First attempt to fix failed integration test and clean-up/separatation ETSI 20.

b76f3f1e · Martin Stiemerling · a916d6a2 · b76f3f1e
Commit b76f3f1e authored 5 months ago by Martin Stiemerling
--- a/goKMS/kms/kms.go
+++ b/goKMS/kms/kms.go
@@ -477,7 +477,7 @@ func (kms *KMS) GenerateAndSendKSAKey(remoteKMSId string, pathId uuid.UUID, requ
 	remoteKMSAdrress := fmt.Sprintf("%s:%d", remoteKMS.Address, remoteKMS.Port)
-	err = kms.sendKSAKeysToPlatformKmsPeer(remoteKMSAdrress, platformKey.Id.String(), requestID, ksaKeys, "", nil)
+	err = kms.sendKSAKeysToPlatformKmsPeer(remoteKMSAdrress, platformKey.Id.String(), requestID, ksaKeys)
 	if err != nil {
 		log.Error(err)
 		return err
@@ -630,7 +630,41 @@ func encryptKSAKey(cryptoAlgo crypto.CryptoAlgorithm, platformKeyValue []byte, k
 	return ksaKeyToSend, nil
 }
-func (kms *KMS) sendKSAKeysToPlatformKmsPeer(kmsPeerAddress, platformKeyID, requestID string, ksaKeys []*pbIC.Key, initSaeID string, targetSaeIDs []string) error {
+// This is the standard way of sending KSA keys to the platform KMS peer.
+func (kms *KMS) sendKSAKeysToPlatformKmsPeer(kmsPeerAddress, platformKeyID, requestID string, ksaKeys []*pbIC.Key) error {
+	gRPCTransportCreds, err := kmstls.GenerateGRPCClientTransportCredsBasedOnTLSFlag(kms.tlsConfig)
+	if err != nil {
+		return fmt.Errorf("unable to generate gRPC transport creds: %w", err)
+	}
+	remoteConn, err := grpc.NewClient(kmsPeerAddress, grpc.WithTransportCredentials(gRPCTransportCreds))
+	if err != nil {
+		log.Error(err)
+		return err
+	}
+	remoteClient := pbIC.NewKmsTalkerClient(remoteConn)
+	ctx, cancel := context.WithTimeout(context.Background(), kms.gRPCTimeout)
+	// create a new context with some metadata
+	md := metadata.Pairs("hostname", kms.kmsName)
+	ctx = metadata.NewOutgoingContext(ctx, md)
+	defer cancel()
+	_, err = remoteClient.KeyDelivery(ctx, &pbIC.KeyDeliveryRequest{
+		KeyId:     platformKeyID,
+		RequestId: requestID,
+		KmsId:     kms.kmsUUID.String(),
+		Keys:      ksaKeys,
+	})
+	if err != nil {
+		log.Error(err)
+		return err
+	}
+	return nil
+}
+// This is the ETSI20 way of sending KSA keys to the platform KMS peer.
+func (kms *KMS) sendKSAKeysToPlatformKmsPeerForETSI20(kmsPeerAddress, platformKeyID, requestID string, ksaKeys []*pbIC.Key, initSaeID string, targetSaeIDs []string) error {
 	gRPCTransportCreds, err := kmstls.GenerateGRPCClientTransportCredsBasedOnTLSFlag(kms.tlsConfig)
 	if err != nil {
 		return fmt.Errorf("unable to generate gRPC transport creds: %w", err)
@@ -775,7 +809,7 @@ func (kms *KMS) generateAndReturnKsaKey(receivingCKMSID, pathID uuid.UUID, numbe
 	remoteKMSAdrress := fmt.Sprintf("%s:%d", remoteKMS.Address, remoteKMS.Port)
-	err = kms.sendKSAKeysToPlatformKmsPeer(remoteKMSAdrress, platformKey.Id.String(), requestID, ksaKeysToSendToRemoteKMS, "", nil)
+	err = kms.sendKSAKeysToPlatformKmsPeer(remoteKMSAdrress, platformKey.Id.String(), requestID, ksaKeysToSendToRemoteKMS)
 	if err != nil {
 		log.Error(err)
 		return nil, err
@@ -808,7 +842,7 @@ func (kms *KMS) shipKSAKeytoPlatformKmsPeer(receivingCKMSID, pathID uuid.UUID, r
 	}
 	remoteKMSAdrress := fmt.Sprintf("%s:%d", remoteKMS.Address, remoteKMS.Port)
-	err = kms.sendKSAKeysToPlatformKmsPeer(remoteKMSAdrress, platformKey.Id.String(), requestID, ksaKeysToSendToRemoteKMS, initSaedID, targetSaedIDs)
+	err = kms.sendKSAKeysToPlatformKmsPeerForETSI20(remoteKMSAdrress, platformKey.Id.String(), requestID, ksaKeysToSendToRemoteKMS, initSaedID, targetSaedIDs)
 	if err != nil {
 		log.Error(err)
 		return err