Newer
Older
"crypto/tls"
"crypto/x509"
type LogFile struct {
Source string `json:"source"`
Body PushKSAKeyRequest `json:"body"`
}
type PushKSAKeyRequest struct {
RequestID string `json:"request_ID"`
ProcessID string `json:"process_ID"`
KSAKeys []KSAKey `json:"ksa_keys"`
}
type KSAKey struct {
KeyID string `json:"key_ID"`
Key string `json:"key"`
}
tlsCAFile := flag.String("ca", "", "Path to CA certificate file")
tlsCertFile := flag.String("cert", "", "Path to certificate file")
tlsKeyFile := flag.String("key", "", "Path to key file")
flag.Parse()
logrus.Info("Starting AKMS Simulator...")
router := http.NewServeMux()
router.HandleFunc("/api/v1/keys/push_ksa_key", handlePushKsaKey)
router.HandleFunc("/debug/get_log_file", logFileRequest)
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
server := &http.Server{
Addr: ":4444",
Handler: router,
}
if *tlsCAFile != "" && *tlsCertFile != "" && *tlsKeyFile != "" {
logrus.Info("TLS enabled")
cp := x509.NewCertPool()
b, err := os.ReadFile(*tlsCAFile)
if err != nil {
logrus.Fatalf("Error reading CA file: %s", err)
}
if !cp.AppendCertsFromPEM(b) {
logrus.Fatalf("Error appending certs from PEM")
}
cert, err := tls.LoadX509KeyPair(*tlsCertFile, *tlsKeyFile)
if err != nil {
logrus.Fatalf("Error loading X509 key pair: %s", err)
}
tlsConfig := &tls.Config{
MinVersion: tls.VersionTLS13,
ClientCAs: cp,
Certificates: []tls.Certificate{cert},
ClientAuth: tls.RequireAndVerifyClientCert,
}
server.TLSConfig = tlsConfig
logrus.Fatal(server.ListenAndServeTLS("", ""))
} else {
logrus.Fatal(server.ListenAndServe())
}
func logFileRequest(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodDelete {
if _, err := os.Stat("akms-simulator.log"); err == nil {
err := os.Remove("akms-simulator.log")
if err != nil {
logrus.Errorf("Error deleting log file: %s", err)
w.WriteHeader(http.StatusInternalServerError)
return
}
}
logrus.Info("Log file deleted or never existed in the first place")
w.WriteHeader(http.StatusNoContent)
return
} else if r.Method != http.MethodGet {
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
logrus.Errorf("Method not allowed: %s", r.Method)
return
}
logrus.Info("Log file requested")
http.ServeFile(w, r, "akms-simulator.log")
}
func handlePushKsaKey(w http.ResponseWriter, r *http.Request) {
if r.Method != http.MethodPost {
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
logrus.Errorf("Method not allowed: %s", r.Method)
body, err := io.ReadAll(r.Body)
if err != nil {
http.Error(w, "Failed to read request body", http.StatusInternalServerError)
logrus.Errorf("Failed to read request body: %s", err)
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
logstring := "Request came from: " + ip + "; Body: " + string(body)
logrus.Info(logstring)
var bodyObject PushKSAKeyRequest
err = json.Unmarshal(body, &bodyObject)
if err != nil {
logrus.Errorf("Error parsing body into PushKSAKeyRequest: %s", err)
return
}
logFile := LogFile{Source: ip, Body: bodyObject}
jsonLogFile, err := json.Marshal(logFile)
if err != nil {
logrus.Errorf("Error marshaling logFile: %s", err)
w.WriteHeader(http.StatusInternalServerError)
return
}
// Append jsonLogFile to akms-logfile.log
f, err := os.OpenFile("akms-simulator.log", os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
if err != nil {
logrus.Errorf("Error opening log file: %s", err)
w.WriteHeader(http.StatusInternalServerError)
return
}
defer f.Close() //nolint:errcheck
if _, err := f.Write(jsonLogFile); err != nil {
logrus.Errorf("Error writing to log file: %s", err)
w.WriteHeader(http.StatusInternalServerError)
return
}