diff --git a/README.md b/README.md
index c0dc5474fd73da5d34fff5093b276b55c133fa75..d01e1542c3cbcb7e59083e7177c1fc0b9ce1b4a6 100644
--- a/README.md
+++ b/README.md
@@ -27,8 +27,19 @@ Id: "0ff33c82-7fe1-482b-a0ca-67565806ee4b" # ID of the kms
Name: kms01 # name of the kms
InterComAddr: 0.0.0.0:50910 # IP and port to bind the local gRPC server for inter KMS communication to
QuantumAddr: 0.0.0.0:50911 # IP and port to bind the local gRPC server for QKD modules to reach the KMS to (optional, only used for specific emulated or experimental QKD modules)
-AkmsURL: "http://172.100.20.22:4444/api/v1/keys/push_ksa_key" # address of the rest endpoint of a connected AKMS (used for sending KSA key to the AKMS).
-AkmsCkmsServerPort: "9696" # Port of connected AKMS
+AKMS:
+ RemoteAddress: "http://172.100.20.22:4444/api/v1/keys/push_ksa_key" # address of the rest endpoint of a connected AKMS (used for sending KSA key to the AKMS).
+ ServerPort: "9696" # Port of connected AKMS
+ ClientTLS: # Settings for TLS for akms ckms interface
+ Active: true # Whether TLS is enabled
+ CAFile: "ssl/ca.crt" # Path to ca
+ CertFile: "ssl/kms/kms1-selfsigned.crt" # Path to cert
+ KeyFile: "ssl/kms/kms1-selfsigned.key" # Path to key
+ ServerTLS:
+ Active: true # Whether TLS is enabled
+ CAFile: "ssl/ca.crt" # Path to ca
+ CertFile: "ssl/kms/kms1-selfsigned.crt" # Path to cert
+ KeyFile: "ssl/kms/kms1-selfsigned.key" # Path to key
GRPCTimeoutInSeconds: 10 # Time in seconds for timeout of gRPC connections as a client. Defaults to 10 seconds. Should not be set to 0 or negative values.
GnmiTLS: # Settings for TLS for gNMI endpoint. Can be overwritten with cli parameters.
Active: true # Whether TLS is enabled
@@ -40,11 +51,6 @@ KmsTLS: # Settings for TLS for inter KMS communication
CAFile: "ssl/ca.crt" # Path to ca
CertFile: "ssl/kms/kms1-selfsigned.crt" # Path to cert
KeyFile: "ssl/kms/kms1-selfsigned.key" # Path to key
-AkmsCkmsTLS: # Settings for TLS for akms ckms interface
- Active: true # Whether TLS is enabled
- CAFile: "ssl/ca.crt" # Path to ca
- CertFile: "ssl/kms/kms1-selfsigned.crt" # Path to cert
- KeyFile: "ssl/kms/kms1-selfsigned.key" # Path to key
Peers: # Peers to other goKMS
# peer to goKMS02
- PeerId: "5e41c291-6121-4335-84f6-41e04b8bdaa2" # id of the peer
diff --git a/config/goKMS/example01.yaml b/config/goKMS/example01.yaml
index 5582421a8715b5ecbbe5bf0e709815900c0d756a..b38b9287fde47840bb4156d185d7b1cc38bbff6b 100644
--- a/config/goKMS/example01.yaml
+++ b/config/goKMS/example01.yaml
@@ -3,8 +3,9 @@ Name: kms01
InterComAddr: 0.0.0.0:50910
QuantumAddr: 0.0.0.0:50911
GRPCAddr: 0.0.0.0:50900
-AkmsURL: "http://akms-receiver01:4444/api/v1/keys/push_ksa_key"
-AkmsCkmsServerPort: "9696"
+AKMS:
+ RemoteAddress: "http://akms-receiver01:4444/api/v1/keys/push_ksa_key"
+ ServerPort: "9696"
GRPCTimeoutInSeconds: 600
KmsTLS:
Active: false
diff --git a/config/goKMS/example04.yaml b/config/goKMS/example04.yaml
index 817e140416cf8d84a3f3ab22a40f573320e4d963..fabc08d35b7fd7ecbe8ffcd27730dbfe3f906db1 100644
--- a/config/goKMS/example04.yaml
+++ b/config/goKMS/example04.yaml
@@ -3,8 +3,9 @@ Name: kms04
InterComAddr: 0.0.0.0:50910
QuantumAddr: 0.0.0.0:50911
GRPCAddr: 0.0.0.0:50900
-AkmsURL: "http://akms-receiver02:4444/api/v1/keys/push_ksa_key"
-AkmsCkmsServerPort: "9696"
+AKMS:
+ RemoteAddress: "http://akms-receiver02:4444/api/v1/keys/push_ksa_key"
+ ServerPort: "9696"
GRPCTimeoutInSeconds: 600
KmsTLS:
Active: false
diff --git a/config/goKMS/small_kms_1.yaml b/config/goKMS/small_kms_1.yaml
index d72c9c7ffed421a9f55acd3f7f8e46f205721303..369b36edf86294297531247124be4067dc05cb91 100644
--- a/config/goKMS/small_kms_1.yaml
+++ b/config/goKMS/small_kms_1.yaml
@@ -1,17 +1,18 @@
-Id: '0ff33c82-7fe1-482b-a0ca-67565806ee4b'
+Id: "0ff33c82-7fe1-482b-a0ca-67565806ee4b"
Name: kms_1
InterComAddr: 0.0.0.0:50910
QuantumAddr: 0.0.0.0:50911
-AkmsURL: "http://akms-simulator_1:4444/api/v1/keys/push_ksa_key"
-AkmsCkmsServerPort: "9696"
+AKMS:
+ RemoteAddress: "http://akms-simulator_1:4444/api/v1/keys/push_ksa_key"
+ ServerPort: "9696"
Peers:
- # peer to kms_2
- - PeerId: '5e41c291-6121-4335-84f6-41e04b8bdaa2'
- PeerInterComAddr: kms_2:50910
- Type: danet
- # quantum module of type emulated at the given address
- QuantumModule:
- Type: emulated
- Hostname: quantumlayer_1
+ # peer to kms_2
+ - PeerId: "5e41c291-6121-4335-84f6-41e04b8bdaa2"
+ PeerInterComAddr: kms_2:50910
+ Type: danet
+ # quantum module of type emulated at the given address
+ QuantumModule:
+ Type: emulated
+ Hostname: quantumlayer_1
QkdnManagerServer:
Address: ":8090"
diff --git a/config/goKMS/small_kms_2.yaml b/config/goKMS/small_kms_2.yaml
index 98644c38291c13b775ae4f1d6c5032f582c5037a..241be8beb0762f027aa24b85b40a46a0c25c8380 100644
--- a/config/goKMS/small_kms_2.yaml
+++ b/config/goKMS/small_kms_2.yaml
@@ -1,17 +1,18 @@
-Id: '5e41c291-6121-4335-84f6-41e04b8bdaa2'
+Id: "5e41c291-6121-4335-84f6-41e04b8bdaa2"
Name: kms_2
InterComAddr: 0.0.0.0:50910
GRPCAddr: 0.0.0.0:50900
-AkmsURL: "http://akms-simulator_2:4444/api/v1/keys/push_ksa_key"
-AkmsCkmsServerPort: "9696"
+AKMS:
+ RemoteAddress: "http://akms-simulator_2:4444/api/v1/keys/push_ksa_key"
+ ServerPort: "9696"
Peers:
- # peer to kms_1
- - PeerId: '0ff33c82-7fe1-482b-a0ca-67565806ee4b'
- PeerInterComAddr: kms_1:50910
- Type: danet
- # quantum module of type emulated at the given address
- QuantumModule:
- Type: emulated
- Hostname: quantumlayer_2
+ # peer to kms_1
+ - PeerId: "0ff33c82-7fe1-482b-a0ca-67565806ee4b"
+ PeerInterComAddr: kms_1:50910
+ Type: danet
+ # quantum module of type emulated at the given address
+ QuantumModule:
+ Type: emulated
+ Hostname: quantumlayer_2
QkdnManagerServer:
Address: ":8090"
diff --git a/goKMS/config/config.go b/goKMS/config/config.go
index c3de91aeb43e28a56fed7074de774b01e842c49b..7ea24a6cee7875a48aaa3810be9eeb0983c23258 100644
--- a/goKMS/config/config.go
+++ b/goKMS/config/config.go
@@ -11,18 +11,23 @@ type Config struct {
Name string `yaml:"Name"`
InterComAddr string `yaml:"InterComAddr"`
QuantumAddr string `yaml:"QuantumAddr"`
- AkmsURL string `yaml:"AkmsURL"`
- AkmsCkmsServerPort string `yaml:"AkmsCkmsServerPort"`
+ AKMS AKMS `yaml:"AKMS"`
GnmiBindAddress string `yaml:"GnmiBindAddress"`
KmsTLS TLSConfig `yaml:"KmsTLS"`
Peers []Peer `yaml:"Peers"`
GnmiTLS TLSConfig `yaml:"GnmiTLS"`
- AkmsCkmsTLS TLSConfig `yaml:"AkmsCkmsTLS"`
ETSI14Server *ETSI14Server `yaml:"ETSI14Server,omitempty"`
QkdnManagerServer *QkdnManagerServer `yaml:"QkdnManagerServer,omitempty"`
GRPCTimeoutInSeconds int `yaml:"GRPCTimeoutInSeconds"`
}
+type AKMS struct {
+ RemoteAddress string `yaml:"RemoteAddress"`
+ ServerPort string `yaml:"ServerPort"`
+ ServerTLS TLSConfig `yaml:"ServerTLS"`
+ ClientTLS TLSConfig `yaml:"ClientTLS"`
+}
+
type Peer struct {
PeerId string `yaml:"PeerId"`
PeerInterComAddr string `yaml:"PeerInterComAddr"`
diff --git a/goKMS/kms/akmsInterface/client/client.go b/goKMS/kms/akmsInterface/client/client.go
index 703912a8bfb1e00401956df94ab9f0663bcc6e46..19a58beb949213228442cc0c29f85c2d3478474c 100644
--- a/goKMS/kms/akmsInterface/client/client.go
+++ b/goKMS/kms/akmsInterface/client/client.go
@@ -57,7 +57,7 @@ func (c *CkmsAkmsClient) SendKSAKeysToRequestingInstances(requestID string, proc
return err
}
- // TODO: also log the response body if request failed
+ logrus.Infof("Attempting to send KSA post request to AKMS with URL: %s", c.url)
resp, err := c.httpClient.Post(c.url, "application/json", bytes.NewBuffer(jsonData))
if err != nil {
body, err2 := io.ReadAll(resp.Body)
diff --git a/goKMS/kms/kms.go b/goKMS/kms/kms.go
index 4b7cb5f2a2bde5aeaddbfc11082c9e4bea132084..39c99108ce6bf382a279a81d2cf66917796b5fa2 100644
--- a/goKMS/kms/kms.go
+++ b/goKMS/kms/kms.go
@@ -120,8 +120,8 @@ func NewKMS(kmsUUID uuid.UUID, logOutput io.Writer, logLevel log.Level, logInJso
var ckmsAkmsClient *akmsInterfaceClient.CkmsAkmsClient
var err error
- if config.AkmsURL != "" {
- ckmsAkmsClient, err = akmsInterfaceClient.NewCkmsAkmsClient(config.AkmsURL, config.AkmsCkmsTLS)
+ if config.AKMS.RemoteAddress != "" {
+ ckmsAkmsClient, err = akmsInterfaceClient.NewCkmsAkmsClient(config.AKMS.RemoteAddress, config.AKMS.ClientTLS)
if err != nil {
log.Fatalf("Failed to setup CkmsAkmsClient: %s", err)
}
@@ -159,12 +159,12 @@ func NewKMS(kmsUUID uuid.UUID, logOutput io.Writer, logLevel log.Level, logInJso
}
// Start the akmsCkmsReceiverServer
- if config.AkmsCkmsServerPort != "" {
- createdKMS.ckmsAkmsServer, err = akmsInterfaceServer.NewAKMSReceiver(config.AkmsCkmsServerPort, createdKMS.eventBus, receiver, createdKMS.GenerateAndSendKSAKey, config.AkmsCkmsTLS)
+ if config.AKMS.ServerPort != "" {
+ createdKMS.ckmsAkmsServer, err = akmsInterfaceServer.NewAKMSReceiver(config.AKMS.ServerPort, createdKMS.eventBus, receiver, createdKMS.GenerateAndSendKSAKey, config.AKMS.ServerTLS)
if err != nil {
log.Fatalf("Failed to initialize CkmsAkmsServer: %s", err)
}
- log.Infof("Starting AKMS receiver server on port: %s", config.AkmsCkmsServerPort)
+ log.Infof("Starting AKMS receiver server on port: %s", config.AKMS.ServerPort)
go createdKMS.ckmsAkmsServer.Serve()
}
diff --git a/goKMS/main.go b/goKMS/main.go
index e346420187f6a188928d5f277c48f40c9a727737..88a12d748246c5fb5c0228f2ba4f551ff04060bc 100644
--- a/goKMS/main.go
+++ b/goKMS/main.go
@@ -177,9 +177,13 @@ func outputTlsSettings(config *config.Config) {
}
}
- log.Infof("TLS enabled for AKMS-CKMS interface: %t", config.AkmsCkmsTLS.Active)
- if config.AkmsCkmsTLS.Active {
- log.Infof("TLS filepaths for AKMS-CKMS interface: ca: %s, cert: %s, key: %s", config.AkmsCkmsTLS.CAFile, config.AkmsCkmsTLS.CertFile, config.AkmsCkmsTLS.KeyFile)
+ log.Infof("TLS enabled for AKMS-CKMS Client interface: %t", config.AKMS.ClientTLS.Active)
+ if config.AKMS.ClientTLS.Active {
+ log.Infof("TLS filepaths for AKMS-CKMS Client interface: ca: %s, cert: %s, key: %s", config.AKMS.ClientTLS.CAFile, config.AKMS.ClientTLS.CertFile, config.AKMS.ClientTLS.KeyFile)
+ }
+ log.Infof("TLS enabled for AKMS-CKMS Server interface: %t", config.AKMS.ServerTLS.Active)
+ if config.AKMS.ServerTLS.Active {
+ log.Infof("TLS filepaths for AKMS-CKMS Server interface: ca: %s, cert: %s, key: %s", config.AKMS.ServerTLS.CAFile, config.AKMS.ServerTLS.CertFile, config.AKMS.ServerTLS.KeyFile)
}
}
diff --git a/integration-tests/config/kms/kms_1.yaml b/integration-tests/config/kms/kms_1.yaml
index d57612d8a7cf522b667eda153a523cd9a7dd9336..1e071d561c0064683422460e1e638eceaeb6dacf 100644
--- a/integration-tests/config/kms/kms_1.yaml
+++ b/integration-tests/config/kms/kms_1.yaml
@@ -2,13 +2,19 @@ Id: "0ff33c82-7fe1-482b-a0ca-67565806ee4b"
Name: kms01
InterComAddr: 0.0.0.0:50910
QuantumAddr: 0.0.0.0:50911
-AkmsURL: "https://akms-simulator_1:4444/api/v1/keys/push_ksa_key"
-AkmsCkmsServerPort: "9696"
-AkmsCkmsTLS:
- Active: true
- CAFile: "config/ssl/ca.crt"
- CertFile: "config/ssl/kms/kms1-selfsigned.crt"
- KeyFile: "config/ssl/kms/kms1-selfsigned.key"
+AKMS:
+ RemoteAddress: "https://akms-simulator_1:4444/api/v1/keys/push_ksa_key"
+ ServerPort: "9696"
+ ClientTLS:
+ Active: true
+ CAFile: "config/ssl/ca.crt"
+ CertFile: "config/ssl/kms/kms1-selfsigned.crt"
+ KeyFile: "config/ssl/kms/kms1-selfsigned.key"
+ ServerTLS:
+ Active: true
+ CAFile: "config/ssl/ca.crt"
+ CertFile: "config/ssl/kms/kms1-selfsigned.crt"
+ KeyFile: "config/ssl/kms/kms1-selfsigned.key"
GRPCTimeoutInSeconds: 600
KmsTLS:
Active: false
diff --git a/integration-tests/config/kms/kms_2.yaml b/integration-tests/config/kms/kms_2.yaml
index 6bdbd36540b785cbfab777086f364b4b72426ac2..58c54adee5ecd726acbb3785ad24970d7c7b25a4 100644
--- a/integration-tests/config/kms/kms_2.yaml
+++ b/integration-tests/config/kms/kms_2.yaml
@@ -2,13 +2,19 @@ Id: "5e41c291-6121-4335-84f6-41e04b8bdaa2"
Name: kms02
InterComAddr: 0.0.0.0:50910
QuantumAddr: 0.0.0.0:50911
-AkmsURL: "https://akms-simulator_2:4444/api/v1/keys/push_ksa_key"
-AkmsCkmsServerPort: "9696"
-AkmsCkmsTLS:
- Active: true
- CAFile: "config/ssl/ca.crt"
- CertFile: "config/ssl/kms/kms2-selfsigned.crt"
- KeyFile: "config/ssl/kms/kms2-selfsigned.key"
+AKMS:
+ RemoteAddress: "https://akms-simulator_2:4444/api/v1/keys/push_ksa_key"
+ ServerPort: "9696"
+ ClientTLS:
+ Active: true
+ CAFile: "config/ssl/ca.crt"
+ CertFile: "config/ssl/kms/kms2-selfsigned.crt"
+ KeyFile: "config/ssl/kms/kms2-selfsigned.key"
+ ServerTLS:
+ Active: true
+ CAFile: "config/ssl/ca.crt"
+ CertFile: "config/ssl/kms/kms2-selfsigned.crt"
+ KeyFile: "config/ssl/kms/kms2-selfsigned.key"
GRPCTimeoutInSeconds: 600
KmsTLS:
Active: false