move ssls etup for integration-tests

b2c96233 · Neil-Jocelyn Schark · 8b0c4661 · b2c96233 · b2c96233 · 8b0c4661
Commit b2c96233 authored 8 months ago by Neil-Jocelyn Schark
--- a/Makefile
+++ b/Makefile
@@ -130,7 +130,7 @@ generate-gokms-certs: generate-root-ca
 	./config/goKMS/generate-kms-certs.sh

 generate-integration-test-certs: generate-root-ca
-	./integration-tests/config/kms/generate-certs.sh
+	./integration-tests/config/tlsConfigs/generate-certs.sh

 # other targets
 cross:

--- a/integration-tests/code/getKSAKeyTest/getKSA_key_test.go
+++ b/integration-tests/code/getKSAKeyTest/getKSA_key_test.go
@@ -79,6 +79,13 @@ func TestGetKSAKey(t *testing.T) { //nolint:gocyclo
 		logFileURL2 = logFileURL_ENV2
 	}

+	tlsConfig := config.TLSConfig{
+		Active:   true,
+		CAFile:   "../../../artifacts/integration-tests/ssl/ca.crt",
+		CertFile: "../../../artifacts/integration-tests/ssl/integration_test.crt",
+		KeyFile:  "../../../artifacts/integration-tests/ssl/integration_test.key",
+	}
+
 	// Tell the qkdn-controller what devices to use.
 	_, err := utils.RunGosdncScript(gosdncScript, controllerURL)
 	if err != nil {
@@ -89,13 +96,6 @@ func TestGetKSAKey(t *testing.T) { //nolint:gocyclo

 	requestId := uuid.New().String()

-	tlsConfig := config.TLSConfig{
-		Active:   true,
-		CAFile:   "../../../artifacts/integration-tests/ssl/ca.crt",
-		CertFile: "../../../artifacts/integration-tests/ssl/kms/kms2-selfsigned.crt",
-		KeyFile:  "../../../artifacts/integration-tests/ssl/kms/kms2-selfsigned.key",
-	}
-
 	url := fmt.Sprintf("https://%s/api/v1/keys/ksa_key_req", kms1AkmsURL)
 	data := RequestData{
 		ReceivingCKMSID: "5e41c291-6121-4335-84f6-41e04b8bdaa2",
@@ -161,13 +161,6 @@ func TestGetKSAKey(t *testing.T) { //nolint:gocyclo
 	assert.NotNil(t, logFile.Body.KSAKeys[0].KeyID)
 	assert.NotNil(t, logFile.Body.KSAKeys[0].Key)

-	tlsConfig = config.TLSConfig{
-		Active:   true,
-		CAFile:   "../../../artifacts/integration-tests/ssl/ca.crt",
-		CertFile: "../../../artifacts/integration-tests/ssl/kms/kms1-selfsigned.crt",
-		KeyFile:  "../../../artifacts/integration-tests/ssl/kms/kms1-selfsigned.key",
-	}
-
 	tlsConf, err = kmstls.GenerateTLSLibraryConfig(tlsConfig)
 	if err != nil {
 		t.Errorf("Error generating TLS config: %s", err)

--- a/integration-tests/config/kms/generate-certs.sh
+++ b/integration-tests/config/kms/generate-certs.sh
-#!/bin/sh
-mkdir -p artifacts/integration-tests/ssl
-dirPath="artifacts/integration-tests/ssl"
-caPath="artifacts/ssl"
-
-if [ ! -d "${dirPath}/kms" ]; then
-        mkdir $dirPath/kms
-        counter=1
-		for FILE in ./integration-tests/config/kms/tlsConfigs/*.txt;
-            	do	openssl req -x509 -nodes -days 365 -newkey rsa:4096 -config $FILE \
-		        -CA $caPath/ca.crt -CAkey $caPath/ca.key \
-		        -keyout "$dirPath/kms/kms$counter-selfsigned.key" -out "$dirPath/kms/kms$counter-selfsigned.crt"; \
-                openssl x509 -in "$dirPath/kms/kms$counter-selfsigned.crt" -noout -text
-                counter=$((counter+1));
-        done
-	fi
-
-cp $caPath/ca.crt $dirPath/ca.crt
-cp $caPath/ca.key $dirPath/ca.key
--- a/integration-tests/config/kms/kms_1.yaml
+++ b/integration-tests/config/kms/kms_1.yaml
@@ -7,14 +7,14 @@ AkmsCkmsServerPort: "9696"
 AkmsCkmsTLS:
  Active: true
  CAFile: "config/ssl/ca.crt"
-  CertFile: "config/ssl/kms/kms1-selfsigned.crt"
-  KeyFile: "config/ssl/kms/kms1-selfsigned.key"
+  CertFile: "config/ssl/kms1.crt"
+  KeyFile: "config/ssl/kms1.key"
 GRPCTimeoutInSeconds: 600
 KmsTLS:
  Active: false
  CAFile: "config/ssl/ca.crt"
-  CertFile: "config/ssl/kms/kms1-selfsigned.crt"
-  KeyFile: "config/ssl/kms/kms1-selfsigned.key"
+  CertFile: "config/ssl/kms1.crt"
+  KeyFile: "config/ssl/kms1.key"
 Peers:
  # peer to kms02
  - PeerId: "5e41c291-6121-4335-84f6-41e04b8bdaa2"

--- a/integration-tests/config/kms/kms_2.yaml
+++ b/integration-tests/config/kms/kms_2.yaml
@@ -7,14 +7,14 @@ AkmsCkmsServerPort: "9696"
 AkmsCkmsTLS:
  Active: true
  CAFile: "config/ssl/ca.crt"
-  CertFile: "config/ssl/kms/kms2-selfsigned.crt"
-  KeyFile: "config/ssl/kms/kms2-selfsigned.key"
+  CertFile: "config/ssl/kms2.crt"
+  KeyFile: "config/ssl/kms2.key"
 GRPCTimeoutInSeconds: 600
 KmsTLS:
  Active: false
  CAFile: "config/ssl/ca.crt"
-  CertFile: "config/ssl/kms/kms2-selfsigned.crt"
-  KeyFile: "config/ssl/kms/kms2-selfsigned.key"
+  CertFile: "config/ssl/kms2.crt"
+  KeyFile: "config/ssl/kms2.key"
 Peers:
  # peer to kms01
  - PeerId: "0ff33c82-7fe1-482b-a0ca-67565806ee4b"

--- a/integration-tests/config/tlsConfigs/akms1.txt
+++ b/integration-tests/config/tlsConfigs/akms1.txt
+[req]
+default_bits = 4096
+default_md = sha256
+distinguished_name = req_distinguished_name
+x509_extensions = v3_req
+prompt = no
+[req_distinguished_name]
+C = DE
+O = H_DA
+CN = kms01
+[v3_req]
+keyUsage = keyEncipherment, dataEncipherment
+extendedKeyUsage = serverAuth, clientAuth
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = akms-simulator_1
+DNS.2 = localhost
+IP.1 = 127.0.0.1
--- a/integration-tests/config/tlsConfigs/akms2.txt
+++ b/integration-tests/config/tlsConfigs/akms2.txt
+[req]
+default_bits = 4096
+default_md = sha256
+distinguished_name = req_distinguished_name
+x509_extensions = v3_req
+prompt = no
+[req_distinguished_name]
+C = DE
+O = H_DA
+CN = kms02
+[v3_req]
+keyUsage = keyEncipherment, dataEncipherment
+extendedKeyUsage = serverAuth, clientAuth
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = akms-simulator_2
+DNS.2 = localhost
+IP.1 = 127.0.0.1
--- a/integration-tests/config/tlsConfigs/generate-certs.sh
+++ b/integration-tests/config/tlsConfigs/generate-certs.sh
+#!/bin/sh
+dirPath="artifacts/integration-tests/ssl"
+caPath="artifacts/ssl"
+
+if [ -d "${dirPath}" ]; then
+    if [ $(find "${dirPath}" -type d -mtime +0) ]; then
+        rm -rf "${dirPath}"
+    fi
+fi
+
+if [ ! -d "${dirPath}" ]; then
+        mkdir -p $dirPath
+		for FILE in ./integration-tests/config/tlsConfigs/*.txt;
+        do
+            FILENAME=$(basename -- "$FILE" .txt)
+            openssl req -x509 -nodes -days 365 -newkey rsa:4096 -config $FILE \
+		    -CA $caPath/ca.crt -CAkey $caPath/ca.key \
+		    -keyout "$dirPath/$FILENAME.key" -out "$dirPath/$FILENAME.crt"; \
+            openssl x509 -in "$dirPath/$FILENAME.crt" -noout -text
+        done
+	fi
+
+cp $caPath/ca.crt $dirPath/ca.crt
+cp $caPath/ca.key $dirPath/ca.key
--- a/integration-tests/config/tlsConfigs/integration_test.txt
+++ b/integration-tests/config/tlsConfigs/integration_test.txt
+[req]
+default_bits = 4096
+default_md = sha256
+distinguished_name = req_distinguished_name
+x509_extensions = v3_req
+prompt = no
+[req_distinguished_name]
+C = DE
+O = H_DA
+CN = kms01
+[v3_req]
+keyUsage = keyEncipherment, dataEncipherment
+extendedKeyUsage = serverAuth, clientAuth
+subjectAltName = @alt_names
+[alt_names]
+IP.1 = 127.0.0.1
+DNS.1 = localhost
--- a/integration-tests/config/kms/tlsConfigs/kms1ReqConfig.txt
+++ b/integration-tests/config/kms/tlsConfigs/kms1ReqConfig.txt
--- a/integration-tests/config/kms/tlsConfigs/kms2ReqConfig.txt
+++ b/integration-tests/config/kms/tlsConfigs/kms2ReqConfig.txt
--- a/integration-tests/docker-compose.yml
+++ b/integration-tests/docker-compose.yml
@@ -55,9 +55,9 @@ services:
        "--ca",
        "config/ssl/ca.crt",
        "--cert",
-        "config/ssl/kms/kms2-selfsigned.crt",
+        "config/ssl/akms1.crt",
        "--key",
-        "config/ssl/kms/kms2-selfsigned.key",
+        "config/ssl/akms1.key",
      ]

  akms-simulator_2:
@@ -71,9 +71,9 @@ services:
        "--ca",
        "config/ssl/ca.crt",
        "--cert",
-        "config/ssl/kms/kms1-selfsigned.crt",
+        "config/ssl/akms2.crt",
        "--key",
-        "config/ssl/kms/kms1-selfsigned.key",
+        "config/ssl/akms2.key",
      ]

  qkdn-controller: