akms tls

f399767a · Neil-Jocelyn Schark · Malte Bauch · dc48fe22 · f399767a · f399767a
Commit f399767a authored 8 months ago by Neil-Jocelyn Schark Committed by Malte Bauch 8 months ago
--- a/akms-simulator/akms-simulator.go
+++ b/akms-simulator/akms-simulator.go
@@ -28,9 +28,9 @@ type KSAKey struct {
 }
 func main() {
-	tlsCAFile := flag.String("ca", "ca.crt", "Path to CA certificate file")
+	tlsCAFile := flag.String("ca", "", "Path to CA certificate file")
-	tlsCertFile := flag.String("cert", "cert.crt", "Path to certificate file")
+	tlsCertFile := flag.String("cert", "", "Path to certificate file")
-	tlsKeyFile := flag.String("key", "key.key", "Path to key file")
+	tlsKeyFile := flag.String("key", "", "Path to key file")
 	flag.Parse()
 	logrus.Info("Starting AKMS Simulator...")
@@ -45,7 +45,7 @@ func main() {
 		Handler: router,
 	}
-	if tlsCAFile != nil && tlsCertFile != nil && tlsKeyFile != nil {
+	if *tlsCAFile != "" && *tlsCertFile != "" && *tlsKeyFile != "" {
 		logrus.Info("TLS enabled")
 		cp := x509.NewCertPool()
 		b, err := os.ReadFile(*tlsCAFile)

--- a/integration-tests/code/getKSAKeyTest/getKSA_key_test.go
+++ b/integration-tests/code/getKSAKeyTest/getKSA_key_test.go
@@ -10,6 +10,8 @@ import (
 	"os"
 	"testing"
+	"code.fbi.h-da.de/danet/quant/goKMS/config"
+	kmstls "code.fbi.h-da.de/danet/quant/goKMS/kms/tls"
 	utils "code.fbi.h-da.de/danet/quant/integration-tests/code/integrationTestUtils"
 	"github.com/google/uuid"
 	"github.com/stretchr/testify/assert"
@@ -87,7 +89,14 @@ func TestGetKSAKey(t *testing.T) { //nolint:gocyclo
 	requestId := uuid.New().String()
-	url := fmt.Sprintf("http://%s/api/v1/keys/ksa_key_req", kms1AkmsURL)
+	tlsConfig := config.TLSConfig{
+		Active:   true,
+		CAFile:   "../../../artifacts/integration-tests/ssl/ca.crt",
+		CertFile: "../../../artifacts/integration-tests/ssl/kms/kms2-selfsigned.crt",
+		KeyFile:  "../../../artifacts/integration-tests/ssl/kms/kms2-selfsigned.key",
+	}
+	url := fmt.Sprintf("https://%s/api/v1/keys/ksa_key_req", kms1AkmsURL)
 	data := RequestData{
 		ReceivingCKMSID: "5e41c291-6121-4335-84f6-41e04b8bdaa2",
 		RequestID:       requestId,
@@ -99,13 +108,22 @@ func TestGetKSAKey(t *testing.T) { //nolint:gocyclo
 		},
 	}
+	tlsConf, err := kmstls.GenerateTLSLibraryConfig(tlsConfig)
+	if err != nil {
+		t.Errorf("Error generating TLS config: %s", err)
+	}
+	transport := &http.Transport{
+		TLSClientConfig: tlsConf,
+	}
+	client := &http.Client{Transport: transport}
 	jsonData, err := json.Marshal(data)
 	if err != nil {
 		fmt.Println(err)
 		return
 	}
-	resp, err := http.Post(url, "application/json", bytes.NewBuffer(jsonData))
+	resp, err := client.Post(url, "application/json", bytes.NewBuffer(jsonData))
 	if err != nil {
 		t.Errorf("Error making HTTP request: %s", err)
 		return
@@ -117,7 +135,7 @@ func TestGetKSAKey(t *testing.T) { //nolint:gocyclo
 	}
 	// Get logfile of akms
-	resp, err = http.Get("http://" + logFileURL + "/debug/get_log_file")
+	resp, err = client.Get("https://" + logFileURL + "/debug/get_log_file")
 	if err != nil {
 		t.Errorf("Error making HTTP request: %s", err)
 		return
@@ -143,7 +161,23 @@ func TestGetKSAKey(t *testing.T) { //nolint:gocyclo
 	assert.NotNil(t, logFile.Body.KSAKeys[0].KeyID)
 	assert.NotNil(t, logFile.Body.KSAKeys[0].Key)
-	resp, err = http.Get("http://" + logFileURL2 + "/debug/get_log_file")
+	tlsConfig = config.TLSConfig{
+		Active:   true,
+		CAFile:   "../../../artifacts/integration-tests/ssl/ca.crt",
+		CertFile: "../../../artifacts/integration-tests/ssl/kms/kms1-selfsigned.crt",
+		KeyFile:  "../../../artifacts/integration-tests/ssl/kms/kms1-selfsigned.key",
+	}
+	tlsConf, err = kmstls.GenerateTLSLibraryConfig(tlsConfig)
+	if err != nil {
+		t.Errorf("Error generating TLS config: %s", err)
+	}
+	transport = &http.Transport{
+		TLSClientConfig: tlsConf,
+	}
+	client = &http.Client{Transport: transport}
+	resp, err = client.Get("https://" + logFileURL2 + "/debug/get_log_file")
 	if err != nil {
 		t.Errorf("Error making HTTP request: %s", err)
 		return

--- a/integration-tests/config/kms/kms_1.yaml
+++ b/integration-tests/config/kms/kms_1.yaml
@@ -2,7 +2,7 @@ Id: "0ff33c82-7fe1-482b-a0ca-67565806ee4b"
 Name: kms01
 InterComAddr: 0.0.0.0:50910
 QuantumAddr: 0.0.0.0:50911
-AkmsURL: "http://akms-simulator_1:4444/api/v1/keys/push_ksa_key"
+AkmsURL: "https://akms-simulator_1:4444/api/v1/keys/push_ksa_key"
 AkmsCkmsServerPort: "9696"
 AkmsCkmsTLS:
  Active: true

--- a/integration-tests/config/kms/kms_2.yaml
+++ b/integration-tests/config/kms/kms_2.yaml
@@ -2,7 +2,7 @@ Id: "5e41c291-6121-4335-84f6-41e04b8bdaa2"
 Name: kms02
 InterComAddr: 0.0.0.0:50910
 QuantumAddr: 0.0.0.0:50911
-AkmsURL: "http://akms-simulator_2:4444/api/v1/keys/push_ksa_key"
+AkmsURL: "https://akms-simulator_2:4444/api/v1/keys/push_ksa_key"
 AkmsCkmsServerPort: "9696"
 AkmsCkmsTLS:
  Active: true