Stop fetching of keys and reset keystore through qkdn manager

c95035b1 · Malte Bauch · 62983f8e · c95035b1 · c95035b1 · c95035b1
Verified Commit c95035b1 authored 10 months ago by Malte Bauch
--- a/goKMS/kms/kms.go
+++ b/goKMS/kms/kms.go
@@ -498,6 +498,9 @@ func (kms *KMS) RemovePeer(kmsPeerSocket string) {
 }
 func (kms *KMS) FindPeerUuid(lookup uuid.UUID) (peer *peers.KmsPeer) {
+	kms.kmsPeersMutex.Lock()
+	defer kms.kmsPeersMutex.Unlock()
 	if kms.KmsPeers != nil {
 		for _, peer = range kms.KmsPeers {
 			if peer.GetKmsPeerId() == lookup {

--- a/goKMS/kms/peers/etsi14Quantummodule.go
+++ b/goKMS/kms/peers/etsi14Quantummodule.go
@@ -31,6 +31,7 @@ type ETSI014HTTPQuantumModule struct {
 	keyFetchInterval int
 	keyFetchAmount   int64
 	maxKeyFillLevel  uint64
+	stopFetch        chan struct{}
 }
 func NewETSI014HTTPQuantumModule(addr, kmsId, localSAEID, targetSAEID string, tlsConfig config.TLSConfig, master bool, keyFetchInterval int, keyFetchAmount int64, maxKeyFillLevel uint64) (*ETSI014HTTPQuantumModule, error) {
@@ -106,6 +107,8 @@ func (qm *ETSI014HTTPQuantumModule) Client() *etsi14ClientImpl.ClientImpl {
 }
 func (qm *ETSI014HTTPQuantumModule) Initialize() error {
+	qm.stopFetch = make(chan struct{}, 0)
 	// start polling keys
 	if qm.master {
 		go func() {
@@ -115,42 +118,47 @@ func (qm *ETSI014HTTPQuantumModule) Initialize() error {
 			failedAttemps := 0
 			// TODO: add context/channel to stop
-			for range ticker.C {
+			for {
-				if failedAttemps == maxFailedKeyRequestAttempts {
+				select {
-					log.Errorf("stopped trying to fetch keys from qkd module after %d tries", failedAttemps)
+				case <-ticker.C:
-					break
+					if failedAttemps == maxFailedKeyRequestAttempts {
-				}
+						log.Errorf("stopped trying to fetch keys from qkd module after %d tries", failedAttemps)
+						break
-				if qm.keyStore.Length() < int(qm.maxKeyFillLevel) {
-					container, err := qm.GetKeys(qm.keyFetchAmount, 256, nil, nil, nil)
-					if err != nil {
-						log.Error(err)
-						failedAttemps++
-						continue
-					}
-					keyIds := make([]string, len(container.GetKeys()))
-					for i, keyItem := range container.GetKeys() {
-						keyIds[i] = keyItem.GetKeyID()
-					}
-					_, err = qm.kmsClient.KeyIdNotification(context.Background(),
-						&pbIC.KeyIdNotificationRequest{
-							Timestamp: time.Now().Unix(),
-							KmsId:     qm.kmsId,
-							KeyIds:    keyIds,
-						})
-					if err != nil {
-						log.Error(err)
-						failedAttemps++
-						continue
 					}
-					if err := store.AddETSIKeysToKeystore(qm.keyStore, container.GetKeys()); err != nil {
+					if qm.keyStore.Length() < int(qm.maxKeyFillLevel) {
-						log.Error(err)
+						container, err := qm.GetKeys(qm.keyFetchAmount, 256, nil, nil, nil)
+						if err != nil {
+							log.Error(err)
+							failedAttemps++
+							continue
+						}
+						keyIds := make([]string, len(container.GetKeys()))
+						for i, keyItem := range container.GetKeys() {
+							keyIds[i] = keyItem.GetKeyID()
+						}
+						_, err = qm.kmsClient.KeyIdNotification(context.Background(),
+							&pbIC.KeyIdNotificationRequest{
+								Timestamp: time.Now().Unix(),
+								KmsId:     qm.kmsId,
+								KeyIds:    keyIds,
+							})
+						if err != nil {
+							log.Error(err)
+							failedAttemps++
+							continue
+						}
+						if err := store.AddETSIKeysToKeystore(qm.keyStore, container.GetKeys()); err != nil {
+							log.Error(err)
+						}
+						failedAttemps = 0
 					}
+				case <-qm.stopFetch:
-					failedAttemps = 0
+					break
 				}
 			}
 		}()
@@ -158,6 +166,12 @@ func (qm *ETSI014HTTPQuantumModule) Initialize() error {
 	return nil
 }
+func (qm *ETSI014HTTPQuantumModule) StopKeyFetching() {
+	if qm.master {
+		close(qm.stopFetch)
+	}
+}
 func (qm *ETSI014HTTPQuantumModule) SetKmsPeerInformation(kmsClient *GRPCClient, kmsEventBus *event.EventBus, kmsTcpSocketStr string) error {
 	qm.kmsClient = kmsClient
 	return nil

--- a/goKMS/kms/store/kms-keystore.go
+++ b/goKMS/kms/store/kms-keystore.go
@@ -102,6 +102,12 @@ func (ks *KmsKeyStore) DeleteKey(keyId uuid.UUID) {
 	delete(ks.keyStore, keyId)
 }
+func (ks *KmsKeyStore) Reset() {
+	ks.keyStoreMutex.Lock()
+	defer ks.keyStoreMutex.Unlock()
+	ks.keyStore = make(map[uuid.UUID]*KmsKSElement)
+}
 func AddETSIKeysToKeystore(keyStore *KmsKeyStore, keyContainer []etsi14.KeyContainerKeysInner) error {
 	for _, keyItem := range keyContainer {
 		// decode base64 encoded key string

--- a/goKMS/qkdnManager/server.go
+++ b/goKMS/qkdnManager/server.go
@@ -9,6 +9,7 @@ import (
 	"code.fbi.h-da.de/danet/quant/goKMS/config"
 	"code.fbi.h-da.de/danet/quant/goKMS/kms"
+	"code.fbi.h-da.de/danet/quant/goKMS/kms/peers"
 	"github.com/google/uuid"
 	"github.com/sirupsen/logrus"
 )
@@ -196,6 +197,37 @@ func (qs *QkdnManagerServer) handleSetKeyStore(w http.ResponseWriter, r *http.Re
 	logrus.Debugf("KeyFillLevel: %s, PeerIDs: %v, Fetch: %s", keyFillLevel, peerIDs, fetch)
+	for _, peerID := range peerIDs {
+		peerUUID, err := uuid.Parse(peerID)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+		peer := qs.kms.FindPeerUuid(peerUUID)
+		if peer == nil {
+			http.Error(w, fmt.Sprintf("No peer for ID: %s found", peerID), http.StatusBadRequest)
+			return
+		}
+		eqm, ok := peer.QuantumModule().(*peers.ETSI014HTTPQuantumModule)
+		if !ok {
+			http.Error(w, fmt.Sprintf("QuantumModule is not of Type ETSI014"), http.StatusBadRequest)
+			return
+		}
+		if fetch == "true" {
+			eqm.Initialize()
+			w.WriteHeader(http.StatusOK)
+			_, err = w.Write([]byte("OK\n"))
+			if err != nil {
+				logrus.Error(err)
+			}
+			return
+		} else if fetch == "false" {
+			eqm.StopKeyFetching()
+			eqm.KeyStore().Reset()
+		}
+	}
 	w.WriteHeader(http.StatusOK)
 	_, err = w.Write([]byte("OK\n"))
 	if err != nil {