chore(ci): add ci

Author: jakobmoellerdev

.github/workflows/ci.yaml

@@ -1,8 +1,12 @@
 name: CI
 on: [push, pull_request]
 jobs:
-
-  build:
+  hsm:
+    env:
+      HSM_SO_PIN: 1234
+      HSM_PIN: 1234
+      TOKEN_LABEL: 'test'
+      KEY_LABEL: 'test-key'
     name: Build and Test
     runs-on: ubuntu-latest
     strategy:
@@ -33,7 +37,7 @@ jobs:
       - name: Generate Server Certificate and Sign with Private Key
         working-directory: keys-and-certs
         run: |
-          openssl req -new -x509 -days 365 -config openssl.cnf -key private/key.pem -out certs/cert.pem -extensions v3_ca -addext "subjectAltName = DNS:localhost" -subj "/C=DE/ST=BW/L=Walldorf/O=OCM/CN=localhost" -sha256
+          openssl req -new -x509 -days 5 -config openssl.cnf -key private/key.pem -out certs/cert.pem -extensions v3_ca -addext "subjectAltName = DNS:localhost" -subj "/C=DE/ST=BW/L=Walldorf/O=OCM/CN=localhost" -sha256
 
       - name: Client Certificate Generation
         working-directory: keys-and-certs
@@ -44,12 +48,28 @@ jobs:
           mkdir client/csr
           openssl genpkey -algorithm RSA -out client/private/key.pem
           openssl req -new -sha256 -config openssl.cnf -key client/private/key.pem -out client/csr/csr.pem -subj "/C=DE/ST=BW/L=Walldorf/O=OCM/CN=localhost"
-          openssl x509 -req -in client/csr/csr.pem -CA certs/cert.pem -CAkey private/key.pem -out client/certs/cert.pem -CAcreateserial -days 365 -sha256
+          openssl x509 -req -in client/csr/csr.pem -CA certs/cert.pem -CAkey private/key.pem -out client/certs/cert.pem -CAcreateserial -days 5 -sha256
 
       - name: Setup SoftHSM
+        env:
+          SOFTHSM2_CONF: ${{ github.workspace }}/softhsm2.conf
+        id: softhsm
         run: |
+          mkdir test_data
           sudo apt-get update
-          sudo apt-get -y install libsofthsm2
-
+          sudo apt-get -y install libsofthsm2 gnutls-bin
+        
+          # set output of lib to environment variable
+          
+          softhsm2-util --init-token --slot 0 --free --label $TOKEN_LABEL --so-pin $HSM_SO_PIN --pin $HSM_PIN
+          p11tool --generate-privkey=rsa --login --set-pin=$HSM_PIN --label="$KEY_LABEL" "pkcs11:token=$TOKEN_LABEL"
       - name: Build
-        run: make
+        run: make
+      - name: Run Server Tests
+        working-directory: ${{ github.workspace }}
+        env:
+          SOFTHSM2_CONF: ${{ github.workspace }}/softhsm2.conf
+          HSM_MODULE: ${{ steps.softhsm.outputs.SOFTHSM2_LIB }}
+          SIGNING_SERVER_BIN: ${{ github.workspace }}/signing-server
+        run: |
+          go test -v ./cmd/signing-server

cmd/signing-server/main.go

@@ -495,7 +495,7 @@ func run(cfg *Config) error {
 				return err
 			}
 		}
-		return RunServer(cfg, responseBuilders)
+		return RunServer(context.Background(), cfg, responseBuilders)
 	} else {
 		return RunSigner(cfg, pflag.CommandLine.Args(), responseBuilders)
 	}
@@ -564,7 +564,7 @@ func RunSigner(cfg *Config, args []string, responseBuilders map[string]encoding.
 	return err
 }
 
-func RunServer(cfg *Config, responseBuilders map[string]encoding.ResponseBuilder) error {
+func RunServer(ctx context.Context, cfg *Config, responseBuilders map[string]encoding.ResponseBuilder) error {
 	var err error
 
 	addr := ":" + cfg.Port
@@ -575,6 +575,11 @@ func RunServer(cfg *Config, responseBuilders map[string]encoding.ResponseBuilder
 		cfg.Logger.Info("register route", zap.String("route", route))
 		r.Methods(http.MethodPost).Path(route).Handler(h.HTTPHandler(responseBuilders, cfg.MaxBodySizeBytes))
 	}
+	r.Methods(http.MethodGet).Path("/healthz").HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "text/plain")
+		w.WriteHeader(http.StatusOK)
+		_, _ = w.Write([]byte("ok"))
+	})
 	lm := logutil.LoggingMiddleware{
 		Logger: cfg.Logger,
 	}
@@ -628,6 +633,7 @@ func RunServer(cfg *Config, responseBuilders map[string]encoding.ResponseBuilder
 	select {
 	case <-c:
 	case <-stop:
+	case <-ctx.Done():
 	}
 
 	// Create a deadline to wait for.

concurrent-test.py

@@ -0,0 +1,34 @@
+import asyncio
+import httpx
+import logging
+
+# Setup logging
+logging.basicConfig(
+    level=logging.INFO,
+    format="%(asctime)s [%(levelname)s] %(message)s"
+)
+
+URL = "http://localhost:8080/sign/rsassa-pss?hashAlgorithm=sha256"
+HEADERS = {
+    "Content-Type": "text/plain",
+    "Content-Encoding": "hex",
+    "Accept": "application/x-pem-file",
+}
+BODY = "aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f"
+
+async def send_request(client, index):
+    try:
+        resp = await client.post(URL, content=BODY, headers=HEADERS)
+        logging.info(f"Response {index}: {resp.status_code} - {resp.text[:100]!r}")
+    except httpx.RequestError as e:
+        logging.error(f"Request {index} failed: {e}")
+    except Exception as e:
+        logging.exception(f"Unexpected error on request {index}")
+
+async def main():
+    async with httpx.AsyncClient() as client:
+        tasks = [send_request(client, i) for i in range(10)]  # 10 concurrent requests
+        await asyncio.gather(*tasks)
+
+if __name__ == "__main__":
+    asyncio.run(main())

softhsm2.conf

@@ -0,0 +1,4 @@
+log.level = INFO
+objectstore.backend = file
+directories.tokendir = test_data
+slots.removable = false