Add a seperate AKMS config option

Allows to set everything AKMS specific with this option. - RemoteAddress - ServerPort - TLS for Client and Server

Add a seperate AKMS config option
b51659e8 · Malte Bauch · 8b0c4661 · b51659e8 · b51659e8 · b51659e8
Verified Commit b51659e8 authored 8 months ago by Malte Bauch
--- a/README.md
+++ b/README.md
@@ -27,8 +27,19 @@ Id: "0ff33c82-7fe1-482b-a0ca-67565806ee4b" # ID of the kms
 Name: kms01 # name of the kms
 InterComAddr: 0.0.0.0:50910 # IP and port to bind the local gRPC server for inter KMS communication to
 QuantumAddr: 0.0.0.0:50911 # IP and port to bind the local gRPC server for QKD modules to reach the KMS to (optional, only used for specific emulated or experimental QKD modules)
-AkmsURL: "http://172.100.20.22:4444/api/v1/keys/push_ksa_key" # address of the rest endpoint of a connected AKMS (used for sending KSA key to the AKMS).
+AKMS:
-AkmsCkmsServerPort: "9696" # Port of connected AKMS
+  RemoteAddress: "http://172.100.20.22:4444/api/v1/keys/push_ksa_key" # address of the rest endpoint of a connected AKMS (used for sending KSA key to the AKMS).
+  ServerPort: "9696" # Port of connected AKMS
+  ClientTLS: # Settings for TLS for akms ckms interface
+    Active: true # Whether TLS is enabled
+    CAFile: "ssl/ca.crt" # Path to ca
+    CertFile: "ssl/kms/kms1-selfsigned.crt" # Path to cert
+    KeyFile: "ssl/kms/kms1-selfsigned.key" # Path to key
+  ServerTLS:
+    Active: true # Whether TLS is enabled
+    CAFile: "ssl/ca.crt" # Path to ca
+    CertFile: "ssl/kms/kms1-selfsigned.crt" # Path to cert
+    KeyFile: "ssl/kms/kms1-selfsigned.key" # Path to key
 GRPCTimeoutInSeconds: 10 # Time in seconds for timeout of gRPC connections as a client. Defaults to 10 seconds. Should not be set to 0 or negative values.
 GnmiTLS: # Settings for TLS for gNMI endpoint. Can be overwritten with cli parameters.
  Active: true # Whether TLS is enabled
@@ -40,11 +51,6 @@ KmsTLS: # Settings for TLS for inter KMS communication
  CAFile: "ssl/ca.crt" # Path to ca
  CertFile: "ssl/kms/kms1-selfsigned.crt" # Path to cert
  KeyFile: "ssl/kms/kms1-selfsigned.key" # Path to key
-AkmsCkmsTLS: # Settings for TLS for akms ckms interface
-  Active: true # Whether TLS is enabled
-  CAFile: "ssl/ca.crt" # Path to ca
-  CertFile: "ssl/kms/kms1-selfsigned.crt" # Path to cert
-  KeyFile: "ssl/kms/kms1-selfsigned.key" # Path to key
 Peers: # Peers to other goKMS
    # peer to goKMS02
    - PeerId: "5e41c291-6121-4335-84f6-41e04b8bdaa2" # id of the peer

--- a/config/goKMS/example01.yaml
+++ b/config/goKMS/example01.yaml
@@ -3,8 +3,9 @@ Name: kms01
 InterComAddr: 0.0.0.0:50910
 QuantumAddr: 0.0.0.0:50911
 GRPCAddr: 0.0.0.0:50900
-AkmsURL: "http://akms-receiver01:4444/api/v1/keys/push_ksa_key"
+AKMS:
-AkmsCkmsServerPort: "9696"
+  RemoteAddress: "http://akms-receiver01:4444/api/v1/keys/push_ksa_key"
+  ServerPort: "9696"
 GRPCTimeoutInSeconds: 600
 KmsTLS:
  Active: false

--- a/config/goKMS/example04.yaml
+++ b/config/goKMS/example04.yaml
@@ -3,8 +3,9 @@ Name: kms04
 InterComAddr: 0.0.0.0:50910
 QuantumAddr: 0.0.0.0:50911
 GRPCAddr: 0.0.0.0:50900
-AkmsURL: "http://akms-receiver02:4444/api/v1/keys/push_ksa_key"
+AKMS:
-AkmsCkmsServerPort: "9696"
+  RemoteAddress: "http://akms-receiver02:4444/api/v1/keys/push_ksa_key"
+  ServerPort: "9696"
 GRPCTimeoutInSeconds: 600
 KmsTLS:
  Active: false

--- a/config/goKMS/small_kms_1.yaml
+++ b/config/goKMS/small_kms_1.yaml
-Id: '0ff33c82-7fe1-482b-a0ca-67565806ee4b'
+Id: "0ff33c82-7fe1-482b-a0ca-67565806ee4b"
 Name: kms_1
 InterComAddr: 0.0.0.0:50910
 QuantumAddr: 0.0.0.0:50911
-AkmsURL: "http://akms-simulator_1:4444/api/v1/keys/push_ksa_key"
+AKMS:
-AkmsCkmsServerPort: "9696"
+  RemoteAddress: "http://akms-simulator_1:4444/api/v1/keys/push_ksa_key"
+  ServerPort: "9696"
 Peers:
-    # peer to kms_2
+  # peer to kms_2
-    - PeerId: '5e41c291-6121-4335-84f6-41e04b8bdaa2'
+  - PeerId: "5e41c291-6121-4335-84f6-41e04b8bdaa2"
-      PeerInterComAddr: kms_2:50910
+    PeerInterComAddr: kms_2:50910
-      Type: danet
+    Type: danet
-      # quantum module of type emulated at the given address
+    # quantum module of type emulated at the given address
-      QuantumModule:
+    QuantumModule:
-          Type: emulated
+      Type: emulated
-          Hostname: quantumlayer_1
+      Hostname: quantumlayer_1
 QkdnManagerServer:
  Address: ":8090"
--- a/config/goKMS/small_kms_2.yaml
+++ b/config/goKMS/small_kms_2.yaml
-Id: '5e41c291-6121-4335-84f6-41e04b8bdaa2'
+Id: "5e41c291-6121-4335-84f6-41e04b8bdaa2"
 Name: kms_2
 InterComAddr: 0.0.0.0:50910
 GRPCAddr: 0.0.0.0:50900
-AkmsURL: "http://akms-simulator_2:4444/api/v1/keys/push_ksa_key"
+AKMS:
-AkmsCkmsServerPort: "9696"
+  RemoteAddress: "http://akms-simulator_2:4444/api/v1/keys/push_ksa_key"
+  ServerPort: "9696"
 Peers:
-    # peer to kms_1
+  # peer to kms_1
-    - PeerId: '0ff33c82-7fe1-482b-a0ca-67565806ee4b'
+  - PeerId: "0ff33c82-7fe1-482b-a0ca-67565806ee4b"
-      PeerInterComAddr: kms_1:50910
+    PeerInterComAddr: kms_1:50910
-      Type: danet
+    Type: danet
-      # quantum module of type emulated at the given address
+    # quantum module of type emulated at the given address
-      QuantumModule:
+    QuantumModule:
-          Type: emulated
+      Type: emulated
-          Hostname: quantumlayer_2
+      Hostname: quantumlayer_2
 QkdnManagerServer:
  Address: ":8090"
--- a/goKMS/config/config.go
+++ b/goKMS/config/config.go
@@ -11,18 +11,23 @@ type Config struct {
 	Name                 string             `yaml:"Name"`
 	InterComAddr         string             `yaml:"InterComAddr"`
 	QuantumAddr          string             `yaml:"QuantumAddr"`
-	AkmsURL              string             `yaml:"AkmsURL"`
+	AKMS                 AKMS               `yaml:"AKMS"`
-	AkmsCkmsServerPort   string             `yaml:"AkmsCkmsServerPort"`
 	GnmiBindAddress      string             `yaml:"GnmiBindAddress"`
 	KmsTLS               TLSConfig          `yaml:"KmsTLS"`
 	Peers                []Peer             `yaml:"Peers"`
 	GnmiTLS              TLSConfig          `yaml:"GnmiTLS"`
-	AkmsCkmsTLS          TLSConfig          `yaml:"AkmsCkmsTLS"`
 	ETSI14Server         *ETSI14Server      `yaml:"ETSI14Server,omitempty"`
 	QkdnManagerServer    *QkdnManagerServer `yaml:"QkdnManagerServer,omitempty"`
 	GRPCTimeoutInSeconds int                `yaml:"GRPCTimeoutInSeconds"`
 }
+type AKMS struct {
+	RemoteAddress string    `yaml:"RemoteAddress"`
+	ServerPort    string    `yaml:"ServerPort"`
+	ServerTLS     TLSConfig `yaml:"ServerTLS"`
+	ClientTLS     TLSConfig `yaml:"ClientTLS"`
+}
 type Peer struct {
 	PeerId           string        `yaml:"PeerId"`
 	PeerInterComAddr string        `yaml:"PeerInterComAddr"`

--- a/goKMS/kms/kms.go
+++ b/goKMS/kms/kms.go
@@ -120,8 +120,8 @@ func NewKMS(kmsUUID uuid.UUID, logOutput io.Writer, logLevel log.Level, logInJso
 	var ckmsAkmsClient *akmsInterfaceClient.CkmsAkmsClient
 	var err error
-	if config.AkmsURL != "" {
+	if config.AKMS.RemoteAddress != "" {
-		ckmsAkmsClient, err = akmsInterfaceClient.NewCkmsAkmsClient(config.AkmsURL, config.AkmsCkmsTLS)
+		ckmsAkmsClient, err = akmsInterfaceClient.NewCkmsAkmsClient(config.AKMS.RemoteAddress, config.AKMS.ClientTLS)
 		if err != nil {
 			log.Fatalf("Failed to setup CkmsAkmsClient: %s", err)
 		}
@@ -159,12 +159,12 @@ func NewKMS(kmsUUID uuid.UUID, logOutput io.Writer, logLevel log.Level, logInJso
 	}
 	// Start the akmsCkmsReceiverServer
-	if config.AkmsCkmsServerPort != "" {
+	if config.AKMS.ServerPort != "" {
-		createdKMS.ckmsAkmsServer, err = akmsInterfaceServer.NewAKMSReceiver(config.AkmsCkmsServerPort, createdKMS.eventBus, receiver, createdKMS.GenerateAndSendKSAKey, config.AkmsCkmsTLS)
+		createdKMS.ckmsAkmsServer, err = akmsInterfaceServer.NewAKMSReceiver(config.AKMS.ServerPort, createdKMS.eventBus, receiver, createdKMS.GenerateAndSendKSAKey, config.AKMS.ServerTLS)
 		if err != nil {
 			log.Fatalf("Failed to initialize CkmsAkmsServer: %s", err)
 		}
-		log.Infof("Starting AKMS receiver server on port: %s", config.AkmsCkmsServerPort)
+		log.Infof("Starting AKMS receiver server on port: %s", config.AKMS.ServerPort)
 		go createdKMS.ckmsAkmsServer.Serve()
 	}

--- a/goKMS/main.go
+++ b/goKMS/main.go
@@ -177,9 +177,13 @@ func outputTlsSettings(config *config.Config) {
 		}
 	}
-	log.Infof("TLS enabled for AKMS-CKMS interface: %t", config.AkmsCkmsTLS.Active)
+	log.Infof("TLS enabled for AKMS-CKMS Client interface: %t", config.AKMS.ClientTLS.Active)
-	if config.AkmsCkmsTLS.Active {
+	if config.AKMS.ClientTLS.Active {
-		log.Infof("TLS filepaths for AKMS-CKMS interface: ca: %s, cert: %s, key: %s", config.AkmsCkmsTLS.CAFile, config.AkmsCkmsTLS.CertFile, config.AkmsCkmsTLS.KeyFile)
+		log.Infof("TLS filepaths for AKMS-CKMS Client interface: ca: %s, cert: %s, key: %s", config.AKMS.ClientTLS.CAFile, config.AKMS.ClientTLS.CertFile, config.AKMS.ClientTLS.KeyFile)
+	}
+	log.Infof("TLS enabled for AKMS-CKMS Server interface: %t", config.AKMS.ServerTLS.Active)
+	if config.AKMS.ServerTLS.Active {
+		log.Infof("TLS filepaths for AKMS-CKMS Server interface: ca: %s, cert: %s, key: %s", config.AKMS.ServerTLS.CAFile, config.AKMS.ServerTLS.CertFile, config.AKMS.ServerTLS.KeyFile)
 	}
 }

--- a/integration-tests/config/kms/kms_1.yaml
+++ b/integration-tests/config/kms/kms_1.yaml
@@ -2,13 +2,19 @@ Id: "0ff33c82-7fe1-482b-a0ca-67565806ee4b"
 Name: kms01
 InterComAddr: 0.0.0.0:50910
 QuantumAddr: 0.0.0.0:50911
-AkmsURL: "https://akms-simulator_1:4444/api/v1/keys/push_ksa_key"
+AKMS:
-AkmsCkmsServerPort: "9696"
+  RemoteAddress: "https://akms-simulator_1:4444/api/v1/keys/push_ksa_key"
-AkmsCkmsTLS:
+  ServerPort: "9696"
-  Active: true
+  ClientTLS:
-  CAFile: "config/ssl/ca.crt"
+    Active: true
-  CertFile: "config/ssl/kms/kms1-selfsigned.crt"
+    CAFile: "config/ssl/ca.crt"
-  KeyFile: "config/ssl/kms/kms1-selfsigned.key"
+    CertFile: "config/ssl/kms/kms1-selfsigned.crt"
+    KeyFile: "config/ssl/kms/kms1-selfsigned.key"
+  ServerTLS:
+    Active: true
+    CAFile: "config/ssl/ca.crt"
+    CertFile: "config/ssl/kms/kms1-selfsigned.crt"
+    KeyFile: "config/ssl/kms/kms1-selfsigned.key"
 GRPCTimeoutInSeconds: 600
 KmsTLS:
  Active: false

--- a/integration-tests/config/kms/kms_2.yaml
+++ b/integration-tests/config/kms/kms_2.yaml
@@ -2,13 +2,19 @@ Id: "5e41c291-6121-4335-84f6-41e04b8bdaa2"
 Name: kms02
 InterComAddr: 0.0.0.0:50910
 QuantumAddr: 0.0.0.0:50911
-AkmsURL: "https://akms-simulator_2:4444/api/v1/keys/push_ksa_key"
+AKMS:
-AkmsCkmsServerPort: "9696"
+  RemoteAddress: "https://akms-simulator_2:4444/api/v1/keys/push_ksa_key"
-AkmsCkmsTLS:
+  ServerPort: "9696"
-  Active: true
+  ClientTLS:
-  CAFile: "config/ssl/ca.crt"
+    Active: true
-  CertFile: "config/ssl/kms/kms2-selfsigned.crt"
+    CAFile: "config/ssl/ca.crt"
-  KeyFile: "config/ssl/kms/kms2-selfsigned.key"
+    CertFile: "config/ssl/kms/kms2-selfsigned.crt"
+    KeyFile: "config/ssl/kms/kms2-selfsigned.key"
+  ServerTLS:
+    Active: true
+    CAFile: "config/ssl/ca.crt"
+    CertFile: "config/ssl/kms/kms2-selfsigned.crt"
+    KeyFile: "config/ssl/kms/kms2-selfsigned.key"
 GRPCTimeoutInSeconds: 600
 KmsTLS:
  Active: false