2022-09-05 09:06:08 +02:00
/ *
Copyright ( c ) Edgeless Systems GmbH
SPDX - License - Identifier : AGPL - 3.0 - only
* /
2022-06-29 16:13:01 +02:00
package main
import (
"context"
"errors"
"flag"
"path/filepath"
"strconv"
"time"
2022-09-21 13:47:57 +02:00
"github.com/edgelesssys/constellation/v2/internal/constants"
"github.com/edgelesssys/constellation/v2/internal/crypto"
"github.com/edgelesssys/constellation/v2/internal/file"
2023-01-12 16:22:47 +01:00
"github.com/edgelesssys/constellation/v2/internal/kms/setup"
2023-03-02 15:08:31 +01:00
"github.com/edgelesssys/constellation/v2/internal/kms/uri"
2022-09-21 13:47:57 +02:00
"github.com/edgelesssys/constellation/v2/internal/logger"
2023-01-11 10:08:57 +01:00
"github.com/edgelesssys/constellation/v2/keyservice/internal/server"
2022-06-29 16:13:01 +02:00
"github.com/spf13/afero"
"go.uber.org/zap"
)
func main ( ) {
2023-01-20 18:51:06 +01:00
port := flag . String ( "port" , strconv . Itoa ( constants . KeyServicePort ) , "Port gRPC server listens on" )
2022-07-29 09:52:47 +02:00
masterSecretPath := flag . String ( "master-secret" , filepath . Join ( constants . ServiceBasePath , constants . ConstellationMasterSecretKey ) , "Path to the Constellation master secret" )
2022-10-18 13:15:54 +02:00
saltPath := flag . String ( "salt" , filepath . Join ( constants . ServiceBasePath , constants . ConstellationSaltKey ) , "Path to the Constellation salt" )
2022-07-01 16:17:06 +02:00
verbosity := flag . Int ( "v" , 0 , logger . CmdLineVerbosityDescription )
2022-06-29 16:13:01 +02:00
flag . Parse ( )
2022-07-01 16:17:06 +02:00
log := logger . New ( logger . JSONLog , logger . VerbosityFromInt ( * verbosity ) )
2022-06-29 16:13:01 +02:00
2023-03-01 11:55:12 +01:00
log . With ( zap . String ( "version" , constants . VersionInfo ( ) ) ) .
2022-06-29 16:13:01 +02:00
Infof ( "Constellation Key Management Service" )
2022-07-29 09:52:47 +02:00
// read master secret and salt
file := file . NewHandler ( afero . NewOsFs ( ) )
masterKey , err := file . Read ( * masterSecretPath )
2022-06-29 16:13:01 +02:00
if err != nil {
log . With ( zap . Error ( err ) ) . Fatalf ( "Failed to read master secret" )
}
2022-07-29 09:52:47 +02:00
if len ( masterKey ) < crypto . MasterSecretLengthMin {
log . With ( zap . Error ( errors . New ( "invalid key length" ) ) ) . Fatalf ( "Provided master secret is smaller than the required minimum of %d bytes" , crypto . MasterSecretLengthMin )
}
salt , err := file . Read ( * saltPath )
if err != nil {
log . With ( zap . Error ( err ) ) . Fatalf ( "Failed to read salt" )
}
if len ( salt ) < crypto . RNGLengthDefault {
log . With ( zap . Error ( errors . New ( "invalid salt length" ) ) ) . Fatalf ( "Expected salt to be %d bytes, but got %d" , crypto . RNGLengthDefault , len ( salt ) )
}
2023-03-02 15:08:31 +01:00
masterSecret := uri . MasterSecret { Key : masterKey , Salt : salt }
2022-06-29 16:13:01 +02:00
2022-07-29 09:52:47 +02:00
// set up Key Management Service
2022-06-29 16:13:01 +02:00
ctx , cancel := context . WithTimeout ( context . Background ( ) , 1 * time . Minute )
defer cancel ( )
2023-03-02 15:08:31 +01:00
conKMS , err := setup . KMS ( ctx , uri . NoStoreURI , masterSecret . EncodeToURI ( ) )
2022-06-29 16:13:01 +02:00
if err != nil {
log . With ( zap . Error ( err ) ) . Fatalf ( "Failed to setup KMS" )
}
2023-02-08 12:03:54 +01:00
defer conKMS . Close ( )
2022-06-29 16:13:01 +02:00
2023-01-20 18:51:06 +01:00
if err := server . New ( log . Named ( "keyService" ) , conKMS ) . Run ( * port ) ; err != nil {
log . With ( zap . Error ( err ) ) . Fatalf ( "Failed to run key-service server" )
2022-06-29 16:13:01 +02:00
}
}