cira in progress

Co-authored-by: Mike <michael.johanson@intel.com>

Author: Matt Primrose

Dockerfile

@@ -10,13 +10,15 @@ FROM golang:1.23-alpine3.20@sha256:ac67716dd016429be8d4c2c53a248d7bcdf06d34127d3
 COPY --from=modules /go/pkg /go/pkg
 COPY . /app
 WORKDIR /app
+RUN go mod tidy
 RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \
   go build -o /bin/app ./cmd/app
-
+RUN mkdir -p /.config/device-management-toolkit
 # Step 3: Final
 FROM scratch
 COPY --from=builder /app/config /config
 COPY --from=builder /app/internal/app/migrations /migrations
 COPY --from=builder /bin/app /app
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=builder /.config/device-management-toolkit /.config/device-management-toolkit
 CMD ["/app"]

config/cert.pem

@@ -1,24 +1,25 @@
 -----BEGIN CERTIFICATE-----
-MIID+zCCAmOgAwIBAgIDCZdRMA0GCSqGSIb3DQEBDAUAMD0xFzAVBgNVBAMTDk1Q
-U1Jvb3QtMWZiMTY1MRAwDgYDVQQKEwd1bmtub3duMRAwDgYDVQQGEwd1bmtub3du
-MCAXDTIzMDcwMjIxNDY1M1oYDzIwNTQwNzAyMjE0NjUzWjAmMRcwFQYDVQQDEw4x
-OTIuMTY4LjEwLjE5NjELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQCnKhbnOl+GT5av+n7qbOB/oLrQ1BBcHTQbD8c6X9q8NMwpw0D6
-GmONGluDkOaqOt4vO+JsLaUmhhg5HKuiUQOYzHxM9/RtCbU2id8Ph85ewH0EpwqV
-wWwSl0tlt1qy+MmeIYyUQR1OuiQTdoMmofsXtgAaFXELeKS6tTV3oZvKC1iNdZ1B
-R2DYMOqN205PqhWxeNFAFAeQbqDlbCi8ZO9R+NLbzQIANEQtCl3j0QDIirYQEEky
-xO5HX0EhMpgdUZBVsKt42u9MtF5SggUzY/GxvM+qcwc+BnUKoDS/crhVWIux4UD0
-WCBEBcbno/AKsg4jgBySawqYTN2RzbnlUgiPAgMBAAGjgZgwgZUwCQYDVR0TBAIw
-ADALBgNVHQ8EBAMCAvQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwEQYJYIZIAYb4QgEB
-BAQDAgZAMB0GA1UdDgQWBBSo1i6fFI6jSnQoTzo2SjqQ2HTmYjA0BgNVHREELTAr
-hhZodHRwOi8vMTkyLjE2OC4xMC4xOTYvhhFodHRwOi8vbG9jYWxob3N0LzANBgkq
-hkiG9w0BAQwFAAOCAYEAaX6bis5KakrPaWY5YKXmznTqtiGv3r14jmDm2nwh/AS7
-bNUKXYmYRKEz1a/+/ki0nrU0zZshER5p78jpPAdyYXE8Zji2A+8zK8abtV8YGmYs
-Iidnt662jLZRztG4mGu0dsGFQGujPjKVNXENjcInsGnWiJz3qkyrZcaVGkLvV7se
-Hodp2OCY9zUDcjpmtWfdU7jE8NouDpjOfpGz0ipmQybQcSLPK6W7CNLScCI7UrtC
-694I/auAveCiJyS0D+g6MpAeYt/1hMirdsvEBzSCwy6hpRsL67Y+x/KLnlmNyKGd
-+xsjI893KVuVtEOZL+KKTNFxEq9P1sFvZstZ0zd4ahK9HVes20mVf2UGLXO7lGVO
-12bL8JnV2ceFFXpVvDrM/UB0/OZbQPNvfZova713r1PtEaY34JB84ag29Ez6ueGO
-xaKJm5sPCIKEU+IHzzn+Kqx/YJ948hSpSyac8mkSgzzn/B0qAvbkes/MAbfcsPIB
-o441FEIvOMtWYQu57bVf
+MIID+TCCAmGgAwIBAgIDAgmUMA0GCSqGSIb3DQEBDAUAMD0xFzAVBgNVBAMTDk1Q
+U1Jvb3QtOTQwY2Q3MRAwDgYDVQQKEwd1bmtub3duMRAwDgYDVQQGEwd1bmtub3du
+MCAXDTIzMDkxOTE3MDQyMVoYDzIwNTQwOTE5MTcwNDIxWjAlMRYwFAYDVQQDEw0x
+OTIuMTY4LjAuMTM5MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMPeSmg6YoUWSaff9vqFU9c77VasinOUt/bfu96/gE+8ri76MJp2
+FxBeCiIcGrEmUGp//ljksS3GkafgKPUedgx53vdzXAxyRzowu2ybGBPgFK2dtsSv
+9rfc8bEbQiqKb7JhVDEmGR+xzVd7qEJgJtTcjgMKxtp985T6NvmfYpEaK0yoCnol
+prVI6u9hoTrigEueQVSVrVc2ZlgDW7Eon7U+f7sBbT8XbjaI+YhWDK451RV+lmVj
+2Qp+/nK1Xutj08TWfqFw8P/zghxCf6yHdKihub7E2phuPeZIQ0vN7RW925dlhp37
+r0tyws2OfeCZ/xX9lkJxLEob9tK0x6UCcJ8CAwEAAaOBlzCBlDAJBgNVHRMEAjAA
+MAsGA1UdDwQEAwIC9DATBgNVHSUEDDAKBggrBgEFBQcDATARBglghkgBhvhCAQEE
+BAMCBkAwHQYDVR0OBBYEFFsXNHV7SPA4uAcYBSHus0aKdSABMDMGA1UdEQQsMCqG
+FWh0dHA6Ly8xOTIuMTY4LjAuMTM5L4YRaHR0cDovL2xvY2FsaG9zdC8wDQYJKoZI
+hvcNAQEMBQADggGBAJ+2lGqmVN6MUg6lNo0GOeppkTXZJbEIXSdYht6zdaVDoq44
+LpwIgwTKImZ7+EKpZjKX8h63TZ0J4PBxC4I4/2HIW8+pSUK3rz5Pe84Ztx6DHQX7
+QeIDsieiRSKvwH/Jr4hPiONpXyO2kzc3bP26x/F/1ZorLqkV2misklb4qqv0FZN9
++pmwC3HTYryCVD7ZjsF1soZ5F7g5qDYP7lNURuNuIbAzjC1nRVIxVEVeVwi3qHRP
+dFJ5mCotzcrnXY1hb2ouAD0Jls5AHxxmfzRt7ubansaW04petKTxK1FIDAgk5skI
+GMT1u58/bCbJvRbWcX/OLNUUXk2dsah6g9FG60IUz8qSi0QOwhqYkVNsKFJcmJ7v
+Ga8ECnAdnKnVHTOndOYeSm/+u6UGGyTYntNBguP7aQf94eHU2J2ibbUy2GairKP4
+HIsnn3Li30RgF7kfkMJq+oIEczYK1mOm1kQ4yNqfFsMGyNZje0LyQvvIBLO1ADft
+OjdELN7mQx+x3tPy3w==
 -----END CERTIFICATE-----
+

config/key.pem

@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEApyoW5zpfhk+Wr/p+6mzgf6C60NQQXB00Gw/HOl/avDTMKcNA
-+hpjjRpbg5DmqjreLzvibC2lJoYYORyrolEDmMx8TPf0bQm1NonfD4fOXsB9BKcK
-lcFsEpdLZbdasvjJniGMlEEdTrokE3aDJqH7F7YAGhVxC3ikurU1d6GbygtYjXWd
-QUdg2DDqjdtOT6oVsXjRQBQHkG6g5WwovGTvUfjS280CADRELQpd49EAyIq2EBBJ
-MsTuR19BITKYHVGQVbCreNrvTLReUoIFM2PxsbzPqnMHPgZ1CqA0v3K4VViLseFA
-9FggRAXG56PwCrIOI4AckmsKmEzdkc255VIIjwIDAQABAoH/TJ7F1nPl7pCCH9+D
-OExnpH6cA6EG/Vqi1D92h7alSS4xwnfL+Y9w1HSC5CIbCMLJ1ubUQuAZw0wPhpjg
-JyTH2FDsQh3LTGymsj9CIoUsVNt1FgPhBD4uJziYE/fxtEoMw5xp2EKkHPG585g6
-zLKvkpowXUlsbaeHnF6boz8EYZvgs33jOFa3ldCi6aoqBbnJzr3mPLtNj/gib6a0
-9WOVtgZ3TBvi+I8pR5XN+ZiC3NDGJMa8iwf0LzIx2bsZ/iwm6DEiHvtIDcd3Sjg9
-jtVhFajAqq4vMny9pXSqgm5fNCaybk99OT4opTsVPp2m1bhNZtkPxH4cE77Xanlq
-em+dAoGBANgSTSvimiO/OqSjJ2N4Hay3WdrOM5uXx649YGwC8UdlgtzWRTlhzOlX
-mAl5R2FGBZW/BFmCtJ56WUPzlxml5byUA67bKrwVurh1/oKrn/j6YxTihkv4bfw0
-9vFQVJIggoTUiBWdhOW/1JEZR/ylndCosAHqk/b/NyMEsVpXx8ITAoGBAMYOI8xz
-m3EwD8B3rnhJoSgQe6tljEBk4Y4RikTXQ0I2h3b0Qy7EFzdn0wNjP//QQs9r0LmK
-FfJ6W/MgxE8dl5TWb9rnASKwA6P3HjaGeDqx2ydfb9PBcmJKNwDABWfi+OOERnNC
-ujifRJvgNUFuvYu2LR/QedZFZ9nKQE0+MA8VAoGBAIb3f57/D/tuUwpOI6d9e0PM
-z+LeVNxHBeLv0dAGUoKfhQu/CEScs6u6HG0mhZDcdVahl+z1uS8ZC7NncCYEO6n8
-5wQNQPd1t0nL4qvq2qViegusp+jCiKk2yF3aKMmSZxTj0RF3cHE2z2fHW/ET3q1d
-AXxg9AYgS2ejYckl9dBjAoGBAMA+bWVBOjruCfwqr8G2xqVbCo/eK/s9cOsz/2C/
-Clw1DdzbUHMOh/KR5vM83Zx0DMXFw361mIQbXTFsNuEMulwQodZ7sFB5Ra9caYlH
-kWB3z2AydRu4hEz/+M/Tk+u5FxnRBYlP1e6sOi6LvWXcFkSM+tQMypbAHAP9G9le
-acvZAoGAdzsVU2GghDUXeZOynvupJpzjQ7PZ+GkLN3dBujnzJLaK79vqh06kL+2D
-HjW7ibpZYyNIpvaiiitG4LYvAqsxwFsnGN9h0i/zKJzTRbE3hB1CiD55GfU0o7Tt
-mCna7bsJZ6I3agrwcLKWN3YnhuHw17n1z33HDVXQgac/52Vd45A=
+MIIEpAIBAAKCAQEAw95KaDpihRZJp9/2+oVT1zvtVqyKc5S39t+73r+AT7yuLvow
+mnYXEF4KIhwasSZQan/+WOSxLcaRp+Ao9R52DHne93NcDHJHOjC7bJsYE+AUrZ22
+xK/2t9zxsRtCKopvsmFUMSYZH7HNV3uoQmAm1NyOAwrG2n3zlPo2+Z9ikRorTKgK
+eiWmtUjq72GhOuKAS55BVJWtVzZmWANbsSiftT5/uwFtPxduNoj5iFYMrjnVFX6W
+ZWPZCn7+crVe62PTxNZ+oXDw//OCHEJ/rId0qKG5vsTamG495khDS83tFb3bl2WG
+nfuvS3LCzY594Jn/Ff2WQnEsShv20rTHpQJwnwIDAQABAoIBACPY+sBBs0dNUXS2
+klK+dR5G2wTKdlp6BQNbZlx5qwes7iot4xhZ9ZWqyGr+vsneS8h6HXhyfpT0qzLQ
+3V4jUZKt+WdLhzTF85BMW/kgF5OHpvExlMJBvENhXiC+bukvRgsdMhX+tYlt9rmE
+qcJgK6s4pIsc/VD+zUZeVxJvn9ATaiCMJQ7EMAyY+xcYWxvAqtDNBsmWR79HF8ZP
+SEyy0GGp2G4i2aDlzpA+NnPM0jAbba29NBLKpzH59OkA+ByNx2aozu4989bWo3aq
+4F2wJGNqeVCcas4UIxjfBiUmhm101sFvaMF+gp3dJj0qaT+I6e43h/x2O1r9CxVv
++7zkloECgYEA+JCzoL2h1zZx0svb7An4tpxipMBQAswykChvPmxaKdZPRvjRU8Kp
+IKl8xb63Azjbn5Ka1yQnewvNrfV/WFTHgssJ5lZSPKKvVAuDt9fwfc8GxFfBNdK+
+Cgx0Td1gXCLpf/qcplJcVJ0IVOPNxT+SpO6DT0poZ/eJJo15Uiqia4ECgYEAyboU
+13aW8BoGfkvEEWmQCd/mBhuYwisqnbFVNAKhNhkcZzDeB5WmLhcUECTxTeLS3Ukz
+o2xrNHVba+T+mF86QZ7nsuAOAHe4um67qe1moZKGZnc65F/yZ7bodVu3lRxg/mlw
+tt7Xc8XYRP3a1hriP3Y8DApqq/Gqz/YcpXh9bB8CgYEAr2kmanQIhyDT2Iemrn8m
+9m+MKWnRzPefYx41yx6ZzlZ/4bzrtCl2Qyd4dvAspOh2DLlf7h2EgxAEWRQbhxFl
+LkbsuJEIPeQsyKnLjWylOZNk2iB3p+0N0XeSh/SG8N5uW7NW4wTSRZ//5jBQ4TcI
+3L25Crae0WfdcMh76mFN94ECgYA+ulFeyq6WzND2FuNKMtQqbegeQBiZUEj5Ljp7
+aNHue5J8eBKisyMws9Z2SraKbJz7WJbpG36emluqSlPs17fKzfnogol4FcJonqRW
+a879MQ3/8NVsTHWZUKQqUjHc+S0kD2+QPe0rP/tHQNT6vPNbno1/hQG0o/pknng7
+8CK4KwKBgQCEuPRlR7UvKNlEAYu0mOTUuBJL0RtNaNMMc9nbLTXfQ5VIdaRt92Dq
+6ePvQk/8qMHmRu/0gIpPpOe+zZGWPRf6DD/s1nhgKA172tRJ6TeOdZHub+BhA2fr
+8GapPsW+FgunNoNf53hYp7+K2fRH1ItQmR+GpmeH4UN+XRR9vm1p7g==
 -----END RSA PRIVATE KEY-----

docker-compose.yml

@@ -1,17 +1,17 @@
 services:
-  postgres:
-    container_name: postgres
-    image: postgres
-    networks:
-      - openamtnetwork1
-    volumes:
-      - pg-data:/var/lib/postgresql/data
-    environment:
-      POSTGRES_USER: "postgresadmin"
-      POSTGRES_PASSWORD: "admin123"
-      POSTGRES_DB: "rpsdb"
-    ports:
-      - 5432:5432
+  # postgres:
+  #   container_name: postgres
+  #   image: postgres
+  #   networks:
+  #     - openamtnetwork1
+  #   volumes:
+  #     - pg-data:/var/lib/postgresql/data
+  #   environment:
+  #     POSTGRES_USER: "postgresadmin"
+  #     POSTGRES_PASSWORD: "admin123"
+  #     POSTGRES_DB: "rpsdb"
+  #   ports:
+  #     - 5432:5432
   app:
     build: .
     container_name: app
@@ -23,11 +23,12 @@ services:
     environment:
       HTTP_HOST: ""
       GIN_MODE: "debug"
-      DB_URL: "postgres://postgresadmin:admin123@postgres:5432/rpsdb"
+      #DB_URL: "postgres://postgresadmin:admin123@postgres:5432/rpsdb"
     ports:
       - 8181:8181
-    depends_on:
-      - postgres
+      - 4433:4433
+    # depends_on:
+    #   - postgres
   # integration:
   #   build:
   #     context: .

internal/controller/tcp/cira/tunnel.go

@@ -59,8 +59,19 @@ func (s *Server) Notify() <-chan error {
 }
 
 func (s *Server) ListenAndServe() error {
+
 	config := &tls.Config{
-		Certificates: []tls.Certificate{s.certificates},
+		Certificates:       []tls.Certificate{s.certificates},
+		InsecureSkipVerify: true,
+		CipherSuites:       nil,
+		// []uint16{
+		// 	tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+		// 	tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+		// 	tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+		// 	tls.TLS_AES_256_GCM_SHA384,
+		// 	tls.TLS_AES_128_GCM_SHA256,
+		// },
+		MinVersion: tls.VersionTLS12,
 	}
 	listener, err := tls.Listen("tcp", ":"+port, config)
 	if err != nil {
@@ -104,7 +115,7 @@ func (s *Server) handleConnection(conn net.Conn) {
 		conn.SetDeadline(time.Now().Add(maxIdleTime))
 		buf := make([]byte, 4096)
 		n, err := tlsConn.Read(buf)
-		if err != nil {
+		if err != nil && n == 0 {
 			if errors.Is(err, net.ErrClosed) {
 				log.Printf("Connection closed for device %s\n", deviceID)
 				break