbound connections early consensus3.network.allowInboundConnections = true; @@ -263,7 +263,7 @@ describe('ConnectionPool', () => { const consensus1 = await Consensus.volatileFull(netConfig1); consensus1.network.connect(); - const netConfig2 = new WssNetworkConfig('node2.test', 8080, 'key2', 'cert2', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for'}); + const netConfig2 = new WssNetworkConfig('node2.test', 8080, 'key2', 'cert2', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for', terminatesSsl: false}); const consensus2 = await Consensus.volatileFull(netConfig2); consensus2.network.connect(); @@ -271,7 +271,7 @@ describe('ConnectionPool', () => { expect(consensus1.network.peerCount).toBe(1); expect(consensus2.network.peerCount).toBe(1); - const netConfig3 = new WssNetworkConfig('node3.test', 8080, 'key3', 'cert3', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for'}); + const netConfig3 = new WssNetworkConfig('node3.test', 8080, 'key3', 'cert3', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for', terminatesSsl: false}); const consensus3 = await Consensus.volatileFull(netConfig3); consensus3.network.connect(); @@ -302,7 +302,7 @@ describe('ConnectionPool', () => { const consensus1 = await Consensus.volatileFull(netConfig1); consensus1.network.connect(); - const netConfig2 = new WssNetworkConfig('node2.test', 8080, 'key2', 'cert2', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for'}); + const netConfig2 = new WssNetworkConfig('node2.test', 8080, 'key2', 'cert2', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for', terminatesSsl: false}); const consensus2 = await Consensus.volatileFull(netConfig2); consensus2.network.connect(); @@ -310,7 +310,7 @@ describe('ConnectionPool', () => { expect(consensus1.network.peerCount).toBe(1); expect(consensus2.network.peerCount).toBe(1); - const netConfig3 = new WssNetworkConfig('node3.test', 8080, 'key3', 'cert3', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for'}); + const netConfig3 = new WssNetworkConfig('node3.test', 8080, 'key3', 'cert3', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for', terminatesSsl: false}); const consensus3 = await Consensus.volatileFull(netConfig3); // Allow inbound connections early consensus3.network.allowInboundConnections = true; @@ -351,7 +351,7 @@ describe('ConnectionPool', () => { const consensus1 = await Consensus.volatileFull(netConfig1); consensus1.network.connect(); - const netConfig2 = new WssNetworkConfig('node2.test', 8080, 'key2', 'cert2', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for'}); + const netConfig2 = new WssNetworkConfig('node2.test', 8080, 'key2', 'cert2', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for', terminatesSsl: false}); const consensus2 = await Consensus.volatileFull(netConfig2); // Allow inbound connections early consensus2.network.allowInboundConnections = true; @@ -361,7 +361,7 @@ describe('ConnectionPool', () => { expect(consensus1.network.peerCount).toBe(1); expect(consensus2.network.peerCount).toBe(1); - const netConfig3 = new WssNetworkConfig('node3.test', 8080, 'key3', 'cert3', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for'}); + const netConfig3 = new WssNetworkConfig('node3.test', 8080, 'key3', 'cert3', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for', terminatesSsl: false}); const consensus3 = await Consensus.volatileLight(netConfig3); // Allow inbound connections early consensus3.network.allowInboundConnections = true; @@ -402,7 +402,7 @@ describe('ConnectionPool', () => { const consensus1 = await Consensus.volatileFull(netConfig1); consensus1.network.connect(); - const netConfig2 = new WssNetworkConfig('node2.test', 8080, 'key2', 'cert2', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for'}); + const netConfig2 = new WssNetworkConfig('node2.test', 8080, 'key2', 'cert2', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for', terminatesSsl: false}); const consensus2 = await Consensus.volatileFull(netConfig2); consensus2.network.connect(); @@ -410,7 +410,7 @@ describe('ConnectionPool', () => { expect(consensus1.network.peerCount).toBe(1); expect(consensus2.network.peerCount).toBe(1); - const netConfig3 = new WssNetworkConfig('node3.test', 8080, 'key3', 'cert3', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for'}); + const netConfig3 = new WssNetworkConfig('node3.test', 8080, 'key3', 'cert3', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for', terminatesSsl: false}); const consensus3 = await Consensus.volatileLight(netConfig3); // Allow inbound connections early consensus3.network.allowInboundConnections = true; @@ -440,11 +440,11 @@ describe('ConnectionPool', () => { const consensus = await Consensus.volatileFull(netConfig); consensus.network.connect(); - const netConfig1 = new WssNetworkConfig('attacker.test', 9000, 'key1', 'cert1', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for'}); + const netConfig1 = new WssNetworkConfig('attacker.test', 9000, 'key1', 'cert1', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for', terminatesSsl: false}); netConfig1._keyPair = KeyPair.generate(); const sameIP1 = await Consensus.volatileFull(netConfig1); - sameIP1.network._connections.connectOutbound(netConfig.peerAddress); + sameIP1.network._connections.connectOutbound(netConfig.publicPeerAddress); const conn = await new Promise(resolve => consensus.network._connections.on('connection', (conn) => { resolve(conn); })); await new Promise(resolve => sameIP1.on('established', () => { @@ -452,11 +452,11 @@ describe('ConnectionPool', () => { resolve(); })); - const netConfig2 = new WssNetworkConfig('attacker.test', 9000, 'key2', 'cert2', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for'}); + const netConfig2 = new WssNetworkConfig('attacker.test', 9000, 'key2', 'cert2', { enabled: false, port: 8444, address: '::ffff:127.0.0.1', header: 'x-forwarded-for', terminatesSsl: false}); netConfig2._keyPair = KeyPair.generate(); const sameIP2 = await Consensus.volatileFull(netConfig2); - sameIP2.network._connections.connectOutbound(netConfig.peerAddress); + sameIP2.network._connections.connectOutbound(netConfig.publicPeerAddress); const disconnected = new Promise(resolve => sameIP2.network.on('disconnected', resolve)); sameIP2.on('established', done.fail); diff --git a/src/test/specs/generic/network/MockNetwork.spec.js b/src/test/specs/generic/network/MockNetwork.spec.js index 7ff69316a..9cbaa57e0 100644 --- a/src/test/specs/generic/network/MockNetwork.spec.js +++ b/src/test/specs/generic/network/MockNetwork.spec.js @@ -421,14 +421,14 @@ class MockNetwork { MockNetwork._lossrate = lossrate; spyOn(WebSocketFactory, 'newWebSocketServer').and.callFake((netconfig) => { - const peerAddress = netconfig.peerAddress; + const peerAddress = netconfig.publicPeerAddress; const server = new MockWebSocketServer(); MockNetwork._servers.set(`wss://${peerAddress.host}:${peerAddress.port}`, server); return server; }); spyOn(WebSocketFactory, 'newWebSocket').and.callFake((url, options, netconfig) => { - const peerAddress = netconfig.peerAddress; + const peerAddress = netconfig.publicPeerAddress; const seed = peerAddress.protocol === Protocol.WSS ? `wss://${peerAddress.host}:${peerAddress.port}` : `reserved${MockNetwork._clientSerial++}.test`;