latest update

Makefile

@@ -1,5 +1,5 @@
-GO_BUILD_TARGET=./cmd/ztsfc_http_environment/main.go
-DOCKER_BUILD_TARGET=vs-uulm/ztsfc_http_environment:latest
+GO_BUILD_TARGET=./cmd/ztsfc_http_pip/main.go
+DOCKER_BUILD_TARGET=vs-uulm/ztsfc_http_pip:latest
 
 .PHONY: main
 main: go docker

cmd/ztsfc_http_pip/main.go

@@ -0,0 +1,57 @@
+package main
+
+import (
+    "flag"
+    "log"
+    "github.com/vs-uulm/ztsfc_http_pip/internal/app/router"
+    "github.com/vs-uulm/ztsfc_http_pip/internal/app/config"
+    "github.com/vs-uulm/ztsfc_http_pip/internal/app/device"
+    yt "github.com/leobrada/yaml_tools"
+    logger "github.com/vs-uulm/ztsfc_http_logger"
+    confInit "github.com/vs-uulm/ztsfc_http_pip/internal/app/init"
+    ti "github.com/vs-uulm/ztsfc_http_pip/internal/app/threat_intelligence"
+)
+
+//var (
+//    SysLogger *logger.Logger
+//)
+
+func init() {
+    var confFilePath string
+
+    flag.StringVar(&confFilePath, "c", "./config/conf.yml", "Path to user defined yaml config file")
+    flag.Parse()
+
+    err := yt.LoadYamlFile(confFilePath, &config.Config)
+    if err != nil {
+        log.Fatalf("main: init(): could not load yaml file: %v", err)
+    }
+
+    confInit.InitSysLoggerParams()
+    config.SysLogger, err = logger.New(config.Config.SysLogger.LogFilePath,
+        config.Config.SysLogger.LogLevel,
+        config.Config.SysLogger.IfTextFormatter,
+        logger.Fields{"type": "system"},
+    )
+    if err != nil {
+        log.Fatalf("main: init(): could not initialize logger: %v", err)
+    }
+    config.SysLogger.Debugf("loading logger configuration from %s - OK", confFilePath)
+
+    if err = confInit.InitConfig(); err != nil {
+        config.SysLogger.Fatalf("main: init(): could not initialize Environment params: %v", err)
+    }
+
+    // For testing
+    device.LoadTestDevices()
+}
+
+func main() {
+    go ti.RunThreatIntelligence()
+
+    device.PrintDevices()
+
+    pip := router.NewRouter()
+
+    pip.ListenAndServeTLS()
+}

go.mod

@@ -1,8 +1,9 @@
-module github.com/vs-uulm/ztsfc_http_environment
+module github.com/vs-uulm/ztsfc_http_pip
 
 go 1.17
 
 require (
+	github.com/leobrada/golang_convenience_tools v0.0.0-20220321082627-ef86f3abd9d1
 	github.com/leobrada/yaml_tools v0.0.0-20220115205103-7f6e1de7ab2e
 	github.com/vs-uulm/ztsfc_http_logger v0.0.0-20220114090830-1511ee49f8df
 )

go.sum

@@ -1,5 +1,7 @@
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/leobrada/golang_convenience_tools v0.0.0-20220321082627-ef86f3abd9d1 h1:ZTCtV4j65XRjLfftWCuXrgHA7s0fnGXKzDRgZVZCv/Q=
+github.com/leobrada/golang_convenience_tools v0.0.0-20220321082627-ef86f3abd9d1/go.mod h1:dFsd7aKdV12xS9hk+9raiGEYRBsuwbXRjm9mVq2cxoo=
 github.com/leobrada/yaml_tools v0.0.0-20220115205103-7f6e1de7ab2e h1:n4X/33vxeWGlhENDCMUKufuZifF47Qmo/9hOa8BwBrY=
 github.com/leobrada/yaml_tools v0.0.0-20220115205103-7f6e1de7ab2e/go.mod h1:S7LK9JN09inLOGGcXFCjFHkGaaBG3loTfg+cDfIKUfQ=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=

internal/app/config/config.go

@@ -1,14 +1,20 @@
 package config
 
 import (
+    "crypto/x509"
+    "crypto/tls"
+
+    logger "github.com/vs-uulm/ztsfc_http_logger"
 )
 
 var (
     Config ConfigT
+    SysLogger *logger.Logger
 )
 
 type ConfigT struct {
     SysLogger sysLoggerT `yaml:"system_logger"`
+    Pip PipT `yaml:"pip"`
     ThreatIntelligence ThreatIntelligenceT `yaml:"threat_intelligence"`
 }
 
@@ -18,6 +24,16 @@ type sysLoggerT struct {
     IfTextFormatter string `yaml:"system_logger_format"`
 }
 
+type PipT struct {
+    ListenAddr string `yaml:"listen_addr"`
+    CertsPipAcceptsWhenShownByPdp []string `yaml:"certs_pip_accepts_when_shown_by_pdp"`
+    CertShownByPipToPdp string  `yaml:"cert_shown_by_pip_to_pdp"`
+    PrivkeyForCertShownByPipToPdp  string  `yaml:"privkey_for_cert_shown_by_pip_to_pdp"`
+
+    CaCertPoolPipAcceptsFromPdp *x509.CertPool
+    X509KeyPairShownByPipToPdp  tls.Certificate
+}
+
 type ThreatIntelligenceT struct {
     ListenAddr string `yaml:"listen_addr"`
 }

internal/app/device/device.go

@@ -0,0 +1,30 @@
+package device
+
+import (
+    "github.com/vs-uulm/ztsfc_http_pip/internal/app/config"
+)
+
+var (
+    DevicesByID = make(map[string]*Device)
+    DevicesByIP = make(map[string]*Device)
+)
+
+type Device struct {
+    DeviceID string `json:"deviceID"`
+    CurrentIP string `json:"currentIP"`
+    Revoked bool `json:"revoked"`
+}
+
+func NewDevice(_deviceID, _currentIP string, _revoked bool) (*Device, error) {
+    newDevice := new(Device)
+    newDevice.DeviceID = _deviceID
+    newDevice.CurrentIP = _currentIP
+    newDevice.Revoked = _revoked
+    return newDevice, nil
+}
+
+func PrintDevices() {
+    for _, deviceObj := range DevicesByID {
+        config.SysLogger.Infof("%v\n", deviceObj)
+    }
+}

internal/app/device/test_device.go

@@ -0,0 +1,6 @@
+package device
+
+func LoadTestDevices() {
+    m1MacMini, _ := NewDevice("M1 Mac Mini", "", false)
+    DevicesByID[m1MacMini.DeviceID] = m1MacMini
+}

internal/app/init/init_config.go

@@ -2,13 +2,15 @@ package init
 
 import (
     "fmt"
-
-    logger "github.com/vs-uulm/ztsfc_http_logger"
 )
 
 
-func InitConfig(sysLogger *logger.Logger) error {
-    if err := initThreatIntelligence(sysLogger); err != nil {
+func InitConfig() error {
+    if err := initThreatIntelligence(); err != nil {
+        return fmt.Errorf("init: InitConfig(): %v", err)
+    }
+
+    if err := initPip(); err != nil {
         return fmt.Errorf("init: InitConfig(): %v", err)
     }
 

internal/app/init/init_config_pip.go

@@ -0,0 +1,44 @@
+package init
+
+import (
+    "fmt"
+    "crypto/x509"
+
+    "github.com/vs-uulm/ztsfc_http_pip/internal/app/config"
+    gct "github.com/leobrada/golang_convenience_tools"
+)
+
+func initPip() error {
+    fields := ""
+    var err error
+
+    if config.Config.Pip.ListenAddr == "" {
+        fields += "listen_addr"
+    }
+
+    if config.Config.Pip.CertsPipAcceptsWhenShownByPdp == nil {
+        fields += "certs_pip_accepts_when_shown_by_pdp"
+    }
+
+
+    if config.Config.Pip.CertShownByPipToPdp == "" {
+        fields += "cert_shown_by_pip_to_pdp"
+    }
+
+    if config.Config.Pip.PrivkeyForCertShownByPipToPdp == "" {
+        fields += "privkey_for_certs_shown_by_pip_to_pdp"
+    }
+
+    // Read CA certs used for signing client certs and are accepted by the PEP
+    config.Config.Pip.CaCertPoolPipAcceptsFromPdp = x509.NewCertPool()
+    for _, acceptedPdpCert := range config.Config.Pip.CertsPipAcceptsWhenShownByPdp {
+        if err = gct.LoadCACertificate(acceptedPdpCert, config.Config.Pip.CaCertPoolPipAcceptsFromPdp); err != nil {
+            return fmt.Errorf("initPipParams(): error loading certificates PIP accepts from PDP: %w", err)
+        }
+    }
+
+    config.Config.Pip.X509KeyPairShownByPipToPdp, err = gct.LoadX509KeyPair(config.Config.Pip.CertShownByPipToPdp,
+        config.Config.Pip.PrivkeyForCertShownByPipToPdp)
+
+    return err
+}

internal/app/init/init_config_system_logger.go

@@ -4,7 +4,7 @@
 package init
 
 import (
-    "github.com/vs-uulm/ztsfc_http_environment/internal/app/config"
+    "github.com/vs-uulm/ztsfc_http_pip/internal/app/config"
 )
 
 // InitSysLoggerParams() sets default values for the system logger parameters

internal/app/init/init_config_threat_intelligence.go

@@ -3,12 +3,10 @@ package init
 import (
     "fmt"
     "strings"
-
-    logger "github.com/vs-uulm/ztsfc_http_logger"
-    "github.com/vs-uulm/ztsfc_http_environment/internal/app/config"
+    "github.com/vs-uulm/ztsfc_http_pip/internal/app/config"
 )
 
-func initThreatIntelligence(sysLogger *logger.Logger) error {
+func initThreatIntelligence() error {
     fields := ""
 
     // TODO: Check if the field make sense as well!

internal/app/router/router.go

@@ -0,0 +1,75 @@
+package router
+
+import (
+	"crypto/tls"
+	"encoding/json"
+	"net/http"
+
+    "github.com/vs-uulm/ztsfc_http_pip/internal/app/config"
+    "github.com/vs-uulm/ztsfc_http_pip/internal/app/device"
+)
+
+const (
+	// Request URIs for the API endpoint.
+	getDeviceEndpoint = "/get-device-attributes"
+)
+
+type Router struct {
+	frontend_tls_config *tls.Config
+	frontend_server     *http.Server
+}
+
+func NewRouter() *Router {
+
+	// Create new Router
+	router := new(Router)
+
+	// Create TLS config for frontend server
+	router.frontend_tls_config = &tls.Config{
+		Rand:                   nil,
+		Time:                   nil,
+		MinVersion:             tls.VersionTLS13,
+		MaxVersion:             tls.VersionTLS13,
+		SessionTicketsDisabled: true,
+		Certificates:           []tls.Certificate{config.Config.Pip.X509KeyPairShownByPipToPdp},
+		ClientAuth:             tls.RequireAndVerifyClientCert,
+		ClientCAs:              config.Config.Pip.CaCertPoolPipAcceptsFromPdp,
+	}
+
+	// Create MUX server
+    http.HandleFunc(getDeviceEndpoint, handleGetDeviceRequests)
+
+	// Create HTTP frontend server
+	router.frontend_server = &http.Server{
+		Addr:      config.Config.Pip.ListenAddr,
+		TLSConfig: router.frontend_tls_config,
+	}
+
+	return router
+}
+
+func handleGetDeviceRequests(w http.ResponseWriter, req *http.Request) {
+    q := req.URL.Query()
+
+    dev := q.Get("device");
+    if  len(dev) == 0 {
+        config.SysLogger.Infof("router: handleGetDeviceRequests(): get device request did not contain a device")
+        w.WriteHeader(404)
+        return
+    }
+
+    requestedDevice, ok := device.DevicesByID[dev]
+    if !ok {
+        config.SysLogger.Infof("router: handleGetDeviceRequests(): PDP requested a device that does not exist in the DB")
+        w.WriteHeader(404)
+        return
+    }
+
+    config.SysLogger.Infof("router: handleGetDeviceRequests(): PDP requested the following device: %v", requestedDevice)
+    w.Header().Set("Content-Type", "application/json")
+    json.NewEncoder(w).Encode(requestedDevice)
+}
+
+func (router *Router) ListenAndServeTLS() error {
+	return router.frontend_server.ListenAndServeTLS("", "")
+}