From b4bcbb6e43fcc02976b0e86a3aa948e2242bb13e Mon Sep 17 00:00:00 2001
From: Malte Bauch <malte.bauch@h-da.de>
Date: Wed, 18 Sep 2024 10:08:27 +0000
Subject: [PATCH] Add a seperate AKMS config option
See merge request danet/quant!211
---
README.md | 20 +++++++++++++-------
config/goKMS/example01.yaml | 5 +++--
config/goKMS/example04.yaml | 5 +++--
config/goKMS/small_kms_1.yaml | 23 ++++++++++++-----------
config/goKMS/small_kms_2.yaml | 23 ++++++++++++-----------
goKMS/config/config.go | 11 ++++++++---
goKMS/kms/akmsInterface/client/client.go | 2 +-
goKMS/kms/kms.go | 10 +++++-----
goKMS/main.go | 10 +++++++---
integration-tests/config/kms/kms_1.yaml | 20 +++++++++++++-------
integration-tests/config/kms/kms_2.yaml | 20 +++++++++++++-------
11 files changed, 90 insertions(+), 59 deletions(-)
diff --git a/README.md b/README.md
index c0dc5474..d01e1542 100644
--- a/README.md
+++ b/README.md
@@ -27,8 +27,19 @@ Id: "0ff33c82-7fe1-482b-a0ca-67565806ee4b" # ID of the kms
Name: kms01 # name of the kms
InterComAddr: 0.0.0.0:50910 # IP and port to bind the local gRPC server for inter KMS communication to
QuantumAddr: 0.0.0.0:50911 # IP and port to bind the local gRPC server for QKD modules to reach the KMS to (optional, only used for specific emulated or experimental QKD modules)
-AkmsURL: "http://172.100.20.22:4444/api/v1/keys/push_ksa_key" # address of the rest endpoint of a connected AKMS (used for sending KSA key to the AKMS).
-AkmsCkmsServerPort: "9696" # Port of connected AKMS
+AKMS:
+ RemoteAddress: "http://172.100.20.22:4444/api/v1/keys/push_ksa_key" # address of the rest endpoint of a connected AKMS (used for sending KSA key to the AKMS).
+ ServerPort: "9696" # Port of connected AKMS
+ ClientTLS: # Settings for TLS for akms ckms interface
+ Active: true # Whether TLS is enabled
+ CAFile: "ssl/ca.crt" # Path to ca
+ CertFile: "ssl/kms/kms1-selfsigned.crt" # Path to cert
+ KeyFile: "ssl/kms/kms1-selfsigned.key" # Path to key
+ ServerTLS:
+ Active: true # Whether TLS is enabled
+ CAFile: "ssl/ca.crt" # Path to ca
+ CertFile: "ssl/kms/kms1-selfsigned.crt" # Path to cert
+ KeyFile: "ssl/kms/kms1-selfsigned.key" # Path to key
GRPCTimeoutInSeconds: 10 # Time in seconds for timeout of gRPC connections as a client. Defaults to 10 seconds. Should not be set to 0 or negative values.
GnmiTLS: # Settings for TLS for gNMI endpoint. Can be overwritten with cli parameters.
Active: true # Whether TLS is enabled
@@ -40,11 +51,6 @@ KmsTLS: # Settings for TLS for inter KMS communication
CAFile: "ssl/ca.crt" # Path to ca
CertFile: "ssl/kms/kms1-selfsigned.crt" # Path to cert
KeyFile: "ssl/kms/kms1-selfsigned.key" # Path to key
-AkmsCkmsTLS: # Settings for TLS for akms ckms interface
- Active: true # Whether TLS is enabled
- CAFile: "ssl/ca.crt" # Path to ca
- CertFile: "ssl/kms/kms1-selfsigned.crt" # Path to cert
- KeyFile: "ssl/kms/kms1-selfsigned.key" # Path to key
Peers: # Peers to other goKMS
# peer to goKMS02
- PeerId: "5e41c291-6121-4335-84f6-41e04b8bdaa2" # id of the peer
diff --git a/config/goKMS/example01.yaml b/config/goKMS/example01.yaml
index 5582421a..b38b9287 100644
--- a/config/goKMS/example01.yaml
+++ b/config/goKMS/example01.yaml
@@ -3,8 +3,9 @@ Name: kms01
InterComAddr: 0.0.0.0:50910
QuantumAddr: 0.0.0.0:50911
GRPCAddr: 0.0.0.0:50900
-AkmsURL: "http://akms-receiver01:4444/api/v1/keys/push_ksa_key"
-AkmsCkmsServerPort: "9696"
+AKMS:
+ RemoteAddress: "http://akms-receiver01:4444/api/v1/keys/push_ksa_key"
+ ServerPort: "9696"
GRPCTimeoutInSeconds: 600
KmsTLS:
Active: false
diff --git a/config/goKMS/example04.yaml b/config/goKMS/example04.yaml
index 817e1404..fabc08d3 100644
--- a/config/goKMS/example04.yaml
+++ b/config/goKMS/example04.yaml
@@ -3,8 +3,9 @@ Name: kms04
InterComAddr: 0.0.0.0:50910
QuantumAddr: 0.0.0.0:50911
GRPCAddr: 0.0.0.0:50900
-AkmsURL: "http://akms-receiver02:4444/api/v1/keys/push_ksa_key"
-AkmsCkmsServerPort: "9696"
+AKMS:
+ RemoteAddress: "http://akms-receiver02:4444/api/v1/keys/push_ksa_key"
+ ServerPort: "9696"
GRPCTimeoutInSeconds: 600
KmsTLS:
Active: false
diff --git a/config/goKMS/small_kms_1.yaml b/config/goKMS/small_kms_1.yaml
index d72c9c7f..369b36ed 100644
--- a/config/goKMS/small_kms_1.yaml
+++ b/config/goKMS/small_kms_1.yaml
@@ -1,17 +1,18 @@
-Id: '0ff33c82-7fe1-482b-a0ca-67565806ee4b'
+Id: "0ff33c82-7fe1-482b-a0ca-67565806ee4b"
Name: kms_1
InterComAddr: 0.0.0.0:50910
QuantumAddr: 0.0.0.0:50911
-AkmsURL: "http://akms-simulator_1:4444/api/v1/keys/push_ksa_key"
-AkmsCkmsServerPort: "9696"
+AKMS:
+ RemoteAddress: "http://akms-simulator_1:4444/api/v1/keys/push_ksa_key"
+ ServerPort: "9696"
Peers:
- # peer to kms_2
- - PeerId: '5e41c291-6121-4335-84f6-41e04b8bdaa2'
- PeerInterComAddr: kms_2:50910
- Type: danet
- # quantum module of type emulated at the given address
- QuantumModule:
- Type: emulated
- Hostname: quantumlayer_1
+ # peer to kms_2
+ - PeerId: "5e41c291-6121-4335-84f6-41e04b8bdaa2"
+ PeerInterComAddr: kms_2:50910
+ Type: danet
+ # quantum module of type emulated at the given address
+ QuantumModule:
+ Type: emulated
+ Hostname: quantumlayer_1
QkdnManagerServer:
Address: ":8090"
diff --git a/config/goKMS/small_kms_2.yaml b/config/goKMS/small_kms_2.yaml
index 98644c38..241be8be 100644
--- a/config/goKMS/small_kms_2.yaml
+++ b/config/goKMS/small_kms_2.yaml
@@ -1,17 +1,18 @@
-Id: '5e41c291-6121-4335-84f6-41e04b8bdaa2'
+Id: "5e41c291-6121-4335-84f6-41e04b8bdaa2"
Name: kms_2
InterComAddr: 0.0.0.0:50910
GRPCAddr: 0.0.0.0:50900
-AkmsURL: "http://akms-simulator_2:4444/api/v1/keys/push_ksa_key"
-AkmsCkmsServerPort: "9696"
+AKMS:
+ RemoteAddress: "http://akms-simulator_2:4444/api/v1/keys/push_ksa_key"
+ ServerPort: "9696"
Peers:
- # peer to kms_1
- - PeerId: '0ff33c82-7fe1-482b-a0ca-67565806ee4b'
- PeerInterComAddr: kms_1:50910
- Type: danet
- # quantum module of type emulated at the given address
- QuantumModule:
- Type: emulated
- Hostname: quantumlayer_2
+ # peer to kms_1
+ - PeerId: "0ff33c82-7fe1-482b-a0ca-67565806ee4b"
+ PeerInterComAddr: kms_1:50910
+ Type: danet
+ # quantum module of type emulated at the given address
+ QuantumModule:
+ Type: emulated
+ Hostname: quantumlayer_2
QkdnManagerServer:
Address: ":8090"
diff --git a/goKMS/config/config.go b/goKMS/config/config.go
index c3de91ae..7ea24a6c 100644
--- a/goKMS/config/config.go
+++ b/goKMS/config/config.go
@@ -11,18 +11,23 @@ type Config struct {
Name string `yaml:"Name"`
InterComAddr string `yaml:"InterComAddr"`
QuantumAddr string `yaml:"QuantumAddr"`
- AkmsURL string `yaml:"AkmsURL"`
- AkmsCkmsServerPort string `yaml:"AkmsCkmsServerPort"`
+ AKMS AKMS `yaml:"AKMS"`
GnmiBindAddress string `yaml:"GnmiBindAddress"`
KmsTLS TLSConfig `yaml:"KmsTLS"`
Peers []Peer `yaml:"Peers"`
GnmiTLS TLSConfig `yaml:"GnmiTLS"`
- AkmsCkmsTLS TLSConfig `yaml:"AkmsCkmsTLS"`
ETSI14Server *ETSI14Server `yaml:"ETSI14Server,omitempty"`
QkdnManagerServer *QkdnManagerServer `yaml:"QkdnManagerServer,omitempty"`
GRPCTimeoutInSeconds int `yaml:"GRPCTimeoutInSeconds"`
}
+type AKMS struct {
+ RemoteAddress string `yaml:"RemoteAddress"`
+ ServerPort string `yaml:"ServerPort"`
+ ServerTLS TLSConfig `yaml:"ServerTLS"`
+ ClientTLS TLSConfig `yaml:"ClientTLS"`
+}
+
type Peer struct {
PeerId string `yaml:"PeerId"`
PeerInterComAddr string `yaml:"PeerInterComAddr"`
diff --git a/goKMS/kms/akmsInterface/client/client.go b/goKMS/kms/akmsInterface/client/client.go
index 703912a8..19a58beb 100644
--- a/goKMS/kms/akmsInterface/client/client.go
+++ b/goKMS/kms/akmsInterface/client/client.go
@@ -57,7 +57,7 @@ func (c *CkmsAkmsClient) SendKSAKeysToRequestingInstances(requestID string, proc
return err
}
- // TODO: also log the response body if request failed
+ logrus.Infof("Attempting to send KSA post request to AKMS with URL: %s", c.url)
resp, err := c.httpClient.Post(c.url, "application/json", bytes.NewBuffer(jsonData))
if err != nil {
body, err2 := io.ReadAll(resp.Body)
diff --git a/goKMS/kms/kms.go b/goKMS/kms/kms.go
index 4b7cb5f2..39c99108 100644
--- a/goKMS/kms/kms.go
+++ b/goKMS/kms/kms.go
@@ -120,8 +120,8 @@ func NewKMS(kmsUUID uuid.UUID, logOutput io.Writer, logLevel log.Level, logInJso
var ckmsAkmsClient *akmsInterfaceClient.CkmsAkmsClient
var err error
- if config.AkmsURL != "" {
- ckmsAkmsClient, err = akmsInterfaceClient.NewCkmsAkmsClient(config.AkmsURL, config.AkmsCkmsTLS)
+ if config.AKMS.RemoteAddress != "" {
+ ckmsAkmsClient, err = akmsInterfaceClient.NewCkmsAkmsClient(config.AKMS.RemoteAddress, config.AKMS.ClientTLS)
if err != nil {
log.Fatalf("Failed to setup CkmsAkmsClient: %s", err)
}
@@ -159,12 +159,12 @@ func NewKMS(kmsUUID uuid.UUID, logOutput io.Writer, logLevel log.Level, logInJso
}
// Start the akmsCkmsReceiverServer
- if config.AkmsCkmsServerPort != "" {
- createdKMS.ckmsAkmsServer, err = akmsInterfaceServer.NewAKMSReceiver(config.AkmsCkmsServerPort, createdKMS.eventBus, receiver, createdKMS.GenerateAndSendKSAKey, config.AkmsCkmsTLS)
+ if config.AKMS.ServerPort != "" {
+ createdKMS.ckmsAkmsServer, err = akmsInterfaceServer.NewAKMSReceiver(config.AKMS.ServerPort, createdKMS.eventBus, receiver, createdKMS.GenerateAndSendKSAKey, config.AKMS.ServerTLS)
if err != nil {
log.Fatalf("Failed to initialize CkmsAkmsServer: %s", err)
}
- log.Infof("Starting AKMS receiver server on port: %s", config.AkmsCkmsServerPort)
+ log.Infof("Starting AKMS receiver server on port: %s", config.AKMS.ServerPort)
go createdKMS.ckmsAkmsServer.Serve()
}
diff --git a/goKMS/main.go b/goKMS/main.go
index e3464201..88a12d74 100644
--- a/goKMS/main.go
+++ b/goKMS/main.go
@@ -177,9 +177,13 @@ func outputTlsSettings(config *config.Config) {
}
}
- log.Infof("TLS enabled for AKMS-CKMS interface: %t", config.AkmsCkmsTLS.Active)
- if config.AkmsCkmsTLS.Active {
- log.Infof("TLS filepaths for AKMS-CKMS interface: ca: %s, cert: %s, key: %s", config.AkmsCkmsTLS.CAFile, config.AkmsCkmsTLS.CertFile, config.AkmsCkmsTLS.KeyFile)
+ log.Infof("TLS enabled for AKMS-CKMS Client interface: %t", config.AKMS.ClientTLS.Active)
+ if config.AKMS.ClientTLS.Active {
+ log.Infof("TLS filepaths for AKMS-CKMS Client interface: ca: %s, cert: %s, key: %s", config.AKMS.ClientTLS.CAFile, config.AKMS.ClientTLS.CertFile, config.AKMS.ClientTLS.KeyFile)
+ }
+ log.Infof("TLS enabled for AKMS-CKMS Server interface: %t", config.AKMS.ServerTLS.Active)
+ if config.AKMS.ServerTLS.Active {
+ log.Infof("TLS filepaths for AKMS-CKMS Server interface: ca: %s, cert: %s, key: %s", config.AKMS.ServerTLS.CAFile, config.AKMS.ServerTLS.CertFile, config.AKMS.ServerTLS.KeyFile)
}
}
diff --git a/integration-tests/config/kms/kms_1.yaml b/integration-tests/config/kms/kms_1.yaml
index d57612d8..1e071d56 100644
--- a/integration-tests/config/kms/kms_1.yaml
+++ b/integration-tests/config/kms/kms_1.yaml
@@ -2,13 +2,19 @@ Id: "0ff33c82-7fe1-482b-a0ca-67565806ee4b"
Name: kms01
InterComAddr: 0.0.0.0:50910
QuantumAddr: 0.0.0.0:50911
-AkmsURL: "https://akms-simulator_1:4444/api/v1/keys/push_ksa_key"
-AkmsCkmsServerPort: "9696"
-AkmsCkmsTLS:
- Active: true
- CAFile: "config/ssl/ca.crt"
- CertFile: "config/ssl/kms/kms1-selfsigned.crt"
- KeyFile: "config/ssl/kms/kms1-selfsigned.key"
+AKMS:
+ RemoteAddress: "https://akms-simulator_1:4444/api/v1/keys/push_ksa_key"
+ ServerPort: "9696"
+ ClientTLS:
+ Active: true
+ CAFile: "config/ssl/ca.crt"
+ CertFile: "config/ssl/kms/kms1-selfsigned.crt"
+ KeyFile: "config/ssl/kms/kms1-selfsigned.key"
+ ServerTLS:
+ Active: true
+ CAFile: "config/ssl/ca.crt"
+ CertFile: "config/ssl/kms/kms1-selfsigned.crt"
+ KeyFile: "config/ssl/kms/kms1-selfsigned.key"
GRPCTimeoutInSeconds: 600
KmsTLS:
Active: false
diff --git a/integration-tests/config/kms/kms_2.yaml b/integration-tests/config/kms/kms_2.yaml
index 6bdbd365..58c54ade 100644
--- a/integration-tests/config/kms/kms_2.yaml
+++ b/integration-tests/config/kms/kms_2.yaml
@@ -2,13 +2,19 @@ Id: "5e41c291-6121-4335-84f6-41e04b8bdaa2"
Name: kms02
InterComAddr: 0.0.0.0:50910
QuantumAddr: 0.0.0.0:50911
-AkmsURL: "https://akms-simulator_2:4444/api/v1/keys/push_ksa_key"
-AkmsCkmsServerPort: "9696"
-AkmsCkmsTLS:
- Active: true
- CAFile: "config/ssl/ca.crt"
- CertFile: "config/ssl/kms/kms2-selfsigned.crt"
- KeyFile: "config/ssl/kms/kms2-selfsigned.key"
+AKMS:
+ RemoteAddress: "https://akms-simulator_2:4444/api/v1/keys/push_ksa_key"
+ ServerPort: "9696"
+ ClientTLS:
+ Active: true
+ CAFile: "config/ssl/ca.crt"
+ CertFile: "config/ssl/kms/kms2-selfsigned.crt"
+ KeyFile: "config/ssl/kms/kms2-selfsigned.key"
+ ServerTLS:
+ Active: true
+ CAFile: "config/ssl/ca.crt"
+ CertFile: "config/ssl/kms/kms2-selfsigned.crt"
+ KeyFile: "config/ssl/kms/kms2-selfsigned.key"
GRPCTimeoutInSeconds: 600
KmsTLS:
Active: false
--
GitLab