Skip to content
Snippets Groups Projects

Adding tls support for akms-ckms client and server

Merged Adding tls support for akms-ckms client and server
akms-ckms-tls-implementation into master
Merged Neil-Jocelyn Schark requested to merge akms-ckms-tls-implementation into master
Compare
and
16 files
+ 311
176
Compare changes
  • Side-by-side
  • Inline
Files
16
akms-simulator/akms-simulator.go
+ 48
4
package main
import (
"crypto/tls"
"crypto/x509"
"encoding/json"
"flag"
"io"
"log"
"net/http"
"os"
@@ -26,11 +28,53 @@ type KSAKey struct {
}
func main() {
tlsCAFile := flag.String("ca", "", "Path to CA certificate file")
tlsCertFile := flag.String("cert", "", "Path to certificate file")
tlsKeyFile := flag.String("key", "", "Path to key file")
flag.Parse()
logrus.Info("Starting AKMS Simulator...")
http.HandleFunc("/api/v1/keys/push_ksa_key", handlePushKsaKey)
http.HandleFunc("/debug/get_log_file", getLogFile)
log.Fatal(http.ListenAndServe(":4444", nil))
router := http.NewServeMux()
router.HandleFunc("/api/v1/keys/push_ksa_key", handlePushKsaKey)
router.HandleFunc("/debug/get_log_file", getLogFile)
server := &http.Server{
Addr: ":4444",
Handler: router,
}
if *tlsCAFile != "" && *tlsCertFile != "" && *tlsKeyFile != "" {
logrus.Info("TLS enabled")
cp := x509.NewCertPool()
b, err := os.ReadFile(*tlsCAFile)
if err != nil {
logrus.Fatalf("Error reading CA file: %s", err)
}
if !cp.AppendCertsFromPEM(b) {
logrus.Fatalf("Error appending certs from PEM")
}
cert, err := tls.LoadX509KeyPair(*tlsCertFile, *tlsKeyFile)
if err != nil {
logrus.Fatalf("Error loading X509 key pair: %s", err)
}
tlsConfig := &tls.Config{
MinVersion: tls.VersionTLS13,
ClientCAs: cp,
Certificates: []tls.Certificate{cert},
ClientAuth: tls.RequireAndVerifyClientCert,
}
server.TLSConfig = tlsConfig
logrus.Fatal(server.ListenAndServeTLS("", ""))
} else {
logrus.Fatal(server.ListenAndServe())
}
}
func getLogFile(w http.ResponseWriter, r *http.Request) {