From 1a6c06376d8dce16e973525a5a66939b0446a397 Mon Sep 17 00:00:00 2001
From: Nate Koenig <nate@openrobotics.org>
Date: Thu, 11 Jun 2020 13:03:14 -0700
Subject: [PATCH 1/7] Working on ssl

Signed-off-by: Nate Koenig <nate@openrobotics.org>
---
 examples/websocket.ign                      |  2 ++
 plugins/websocket_server/WebsocketServer.cc | 40 +++++++++++++++++++--
 plugins/websocket_server/index.html         |  2 +-
 3 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/examples/websocket.ign b/examples/websocket.ign
index a2be0c1d..bc76717a 100644
--- a/examples/websocket.ign
+++ b/examples/websocket.ign
@@ -9,6 +9,8 @@
     <port>9002</port>
     <authorization_key>auth_key</authorization_key>
     <admin_authorization_key>admin_key</admin_authorization_key>
+    <ssl_cert_file>/home/nkoenig/localhost.cert</ssl_cert_file>
+    <ssl_private_key_file>/home/nkoenig/localhost.key</ssl_private_key_file>
   </plugin>
 
 </ignition>
diff --git a/plugins/websocket_server/WebsocketServer.cc b/plugins/websocket_server/WebsocketServer.cc
index b2e2b64b..ea3f6942 100644
--- a/plugins/websocket_server/WebsocketServer.cc
+++ b/plugins/websocket_server/WebsocketServer.cc
@@ -62,6 +62,13 @@ int rootCallback(struct lws *_wsi,
     return 0;
 
   int fd = lws_get_socket_fd(_wsi);
+  std::cout << "Here[" << _reason << "]\n";
+
+  /*struct per_vhost_data__minimal *vhd =
+    (struct per_vhost_data__minimal *)
+    lws_protocol_vh_priv_get(lws_get_vhost(_wsi),
+        lws_get_protocol(_wsi));
+        */
 
   // std::lock_guard<std::mutex> mainLock(self->mutex);
   switch (_reason)
@@ -119,6 +126,11 @@ int rootCallback(struct lws *_wsi,
       self->OnMessage(fd, std::string((const char *)_in));
       break;
 
+    case LWS_CALLBACK_PROTOCOL_INIT:
+      igndbg << "LWS_CALLBACK_PROTOCOL_INIT\n";
+      break;
+
+
     default:
       // Do nothing on default.
       break;
@@ -206,6 +218,22 @@ bool WebsocketServer::Load(const tinyxml2::XMLElement *_elem)
   }
   igndbg << "Using port[" << port << "]\n";
 
+  std::string sslCertFile = "";
+  // Get the ssl cert file, if present.
+  elem = _elem->FirstChildElement("ssl_cert_file");
+  if (elem)
+  {
+    sslCertFile = elem->GetText();
+  }
+
+  std::string sslPrivateKeyFile = "";
+  // Get the ssl private key file, if present.
+  elem = _elem->FirstChildElement("ssl_private_key_file");
+  if (elem)
+  {
+    sslPrivateKeyFile = elem->GetText();
+  }
+
   // All of the protocols handled by this websocket server.
   this->protocols.push_back(
     {
@@ -239,9 +267,15 @@ bool WebsocketServer::Load(const tinyxml2::XMLElement *_elem)
   info.port = port;
   info.iface = NULL;
   info.protocols = &this->protocols[0];
-  // We are not using SSL right now
-  info.ssl_cert_filepath        = NULL;
-  info.ssl_private_key_filepath = NULL;
+
+  if (!sslCertFile.empty() && !sslPrivateKeyFile.empty())
+  {
+    std::cout << "SSL!!\n";
+    info.options = LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT;
+    info.options |= LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT;
+    info.ssl_cert_filepath        = sslCertFile.c_str();
+    info.ssl_private_key_filepath = sslPrivateKeyFile.c_str();
+  }
 
   // keep alive time of  60 seconds
   info.ka_time = 60;
diff --git a/plugins/websocket_server/index.html b/plugins/websocket_server/index.html
index f5cedadf..a22be96b 100644
--- a/plugins/websocket_server/index.html
+++ b/plugins/websocket_server/index.html
@@ -11,7 +11,7 @@
   <script>
     // Create the Connection to the Ignition websocket server
     var ign = new Ignition({
-      url: 'ws://localhost:9002',
+      url: 'wss://localhost:9002',
       key: "auth_key"
     });
 

From dd722b18b9b994ee12536b455d59fe6be118da49 Mon Sep 17 00:00:00 2001
From: Nate Koenig <nate@openrobotics.org>
Date: Fri, 12 Jun 2020 11:54:12 -0700
Subject: [PATCH 2/7] Support for SSL connections.

Signed-off-by: Nate Koenig <nate@openrobotics.org>
---
 examples/websocket.ign                      | 14 ++++-
 plugins/websocket_server/README.md          | 25 ++++++++
 plugins/websocket_server/WebsocketServer.cc | 63 ++++++++++++++-------
 plugins/websocket_server/WebsocketServer.hh | 17 ++++++
 plugins/websocket_server/ign.js             |  2 -
 plugins/websocket_server/index.html         |  4 ++
 6 files changed, 99 insertions(+), 26 deletions(-)

diff --git a/examples/websocket.ign b/examples/websocket.ign
index bc76717a..a8b6b8f0 100644
--- a/examples/websocket.ign
+++ b/examples/websocket.ign
@@ -9,8 +9,18 @@
     <port>9002</port>
     <authorization_key>auth_key</authorization_key>
     <admin_authorization_key>admin_key</admin_authorization_key>
-    <ssl_cert_file>/home/nkoenig/localhost.cert</ssl_cert_file>
-    <ssl_private_key_file>/home/nkoenig/localhost.key</ssl_private_key_file>
+
+    <!-- SSL configuration -->
+    <!-- Specify the path to both the certificate and private key. -->
+    <!-- Sample self-signed SSL certifacts are located in the
+         `plugins/websocket_server/` directory with the names `localhost.cert`
+         and `localhost.key`. -->
+    <ssl>
+      <!--
+      <cert_file>PATH_TO_CERT_FILE</cert_file>
+      <private_key_file>PATH_TO_KEY_FILE</private_key_file>
+-->
+    </ssl>
   </plugin>
 
 </ignition>
diff --git a/plugins/websocket_server/README.md b/plugins/websocket_server/README.md
index 0ff7beba..88aa3986 100644
--- a/plugins/websocket_server/README.md
+++ b/plugins/websocket_server/README.md
@@ -32,3 +32,28 @@ ign launch -f examples/websocket.ign -v 4
 ```
 firefox plugins/websocket_server/index.html
 ```
+
+# SSL
+
+1. Use the `localhost.cert` and `localhost.key` files for testing purposes.
+Configure the websocket plugin using:
+
+```
+  <ssl>
+    <cert_file>PATH_TO_localhost.cert</cert_file>
+    <private_key_file>PATH_TO_localhost.key</private_key_file>
+  </ssl>
+```
+
+2. Run the plugin.
+
+3. Run a browser, such as firefox, with the `index.html` file.
+
+```
+firefox index.html
+```
+
+4. Open another browser tab, and go to `https://localhost:9002`. Accept the
+   certificate.
+
+5. Refresh the `index.html` browser tab.
diff --git a/plugins/websocket_server/WebsocketServer.cc b/plugins/websocket_server/WebsocketServer.cc
index ea3f6942..d84079f7 100644
--- a/plugins/websocket_server/WebsocketServer.cc
+++ b/plugins/websocket_server/WebsocketServer.cc
@@ -62,13 +62,6 @@ int rootCallback(struct lws *_wsi,
     return 0;
 
   int fd = lws_get_socket_fd(_wsi);
-  std::cout << "Here[" << _reason << "]\n";
-
-  /*struct per_vhost_data__minimal *vhd =
-    (struct per_vhost_data__minimal *)
-    lws_protocol_vh_priv_get(lws_get_vhost(_wsi),
-        lws_get_protocol(_wsi));
-        */
 
   // std::lock_guard<std::mutex> mainLock(self->mutex);
   switch (_reason)
@@ -219,19 +212,21 @@ bool WebsocketServer::Load(const tinyxml2::XMLElement *_elem)
   igndbg << "Using port[" << port << "]\n";
 
   std::string sslCertFile = "";
-  // Get the ssl cert file, if present.
-  elem = _elem->FirstChildElement("ssl_cert_file");
-  if (elem)
-  {
-    sslCertFile = elem->GetText();
-  }
-
   std::string sslPrivateKeyFile = "";
-  // Get the ssl private key file, if present.
-  elem = _elem->FirstChildElement("ssl_private_key_file");
+  elem = _elem->FirstChildElement("ssl");
   if (elem)
   {
-    sslPrivateKeyFile = elem->GetText();
+    // Get the ssl cert file, if present.
+    const tinyxml2::XMLElement *certElem =
+      elem->FirstChildElement("cert_file");
+    if (certElem)
+      sslCertFile = certElem->GetText();
+
+    // Get the ssl private key file, if present.
+    const tinyxml2::XMLElement *keyElem =
+      elem->FirstChildElement("private_key_file");
+    if (keyElem)
+      sslPrivateKeyFile = keyElem->GetText();
   }
 
   // All of the protocols handled by this websocket server.
@@ -258,7 +253,6 @@ bool WebsocketServer::Load(const tinyxml2::XMLElement *_elem)
   // The terminator
   this->protocols.push_back({NULL, NULL, 0, 0, 0, 0 });
 
-
   // We will handle logging
   lws_set_log_level( 0, lwsl_emit_syslog);
 
@@ -270,12 +264,37 @@ bool WebsocketServer::Load(const tinyxml2::XMLElement *_elem)
 
   if (!sslCertFile.empty() && !sslPrivateKeyFile.empty())
   {
-    std::cout << "SSL!!\n";
-    info.options = LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT;
-    info.options |= LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT;
-    info.ssl_cert_filepath        = sslCertFile.c_str();
+
+    // Fail if the certificate file cannot be opened.
+    if (!ignition::common::exists(sslCertFile))
+    {
+      ignerr << "SSL certificate file[" << sslCertFile
+        << "] does not exist. Quitting.\n";
+      return false;
+    }
+
+    // Fail if the private key file cannot be opened.
+    if (!ignition::common::exists(sslPrivateKeyFile))
+    {
+      ignerr << "SSL private key file[" << sslPrivateKeyFile
+        << "] does not exist. Quitting.\n";
+      return false;
+    }
+
+    // Store SSL configuration.
+    info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT;
+    info.ssl_cert_filepath = sslCertFile.c_str();
     info.ssl_private_key_filepath = sslPrivateKeyFile.c_str();
   }
+  else if (!sslCertFile.empty() || !sslPrivateKeyFile.empty())
+  {
+    ignwarn << "Partial SSL configuration specified. Please specify: "
+    << "\t<ssl>\n"
+    << "\t  <cert_file>PATH_TO_CERT_FILE</cert_file>\n"
+    << "\t  <private_key_file>PATH_TO_KEY_FILE</private_key_file>\n"
+    << "\t</ssl>.\n"
+    << "Continuing without SSL.\n";
+  }
 
   // keep alive time of  60 seconds
   info.ka_time = 60;
diff --git a/plugins/websocket_server/WebsocketServer.hh b/plugins/websocket_server/WebsocketServer.hh
index f4b16c2e..f96e18b1 100644
--- a/plugins/websocket_server/WebsocketServer.hh
+++ b/plugins/websocket_server/WebsocketServer.hh
@@ -52,6 +52,23 @@ namespace ignition
     /// "auth" call on the websocket. If the <authorization_key> is set, then
     /// the connection can provide that key.
     ///
+    /// * <ssl> : Element that contains SSL configuration. For teting
+    ///           purposes you can create self-signed SSL certificates. Run
+    ///
+    /// ```
+    /// openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+    /// -keyout server.key -out server.cert
+    /// ```
+    ///
+    ///  Use "localhost" for the  "Common Name" question. If you are testing
+    ///  with a browser, first navigate to "https://localhost:<port>" and
+    ///  accept the self-signed certificate.
+    ///
+    ///     * <cert_file>: Child element of <ssl> that contains the path to
+    ///                     the SSL certificate file.
+    ///     * <private_key_file>: Child element of <ssl> that contains the path
+    ///                           to SSL private key file.
+    ///
     /// # Websocket Server Interface
     ///
     /// The websocket server listens for incoming requests and sends
diff --git a/plugins/websocket_server/ign.js b/plugins/websocket_server/ign.js
index 92cf9624..9cb622d6 100644
--- a/plugins/websocket_server/ign.js
+++ b/plugins/websocket_server/ign.js
@@ -53,7 +53,6 @@ Ignition.prototype.connect = function(url, key) {
   /// \brief Emits a 'connection' event on WebSocket connection.
   /// \param event - the argument to emit with the event.
   function onOpen(event) {
-    console.log(key);
     that.socket.send(buildMsg(['auth','','',key]));
   }
 
@@ -82,7 +81,6 @@ Ignition.prototype.connect = function(url, key) {
       f.onloadend = function(event) {
         // This is the proto message data
         var contents = event.target.result;
-        console.log(contents);
         if (contents == "authorized") {
           that.socket.send(buildMsg(["protos",'','','']));
         }
diff --git a/plugins/websocket_server/index.html b/plugins/websocket_server/index.html
index a22be96b..0535a9bf 100644
--- a/plugins/websocket_server/index.html
+++ b/plugins/websocket_server/index.html
@@ -10,6 +10,10 @@
 
   <script>
     // Create the Connection to the Ignition websocket server
+    // This configuration uses SSL and authentication. You can disable both
+    // by replacing `wss://` with `ws://` and remove the `key` parameter.
+    // Make sure to also disable SSL and authentication in the
+    // websocket_server plugin.
     var ign = new Ignition({
       url: 'wss://localhost:9002',
       key: "auth_key"

From b509d4bbcdf9fd78128317f13e5255e515c0eece Mon Sep 17 00:00:00 2001
From: Nate Koenig <nate@openrobotics.org>
Date: Fri, 12 Jun 2020 12:00:13 -0700
Subject: [PATCH 3/7] Documentation

Signed-off-by: Nate Koenig <nate@openrobotics.org>
---
 .gitignore                                  | 1 +
 Changelog.md                                | 5 +++++
 examples/websocket.ign                      | 6 ++----
 plugins/websocket_server/README.md          | 7 +++++++
 plugins/websocket_server/WebsocketServer.cc | 7 +------
 plugins/websocket_server/WebsocketServer.hh | 8 ++++----
 6 files changed, 20 insertions(+), 14 deletions(-)

diff --git a/.gitignore b/.gitignore
index a284da73..b38f094a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,7 @@ build-*
 .DS_Store
 *.swp
 *.swo
+*.bak
 
 # C++ compiler generated files
 *.gch
diff --git a/Changelog.md b/Changelog.md
index 474a6d00..1216326a 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,5 +1,10 @@
 ## Ignition Launch 1.x
 
+### Ignition Launch 1.x.x (2020-xx-xx)
+
+1. Added SSL to websocket server.
+    * [Pull Request 34](https://github.com/ignitionrobotics/ign-launch/pull/34)
+
 ### Ignition Launch 1.6.0 (2020-06-11)
 
 1. Improved websockets by: adding simple authentication, access to
diff --git a/examples/websocket.ign b/examples/websocket.ign
index a8b6b8f0..c559d442 100644
--- a/examples/websocket.ign
+++ b/examples/websocket.ign
@@ -15,12 +15,10 @@
     <!-- Sample self-signed SSL certifacts are located in the
          `plugins/websocket_server/` directory with the names `localhost.cert`
          and `localhost.key`. -->
-    <ssl>
-      <!--
+    <!--<ssl>
       <cert_file>PATH_TO_CERT_FILE</cert_file>
       <private_key_file>PATH_TO_KEY_FILE</private_key_file>
--->
-    </ssl>
+    </ssl> -->
   </plugin>
 
 </ignition>
diff --git a/plugins/websocket_server/README.md b/plugins/websocket_server/README.md
index 88aa3986..94c18ac6 100644
--- a/plugins/websocket_server/README.md
+++ b/plugins/websocket_server/README.md
@@ -45,6 +45,13 @@ Configure the websocket plugin using:
   </ssl>
 ```
 
+   * You can create your own self-signed certificates using the following
+   command. Use "localhost" for the  "Common Name" question.
+
+   ```
+   openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.cert
+   ```
+
 2. Run the plugin.
 
 3. Run a browser, such as firefox, with the `index.html` file.
diff --git a/plugins/websocket_server/WebsocketServer.cc b/plugins/websocket_server/WebsocketServer.cc
index d84079f7..fbce05d8 100644
--- a/plugins/websocket_server/WebsocketServer.cc
+++ b/plugins/websocket_server/WebsocketServer.cc
@@ -119,11 +119,6 @@ int rootCallback(struct lws *_wsi,
       self->OnMessage(fd, std::string((const char *)_in));
       break;
 
-    case LWS_CALLBACK_PROTOCOL_INIT:
-      igndbg << "LWS_CALLBACK_PROTOCOL_INIT\n";
-      break;
-
-
     default:
       // Do nothing on default.
       break;
@@ -264,7 +259,6 @@ bool WebsocketServer::Load(const tinyxml2::XMLElement *_elem)
 
   if (!sslCertFile.empty() && !sslPrivateKeyFile.empty())
   {
-
     // Fail if the certificate file cannot be opened.
     if (!ignition::common::exists(sslCertFile))
     {
@@ -283,6 +277,7 @@ bool WebsocketServer::Load(const tinyxml2::XMLElement *_elem)
 
     // Store SSL configuration.
     info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT;
+
     info.ssl_cert_filepath = sslCertFile.c_str();
     info.ssl_private_key_filepath = sslPrivateKeyFile.c_str();
   }
diff --git a/plugins/websocket_server/WebsocketServer.hh b/plugins/websocket_server/WebsocketServer.hh
index f96e18b1..d67bef2d 100644
--- a/plugins/websocket_server/WebsocketServer.hh
+++ b/plugins/websocket_server/WebsocketServer.hh
@@ -52,7 +52,7 @@ namespace ignition
     /// "auth" call on the websocket. If the <authorization_key> is set, then
     /// the connection can provide that key.
     ///
-    /// * <ssl> : Element that contains SSL configuration. For teting
+    /// * <ssl> : Element that contains SSL configuration. For testing
     ///           purposes you can create self-signed SSL certificates. Run
     ///
     /// ```
@@ -83,7 +83,7 @@ namespace ignition
     ///
     /// The `operation` component is mandatory and must be one of:
     ///     1. "sub": Subscribe to the topic in the `topic_name` component,
-    ///     2. "pub": Publish a message from the Ingition Transport topic in
+    ///     2. "pub": Publish a message from the Ignition Transport topic in
     ///               the `topic_name` component,
     ///     3. "topics": Get the list of available topics, and
     ///     4. "protos": Get a string containing all the protobuf
@@ -98,7 +98,7 @@ namespace ignition
     /// "ignition.msgs.Clock".
     ///
     /// The `payload` component is mandatory for the "pub" operation. If
-    /// present, it contains a serialized string of an Igntion Message.
+    /// present, it contains a serialized string of an Ignition Message.
     ///
     /// ## Example frames
     ///
@@ -108,7 +108,7 @@ namespace ignition
     ///
     /// 3. Subscribe to the "/clock" topic: `sub,/clock,,`
     ///
-    /// 4. Websocker server publishing data on the "/clock" topic:
+    /// 4. Websocket server publishing data on the "/clock" topic:
     ///    `pub,/clock,ignition.msgs.Clock,<serialized_data>`
     ///
     /// # Example usage

From 64938733e812d64e7097d3cb4092bbcf7e641e71 Mon Sep 17 00:00:00 2001
From: Nate Koenig <nate@openrobotics.org>
Date: Fri, 12 Jun 2020 12:06:48 -0700
Subject: [PATCH 4/7] Added test cert and key

Signed-off-by: Nate Koenig <nate@openrobotics.org>
---
 plugins/websocket_server/localhost.cert | 20 ++++++++++++++++++
 plugins/websocket_server/localhost.key  | 28 +++++++++++++++++++++++++
 2 files changed, 48 insertions(+)
 create mode 100644 plugins/websocket_server/localhost.cert
 create mode 100644 plugins/websocket_server/localhost.key

diff --git a/plugins/websocket_server/localhost.cert b/plugins/websocket_server/localhost.cert
new file mode 100644
index 00000000..16d87cee
--- /dev/null
+++ b/plugins/websocket_server/localhost.cert
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIUBBdTdnPY/LDDrNhlhjxc0zo69pswDQYJKoZIhvcNAQEL
+BQAwPTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMSEwHwYDVQQKDBhJbnRlcm5l
+dCBXaWRnaXRzIFB0eSBMdGQwHhcNMjAwNjEyMTYxMjU0WhcNMjEwNjEyMTYxMjU0
+WjA9MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExITAfBgNVBAoMGEludGVybmV0
+IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANpw7gzpi0vgJKNNmcIeijQmJduEsmoLD79LTKeZ6HvqS6RbkhHT5WADPHIqAfUB
+xt+kHuX4CyfdgSidTbLlvfyCKRhkcLhS4GL0p+aZ2uKmb1Nff9jBZ0UMzZmtINgi
+bNhoXI/3jXHk5OzxbFcyiw9gawoQGk6Q4aPS0yiX5uXBpRoelDtScC9+ImW/x6B7
+4Lx30vPFjsBt+BSjmmcxeAQqybvOPM/pnlmeTalBTRoDojQwNrnkKJqGHP9tnFeT
+O0QNoY3//qw0fcT+IWnnXXh3q2dfR03Vk0ZE4vw1WBvSTZoKUJcAcJqzPicktDZg
+Jn4jJAse+oJUDvM6NcthBbUCAwEAAaNTMFEwHQYDVR0OBBYEFKN5TH7fFLjQE0wu
+rGk0D3XQFloRMB8GA1UdIwQYMBaAFKN5TH7fFLjQE0wurGk0D3XQFloRMA8GA1Ud
+EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEX24jK94I15zYG/9XIABLyP
+U5AtxS+Xq8wXwLgmhIp+9ST2Q5Ay0pGb7CcmMxCM9rd6G4Ob9HknV85c2PuCElE2
+Y+pxdvK9jnrGwoUJOEteOqJ0H9pD5OzBMBF5m1fC85fRUl3DS+Tq92aqCYcqzcRb
+K8DSJ2CZLF6XYWklhIs4m62kFjLMkdu9Ew+REGoaCzNW6vFW+E3MSOfJ+M3faP0Z
+8nNoUmVgJLIlGPc+3TUHLdbew33jfGXxs2vAno7BFPLYfYL4M0jKjpgsjbA/OtIE
+cqwNMVH6wH7vXe7+UAcXmRlwcRGGn0AaOn3neyqwfF4N4fX+JnleZe2WQCFk2F0=
+-----END CERTIFICATE-----
diff --git a/plugins/websocket_server/localhost.key b/plugins/websocket_server/localhost.key
new file mode 100644
index 00000000..b6b1b584
--- /dev/null
+++ b/plugins/websocket_server/localhost.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDacO4M6YtL4CSj
+TZnCHoo0JiXbhLJqCw+/S0ynmeh76kukW5IR0+VgAzxyKgH1AcbfpB7l+Asn3YEo
+nU2y5b38gikYZHC4UuBi9Kfmmdripm9TX3/YwWdFDM2ZrSDYImzYaFyP941x5OTs
+8WxXMosPYGsKEBpOkOGj0tMol+blwaUaHpQ7UnAvfiJlv8ege+C8d9LzxY7AbfgU
+o5pnMXgEKsm7zjzP6Z5Znk2pQU0aA6I0MDa55Ciahhz/bZxXkztEDaGN//6sNH3E
+/iFp5114d6tnX0dN1ZNGROL8NVgb0k2aClCXAHCasz4nJLQ2YCZ+IyQLHvqCVA7z
+OjXLYQW1AgMBAAECggEAXlLDSAoUnyfjSiy5Byx+yvPqBvcuv0GVhCm0qO55iABs
+t0TfNxmDg0kCcd2XyL8CrBFHUlAgKQ+ptOrv4R75Qa7GpgTA86a9w50XXyjybkol
+6h9jqiohOJzFruUmOI3s6ClwRq5DgnmvLG03NhPaHkKpFchMQ76l4EKp8W5eQrjl
+1dVf2n8e6VeGv3IJ2vRp8OimGMsimkfD1TYkmujaMFWhiab2qIraUkfWVexl1wiz
+EnYJgjlgQXNb983PiEVHn3KHQOQ7ecMztXeQgUgdAkbc5lR6nwHdMaAsneOuxyND
+aq9ZvvPz/cJayluxs4a/2CJG5qH2/ld8028WFGjpxQKBgQD5t2pQyzS3P/D5IW+l
+5hHPCmiZkRBzHv20/NCdusnjpLy0j6vKcRBE4rRFAMZzlJJtbtzskvBIStYFnNSs
+uG7k38hOfFFqc/2vFK++ybhooPL5NHirLFCW3FaRA0vawUxucc7zEtvZUgHOttiN
+6Us9rrmFuiS3lqGjnL+NoF9XZwKBgQDf8AzNTdcO89E5c2s2qUmOzWalqk502+/1
+QA/n+aMs6Le2GkzDKHVThRjn7ADohmxiLnpg+Tc/lohWm6LUX6OQokpiUTfsyqFz
+DZkGsvU2Jv2pOSOp29dANgd8FQHMylfkxCxhfBgwZPpFUmd8ovZ3JSJAj84XiDX+
+3WejFFrUgwKBgQDz2EMc+hFUEEBDRn87xNoHDubtblZd1Blyrp0YKNoUTT1oJBNg
+798vJSFbcFJZcu85pVReP24badhsSqTytHa1UEDNQ2BNT06dtNmYuGo24VPiPXbH
+z9IyPp7ZpBpiVvdHsiKgAf5kzEuvi6UTjohGh2PqTcak75aPqfTzW3M+aQKBgDMR
+6bmAgQU18YcqnU7P+KiKi1hIqK/Z4LWLsJT0x5PcVtk+0jbHqUos1ms91U8yKNGT
+S/GFpGXqDJnD0LSiQwkfGdumLhzgcUVt2nI+qdF5vuuyzkFUk5hfOgHAQLLVionv
+ezeYN2QCA1l/233/JDozy8Xxhcy0EaxYDeSRJc3FAoGBALXCAnIbgOYx44pDX1vH
+dIt7vvpdFxb9VtyQu7fRPc/3cUV5GTr4MmlWBQB3ud7EkrI3PzV7qw/r0kNVrlXO
+1fQpkSpm9vU/5R1E0rUlIleX3cOZpZj1KKkhzoD/6ggl24OBJPFzJaHIwJm6XqOX
+vfJziO3omKAY8aRAz+TDKWg/
+-----END PRIVATE KEY-----

From 3e6d85c73379abe1da21bd5384312625f98f7eba Mon Sep 17 00:00:00 2001
From: Nate Koenig <nate@openrobotics.org>
Date: Fri, 12 Jun 2020 12:09:56 -0700
Subject: [PATCH 5/7] Upgrade version

Signed-off-by: Nate Koenig <nate@openrobotics.org>
---
 CMakeLists.txt | 2 +-
 Changelog.md   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 35f5ee30..624f9778 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -3,7 +3,7 @@ cmake_minimum_required(VERSION 3.5.1 FATAL_ERROR)
 #============================================================================
 # Initialize the project
 #============================================================================
-project(ignition-launch1 VERSION 1.6.0)
+project(ignition-launch1 VERSION 1.7.0)
 
 #============================================================================
 # Find ignition-cmake
diff --git a/Changelog.md b/Changelog.md
index 1216326a..5d06878e 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,6 +1,6 @@
 ## Ignition Launch 1.x
 
-### Ignition Launch 1.x.x (2020-xx-xx)
+### Ignition Launch 1.7.0 (2020-06-15)
 
 1. Added SSL to websocket server.
     * [Pull Request 34](https://github.com/ignitionrobotics/ign-launch/pull/34)

From d98a03e33048c3507988c6b250c44cf39a917dc4 Mon Sep 17 00:00:00 2001
From: Nate Koenig <nate@openrobotics.org>
Date: Mon, 15 Jun 2020 08:54:42 -0700
Subject: [PATCH 6/7] Fix logic

Signed-off-by: Nate Koenig <nate@openrobotics.org>
---
 plugins/websocket_server/WebsocketServer.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/websocket_server/WebsocketServer.cc b/plugins/websocket_server/WebsocketServer.cc
index fbce05d8..03380093 100644
--- a/plugins/websocket_server/WebsocketServer.cc
+++ b/plugins/websocket_server/WebsocketServer.cc
@@ -281,7 +281,7 @@ bool WebsocketServer::Load(const tinyxml2::XMLElement *_elem)
     info.ssl_cert_filepath = sslCertFile.c_str();
     info.ssl_private_key_filepath = sslPrivateKeyFile.c_str();
   }
-  else if (!sslCertFile.empty() || !sslPrivateKeyFile.empty())
+  else if (sslCertFile.empty() || sslPrivateKeyFile.empty())
   {
     ignwarn << "Partial SSL configuration specified. Please specify: "
     << "\t<ssl>\n"

From 3273662291b6177336f27e665392898840d6b07a Mon Sep 17 00:00:00 2001
From: Nate Koenig <nate@openrobotics.org>
Date: Mon, 15 Jun 2020 09:05:35 -0700
Subject: [PATCH 7/7] Updated readme

Signed-off-by: Nate Koenig <nate@openrobotics.org>
---
 plugins/websocket_server/README.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/plugins/websocket_server/README.md b/plugins/websocket_server/README.md
index 94c18ac6..3f1f8c0d 100644
--- a/plugins/websocket_server/README.md
+++ b/plugins/websocket_server/README.md
@@ -33,6 +33,20 @@ ign launch -f examples/websocket.ign -v 4
 firefox plugins/websocket_server/index.html
 ```
 
+
+# Authorization
+
+The `websocket_server` plugin accepts to authentication keys:
+
+* `<authorization_key>` : If this is set, then a connection must provide the
+matching key using an "auth" call on the websocket. If the `<admin_authorization_key>` is set, then the connection can provide that key.
+
+* `<admin_authorization_key>` : If this is set, then a connection must provide the matching key using an "auth" call on the websocket. If the `<authorization_key>` is set, then the connection can provide that key.
+
+Two keys are used in order to support authorization of different users.
+A competition scenario may require admin access while prohibiting user
+access.
+
 # SSL
 
 1. Use the `localhost.cert` and `localhost.key` files for testing purposes.