From 37a9d856afe72e91fca1c278f954ad6946813ce2 Mon Sep 17 00:00:00 2001
From: Cory McWilliams <cory@unprompted.com>
Date: Thu, 12 Oct 2017 23:29:33 +0000
Subject: [PATCH] Reload the TLS certificate and private key if they change.

git-svn-id: https://www.unprompted.com/svn/projects/tildefriends/trunk@3409 ed5197a5-7fde-0310-b194-c3ffbd925b24
---
 core/httpd.js | 47 +++++++++++++++++++++++++++++++++--------------
 1 file changed, 33 insertions(+), 14 deletions(-)

diff --git a/core/httpd.js b/core/httpd.js
index ff1bedbf..f5bd28dc 100644
--- a/core/httpd.js
+++ b/core/httpd.js
@@ -445,7 +445,7 @@ function handleConnection(client) {
 var kBacklog = 8;
 var kHost = "0.0.0.0"
 var kHttpPort = gGlobalSettings.httpPort || 12345;
-var kHttpsPort = gGlobalSettings.httpsPort || 12346;
+var kHttpsPort = gGlobalSettings.httpsPort || null;
 
 var socket = new Socket();
 socket.bind(kHost, kHttpPort).then(function() {
@@ -458,26 +458,45 @@ socket.bind(kHost, kHttpPort).then(function() {
 	logError("[" + new Date() + "] " + error);
 });
 
-var privateKey = new TextDecoder("ASCII").decode(File.readFile("data/httpd/privatekey.pem"));
-var certificate = new TextDecoder("ASCII").decode(File.readFile("data/httpd/certificate.pem"));
-
-if (privateKey && certificate) {
-	var tls = new TlsContext();
-	tls.setPrivateKey(privateKey);
-	tls.setCertificate(certificate);
-
+if (kHttpsPort) {
+	var tls = {};
 	var secureSocket = new Socket();
 	secureSocket.bind(kHost, kHttpsPort).then(function() {
-		secureSocket.listen(kBacklog, function() {
-			secureSocket.accept().then(function(client) {
+		return secureSocket.listen(kBacklog, function() {
+			return secureSocket.accept().then(function(client) {
 				handleConnection(client);
-				client.startTls(tls).catch(function(error) {
+
+				const kCertificatePath = "data/httpd/certificate.pem";
+				const kPrivateKeyPath = "data/httpd/privatekey.pem";
+
+				return Promise.all([
+					File.stat(kCertificatePath),
+					File.stat(kPrivateKeyPath),
+				]).then(function(stat) {
+					if (!tls.context ||
+						tls.certStat.mtime != stat[0].mtime ||
+						tls.certStat.size != stat[0].size ||
+						tls.keyStat.mtime != stat[1].mtime ||
+						tls.keyStat.size != stat[1].size) {
+						print("Reloading " + kCertificatePath + " and " + kPrivateKeyPath);
+						var privateKey = new TextDecoder("ASCII").decode(File.readFile(kPrivateKeyPath));
+						var certificate = new TextDecoder("ASCII").decode(File.readFile(kCertificatePath));
+
+						tls.context = new TlsContext();
+						tls.context.setPrivateKey(privateKey);
+						tls.context.setCertificate(certificate);
+						tls.certStat = stat[0];
+						tls.keyStat = stat[1];
+					}
+
+					return client.startTls(tls.context);
+				}).catch(function(error) {
 					logError("[" + new Date() + "] [" + client.peerName + "] " + error);
 				});
-			}).catch(function(error) {
-				logError("[" + new Date() + "] " + error);
 			});
 		});
+	}).catch(function(error) {
+		logError("[" + new Date() + "] " + error);
 	});
 }