From b2c9623346f0ba024e314fb2b5bb0b032017efd9 Mon Sep 17 00:00:00 2001
From: Neil-Jocelyn Schark <neil.schark@h-da.de>
Date: Fri, 13 Sep 2024 14:16:52 +0000
Subject: [PATCH] move ssls etup for integration-tests
---
Makefile | 2 +-
.../code/getKSAKeyTest/getKSA_key_test.go | 21 ++++++----------
.../config/kms/generate-certs.sh | 19 ---------------
integration-tests/config/kms/kms_1.yaml | 8 +++----
integration-tests/config/kms/kms_2.yaml | 8 +++----
integration-tests/config/tlsConfigs/akms1.txt | 18 ++++++++++++++
integration-tests/config/tlsConfigs/akms2.txt | 18 ++++++++++++++
.../config/tlsConfigs/generate-certs.sh | 24 +++++++++++++++++++
.../config/tlsConfigs/integration_test.txt | 17 +++++++++++++
.../kms1ReqConfig.txt => tlsConfigs/kms1.txt} | 0
.../kms2ReqConfig.txt => tlsConfigs/kms2.txt} | 0
integration-tests/docker-compose.yml | 8 +++----
12 files changed, 97 insertions(+), 46 deletions(-)
delete mode 100755 integration-tests/config/kms/generate-certs.sh
create mode 100644 integration-tests/config/tlsConfigs/akms1.txt
create mode 100644 integration-tests/config/tlsConfigs/akms2.txt
create mode 100755 integration-tests/config/tlsConfigs/generate-certs.sh
create mode 100644 integration-tests/config/tlsConfigs/integration_test.txt
rename integration-tests/config/{kms/tlsConfigs/kms1ReqConfig.txt => tlsConfigs/kms1.txt} (100%)
rename integration-tests/config/{kms/tlsConfigs/kms2ReqConfig.txt => tlsConfigs/kms2.txt} (100%)
diff --git a/Makefile b/Makefile
index e9240cef..bf35d13c 100644
--- a/Makefile
+++ b/Makefile
@@ -130,7 +130,7 @@ generate-gokms-certs: generate-root-ca
./config/goKMS/generate-kms-certs.sh
generate-integration-test-certs: generate-root-ca
- ./integration-tests/config/kms/generate-certs.sh
+ ./integration-tests/config/tlsConfigs/generate-certs.sh
# other targets
cross:
diff --git a/integration-tests/code/getKSAKeyTest/getKSA_key_test.go b/integration-tests/code/getKSAKeyTest/getKSA_key_test.go
index 8fcc7004..a1b9c137 100644
--- a/integration-tests/code/getKSAKeyTest/getKSA_key_test.go
+++ b/integration-tests/code/getKSAKeyTest/getKSA_key_test.go
@@ -79,6 +79,13 @@ func TestGetKSAKey(t *testing.T) { //nolint:gocyclo
logFileURL2 = logFileURL_ENV2
}
+ tlsConfig := config.TLSConfig{
+ Active: true,
+ CAFile: "../../../artifacts/integration-tests/ssl/ca.crt",
+ CertFile: "../../../artifacts/integration-tests/ssl/integration_test.crt",
+ KeyFile: "../../../artifacts/integration-tests/ssl/integration_test.key",
+ }
+
// Tell the qkdn-controller what devices to use.
_, err := utils.RunGosdncScript(gosdncScript, controllerURL)
if err != nil {
@@ -89,13 +96,6 @@ func TestGetKSAKey(t *testing.T) { //nolint:gocyclo
requestId := uuid.New().String()
- tlsConfig := config.TLSConfig{
- Active: true,
- CAFile: "../../../artifacts/integration-tests/ssl/ca.crt",
- CertFile: "../../../artifacts/integration-tests/ssl/kms/kms2-selfsigned.crt",
- KeyFile: "../../../artifacts/integration-tests/ssl/kms/kms2-selfsigned.key",
- }
-
url := fmt.Sprintf("https://%s/api/v1/keys/ksa_key_req", kms1AkmsURL)
data := RequestData{
ReceivingCKMSID: "5e41c291-6121-4335-84f6-41e04b8bdaa2",
@@ -161,13 +161,6 @@ func TestGetKSAKey(t *testing.T) { //nolint:gocyclo
assert.NotNil(t, logFile.Body.KSAKeys[0].KeyID)
assert.NotNil(t, logFile.Body.KSAKeys[0].Key)
- tlsConfig = config.TLSConfig{
- Active: true,
- CAFile: "../../../artifacts/integration-tests/ssl/ca.crt",
- CertFile: "../../../artifacts/integration-tests/ssl/kms/kms1-selfsigned.crt",
- KeyFile: "../../../artifacts/integration-tests/ssl/kms/kms1-selfsigned.key",
- }
-
tlsConf, err = kmstls.GenerateTLSLibraryConfig(tlsConfig)
if err != nil {
t.Errorf("Error generating TLS config: %s", err)
diff --git a/integration-tests/config/kms/generate-certs.sh b/integration-tests/config/kms/generate-certs.sh
deleted file mode 100755
index 95a98b33..00000000
--- a/integration-tests/config/kms/generate-certs.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/sh
-mkdir -p artifacts/integration-tests/ssl
-dirPath="artifacts/integration-tests/ssl"
-caPath="artifacts/ssl"
-
-if [ ! -d "${dirPath}/kms" ]; then
- mkdir $dirPath/kms
- counter=1
- for FILE in ./integration-tests/config/kms/tlsConfigs/*.txt;
- do openssl req -x509 -nodes -days 365 -newkey rsa:4096 -config $FILE \
- -CA $caPath/ca.crt -CAkey $caPath/ca.key \
- -keyout "$dirPath/kms/kms$counter-selfsigned.key" -out "$dirPath/kms/kms$counter-selfsigned.crt"; \
- openssl x509 -in "$dirPath/kms/kms$counter-selfsigned.crt" -noout -text
- counter=$((counter+1));
- done
- fi
-
-cp $caPath/ca.crt $dirPath/ca.crt
-cp $caPath/ca.key $dirPath/ca.key
diff --git a/integration-tests/config/kms/kms_1.yaml b/integration-tests/config/kms/kms_1.yaml
index d57612d8..ae3eface 100644
--- a/integration-tests/config/kms/kms_1.yaml
+++ b/integration-tests/config/kms/kms_1.yaml
@@ -7,14 +7,14 @@ AkmsCkmsServerPort: "9696"
AkmsCkmsTLS:
Active: true
CAFile: "config/ssl/ca.crt"
- CertFile: "config/ssl/kms/kms1-selfsigned.crt"
- KeyFile: "config/ssl/kms/kms1-selfsigned.key"
+ CertFile: "config/ssl/kms1.crt"
+ KeyFile: "config/ssl/kms1.key"
GRPCTimeoutInSeconds: 600
KmsTLS:
Active: false
CAFile: "config/ssl/ca.crt"
- CertFile: "config/ssl/kms/kms1-selfsigned.crt"
- KeyFile: "config/ssl/kms/kms1-selfsigned.key"
+ CertFile: "config/ssl/kms1.crt"
+ KeyFile: "config/ssl/kms1.key"
Peers:
# peer to kms02
- PeerId: "5e41c291-6121-4335-84f6-41e04b8bdaa2"
diff --git a/integration-tests/config/kms/kms_2.yaml b/integration-tests/config/kms/kms_2.yaml
index 6bdbd365..4fdae65a 100644
--- a/integration-tests/config/kms/kms_2.yaml
+++ b/integration-tests/config/kms/kms_2.yaml
@@ -7,14 +7,14 @@ AkmsCkmsServerPort: "9696"
AkmsCkmsTLS:
Active: true
CAFile: "config/ssl/ca.crt"
- CertFile: "config/ssl/kms/kms2-selfsigned.crt"
- KeyFile: "config/ssl/kms/kms2-selfsigned.key"
+ CertFile: "config/ssl/kms2.crt"
+ KeyFile: "config/ssl/kms2.key"
GRPCTimeoutInSeconds: 600
KmsTLS:
Active: false
CAFile: "config/ssl/ca.crt"
- CertFile: "config/ssl/kms/kms2-selfsigned.crt"
- KeyFile: "config/ssl/kms/kms2-selfsigned.key"
+ CertFile: "config/ssl/kms2.crt"
+ KeyFile: "config/ssl/kms2.key"
Peers:
# peer to kms01
- PeerId: "0ff33c82-7fe1-482b-a0ca-67565806ee4b"
diff --git a/integration-tests/config/tlsConfigs/akms1.txt b/integration-tests/config/tlsConfigs/akms1.txt
new file mode 100644
index 00000000..bc0b1156
--- /dev/null
+++ b/integration-tests/config/tlsConfigs/akms1.txt
@@ -0,0 +1,18 @@
+[req]
+default_bits = 4096
+default_md = sha256
+distinguished_name = req_distinguished_name
+x509_extensions = v3_req
+prompt = no
+[req_distinguished_name]
+C = DE
+O = H_DA
+CN = kms01
+[v3_req]
+keyUsage = keyEncipherment, dataEncipherment
+extendedKeyUsage = serverAuth, clientAuth
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = akms-simulator_1
+DNS.2 = localhost
+IP.1 = 127.0.0.1
diff --git a/integration-tests/config/tlsConfigs/akms2.txt b/integration-tests/config/tlsConfigs/akms2.txt
new file mode 100644
index 00000000..2f53062f
--- /dev/null
+++ b/integration-tests/config/tlsConfigs/akms2.txt
@@ -0,0 +1,18 @@
+[req]
+default_bits = 4096
+default_md = sha256
+distinguished_name = req_distinguished_name
+x509_extensions = v3_req
+prompt = no
+[req_distinguished_name]
+C = DE
+O = H_DA
+CN = kms02
+[v3_req]
+keyUsage = keyEncipherment, dataEncipherment
+extendedKeyUsage = serverAuth, clientAuth
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = akms-simulator_2
+DNS.2 = localhost
+IP.1 = 127.0.0.1
diff --git a/integration-tests/config/tlsConfigs/generate-certs.sh b/integration-tests/config/tlsConfigs/generate-certs.sh
new file mode 100755
index 00000000..bd9bbc2d
--- /dev/null
+++ b/integration-tests/config/tlsConfigs/generate-certs.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+dirPath="artifacts/integration-tests/ssl"
+caPath="artifacts/ssl"
+
+if [ -d "${dirPath}" ]; then
+ if [ $(find "${dirPath}" -type d -mtime +0) ]; then
+ rm -rf "${dirPath}"
+ fi
+fi
+
+if [ ! -d "${dirPath}" ]; then
+ mkdir -p $dirPath
+ for FILE in ./integration-tests/config/tlsConfigs/*.txt;
+ do
+ FILENAME=$(basename -- "$FILE" .txt)
+ openssl req -x509 -nodes -days 365 -newkey rsa:4096 -config $FILE \
+ -CA $caPath/ca.crt -CAkey $caPath/ca.key \
+ -keyout "$dirPath/$FILENAME.key" -out "$dirPath/$FILENAME.crt"; \
+ openssl x509 -in "$dirPath/$FILENAME.crt" -noout -text
+ done
+ fi
+
+cp $caPath/ca.crt $dirPath/ca.crt
+cp $caPath/ca.key $dirPath/ca.key
diff --git a/integration-tests/config/tlsConfigs/integration_test.txt b/integration-tests/config/tlsConfigs/integration_test.txt
new file mode 100644
index 00000000..10a245c2
--- /dev/null
+++ b/integration-tests/config/tlsConfigs/integration_test.txt
@@ -0,0 +1,17 @@
+[req]
+default_bits = 4096
+default_md = sha256
+distinguished_name = req_distinguished_name
+x509_extensions = v3_req
+prompt = no
+[req_distinguished_name]
+C = DE
+O = H_DA
+CN = kms01
+[v3_req]
+keyUsage = keyEncipherment, dataEncipherment
+extendedKeyUsage = serverAuth, clientAuth
+subjectAltName = @alt_names
+[alt_names]
+IP.1 = 127.0.0.1
+DNS.1 = localhost
diff --git a/integration-tests/config/kms/tlsConfigs/kms1ReqConfig.txt b/integration-tests/config/tlsConfigs/kms1.txt
similarity index 100%
rename from integration-tests/config/kms/tlsConfigs/kms1ReqConfig.txt
rename to integration-tests/config/tlsConfigs/kms1.txt
diff --git a/integration-tests/config/kms/tlsConfigs/kms2ReqConfig.txt b/integration-tests/config/tlsConfigs/kms2.txt
similarity index 100%
rename from integration-tests/config/kms/tlsConfigs/kms2ReqConfig.txt
rename to integration-tests/config/tlsConfigs/kms2.txt
diff --git a/integration-tests/docker-compose.yml b/integration-tests/docker-compose.yml
index 72213b09..5af7f310 100644
--- a/integration-tests/docker-compose.yml
+++ b/integration-tests/docker-compose.yml
@@ -55,9 +55,9 @@ services:
"--ca",
"config/ssl/ca.crt",
"--cert",
- "config/ssl/kms/kms2-selfsigned.crt",
+ "config/ssl/akms1.crt",
"--key",
- "config/ssl/kms/kms2-selfsigned.key",
+ "config/ssl/akms1.key",
]
akms-simulator_2:
@@ -71,9 +71,9 @@ services:
"--ca",
"config/ssl/ca.crt",
"--cert",
- "config/ssl/kms/kms1-selfsigned.crt",
+ "config/ssl/akms2.crt",
"--key",
- "config/ssl/kms/kms1-selfsigned.key",
+ "config/ssl/akms2.key",
]
qkdn-controller:
--
GitLab