- Bump to v0.3.1 of the kmip-protocol crate.

- Add a dependency on the backoff crate for retry support. - Add a dependency on the r2d2 crate for connection pooling support. - Uses GitHub versions of the bcder and rpki crates for the DER Unsigned Integer support needed by the KMIP signer. - Refactor signers to crypto::signers and replace the Dummy signer with a KMIP signer. - Added a "hsmtest" job to the GitHub Actions CI workflow that runs all Krill tests using the KMIP signer against PyKMIP. - Added a "hsm-tests" Cargo feature flag for configuring Krill to use ONLY KMIP as a signer, not OpenSSL at all. Currently building without the "hsm-tests" feature flag set will fail if the "hsm" feature flag is set. Krill isn't ready to be used in "hsm" mode yet. - Changes SignerProvider to implement the Signer trait so that it can be passed to builders so that their invocation of a signer also goes via SignerProvider dispatching to the correct signer.
NLnetLabs · Oct 5, 2021 · 870a102 · 870a102
1 parent 0fb9c91
commit 870a102
Show file tree

Hide file tree

Showing 25 changed files with 1,718 additions and 232 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -67,3 +67,44 @@ jobs:
         name: cypress-ui-test-captures ${{ matrix.os }} ${{ matrix.rust }}
         path: target/ui/
         if-no-files-found: ignore
+
+  hsmtest:
+    name: hsmtest
+    runs-on: ubuntu-18.04
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v1
+
+    - name: Install Rust
+      uses: hecrj/setup-rust-action@v1
+      with:
+        rust-version: stable
+
+    - uses: actions/setup-python@v2
+      with:
+        python-version: '3.x'
+
+    - name: Install PyKMIP
+      uses: BSFishy/pip-action@v1
+      with:
+        packages: pykmip
+
+    - name: Compile the tests
+      run: |
+        cargo build --tests --no-default-features --features hsm,hsm-tests
+
+    - name: Run the tests against the PyKMIP server
+      run: |
+        cd test-resources/pykmip
+        python run-server.py &
+        sleep 5s
+        openssl s_client -connect 127.0.0.1:5696 || true
+        cd -
+        cargo test --no-default-features --features hsm,hsm-tests -- --test-threads=1 2>&1
+
+    - name: Dump PyKMIP log on failure
+      if: failure()
+      working-directory: test-resources/pykmip
+      run: |
+        ls -la
+        cat server.log
diff --git a/Cargo.lock b/Cargo.lock