diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index c77ba812240f8a8c87dca8b14cb2f9eca24b45af..cd96c21d9c3159fc769342210740624e6090d1d2 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -10,9 +10,9 @@
},
"features": {
"ghcr.io/devcontainers/features/go:1": {
- "version": "1.22"
+ "version": "1.23"
},
- "ghcr.io/devcontainers/features/docker-in-docker:2.11": {
+ "ghcr.io/devcontainers/features/docker-in-docker:2.12": {
"version": "latest",
"dockerDashComposeVersion": "v2"
}
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 99e2ea439a09001c9e5b297b1a2415bf31bdbe1a..0fb4d6b93505e4c94c767147e4bab50c4c031970 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -9,8 +9,8 @@ variables:
IMAGE_PATH: "${CI_REGISTRY_IMAGE}"
DQ_REGISTRY_PATH: "registry.code.fbi.h-da.de/demoquandt/qkdn-controller"
DQ_QUANT_INTEGRATION_REGISTRY_PATH: $DQ_REGISTRY_PATH/quant-integration
- GOLANG_VERSION: "1.22"
- GOLANG_MINOR_VERSION: "${GOLANG_VERSION}.6"
+ GOLANG_VERSION: "1.23"
+ GOLANG_MINOR_VERSION: "${GOLANG_VERSION}.0"
DOCKER_TLS_CERTDIR: "/certs"
@@ -141,7 +141,7 @@ build-etsi14module-latest:
# Analyze stage
lint:
stage: analyze
- image: ${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/golangci/golangci-lint:v1.60.1-alpine
+ image: ${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/golangci/golangci-lint:v1.61.0-alpine
script:
- apk add --update make
- echo "machine code.fbi.h-da.de login ${GITLAB_LOGIN} password ${GITLAB_TOKEN}" > ~/.netrc
diff --git a/.golangci.yml b/.golangci.yml
index 7fbcaa157a1e8f81e777bef54bd023887cc6a10b..9e9bf652f646af60a711f796f3cf1172da16cade 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,5 +1,5 @@
run:
- go: "1.22"
+ go: "1.23"
concurrency: 8
timeout: 20m
issues-exit-code: 1
@@ -53,7 +53,7 @@ linters:
- bidichk
- durationcheck
- errorlint
- - exportloopref
+ - copyloopvar
- grouper
- makezero
- misspell
diff --git a/Makefile b/Makefile
index 3df2e31e6198171a555ce5b1f5189b960aeb0e39..d74cc8042b311fbc198cd576d17137a49feb6a09 100644
--- a/Makefile
+++ b/Makefile
@@ -8,8 +8,8 @@ GOSDN_PRG := $(MAKEFILE_DIR)$(TOOLS_DIR)
GOPATH := $(~/go)
GOBIN := $(GOSDN_PRG)
-GOLANG_VERSION := 1.22
-GOLANGCI_LINT_VERSION=v1.60.1
+GOLANG_VERSION := 1.23
+GOLANGCI_LINT_VERSION=v1.60.2
GOCMD=CGO_ENABLED=0 go
GOBUILD=$(GOCMD) build
diff --git a/README.md b/README.md
index b882bb772934604a4bcd4d6616fd6624d90d5c53..d01e1542c3cbcb7e59083e7177c1fc0b9ce1b4a6 100644
--- a/README.md
+++ b/README.md
@@ -27,26 +27,27 @@ Id: "0ff33c82-7fe1-482b-a0ca-67565806ee4b" # ID of the kms
Name: kms01 # name of the kms
InterComAddr: 0.0.0.0:50910 # IP and port to bind the local gRPC server for inter KMS communication to
QuantumAddr: 0.0.0.0:50911 # IP and port to bind the local gRPC server for QKD modules to reach the KMS to (optional, only used for specific emulated or experimental QKD modules)
-AkmsURL: "http://172.100.20.22:4444/api/v1/keys/push_ksa_key" # address of the rest endpoint of a connected AKMS (used for sending KSA key to the AKMS).
-AkmsCkmsServerPort: "9696" # Port of connected AKMS
+AKMS:
+ RemoteAddress: "http://172.100.20.22:4444/api/v1/keys/push_ksa_key" # address of the rest endpoint of a connected AKMS (used for sending KSA key to the AKMS).
+ ServerPort: "9696" # Port of connected AKMS
+ ClientTLS: # Settings for TLS for akms ckms interface
+ Active: true # Whether TLS is enabled
+ CAFile: "ssl/ca.crt" # Path to ca
+ CertFile: "ssl/kms/kms1-selfsigned.crt" # Path to cert
+ KeyFile: "ssl/kms/kms1-selfsigned.key" # Path to key
+ ServerTLS:
+ Active: true # Whether TLS is enabled
+ CAFile: "ssl/ca.crt" # Path to ca
+ CertFile: "ssl/kms/kms1-selfsigned.crt" # Path to cert
+ KeyFile: "ssl/kms/kms1-selfsigned.key" # Path to key
GRPCTimeoutInSeconds: 10 # Time in seconds for timeout of gRPC connections as a client. Defaults to 10 seconds. Should not be set to 0 or negative values.
GnmiTLS: # Settings for TLS for gNMI endpoint. Can be overwritten with cli parameters.
- TLS: true # Whether TLS is enabled
+ Active: true # Whether TLS is enabled
CAFile: "ssl/ca.crt" # Path to ca
CertFile: "ssl/kms/kms1-selfsigned.crt" # Path to cert
KeyFile: "ssl/kms/kms1-selfsigned.key" # Path to key
KmsTLS: # Settings for TLS for inter KMS communication
- TLS: true # Whether TLS is enabled
- CAFile: "ssl/ca.crt" # Path to ca
- CertFile: "ssl/kms/kms1-selfsigned.crt" # Path to cert
- KeyFile: "ssl/kms/kms1-selfsigned.key" # Path to key
-QuantumModuleTLS: # Settings for TLS for quantum module communication
- TLS: true # Whether TLS is enabled
- CAFile: "ssl/ca.crt" # Path to ca
- CertFile: "ssl/kms/kms1-selfsigned.crt" # Path to cert
- KeyFile: "ssl/kms/kms1-selfsigned.key" # Path to key
-AkmsCkmsTLS: # Settings for TLS for akms ckms interface
- TLS: true # Whether TLS is enabled
+ Active: true # Whether TLS is enabled
CAFile: "ssl/ca.crt" # Path to ca
CertFile: "ssl/kms/kms1-selfsigned.crt" # Path to cert
KeyFile: "ssl/kms/kms1-selfsigned.key" # Path to key
@@ -57,6 +58,11 @@ Peers: # Peers to other goKMS
Type: danet # type of communication method between KMS (currently only danet supported)
QuantumModule: # Quantum module used for this peer
Type: emulated # Type of the quantum module e.g. emulated or etsi
+ TLS: # Settings for TLS for quantum module communication
+ Active: true # Whether TLS is enabled
+ CAFile: "ssl/ca.crt" # Path to ca
+ CertFile: "ssl/kms/kms1-selfsigned.crt" # Path to cert
+ KeyFile: "ssl/kms/kms1-selfsigned.key" # Path to key
Address: 172.100.20.14 # Address of the quantum module
Hostname: quantumlayer_1 # Optional addressing of the quantum module as hostname
# peer to goKMS03
diff --git a/akms-simulator/Dockerfile b/akms-simulator/Dockerfile
index 5e906fda6c66a3c925608257e33a4baac44fbc67..2bb8f1e8248007fe17bdee3c21af74939f65fce7 100644
--- a/akms-simulator/Dockerfile
+++ b/akms-simulator/Dockerfile
@@ -1,4 +1,4 @@
-ARG GOLANG_VERSION=1.22
+ARG GOLANG_VERSION=1.23
ARG BUILDARGS
ARG GITLAB_PROXY
diff --git a/akms-simulator/akms-simulator.go b/akms-simulator/akms-simulator.go
index a355c0e2cd8418c126db417fdf4740e96f7e3792..6edfe88c86a4a8bcb0360297b6ca6d7fa960a804 100644
--- a/akms-simulator/akms-simulator.go
+++ b/akms-simulator/akms-simulator.go
@@ -1,9 +1,11 @@
package main
import (
+ "crypto/tls"
+ "crypto/x509"
"encoding/json"
+ "flag"
"io"
- "log"
"net/http"
"os"
@@ -26,11 +28,53 @@ type KSAKey struct {
}
func main() {
+ tlsCAFile := flag.String("ca", "", "Path to CA certificate file")
+ tlsCertFile := flag.String("cert", "", "Path to certificate file")
+ tlsKeyFile := flag.String("key", "", "Path to key file")
+ flag.Parse()
+
logrus.Info("Starting AKMS Simulator...")
- http.HandleFunc("/api/v1/keys/push_ksa_key", handlePushKsaKey)
- http.HandleFunc("/debug/get_log_file", getLogFile)
- log.Fatal(http.ListenAndServe(":4444", nil))
+ router := http.NewServeMux()
+
+ router.HandleFunc("/api/v1/keys/push_ksa_key", handlePushKsaKey)
+ router.HandleFunc("/debug/get_log_file", getLogFile)
+
+ server := &http.Server{
+ Addr: ":4444",
+ Handler: router,
+ }
+
+ if *tlsCAFile != "" && *tlsCertFile != "" && *tlsKeyFile != "" {
+ logrus.Info("TLS enabled")
+ cp := x509.NewCertPool()
+ b, err := os.ReadFile(*tlsCAFile)
+ if err != nil {
+ logrus.Fatalf("Error reading CA file: %s", err)
+ }
+
+ if !cp.AppendCertsFromPEM(b) {
+ logrus.Fatalf("Error appending certs from PEM")
+ }
+
+ cert, err := tls.LoadX509KeyPair(*tlsCertFile, *tlsKeyFile)
+ if err != nil {
+ logrus.Fatalf("Error loading X509 key pair: %s", err)
+ }
+
+ tlsConfig := &tls.Config{
+ MinVersion: tls.VersionTLS13,
+ ClientCAs: cp,
+ Certificates: []tls.Certificate{cert},
+ ClientAuth: tls.RequireAndVerifyClientCert,
+ }
+
+ server.TLSConfig = tlsConfig
+
+ logrus.Fatal(server.ListenAndServeTLS("", ""))
+ } else {
+ logrus.Fatal(server.ListenAndServe())
+ }
}
func getLogFile(w http.ResponseWriter, r *http.Request) {
diff --git a/config/goKMS/example01.yaml b/config/goKMS/example01.yaml
index 30950bfbfcfc330fed3d93917971ffdf06c7c2f2..b38b9287fde47840bb4156d185d7b1cc38bbff6b 100644
--- a/config/goKMS/example01.yaml
+++ b/config/goKMS/example01.yaml
@@ -3,16 +3,17 @@ Name: kms01
InterComAddr: 0.0.0.0:50910
QuantumAddr: 0.0.0.0:50911
GRPCAddr: 0.0.0.0:50900
-AkmsURL: "http://akms-receiver01:4444/api/v1/keys/push_ksa_key"
-AkmsCkmsServerPort: "9696"
+AKMS:
+ RemoteAddress: "http://akms-receiver01:4444/api/v1/keys/push_ksa_key"
+ ServerPort: "9696"
GRPCTimeoutInSeconds: 600
KmsTLS:
- TLS: false
+ Active: false
CAFile: "ssl/ca.crt"
CertFile: "ssl/kms/kms1-selfsigned.crt"
KeyFile: "ssl/kms/kms1-selfsigned.key"
QuantumModuleTLS:
- TLS: false
+ Active: false
CAFile: "ssl/ca.crt"
CertFile: "ssl/kms/kms1-selfsigned.crt"
KeyFile: "ssl/kms/kms1-selfsigned.key"
diff --git a/config/goKMS/example02.yaml b/config/goKMS/example02.yaml
index f99a774eb1f385c570589923349b2773bfbeff14..c7c48a3edd28a2b6d599d55399b44f6c931f8146 100644
--- a/config/goKMS/example02.yaml
+++ b/config/goKMS/example02.yaml
@@ -5,12 +5,12 @@ QuantumAddr: 0.0.0.0:50911
GRPCAddr: 0.0.0.0:50900
GRPCTimeoutInSeconds: 600
KmsTLS:
- TLS: false
+ Active: false
CAFile: "ssl/ca.crt"
CertFile: "ssl/kms/kms2-selfsigned.crt"
KeyFile: "ssl/kms/kms2-selfsigned.key"
QuantumModuleTLS:
- TLS: false
+ Active: false
CAFile: "ssl/ca.crt"
CertFile: "ssl/kms/kms2-selfsigned.crt"
KeyFile: "ssl/kms/kms2-selfsigned.key"
diff --git a/config/goKMS/example03.yaml b/config/goKMS/example03.yaml
index fdf66fe2e2cf7b2418d7a757e466fc237b054640..cb3c2b89472167c7b92d705f629e245c5a851090 100644
--- a/config/goKMS/example03.yaml
+++ b/config/goKMS/example03.yaml
@@ -5,12 +5,12 @@ QuantumAddr: 0.0.0.0:50911
GRPCAddr: 0.0.0.0:50900
GRPCTimeoutInSeconds: 600
KmsTLS:
- TLS: false
+ Active: false
CAFile: "ssl/ca.crt"
CertFile: "ssl/kms/kms3-selfsigned.crt"
KeyFile: "ssl/kms/kms3-selfsigned.key"
QuantumModuleTLS:
- TLS: false
+ Active: false
CAFile: "ssl/ca.crt"
CertFile: "ssl/kms/kms3-selfsigned.crt"
KeyFile: "ssl/kms/kms3-selfsigned.key"
diff --git a/config/goKMS/example04.yaml b/config/goKMS/example04.yaml
index a52d54843e90bed22866ec0a8fcf88b34e85de62..fabc08d35b7fd7ecbe8ffcd27730dbfe3f906db1 100644
--- a/config/goKMS/example04.yaml
+++ b/config/goKMS/example04.yaml
@@ -3,16 +3,17 @@ Name: kms04
InterComAddr: 0.0.0.0:50910
QuantumAddr: 0.0.0.0:50911
GRPCAddr: 0.0.0.0:50900
-AkmsURL: "http://akms-receiver02:4444/api/v1/keys/push_ksa_key"
-AkmsCkmsServerPort: "9696"
+AKMS:
+ RemoteAddress: "http://akms-receiver02:4444/api/v1/keys/push_ksa_key"
+ ServerPort: "9696"
GRPCTimeoutInSeconds: 600
KmsTLS:
- TLS: false
+ Active: false
CAFile: "ssl/ca.crt"
CertFile: "ssl/kms/kms4-selfsigned.crt"
KeyFile: "ssl/kms/kms4-selfsigned.key"
QuantumModuleTLS:
- TLS: false
+ Active: false
CAFile: "ssl/ca.crt"
CertFile: "ssl/kms/kms4-selfsigned.crt"
KeyFile: "ssl/kms/kms4-selfsigned.key"
diff --git a/config/goKMS/small_kms_1.yaml b/config/goKMS/small_kms_1.yaml
index d72c9c7ffed421a9f55acd3f7f8e46f205721303..369b36edf86294297531247124be4067dc05cb91 100644
--- a/config/goKMS/small_kms_1.yaml
+++ b/config/goKMS/small_kms_1.yaml
@@ -1,17 +1,18 @@
-Id: '0ff33c82-7fe1-482b-a0ca-67565806ee4b'
+Id: "0ff33c82-7fe1-482b-a0ca-67565806ee4b"
Name: kms_1
InterComAddr: 0.0.0.0:50910
QuantumAddr: 0.0.0.0:50911
-AkmsURL: "http://akms-simulator_1:4444/api/v1/keys/push_ksa_key"
-AkmsCkmsServerPort: "9696"
+AKMS:
+ RemoteAddress: "http://akms-simulator_1:4444/api/v1/keys/push_ksa_key"
+ ServerPort: "9696"
Peers:
- # peer to kms_2
- - PeerId: '5e41c291-6121-4335-84f6-41e04b8bdaa2'
- PeerInterComAddr: kms_2:50910
- Type: danet
- # quantum module of type emulated at the given address
- QuantumModule:
- Type: emulated
- Hostname: quantumlayer_1
+ # peer to kms_2
+ - PeerId: "5e41c291-6121-4335-84f6-41e04b8bdaa2"
+ PeerInterComAddr: kms_2:50910
+ Type: danet
+ # quantum module of type emulated at the given address
+ QuantumModule:
+ Type: emulated
+ Hostname: quantumlayer_1
QkdnManagerServer:
Address: ":8090"
diff --git a/config/goKMS/small_kms_2.yaml b/config/goKMS/small_kms_2.yaml
index 98644c38291c13b775ae4f1d6c5032f582c5037a..241be8beb0762f027aa24b85b40a46a0c25c8380 100644
--- a/config/goKMS/small_kms_2.yaml
+++ b/config/goKMS/small_kms_2.yaml
@@ -1,17 +1,18 @@
-Id: '5e41c291-6121-4335-84f6-41e04b8bdaa2'
+Id: "5e41c291-6121-4335-84f6-41e04b8bdaa2"
Name: kms_2
InterComAddr: 0.0.0.0:50910
GRPCAddr: 0.0.0.0:50900
-AkmsURL: "http://akms-simulator_2:4444/api/v1/keys/push_ksa_key"
-AkmsCkmsServerPort: "9696"
+AKMS:
+ RemoteAddress: "http://akms-simulator_2:4444/api/v1/keys/push_ksa_key"
+ ServerPort: "9696"
Peers:
- # peer to kms_1
- - PeerId: '0ff33c82-7fe1-482b-a0ca-67565806ee4b'
- PeerInterComAddr: kms_1:50910
- Type: danet
- # quantum module of type emulated at the given address
- QuantumModule:
- Type: emulated
- Hostname: quantumlayer_2
+ # peer to kms_1
+ - PeerId: "0ff33c82-7fe1-482b-a0ca-67565806ee4b"
+ PeerInterComAddr: kms_1:50910
+ Type: danet
+ # quantum module of type emulated at the given address
+ QuantumModule:
+ Type: emulated
+ Hostname: quantumlayer_2
QkdnManagerServer:
Address: ":8090"
diff --git a/etsi14module/Dockerfile b/etsi14module/Dockerfile
index 5353cfb4ff7a3eced4a32eb561debe7bb21bef7a..865fcb2c8a0209045a369483c05d6b7cdaeeb85d 100644
--- a/etsi14module/Dockerfile
+++ b/etsi14module/Dockerfile
@@ -1,4 +1,4 @@
-ARG GOLANG_VERSION=1.22
+ARG GOLANG_VERSION=1.23
ARG BUILDARGS
ARG GITLAB_PROXY
diff --git a/go.mod b/go.mod
index f89d39727abb8fd1351cb174928bd1f3ccd769f2..5236d8d0e1a9b98bd716e5d738b208a97da0f258 100644
--- a/go.mod
+++ b/go.mod
@@ -1,13 +1,13 @@
module code.fbi.h-da.de/danet/quant
-go 1.22
+go 1.23
require (
code.fbi.h-da.de/danet/gnmi-target v0.0.0-20240402114917-f5441059d9a3
code.fbi.h-da.de/danet/quipsec/gen/go/quipsec v0.0.0-20231207135002-06d40645e073
github.com/google/uuid v1.6.0
github.com/gorilla/mux v1.8.1
- github.com/grpc-ecosystem/grpc-gateway/v2 v2.21.0
+ github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0
github.com/hashicorp/go-multierror v1.1.1
github.com/openconfig/gnmi v0.11.0
github.com/openconfig/goyang v1.6.0
@@ -16,9 +16,9 @@ require (
github.com/shirou/gopsutil v3.21.11+incompatible
github.com/sirupsen/logrus v1.9.3
github.com/stretchr/testify v1.9.0
- golang.org/x/sys v0.24.0
- google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142
- google.golang.org/grpc v1.65.0
+ golang.org/x/sys v0.25.0
+ google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1
+ google.golang.org/grpc v1.66.2
google.golang.org/protobuf v1.34.2
gopkg.in/yaml.v3 v3.0.1
)
@@ -38,6 +38,6 @@ require (
github.com/yusufpapurcu/wmi v1.2.4 // indirect
golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 // indirect
golang.org/x/net v0.26.0 // indirect
- golang.org/x/text v0.16.0 // indirect
- google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf // indirect
+ golang.org/x/text v0.17.0 // indirect
+ google.golang.org/genproto/googleapis/rpc v0.0.0-20240827150818-7e3bb234dfed // indirect
)
diff --git a/go.sum b/go.sum
index 8c87e93235cd6b4d1c9f819f66b47c34adff175b..b4c0cd8933260430641b290136390618c07c87a4 100644
--- a/go.sum
+++ b/go.sum
@@ -31,10 +31,6 @@ github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiU
github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE=
github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68=
-github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
-github.com/golang/glog v1.2.1 h1:OptwRhECazUx5ix5TTWC3EZhsZEHWcYWY4FQHTIubm4=
-github.com/golang/glog v1.2.1/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
github.com/golang/glog v1.2.2 h1:1+mZ9upx1Dh6FmUTFR1naJ77miKiXgALjWOZ3NVFPmY=
github.com/golang/glog v1.2.2/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
@@ -68,10 +64,8 @@ github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.21.0 h1:CWyXh/jylQWp2dtiV33mY4iSSp6yf4lmn+c7/tN+ObI=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.21.0/go.mod h1:nCLIt0w3Ept2NwF8ThLmrppXsfT07oC8k0XNDxd8sVU=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 h1:asbCHRVmodnJTuQ3qamDwqVOIjwqUPTYmYuemVOx+Ys=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0/go.mod h1:ggCgvZ2r7uOoQjOyu2Y1NhHmEPPzzuhWgcza5M1Ji1I=
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -88,16 +82,10 @@ github.com/openconfig/gnmi v0.10.0/go.mod h1:Y9os75GmSkhHw2wX8sMsxfI7qRGAEcDh8NT
github.com/openconfig/gnmi v0.11.0 h1:H7pLIb/o3xObu3+x0Fv9DCK7TH3FUh7mNwbYe+34hFw=
github.com/openconfig/gnmi v0.11.0/go.mod h1:9oJSQPPCpNvfMRj8e4ZoLVAw4wL8HyxXbiDlyuexCGU=
github.com/openconfig/goyang v0.0.0-20200115183954-d0a48929f0ea/go.mod h1:dhXaV0JgHJzdrHi2l+w0fZrwArtXL7jEFoiqLEdmkvU=
-github.com/openconfig/goyang v1.4.5 h1:+s3p3MeiPQ/QNsC5DL3MXhCp5cv4dag3vlGKCtszsRU=
-github.com/openconfig/goyang v1.4.5/go.mod h1:sdNZi/wdTZyLNBNfgLzmmbi7kISm7FskMDKKzMY+x1M=
-github.com/openconfig/goyang v1.5.0 h1:Xv0q1g258wKSklJJZxFY/tjvQ7sdt66IaTnZEZhetPY=
-github.com/openconfig/goyang v1.5.0/go.mod h1:sdNZi/wdTZyLNBNfgLzmmbi7kISm7FskMDKKzMY+x1M=
github.com/openconfig/goyang v1.6.0 h1:JjnPbLY1/y28VyTO67LsEV0TaLWNiZyDcsppGq4F4is=
github.com/openconfig/goyang v1.6.0/go.mod h1:sdNZi/wdTZyLNBNfgLzmmbi7kISm7FskMDKKzMY+x1M=
github.com/openconfig/grpctunnel v0.0.0-20220819142823-6f5422b8ca70/go.mod h1:OmTWe7RyZj2CIzIgy4ovEBzCLBJzRvWSZmn7u02U9gU=
github.com/openconfig/ygot v0.6.0/go.mod h1:o30svNf7O0xK+R35tlx95odkDmZWS9JyWWQSmIhqwAs=
-github.com/openconfig/ygot v0.29.19 h1:3bbAWbCBVjyjHgeROvT38LQ7pAxcjtm7C2vNVj/rvEE=
-github.com/openconfig/ygot v0.29.19/go.mod h1:8/FXt4tc5wSfYDEJbGGumxmxwJ55Xuv12oO/jCyEins=
github.com/openconfig/ygot v0.29.20 h1:XHLpwCN91QuKc2LAvnEqtCmH8OuxgLlErDhrdl2mJw8=
github.com/openconfig/ygot v0.29.20/go.mod h1:K8HbrPm/v8/emtGQ9+RsJXx6UPKC5JzS/FqK7pN+tMo=
github.com/pborman/getopt v1.1.0/go.mod h1:FxXoW1Re00sQG/+KIkuSqRL/LwQgSkv7uyac+STFsbk=
@@ -151,10 +139,6 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL
golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
-golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
-golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
-golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -176,22 +160,18 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
-golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
-golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
+golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
-golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
-golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
+golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -211,32 +191,12 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98
google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
google.golang.org/genproto v0.0.0-20210811021853-ddbe55d93216/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w=
-google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 h1:+rdxYoE3E5htTEWIe15GlN6IfvbURM//Jt0mmkmm6ZU=
-google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117/go.mod h1:OimBR/bc1wPO9iV4NC2bpyjy3VnAwZh5EBPQdtaE5oo=
-google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3 h1:QW9+G6Fir4VcRXVH8x3LilNAb6cxBGLa6+GM4hRwexE=
-google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3/go.mod h1:kdrSS/OiLkPrNUpzD4aHgCq2rVuC/YRxok32HXZ4vRE=
-google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 h1:MuYw1wJzT+ZkybKfaOXKp5hJiZDn2iHaXRw0mRYdHSc=
-google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4/go.mod h1:px9SlOOZBg1wM1zdnr8jEL4CNGUBZ+ZKYtNPApNQc4c=
-google.golang.org/genproto/googleapis/api v0.0.0-20240624140628-dc46fd24d27d h1:Aqf0fiIdUQEj0Gn9mKFFXoQfTTEaNopWpfVyYADxiSg=
-google.golang.org/genproto/googleapis/api v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:Od4k8V1LQSizPRUK4OzZ7TBE/20k+jPczUDAEyvn69Y=
-google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 h1:0+ozOGcrp+Y8Aq8TLNN2Aliibms5LEzsq99ZZmAGYm0=
-google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094/go.mod h1:fJ/e3If/Q67Mj99hin0hMhiNyCRmt6BQ2aWIJshUSJw=
-google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d h1:kHjw/5UfflP/L5EbledDrcG4C2597RtymmGRZvHiCuY=
-google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d/go.mod h1:mw8MG/Qz5wfgYr6VqVCiZcHe/GJEfI+oGGDCohaVgB0=
-google.golang.org/genproto/googleapis/api v0.0.0-20240722135656-d784300faade h1:WxZOF2yayUHpHSbUE6NMzumUzBxYc3YGwo0YHnbzsJY=
-google.golang.org/genproto/googleapis/api v0.0.0-20240722135656-d784300faade/go.mod h1:mw8MG/Qz5wfgYr6VqVCiZcHe/GJEfI+oGGDCohaVgB0=
-google.golang.org/genproto/googleapis/api v0.0.0-20240723171418-e6d459c13d2a h1:YIa/rzVqMEokBkPtydCkx1VLmv3An1Uw7w1P1m6EhOY=
-google.golang.org/genproto/googleapis/api v0.0.0-20240723171418-e6d459c13d2a/go.mod h1:AHT0dDg3SoMOgZGnZk29b5xTbPHMoEC8qthmBLJCpys=
-google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f h1:b1Ln/PG8orm0SsBbHZWke8dDp2lrCD4jSmfglFpTZbk=
-google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f/go.mod h1:AHT0dDg3SoMOgZGnZk29b5xTbPHMoEC8qthmBLJCpys=
-google.golang.org/genproto/googleapis/api v0.0.0-20240730163845-b1a4ccb954bf h1:GillM0Ef0pkZPIB+5iO6SDK+4T9pf6TpaYR6ICD5rVE=
-google.golang.org/genproto/googleapis/api v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:OFMYQFHJ4TM3JRlWDZhJbZfra2uqc3WLBZiaaqP4DtU=
-google.golang.org/genproto/googleapis/api v0.0.0-20240805194559-2c9e96a0b5d4 h1:ABEBT/sZ7We8zd7A5f3KO6zMQe+s3901H7l8Whhijt0=
-google.golang.org/genproto/googleapis/api v0.0.0-20240805194559-2c9e96a0b5d4/go.mod h1:4+X6GvPs+25wZKbQq9qyAXrwIRExv7w0Ea6MgZLZiDM=
-google.golang.org/genproto/googleapis/api v0.0.0-20240812133136-8ffd90a71988 h1:+/tmTy5zAieooKIXfzDm9KiA3Bv6JBwriRN9LY+yayk=
-google.golang.org/genproto/googleapis/api v0.0.0-20240812133136-8ffd90a71988/go.mod h1:4+X6GvPs+25wZKbQq9qyAXrwIRExv7w0Ea6MgZLZiDM=
-google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 h1:wKguEg1hsxI2/L3hUYrpo1RVi48K+uTyzKqprwLXsb8=
-google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142/go.mod h1:d6be+8HhtEtucleCbxpPW9PA9XwISACu8nvpPqF0BVo=
+google.golang.org/genproto/googleapis/api v0.0.0-20240820151423-278611b39280 h1:YDFM9oOjiFhaMAVgbDxfxW+66nRrsvzQzJ51wp3OxC0=
+google.golang.org/genproto/googleapis/api v0.0.0-20240820151423-278611b39280/go.mod h1:fO8wJzT2zbQbAjbIoos1285VfEIYKDDY+Dt+WpTkh6g=
+google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed h1:3RgNmBoI9MZhsj3QxC+AP/qQhNwpCLOvYDYYsFrhFt0=
+google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed/go.mod h1:OCdP9MfskevB/rbYvHTsXTtKC+3bHWajPdoKgjcYkfo=
+google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 h1:hjSy6tcFQZ171igDaN5QHOw2n6vx40juYbC/x67CEhc=
+google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:qpvKtACPCQhAdu3PyQgV4l3LMXZEtft7y8QcarRsp9I=
google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157 h1:Zy9XzmMEflZ/MAaA7vNcoebnRAld7FsPW1EeBB7V0m8=
google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0=
google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 h1:1GBuWVLM/KMVUv1t1En5Gs+gFZCNd360GGb4sSxtrhU=
@@ -255,6 +215,12 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20240725223205-93522f1f2a9f h1:
google.golang.org/genproto/googleapis/rpc v0.0.0-20240725223205-93522f1f2a9f/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf h1:liao9UHurZLtiEwBgT9LMOnKYsHze6eA6w1KQCMVN2Q=
google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 h1:e7S5W7MGGLaSu8j3YjdezkZ+m1/Nm0uRVRMEMGk26Xs=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240823204242-4ba0660f739c h1:Kqjm4WpoWvwhMPcrAczoTyMySQmYa9Wy2iL6Con4zn8=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240823204242-4ba0660f739c/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240827150818-7e3bb234dfed h1:J6izYgfBXAI3xTKLgxzTmUltdYaLsuBxFCgDHWJ/eXg=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240827150818-7e3bb234dfed/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
@@ -263,10 +229,14 @@ google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTp
google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY=
-google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg=
google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc=
google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ=
+google.golang.org/grpc v1.66.0 h1:DibZuoBznOxbDQxRINckZcUvnCEvrW9pcWIE2yF9r1c=
+google.golang.org/grpc v1.66.0/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y=
+google.golang.org/grpc v1.66.1 h1:hO5qAXR19+/Z44hmvIM4dQFMSYX9XcWsByfoxutBpAM=
+google.golang.org/grpc v1.66.1/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y=
+google.golang.org/grpc v1.66.2 h1:3QdXkuq3Bkh7w+ywLdLvM56cmGvQHUMZpiCzt6Rqaoo=
+google.golang.org/grpc v1.66.2/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y=
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
@@ -282,8 +252,6 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
-google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
-google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
diff --git a/goKMS/Dockerfile b/goKMS/Dockerfile
index 3bf984ab7f66488250e301b3e48acb4cc711326d..2ce288f03ff323f0e2ed64986a1075890a0abd5e 100644
--- a/goKMS/Dockerfile
+++ b/goKMS/Dockerfile
@@ -1,4 +1,4 @@
-ARG GOLANG_VERSION=1.22
+ARG GOLANG_VERSION=1.23
ARG BUILDARGS
ARG GITLAB_PROXY
diff --git a/goKMS/config/config.go b/goKMS/config/config.go
index 7b9aadc9b9ca5149b63bf577875ea6f00facae8d..7ea24a6cee7875a48aaa3810be9eeb0983c23258 100644
--- a/goKMS/config/config.go
+++ b/goKMS/config/config.go
@@ -11,19 +11,23 @@ type Config struct {
Name string `yaml:"Name"`
InterComAddr string `yaml:"InterComAddr"`
QuantumAddr string `yaml:"QuantumAddr"`
- AkmsURL string `yaml:"AkmsURL"`
- AkmsCkmsServerPort string `yaml:"AkmsCkmsServerPort"`
+ AKMS AKMS `yaml:"AKMS"`
GnmiBindAddress string `yaml:"GnmiBindAddress"`
+ KmsTLS TLSConfig `yaml:"KmsTLS"`
Peers []Peer `yaml:"Peers"`
GnmiTLS TLSConfig `yaml:"GnmiTLS"`
- KmsTLS TLSConfig `yaml:"KmsTLS"`
- QuantumModuleTLS TLSConfig `yaml:"QuantumModuleTLS"`
- AkmsCkmsTLS TLSConfig `yaml:"AkmsCkmsTLS"`
ETSI14Server *ETSI14Server `yaml:"ETSI14Server,omitempty"`
QkdnManagerServer *QkdnManagerServer `yaml:"QkdnManagerServer,omitempty"`
GRPCTimeoutInSeconds int `yaml:"GRPCTimeoutInSeconds"`
}
+type AKMS struct {
+ RemoteAddress string `yaml:"RemoteAddress"`
+ ServerPort string `yaml:"ServerPort"`
+ ServerTLS TLSConfig `yaml:"ServerTLS"`
+ ClientTLS TLSConfig `yaml:"ClientTLS"`
+}
+
type Peer struct {
PeerId string `yaml:"PeerId"`
PeerInterComAddr string `yaml:"PeerInterComAddr"`
@@ -32,22 +36,24 @@ type Peer struct {
}
type TLSConfig struct {
- TLS bool `yaml:"TLS"`
- CAFile string `yaml:"CAFile"`
- CertFile string `yaml:"CertFile"`
- KeyFile string `yaml:"KeyFile"`
+ Active bool `yaml:"Active"`
+ InsecureSkipVerify bool `yaml:"InsecureSkipVerify"`
+ CAFile string `yaml:"CAFile"`
+ CertFile string `yaml:"CertFile"`
+ KeyFile string `yaml:"KeyFile"`
}
type QuantumModule struct {
- QmType string `yaml:"Type"`
- Address string `yaml:"Address"`
- Hostname string `yaml:"Hostname"`
- LocalSAEID string `yaml:"LocalSAEID"`
- TargetSAEID string `yaml:"TargetSAEID"`
- MasterMode bool `yaml:"MasterMode"`
- KeyFetchInterval int `yaml:"KeyFetchInterval"`
- KeyFetchAmount int `yaml:"KeyFetchAmount"`
- MaxKeyFillLevel int `yaml:"MaxKeyFillLevel"`
+ QmType string `yaml:"Type"`
+ TLS TLSConfig `yaml:"TLS"`
+ Address string `yaml:"Address"`
+ Hostname string `yaml:"Hostname"`
+ LocalSAEID string `yaml:"LocalSAEID"`
+ TargetSAEID string `yaml:"TargetSAEID"`
+ MasterMode bool `yaml:"MasterMode"`
+ KeyFetchInterval int `yaml:"KeyFetchInterval"`
+ KeyFetchAmount int `yaml:"KeyFetchAmount"`
+ MaxKeyFillLevel int `yaml:"MaxKeyFillLevel"`
}
type ETSI14Server struct {
diff --git a/goKMS/kms/akms/client/client.go b/goKMS/kms/akmsInterface/client/client.go
similarity index 56%
rename from goKMS/kms/akms/client/client.go
rename to goKMS/kms/akmsInterface/client/client.go
index 6a1a075761dbf0bbed68da123d31398447fe8dda..19a58beb949213228442cc0c29f85c2d3478474c 100644
--- a/goKMS/kms/akms/client/client.go
+++ b/goKMS/kms/akmsInterface/client/client.go
@@ -3,20 +3,39 @@ package client
import (
"bytes"
"encoding/json"
+ "fmt"
+ "io"
"net/http"
+ "code.fbi.h-da.de/danet/quant/goKMS/config"
"code.fbi.h-da.de/danet/quant/goKMS/kms/crypto"
+ kmstls "code.fbi.h-da.de/danet/quant/goKMS/kms/tls"
"github.com/sirupsen/logrus"
)
type CkmsAkmsClient struct {
- url string
+ url string
+ httpClient *http.Client
}
-func NewCkmsAkmsClient(url string) *CkmsAkmsClient {
- return &CkmsAkmsClient{
- url: url,
+func NewCkmsAkmsClient(url string, tlsConfig config.TLSConfig) (*CkmsAkmsClient, error) {
+ client := &http.Client{}
+
+ if tlsConfig.Active {
+ tlsConf, err := kmstls.GenerateTLSLibraryConfig(tlsConfig)
+ if err != nil {
+ return nil, fmt.Errorf("unable to generate TLS config: %w", err)
+ }
+
+ client.Transport = &http.Transport{
+ TLSClientConfig: tlsConf,
+ }
}
+
+ return &CkmsAkmsClient{
+ url: url,
+ httpClient: client,
+ }, nil
}
type PushKSAKeyRequest struct {
@@ -38,9 +57,14 @@ func (c *CkmsAkmsClient) SendKSAKeysToRequestingInstances(requestID string, proc
return err
}
- resp, err := http.Post(c.url, "application/json", bytes.NewBuffer(jsonData))
+ logrus.Infof("Attempting to send KSA post request to AKMS with URL: %s", c.url)
+ resp, err := c.httpClient.Post(c.url, "application/json", bytes.NewBuffer(jsonData))
if err != nil {
- logrus.Errorf("Error sending POST request: %s", err)
+ body, err2 := io.ReadAll(resp.Body)
+ if err2 != nil {
+ logrus.Errorf("Error reading POST response body: %s", err2)
+ }
+ logrus.Errorf("Error sending POST request: %s, received response body: %s", err, string(body))
logrus.Errorf("Tried to send request: %s to url: %s", jsonData, c.url)
return err
}
diff --git a/goKMS/kms/akms/server/server.go b/goKMS/kms/akmsInterface/server/server.go
similarity index 80%
rename from goKMS/kms/akms/server/server.go
rename to goKMS/kms/akmsInterface/server/server.go
index 76e7e439053275d5d67aedec5f8b582a5d639d79..c80409afc2f906cf64c1e8624f9dfb82fea0fcce 100644
--- a/goKMS/kms/akms/server/server.go
+++ b/goKMS/kms/akmsInterface/server/server.go
@@ -6,17 +6,20 @@ import (
"net/http"
"time"
+ "code.fbi.h-da.de/danet/quant/goKMS/config"
"code.fbi.h-da.de/danet/quant/goKMS/kms/event"
"code.fbi.h-da.de/danet/quant/goKMS/kms/receiver"
+ kmstls "code.fbi.h-da.de/danet/quant/goKMS/kms/tls"
"github.com/google/uuid"
"github.com/sirupsen/logrus"
)
type AKMSReceiverServer struct {
- server *http.Server
+ server *http.Server
+ tlsConfig config.TLSConfig
}
-func NewAKMSReceiver(port string, eventBus *event.EventBus, receiver *receiver.Receiver, generateAndSend func(string, uuid.UUID, string, int) error) *AKMSReceiverServer {
+func NewAKMSReceiver(port string, eventBus *event.EventBus, receiver *receiver.Receiver, generateAndSend func(string, uuid.UUID, string, int) error, tlsConfig config.TLSConfig) (*AKMSReceiverServer, error) {
router := http.NewServeMux()
router.HandleFunc("/api/v1/keys/ksa_key_req", ksaReqHandler(eventBus, receiver, generateAndSend))
@@ -26,15 +29,28 @@ func NewAKMSReceiver(port string, eventBus *event.EventBus, receiver *receiver.R
Handler: router,
}
+ if tlsConfig.Active {
+ tlsLibraryConfig, err := kmstls.GenerateServerTLSLibraryConfig(tlsConfig)
+ if err != nil {
+ return nil, fmt.Errorf("unable to generate TLS config: %w", err)
+ }
+ server.TLSConfig = tlsLibraryConfig
+ }
+
AKMSReceiver := &AKMSReceiverServer{
- server: server,
+ server: server,
+ tlsConfig: tlsConfig,
}
- return AKMSReceiver
+ return AKMSReceiver, nil
}
func (akmsReceiver *AKMSReceiverServer) Serve() {
- go akmsReceiver.server.ListenAndServe() //nolint:errcheck
+ if akmsReceiver.tlsConfig.Active {
+ go akmsReceiver.server.ListenAndServeTLS("", "") //nolint:errcheck
+ } else {
+ go akmsReceiver.server.ListenAndServe() //nolint:errcheck
+ }
}
type KeyProperties struct {
diff --git a/goKMS/kms/crypto/crypto_test.go b/goKMS/kms/crypto/crypto_test.go
index 6c7afe7fab79cc2265d33fe2071d6b5129e5ecbb..24dc8bd21eec0ddf6c3d702de2364f9eb8ffb02a 100644
--- a/goKMS/kms/crypto/crypto_test.go
+++ b/goKMS/kms/crypto/crypto_test.go
@@ -46,7 +46,6 @@ func TestCrypto_AES_Encrypt(t *testing.T) {
}
for name, test := range tests {
- test := test
t.Run(name, func(t *testing.T) {
t.Parallel()
@@ -173,7 +172,6 @@ func TestCrypto_AES_Decrypt(t *testing.T) {
}
for name, test := range tests {
- test := test
t.Run(name, func(t *testing.T) {
t.Parallel()
diff --git a/goKMS/kms/kms.go b/goKMS/kms/kms.go
index 7ba5551d3974f63550919731a90b5d681ae710f4..b34e722a4a581f32c31ecd4ed988a4b2b9f07bdf 100644
--- a/goKMS/kms/kms.go
+++ b/goKMS/kms/kms.go
@@ -21,8 +21,8 @@ import (
pbIC "code.fbi.h-da.de/danet/quant/goKMS/api/gen/proto/go/kmsintercom"
"code.fbi.h-da.de/danet/quant/goKMS/config"
- akmsClient "code.fbi.h-da.de/danet/quant/goKMS/kms/akms/client"
- akmsServer "code.fbi.h-da.de/danet/quant/goKMS/kms/akms/server"
+ akmsInterfaceClient "code.fbi.h-da.de/danet/quant/goKMS/kms/akmsInterface/client"
+ akmsInterfaceServer "code.fbi.h-da.de/danet/quant/goKMS/kms/akmsInterface/server"
"code.fbi.h-da.de/danet/quant/goKMS/kms/crypto"
etsi14Server "code.fbi.h-da.de/danet/quant/goKMS/kms/etsi/etsi14/server"
"code.fbi.h-da.de/danet/quant/goKMS/kms/event"
@@ -82,8 +82,8 @@ type KMS struct {
eventBus *event.EventBus
receiver *receiver.Receiver
// Akms things
- ckmsAkmsClient *akmsClient.CkmsAkmsClient
- ckmsAkmsServer *akmsServer.AKMSReceiverServer
+ ckmsAkmsClient *akmsInterfaceClient.CkmsAkmsClient
+ ckmsAkmsServer *akmsInterfaceServer.AKMSReceiverServer
// ETSI14 Server things
etsi14Server *etsi14Server.ETSI14RESTService
keyStoreChannel chan []crypto.KSAKey
@@ -118,9 +118,13 @@ func NewKMS(kmsUUID uuid.UUID, logOutput io.Writer, logLevel log.Level, logInJso
log.SetReportCaller(false)
}
- var ckmsAkmsClient *akmsClient.CkmsAkmsClient
- if config.AkmsURL != "" {
- ckmsAkmsClient = akmsClient.NewCkmsAkmsClient(config.AkmsURL)
+ var ckmsAkmsClient *akmsInterfaceClient.CkmsAkmsClient
+ var err error
+ if config.AKMS.RemoteAddress != "" {
+ ckmsAkmsClient, err = akmsInterfaceClient.NewCkmsAkmsClient(config.AKMS.RemoteAddress, config.AKMS.ClientTLS)
+ if err != nil {
+ log.Fatalf("Failed to setup CkmsAkmsClient: %s", err)
+ }
}
gRPCTimeoutInSecondsDuration := time.Duration(config.GRPCTimeoutInSeconds) * time.Second
@@ -149,15 +153,18 @@ func NewKMS(kmsUUID uuid.UUID, logOutput io.Writer, logLevel log.Level, logInJso
go createdKMS.startGRPC()
// initialize from config
- err := createdKMS.initializePeers(config)
+ err = createdKMS.initializePeers(config)
if err != nil {
log.Fatalf("Failed to initialize peers: %s", err)
}
// Start the akmsCkmsReceiverServer
- if config.AkmsCkmsServerPort != "" {
- createdKMS.ckmsAkmsServer = akmsServer.NewAKMSReceiver(config.AkmsCkmsServerPort, createdKMS.eventBus, receiver, createdKMS.GenerateAndSendKSAKey)
- log.Infof("Starting AKMS receiver server on port: %s", config.AkmsCkmsServerPort)
+ if config.AKMS.ServerPort != "" {
+ createdKMS.ckmsAkmsServer, err = akmsInterfaceServer.NewAKMSReceiver(config.AKMS.ServerPort, createdKMS.eventBus, receiver, createdKMS.GenerateAndSendKSAKey, config.AKMS.ServerTLS)
+ if err != nil {
+ log.Fatalf("Failed to initialize CkmsAkmsServer: %s", err)
+ }
+ log.Infof("Starting AKMS receiver server on port: %s", config.AKMS.ServerPort)
go createdKMS.ckmsAkmsServer.Serve()
}
@@ -195,7 +202,7 @@ func (kms *KMS) initializePeers(config *config.Config) error {
qm = peers.NewDanetQuantumModule(pqm.Address, config.Id)
case "etsi":
qm, err = peers.NewETSI014HTTPQuantumModule(pqm.Address, config.Id, pqm.LocalSAEID, pqm.TargetSAEID,
- config.QuantumModuleTLS, pqm.MasterMode,
+ peer.QuantumModule.TLS, pqm.MasterMode,
peer.QuantumModule.KeyFetchInterval, int64(peer.QuantumModule.KeyFetchAmount), uint64(peer.QuantumModule.MaxKeyFillLevel))
if err != nil {
log.Fatalf("Failed to create ETSI QKD module: %s", err)
diff --git a/goKMS/kms/peers/etsi14Quantummodule.go b/goKMS/kms/peers/etsi14Quantummodule.go
index 6a7a037d7398d6c65e52918f05ace006c59a9ff8..11b21ee0cde4426e0e1878a0919092ac5d0fc06c 100644
--- a/goKMS/kms/peers/etsi14Quantummodule.go
+++ b/goKMS/kms/peers/etsi14Quantummodule.go
@@ -51,8 +51,8 @@ func NewETSI014HTTPQuantumModule(addr, kmsId, localSAEID, targetSAEID string, tl
Scheme: parsedUrl.Scheme,
}
- if tlsConfig.TLS {
- tlsConf, err := kmstls.GenerateTlsLibraryConfig(tlsConfig)
+ if tlsConfig.Active {
+ tlsConf, err := kmstls.GenerateTLSLibraryConfig(tlsConfig)
if err != nil {
return nil, fmt.Errorf("unable to generate TLS config: %w", err)
}
@@ -112,54 +112,13 @@ func (qm *ETSI014HTTPQuantumModule) Initialize() error {
// start polling keys
if qm.master {
go func() {
- ticker := time.NewTicker(time.Duration(qm.keyFetchInterval) * time.Second)
+ restartWaitingTime := time.Duration(2) * time.Minute
+ ticker := time.NewTicker(restartWaitingTime)
defer ticker.Stop()
- failedAttemps := 0
-
- // TODO: add context/channel to stop
- for {
- select {
- case <-ticker.C:
- if failedAttemps == maxFailedKeyRequestAttempts {
- log.Errorf("stopped trying to fetch keys from qkd module after %d tries", failedAttemps)
- break
- }
-
- if qm.keyStore.Length() < int(qm.maxKeyFillLevel) {
- container, err := qm.GetKeys(qm.keyFetchAmount, 256, nil, nil, nil)
- if err != nil {
- log.Error(err)
- failedAttemps++
- continue
- }
-
- keyIds := make([]string, len(container.GetKeys()))
- for i, keyItem := range container.GetKeys() {
- keyIds[i] = keyItem.GetKeyID()
- }
-
- _, err = qm.kmsClient.KeyIdNotification(context.Background(),
- &pbIC.KeyIdNotificationRequest{
- Timestamp: time.Now().Unix(),
- KmsId: qm.kmsId,
- KeyIds: keyIds,
- })
- if err != nil {
- log.Error(err)
- failedAttemps++
- continue
- }
-
- if err := store.AddETSIKeysToKeystore(qm.keyStore, container.GetKeys()); err != nil {
- log.Error(err)
- }
-
- failedAttemps = 0
- }
- case <-qm.stopFetch:
- break
- }
+ // immediately start with the ticker instead of waiting the defined amount
+ for ; true; <-ticker.C {
+ qm.doKeyFetching()
}
}()
}
@@ -225,3 +184,58 @@ func (qm *ETSI014HTTPQuantumModule) GetKeyWithIds(keyIds []etsi14ClientGenerated
return container, nil
}
+
+func (qm *ETSI014HTTPQuantumModule) doKeyFetching() {
+ ticker := time.NewTicker(time.Duration(qm.keyFetchInterval) * time.Second)
+ defer ticker.Stop()
+
+ failedAttemps := 0
+
+ for {
+ select {
+ case <-ticker.C:
+ if failedAttemps == maxFailedKeyRequestAttempts {
+ log.Errorf("stopped trying to fetch keys from qkd module after %d tries", failedAttemps)
+ break
+ }
+
+ if qm.keyStore.Length() < int(qm.maxKeyFillLevel) {
+ container, err := qm.GetKeys(qm.keyFetchAmount, 256, nil, nil, nil)
+ if err != nil {
+ log.Error(err)
+ failedAttemps++
+ continue
+ }
+
+ keyIds := make([]string, len(container.GetKeys()))
+ for i, keyItem := range container.GetKeys() {
+ keyIds[i] = keyItem.GetKeyID()
+ }
+
+ _, err = qm.kmsClient.KeyIdNotification(context.Background(),
+ &pbIC.KeyIdNotificationRequest{
+ Timestamp: time.Now().Unix(),
+ KmsId: qm.kmsId,
+ KeyIds: keyIds,
+ })
+ if err != nil {
+ log.Error(err)
+ failedAttemps++
+ continue
+ }
+
+ err = store.AddETSIKeysToKeystore(qm.keyStore, container.GetKeys())
+ if err != nil {
+ log.Error(err)
+ failedAttemps++
+ continue
+ }
+
+ failedAttemps = 0
+ }
+ case <-qm.stopFetch:
+ break
+ }
+ }
+
+}
diff --git a/goKMS/kms/tls/tls.go b/goKMS/kms/tls/tls.go
index df180446acf23f767906adeb4093f5f03923ec9b..040b819936df6033ad77f2f9323941eee4faa2aa 100644
--- a/goKMS/kms/tls/tls.go
+++ b/goKMS/kms/tls/tls.go
@@ -11,15 +11,15 @@ import (
"google.golang.org/grpc/credentials/insecure"
)
-func GenerateGRPCServerTransportCredsBasedOnTLSFlag(tlsData config.TLSConfig) (credentials.TransportCredentials, error) {
+func GenerateGRPCServerTransportCredsBasedOnTLSFlag(tlsConfig config.TLSConfig) (credentials.TransportCredentials, error) {
var gRPCTransportCreds credentials.TransportCredentials
- if tlsData.TLS {
- creds, err := generateGRPCServerTransportCredsWithTLS(tlsData.CAFile, tlsData.CertFile, tlsData.KeyFile)
+ if tlsConfig.Active {
+ tlsLibraryConfig, err := GenerateServerTLSLibraryConfig(tlsConfig)
if err != nil {
return nil, err
}
- gRPCTransportCreds = creds
+ gRPCTransportCreds = credentials.NewTLS(tlsLibraryConfig)
} else {
gRPCTransportCreds = insecure.NewCredentials()
}
@@ -27,9 +27,9 @@ func GenerateGRPCServerTransportCredsBasedOnTLSFlag(tlsData config.TLSConfig) (c
return gRPCTransportCreds, nil
}
-func generateGRPCServerTransportCredsWithTLS(caFile, certFile, keyFile string) (credentials.TransportCredentials, error) {
+func GenerateServerTLSLibraryConfig(tlsConfig config.TLSConfig) (*tls.Config, error) {
cp := x509.NewCertPool()
- b, err := os.ReadFile(caFile)
+ b, err := os.ReadFile(tlsConfig.CAFile)
if err != nil {
return nil, err
}
@@ -38,30 +38,28 @@ func generateGRPCServerTransportCredsWithTLS(caFile, certFile, keyFile string) (
return nil, fmt.Errorf("credentials: failed to append certificates")
}
- cert, err := tls.LoadX509KeyPair(certFile, keyFile)
+ cert, err := tls.LoadX509KeyPair(tlsConfig.CertFile, tlsConfig.KeyFile)
if err != nil {
return nil, err
}
- tlsConfig := &tls.Config{
+ return &tls.Config{
MinVersion: tls.VersionTLS13,
ClientCAs: cp,
Certificates: []tls.Certificate{cert},
ClientAuth: tls.RequireAndVerifyClientCert,
- }
-
- return credentials.NewTLS(tlsConfig), nil
+ }, nil
}
func GenerateGRPCClientTransportCredsBasedOnTLSFlag(tlsConfig config.TLSConfig) (credentials.TransportCredentials, error) {
var gRPCTransportCreds credentials.TransportCredentials
- if tlsConfig.TLS {
- creds, err := generateGRPCClientTransportCredsWithTLS(tlsConfig.CAFile, tlsConfig.CertFile, tlsConfig.KeyFile)
+ if tlsConfig.Active {
+ tlsLibraryConfig, err := GenerateTLSLibraryConfig(tlsConfig)
if err != nil {
return nil, err
}
- gRPCTransportCreds = creds
+ gRPCTransportCreds = credentials.NewTLS(tlsLibraryConfig)
} else {
gRPCTransportCreds = insecure.NewCredentials()
}
@@ -69,10 +67,10 @@ func GenerateGRPCClientTransportCredsBasedOnTLSFlag(tlsConfig config.TLSConfig)
return gRPCTransportCreds, nil
}
-func generateGRPCClientTransportCredsWithTLS(caFile, certFile, keyFile string) (credentials.TransportCredentials, error) {
+func GenerateTLSLibraryConfig(tlsConfig config.TLSConfig) (*tls.Config, error) {
cp := x509.NewCertPool()
- b, err := os.ReadFile(caFile)
+ b, err := os.ReadFile(tlsConfig.CAFile)
if err != nil {
return nil, err
}
@@ -80,38 +78,15 @@ func generateGRPCClientTransportCredsWithTLS(caFile, certFile, keyFile string) (
return nil, fmt.Errorf("credentials: failed to append certificates")
}
- cert, err := tls.LoadX509KeyPair(certFile, keyFile)
- if err != nil {
- return nil, err
- }
-
- tlsConfig := &tls.Config{
- MinVersion: tls.VersionTLS13,
- RootCAs: cp,
- Certificates: []tls.Certificate{cert},
- }
-
- return credentials.NewTLS(tlsConfig), nil
-}
-
-func GenerateTlsLibraryConfig(tlsConfig config.TLSConfig) (*tls.Config, error) {
- caCert, err := os.ReadFile(tlsConfig.CAFile)
- if err != nil {
- return nil, err
- }
- caCertPool := x509.NewCertPool()
- if !caCertPool.AppendCertsFromPEM(caCert) {
- return nil, fmt.Errorf("credentials: failed to append certificates")
- }
-
cert, err := tls.LoadX509KeyPair(tlsConfig.CertFile, tlsConfig.KeyFile)
if err != nil {
return nil, err
}
return &tls.Config{
- MinVersion: tls.VersionTLS13,
- RootCAs: caCertPool,
- Certificates: []tls.Certificate{cert},
+ MinVersion: tls.VersionTLS13,
+ RootCAs: cp,
+ Certificates: []tls.Certificate{cert},
+ InsecureSkipVerify: tlsConfig.InsecureSkipVerify,
}, nil
}
diff --git a/goKMS/main.go b/goKMS/main.go
index b9bbaa48d9da9d7a6bae6c24c01de2af2316ee20..88a12d748246c5fb5c0228f2ba4f551ff04060bc 100644
--- a/goKMS/main.go
+++ b/goKMS/main.go
@@ -149,7 +149,7 @@ func main() {
}
// The gnmiTarget implementation uses a flag to pass NO tls, so we have to invert our flag for it to work.
- gnmiInsecure := !kmsConfig.GnmiTLS.TLS
+ gnmiInsecure := !kmsConfig.GnmiTLS.Active
gnmitTarget := gnmitarget.NewGnmiTarget(schema, &gnmitargetygot.Gnmitarget{}, gnmitargetygot.ΓModelData, gnmitargetygot.Unmarshal, gnmitargetygot.ΛEnum, handlers...)
if err := gnmitTarget.Start(*gnmiBindAddress, kmsConfig.GnmiTLS.CertFile, kmsConfig.GnmiTLS.KeyFile, kmsConfig.GnmiTLS.CAFile, gnmiInsecure); err != nil {
log.Fatal(err)
@@ -160,24 +160,30 @@ func outputTlsSettings(config *config.Config) {
currentDirectory, _ := os.Getwd()
log.Debugf("current relative file path: %s", currentDirectory)
- log.Infof("TLS enabled for gNMI: %t", config.GnmiTLS.TLS)
- if config.GnmiTLS.TLS {
+ log.Infof("TLS enabled for gNMI: %t", config.GnmiTLS.Active)
+ if config.GnmiTLS.Active {
log.Infof("TLS filepaths for gNMI: ca: %s, cert: %s, key: %s", config.GnmiTLS.CAFile, config.GnmiTLS.CertFile, config.GnmiTLS.KeyFile)
}
- log.Infof("TLS enabled for KMS: %t", config.KmsTLS.TLS)
- if config.KmsTLS.TLS {
+ log.Infof("TLS enabled for KMS: %t", config.KmsTLS.Active)
+ if config.KmsTLS.Active {
log.Infof("TLS filepaths for KMS: ca: %s, cert: %s, key: %s", config.KmsTLS.CAFile, config.KmsTLS.CertFile, config.KmsTLS.KeyFile)
}
- log.Infof("TLS enabled for Quantum Module: %t", config.QuantumModuleTLS.TLS)
- if config.QuantumModuleTLS.TLS {
- log.Infof("TLS filepaths for Quantum Module: ca: %s, cert: %s, key: %s", config.QuantumModuleTLS.CAFile, config.QuantumModuleTLS.CertFile, config.QuantumModuleTLS.KeyFile)
+ for _, peer := range config.Peers {
+ log.Infof("TLS enabled for Quantum Module for peer %s: %t", peer.PeerId, peer.QuantumModule.TLS.Active)
+ if peer.QuantumModule.TLS.Active {
+ log.Infof("TLS filepaths for Quantum Module for peer %s: ca: %s, cert: %s, key: %s", peer.PeerId, peer.QuantumModule.TLS.CAFile, peer.QuantumModule.TLS.CertFile, peer.QuantumModule.TLS.KeyFile)
+ }
}
- log.Infof("TLS enabled for AKMS-CKMS interface: %t", config.AkmsCkmsTLS.TLS)
- if config.AkmsCkmsTLS.TLS {
- log.Infof("TLS filepaths for AKMS-CKMS interface: ca: %s, cert: %s, key: %s", config.AkmsCkmsTLS.CAFile, config.AkmsCkmsTLS.CertFile, config.AkmsCkmsTLS.KeyFile)
+ log.Infof("TLS enabled for AKMS-CKMS Client interface: %t", config.AKMS.ClientTLS.Active)
+ if config.AKMS.ClientTLS.Active {
+ log.Infof("TLS filepaths for AKMS-CKMS Client interface: ca: %s, cert: %s, key: %s", config.AKMS.ClientTLS.CAFile, config.AKMS.ClientTLS.CertFile, config.AKMS.ClientTLS.KeyFile)
+ }
+ log.Infof("TLS enabled for AKMS-CKMS Server interface: %t", config.AKMS.ServerTLS.Active)
+ if config.AKMS.ServerTLS.Active {
+ log.Infof("TLS filepaths for AKMS-CKMS Server interface: ca: %s, cert: %s, key: %s", config.AKMS.ServerTLS.CAFile, config.AKMS.ServerTLS.CertFile, config.AKMS.ServerTLS.KeyFile)
}
}
@@ -193,7 +199,7 @@ func isFlagPassed(name string) bool {
func overwriteConfigFieldsWithFlags(config *config.Config, gnmiBindAddress *string, gnmiTLS *bool, certFile *string, keyFile *string, caFile *string) {
if isFlagPassed("gnmiTLS") {
- config.GnmiTLS.TLS = *gnmiTLS
+ config.GnmiTLS.Active = *gnmiTLS
}
if isFlagPassed("gnmiBindAddress") {
diff --git a/integration-tests/code/getKSAKeyTest/getKSA_key_test.go b/integration-tests/code/getKSAKeyTest/getKSA_key_test.go
index e1e8464bc17dc1e113275a02c010f68cd3abf30f..8fcc70042d87d4cdaf3fb3fbf01d238f3e95f8f4 100644
--- a/integration-tests/code/getKSAKeyTest/getKSA_key_test.go
+++ b/integration-tests/code/getKSAKeyTest/getKSA_key_test.go
@@ -10,6 +10,8 @@ import (
"os"
"testing"
+ "code.fbi.h-da.de/danet/quant/goKMS/config"
+ kmstls "code.fbi.h-da.de/danet/quant/goKMS/kms/tls"
utils "code.fbi.h-da.de/danet/quant/integration-tests/code/integrationTestUtils"
"github.com/google/uuid"
"github.com/stretchr/testify/assert"
@@ -87,7 +89,14 @@ func TestGetKSAKey(t *testing.T) { //nolint:gocyclo
requestId := uuid.New().String()
- url := fmt.Sprintf("http://%s/api/v1/keys/ksa_key_req", kms1AkmsURL)
+ tlsConfig := config.TLSConfig{
+ Active: true,
+ CAFile: "../../../artifacts/integration-tests/ssl/ca.crt",
+ CertFile: "../../../artifacts/integration-tests/ssl/kms/kms2-selfsigned.crt",
+ KeyFile: "../../../artifacts/integration-tests/ssl/kms/kms2-selfsigned.key",
+ }
+
+ url := fmt.Sprintf("https://%s/api/v1/keys/ksa_key_req", kms1AkmsURL)
data := RequestData{
ReceivingCKMSID: "5e41c291-6121-4335-84f6-41e04b8bdaa2",
RequestID: requestId,
@@ -99,13 +108,22 @@ func TestGetKSAKey(t *testing.T) { //nolint:gocyclo
},
}
+ tlsConf, err := kmstls.GenerateTLSLibraryConfig(tlsConfig)
+ if err != nil {
+ t.Errorf("Error generating TLS config: %s", err)
+ }
+ transport := &http.Transport{
+ TLSClientConfig: tlsConf,
+ }
+ client := &http.Client{Transport: transport}
+
jsonData, err := json.Marshal(data)
if err != nil {
fmt.Println(err)
return
}
- resp, err := http.Post(url, "application/json", bytes.NewBuffer(jsonData))
+ resp, err := client.Post(url, "application/json", bytes.NewBuffer(jsonData))
if err != nil {
t.Errorf("Error making HTTP request: %s", err)
return
@@ -117,7 +135,7 @@ func TestGetKSAKey(t *testing.T) { //nolint:gocyclo
}
// Get logfile of akms
- resp, err = http.Get("http://" + logFileURL + "/debug/get_log_file")
+ resp, err = client.Get("https://" + logFileURL + "/debug/get_log_file")
if err != nil {
t.Errorf("Error making HTTP request: %s", err)
return
@@ -143,7 +161,23 @@ func TestGetKSAKey(t *testing.T) { //nolint:gocyclo
assert.NotNil(t, logFile.Body.KSAKeys[0].KeyID)
assert.NotNil(t, logFile.Body.KSAKeys[0].Key)
- resp, err = http.Get("http://" + logFileURL2 + "/debug/get_log_file")
+ tlsConfig = config.TLSConfig{
+ Active: true,
+ CAFile: "../../../artifacts/integration-tests/ssl/ca.crt",
+ CertFile: "../../../artifacts/integration-tests/ssl/kms/kms1-selfsigned.crt",
+ KeyFile: "../../../artifacts/integration-tests/ssl/kms/kms1-selfsigned.key",
+ }
+
+ tlsConf, err = kmstls.GenerateTLSLibraryConfig(tlsConfig)
+ if err != nil {
+ t.Errorf("Error generating TLS config: %s", err)
+ }
+ transport = &http.Transport{
+ TLSClientConfig: tlsConf,
+ }
+ client = &http.Client{Transport: transport}
+
+ resp, err = client.Get("https://" + logFileURL2 + "/debug/get_log_file")
if err != nil {
t.Errorf("Error making HTTP request: %s", err)
return
diff --git a/integration-tests/config/kms/kms_1.yaml b/integration-tests/config/kms/kms_1.yaml
index c65e69a22f8acdbaf30806f02d0dabc40b0dae84..1e071d561c0064683422460e1e638eceaeb6dacf 100644
--- a/integration-tests/config/kms/kms_1.yaml
+++ b/integration-tests/config/kms/kms_1.yaml
@@ -1,24 +1,35 @@
-Id: '0ff33c82-7fe1-482b-a0ca-67565806ee4b'
+Id: "0ff33c82-7fe1-482b-a0ca-67565806ee4b"
Name: kms01
InterComAddr: 0.0.0.0:50910
QuantumAddr: 0.0.0.0:50911
-AkmsURL: "http://akms-simulator_1:4444/api/v1/keys/push_ksa_key"
-AkmsCkmsServerPort: "9696"
+AKMS:
+ RemoteAddress: "https://akms-simulator_1:4444/api/v1/keys/push_ksa_key"
+ ServerPort: "9696"
+ ClientTLS:
+ Active: true
+ CAFile: "config/ssl/ca.crt"
+ CertFile: "config/ssl/kms/kms1-selfsigned.crt"
+ KeyFile: "config/ssl/kms/kms1-selfsigned.key"
+ ServerTLS:
+ Active: true
+ CAFile: "config/ssl/ca.crt"
+ CertFile: "config/ssl/kms/kms1-selfsigned.crt"
+ KeyFile: "config/ssl/kms/kms1-selfsigned.key"
GRPCTimeoutInSeconds: 600
KmsTLS:
- TLS: false
+ Active: false
CAFile: "config/ssl/ca.crt"
CertFile: "config/ssl/kms/kms1-selfsigned.crt"
KeyFile: "config/ssl/kms/kms1-selfsigned.key"
Peers:
- # peer to kms02
- - PeerId: '5e41c291-6121-4335-84f6-41e04b8bdaa2'
- PeerInterComAddr: kms02:50910
- Type: danet
- # quantum module of type emulated at the given address
- QuantumModule:
- Type: emulated
- Hostname: quantumlayer_1
+ # peer to kms02
+ - PeerId: "5e41c291-6121-4335-84f6-41e04b8bdaa2"
+ PeerInterComAddr: kms02:50910
+ Type: danet
+ # quantum module of type emulated at the given address
+ QuantumModule:
+ Type: emulated
+ Hostname: quantumlayer_1
ETSI14Server:
Address: ":1414"
RemoteCKMSID: "5e41c291-6121-4335-84f6-41e04b8bdaa2"
diff --git a/integration-tests/config/kms/kms_2.yaml b/integration-tests/config/kms/kms_2.yaml
index 3b8f226c18a2c99803a7dd1cc5f2819c4077147a..58c54adee5ecd726acbb3785ad24970d7c7b25a4 100644
--- a/integration-tests/config/kms/kms_2.yaml
+++ b/integration-tests/config/kms/kms_2.yaml
@@ -1,24 +1,35 @@
-Id: '5e41c291-6121-4335-84f6-41e04b8bdaa2'
+Id: "5e41c291-6121-4335-84f6-41e04b8bdaa2"
Name: kms02
InterComAddr: 0.0.0.0:50910
QuantumAddr: 0.0.0.0:50911
-AkmsURL: "http://akms-simulator_2:4444/api/v1/keys/push_ksa_key"
-AkmsCkmsServerPort: "9696"
+AKMS:
+ RemoteAddress: "https://akms-simulator_2:4444/api/v1/keys/push_ksa_key"
+ ServerPort: "9696"
+ ClientTLS:
+ Active: true
+ CAFile: "config/ssl/ca.crt"
+ CertFile: "config/ssl/kms/kms2-selfsigned.crt"
+ KeyFile: "config/ssl/kms/kms2-selfsigned.key"
+ ServerTLS:
+ Active: true
+ CAFile: "config/ssl/ca.crt"
+ CertFile: "config/ssl/kms/kms2-selfsigned.crt"
+ KeyFile: "config/ssl/kms/kms2-selfsigned.key"
GRPCTimeoutInSeconds: 600
KmsTLS:
- TLS: false
+ Active: false
CAFile: "config/ssl/ca.crt"
CertFile: "config/ssl/kms/kms2-selfsigned.crt"
KeyFile: "config/ssl/kms/kms2-selfsigned.key"
Peers:
- # peer to kms01
- - PeerId: '0ff33c82-7fe1-482b-a0ca-67565806ee4b'
- PeerInterComAddr: kms01:50910
- Type: danet
- # quantum module of type emulated at the given address
- QuantumModule:
- Type: emulated
- Hostname: quantumlayer_2
+ # peer to kms01
+ - PeerId: "0ff33c82-7fe1-482b-a0ca-67565806ee4b"
+ PeerInterComAddr: kms01:50910
+ Type: danet
+ # quantum module of type emulated at the given address
+ QuantumModule:
+ Type: emulated
+ Hostname: quantumlayer_2
ETSI14Server:
Address: ":1414"
RemoteCKMSID: "0ff33c82-7fe1-482b-a0ca-67565806ee4b"
diff --git a/integration-tests/config/kms/tlsConfigs/kms1ReqConfig.txt b/integration-tests/config/kms/tlsConfigs/kms1ReqConfig.txt
index 7171d5753bec78b113c77faafd7194979b97a7d8..4d46bd8d2890ae890d1952dd394bdd3ddf1fceb3 100644
--- a/integration-tests/config/kms/tlsConfigs/kms1ReqConfig.txt
+++ b/integration-tests/config/kms/tlsConfigs/kms1ReqConfig.txt
@@ -13,4 +13,7 @@ keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = @alt_names
[alt_names]
+IP.1 = 127.0.0.1
DNS.1 = kms01
+DNS.2 = akms-simulator_1
+DNS.3 = akms-simulator_2
diff --git a/integration-tests/config/kms/tlsConfigs/kms2ReqConfig.txt b/integration-tests/config/kms/tlsConfigs/kms2ReqConfig.txt
index c990896c7f806945b55abde73504b112cab07e82..8701d1e000f4221d56e18c83cc0bb67e90db29bf 100644
--- a/integration-tests/config/kms/tlsConfigs/kms2ReqConfig.txt
+++ b/integration-tests/config/kms/tlsConfigs/kms2ReqConfig.txt
@@ -13,4 +13,7 @@ keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = @alt_names
[alt_names]
+IP.1 = 127.0.0.1
DNS.1 = kms02
+DNS.2 = akms-simulator_1
+DNS.3 = akms-simulator_2
diff --git a/integration-tests/docker-compose.yml b/integration-tests/docker-compose.yml
index b8a05d7624ea1c9c352d23a44b94898006fa1db4..72213b09dea4cf235ffa6856810f8af608c7270f 100644
--- a/integration-tests/docker-compose.yml
+++ b/integration-tests/docker-compose.yml
@@ -1,89 +1,109 @@
services:
- kms01:
- image: gokms
- command:
- [ "--log", "debug", "--kms_config", "/tmp/kms/config/kms_1.yaml" ]
- volumes:
- - ./config/kms/kms_1.yaml:/tmp/kms/config/kms_1.yaml
- - ../artifacts/integration-tests/ssl:/config/ssl
- ports:
- - "127.0.0.1:7030:7030"
- - "127.0.0.1:9696:9696"
- - "127.0.0.1:1414:1414"
+ kms01:
+ image: gokms
+ command: ["--log", "debug", "--kms_config", "/tmp/kms/config/kms_1.yaml"]
+ volumes:
+ - ./config/kms/kms_1.yaml:/tmp/kms/config/kms_1.yaml
+ - ../artifacts/integration-tests/ssl:/config/ssl
+ ports:
+ - "127.0.0.1:7030:7030"
+ - "127.0.0.1:9696:9696"
+ - "127.0.0.1:1414:1414"
- kms02:
- image: gokms
- command:
- [ "--log", "debug", "--kms_config", "/tmp/kms/config/kms_2.yaml" ]
- volumes:
- - ./config/kms/kms_2.yaml:/tmp/kms/config/kms_2.yaml
- - ../artifacts/integration-tests/ssl:/config/ssl
- ports:
- - "127.0.0.1:7031:7030"
- - "127.0.0.1:1415:1414"
+ kms02:
+ image: gokms
+ command: ["--log", "debug", "--kms_config", "/tmp/kms/config/kms_2.yaml"]
+ volumes:
+ - ./config/kms/kms_2.yaml:/tmp/kms/config/kms_2.yaml
+ - ../artifacts/integration-tests/ssl:/config/ssl
+ ports:
+ - "127.0.0.1:7031:7030"
+ - "127.0.0.1:1415:1414"
- quantumlayer_1:
- image: quantumlayer
- command:
- [
- "--log",
- "debug",
- "--config",
- "/tmp/quantumlayer/config/quantumlayer_1.yaml",
- ]
- volumes:
- - ./config/quantumlayer/quantumlayer_1.yaml:/tmp/quantumlayer/config/quantumlayer_1.yaml
+ quantumlayer_1:
+ image: quantumlayer
+ command:
+ [
+ "--log",
+ "debug",
+ "--config",
+ "/tmp/quantumlayer/config/quantumlayer_1.yaml",
+ ]
+ volumes:
+ - ./config/quantumlayer/quantumlayer_1.yaml:/tmp/quantumlayer/config/quantumlayer_1.yaml
- quantumlayer_2:
- image: quantumlayer
- command:
- [
- "--log",
- "debug",
- "--config",
- "/tmp/quantumlayer/config/quantumlayer_2.yaml",
- ]
- volumes:
- - ./config/quantumlayer/quantumlayer_2.yaml:/tmp/quantumlayer/config/quantumlayer_2.yaml
+ quantumlayer_2:
+ image: quantumlayer
+ command:
+ [
+ "--log",
+ "debug",
+ "--config",
+ "/tmp/quantumlayer/config/quantumlayer_2.yaml",
+ ]
+ volumes:
+ - ./config/quantumlayer/quantumlayer_2.yaml:/tmp/quantumlayer/config/quantumlayer_2.yaml
- akms-simulator_1:
- image: akms-simulator
- ports:
- - "127.0.0.1:4444:4444"
+ akms-simulator_1:
+ image: akms-simulator
+ ports:
+ - "127.0.0.1:4444:4444"
+ volumes:
+ - ../artifacts/integration-tests/ssl:/config/ssl
+ command:
+ [
+ "--ca",
+ "config/ssl/ca.crt",
+ "--cert",
+ "config/ssl/kms/kms2-selfsigned.crt",
+ "--key",
+ "config/ssl/kms/kms2-selfsigned.key",
+ ]
- akms-simulator_2:
- image: akms-simulator
- ports:
- - "127.0.0.1:4445:4444"
+ akms-simulator_2:
+ image: akms-simulator
+ volumes:
+ - ../artifacts/integration-tests/ssl:/config/ssl
+ ports:
+ - "127.0.0.1:4445:4444"
+ command:
+ [
+ "--ca",
+ "config/ssl/ca.crt",
+ "--cert",
+ "config/ssl/kms/kms1-selfsigned.crt",
+ "--key",
+ "config/ssl/kms/kms1-selfsigned.key",
+ ]
- qkdn-controller:
- image: registry.code.fbi.h-da.de/demoquandt/qkdn-controller:qkdn-main
- volumes:
- - ./config/controller/qkdn-gosdn.toml:/app/configs/qkdn-gosdn.toml
- - ./config/controller/gNMISubscriptions.txt:/app/configs/gNMISubscriptions.txt
- command: --config ./configs/qkdn-gosdn.toml
- ports:
- - 0.0.0.0:55055:55055
- - 127.0.0.1:8080:8080
- - 127.0.0.1:40000:40000
- environment:
- GOSDN_ADMIN_PASSWORD: TestPassword
+ qkdn-controller:
+ image: registry.code.fbi.h-da.de/demoquandt/qkdn-controller:qkdn-main
+ volumes:
+ - ./config/controller/qkdn-gosdn.toml:/app/configs/qkdn-gosdn.toml
+ - ./config/controller/gNMISubscriptions.txt:/app/configs/gNMISubscriptions.txt
+ command: --config ./configs/qkdn-gosdn.toml
+ ports:
+ - 0.0.0.0:55055:55055
+ - 127.0.0.1:8080:8080
+ - 127.0.0.1:40000:40000
+ environment:
+ GOSDN_ADMIN_PASSWORD: TestPassword
- plugin-registry:
- image: registry.code.fbi.h-da.de/demoquandt/qkdn-controller/plugin-registry:qkdn-main
+ plugin-registry:
+ image: registry.code.fbi.h-da.de/demoquandt/qkdn-controller/plugin-registry:qkdn-main
- mongo:
- image: mongo:7
- environment:
- MONGO_INITDB_ROOT_USERNAME: root
- MONGO_INITDB_ROOT_PASSWORD: example
+ mongo:
+ image: mongo:7
+ environment:
+ MONGO_INITDB_ROOT_USERNAME: root
+ MONGO_INITDB_ROOT_PASSWORD: example
- rabbitmq:
- image: rabbitmq:3-management
+ rabbitmq:
+ image: rabbitmq:3-management
- routing-app:
- image: registry.code.fbi.h-da.de/demoquandt/qkdn-controller/routing-app:qkdn-main
- entrypoint: ["./start_ra_sleep.sh"]
- volumes:
- - ./config/controller/start_ra_sleep.sh:/app/start_ra_sleep.sh
- - ./config/controller/routing-config.yaml:/new/routing-config.yaml
+ routing-app:
+ image: registry.code.fbi.h-da.de/demoquandt/qkdn-controller/routing-app:qkdn-main
+ entrypoint: ["./start_ra_sleep.sh"]
+ volumes:
+ - ./config/controller/start_ra_sleep.sh:/app/start_ra_sleep.sh
+ - ./config/controller/routing-config.yaml:/new/routing-config.yaml
diff --git a/quantumlayer/Dockerfile b/quantumlayer/Dockerfile
index cb231919fc97957ba331bc780fdbf7f93c71b2b5..0a27cf2fad4883aaf202c055a940856615596bea 100644
--- a/quantumlayer/Dockerfile
+++ b/quantumlayer/Dockerfile
@@ -1,4 +1,4 @@
-ARG GOLANG_VERSION=1.22
+ARG GOLANG_VERSION=1.23
ARG BUILDARGS
ARG GITLAB_PROXY