From b76f3f1e496fcdb4816fcf0a5be5f7edcd3fc4a5 Mon Sep 17 00:00:00 2001
From: Martin Stiemerling <martin.stiemerling@h-da.de>
Date: Thu, 21 Nov 2024 12:42:41 +0000
Subject: [PATCH] First attempt to fix failed integration test and
 clean-up/separatation ETSI 20.

---
 goKMS/kms/kms.go | 42 ++++++++++++++++++++++++++++++++++++++----
 1 file changed, 38 insertions(+), 4 deletions(-)

diff --git a/goKMS/kms/kms.go b/goKMS/kms/kms.go
index 6ed6db43..2392fb21 100644
--- a/goKMS/kms/kms.go
+++ b/goKMS/kms/kms.go
@@ -477,7 +477,7 @@ func (kms *KMS) GenerateAndSendKSAKey(remoteKMSId string, pathId uuid.UUID, requ
 
 	remoteKMSAdrress := fmt.Sprintf("%s:%d", remoteKMS.Address, remoteKMS.Port)
 
-	err = kms.sendKSAKeysToPlatformKmsPeer(remoteKMSAdrress, platformKey.Id.String(), requestID, ksaKeys, "", nil)
+	err = kms.sendKSAKeysToPlatformKmsPeer(remoteKMSAdrress, platformKey.Id.String(), requestID, ksaKeys)
 	if err != nil {
 		log.Error(err)
 		return err
@@ -630,7 +630,41 @@ func encryptKSAKey(cryptoAlgo crypto.CryptoAlgorithm, platformKeyValue []byte, k
 	return ksaKeyToSend, nil
 }
 
-func (kms *KMS) sendKSAKeysToPlatformKmsPeer(kmsPeerAddress, platformKeyID, requestID string, ksaKeys []*pbIC.Key, initSaeID string, targetSaeIDs []string) error {
+// This is the standard way of sending KSA keys to the platform KMS peer.
+func (kms *KMS) sendKSAKeysToPlatformKmsPeer(kmsPeerAddress, platformKeyID, requestID string, ksaKeys []*pbIC.Key) error {
+	gRPCTransportCreds, err := kmstls.GenerateGRPCClientTransportCredsBasedOnTLSFlag(kms.tlsConfig)
+	if err != nil {
+		return fmt.Errorf("unable to generate gRPC transport creds: %w", err)
+	}
+
+	remoteConn, err := grpc.NewClient(kmsPeerAddress, grpc.WithTransportCredentials(gRPCTransportCreds))
+	if err != nil {
+		log.Error(err)
+		return err
+	}
+	remoteClient := pbIC.NewKmsTalkerClient(remoteConn)
+
+	ctx, cancel := context.WithTimeout(context.Background(), kms.gRPCTimeout)
+	// create a new context with some metadata
+	md := metadata.Pairs("hostname", kms.kmsName)
+	ctx = metadata.NewOutgoingContext(ctx, md)
+	defer cancel()
+	_, err = remoteClient.KeyDelivery(ctx, &pbIC.KeyDeliveryRequest{
+		KeyId:     platformKeyID,
+		RequestId: requestID,
+		KmsId:     kms.kmsUUID.String(),
+		Keys:      ksaKeys,
+	})
+	if err != nil {
+		log.Error(err)
+		return err
+	}
+
+	return nil
+}
+
+// This is the ETSI20 way of sending KSA keys to the platform KMS peer.
+func (kms *KMS) sendKSAKeysToPlatformKmsPeerForETSI20(kmsPeerAddress, platformKeyID, requestID string, ksaKeys []*pbIC.Key, initSaeID string, targetSaeIDs []string) error {
 	gRPCTransportCreds, err := kmstls.GenerateGRPCClientTransportCredsBasedOnTLSFlag(kms.tlsConfig)
 	if err != nil {
 		return fmt.Errorf("unable to generate gRPC transport creds: %w", err)
@@ -775,7 +809,7 @@ func (kms *KMS) generateAndReturnKsaKey(receivingCKMSID, pathID uuid.UUID, numbe
 
 	remoteKMSAdrress := fmt.Sprintf("%s:%d", remoteKMS.Address, remoteKMS.Port)
 
-	err = kms.sendKSAKeysToPlatformKmsPeer(remoteKMSAdrress, platformKey.Id.String(), requestID, ksaKeysToSendToRemoteKMS, "", nil)
+	err = kms.sendKSAKeysToPlatformKmsPeer(remoteKMSAdrress, platformKey.Id.String(), requestID, ksaKeysToSendToRemoteKMS)
 	if err != nil {
 		log.Error(err)
 		return nil, err
@@ -808,7 +842,7 @@ func (kms *KMS) shipKSAKeytoPlatformKmsPeer(receivingCKMSID, pathID uuid.UUID, r
 	}
 
 	remoteKMSAdrress := fmt.Sprintf("%s:%d", remoteKMS.Address, remoteKMS.Port)
-	err = kms.sendKSAKeysToPlatformKmsPeer(remoteKMSAdrress, platformKey.Id.String(), requestID, ksaKeysToSendToRemoteKMS, initSaedID, targetSaedIDs)
+	err = kms.sendKSAKeysToPlatformKmsPeerForETSI20(remoteKMSAdrress, platformKey.Id.String(), requestID, ksaKeysToSendToRemoteKMS, initSaedID, targetSaedIDs)
 	if err != nil {
 		log.Error(err)
 		return err
-- 
GitLab