Enable or disable end-to-end encryption

cloud-barista · Apr 12, 2022 · e6fc40e · e6fc40e
1 parent ab94971
commit e6fc40e
Show file tree

Hide file tree

Showing 4 changed files with 85 additions and 27 deletions.
diff --git a/poc-cb-net/cmd/agent/agent.go b/poc-cb-net/cmd/agent/agent.go
@@ -139,6 +139,19 @@ func handleCommand(controlCommand string, etcdClient *clientv3.Client) {
 			initializeAgent(etcdClient)
 		}
 
+	case cmdtype.EnableEncryption:
+		CBLogger.Debug("enable end-to-end encryption")
+
+		CBNet.EnableEncryption(true)
+		if CBNet.IsEncryptionEnabled() {
+			initializeSecret(etcdClient)
+		}
+
+	case cmdtype.DisableEncryption:
+		CBLogger.Debug("disable end-to-end encryption")
+
+		CBNet.DisableEncryption()
+
 	default:
 		CBLogger.Errorf("unknown control-command => %v\n", controlCommand)
 	}
@@ -551,6 +564,22 @@ func initializeSecret(etcdClient *clientv3.Client) {
 func main() {
 	CBLogger.Debug("Start.........")
 
+	// Wait for multiple goroutines to complete
+	var wg sync.WaitGroup
+
+	// A context for graceful shutdown (It is based on the signal package)
+	// NOTE -
+	// Use os.Interrupt Ctrl+C or Ctrl+Break on Windows
+	// Use syscall.KILL for Kill(can't be caught or ignored) (POSIX)
+	// Use syscall.SIGTERM for Termination (ANSI)
+	// Use syscall.SIGINT for Terminal interrupt (ANSI)
+	// Use syscall.SIGQUIT for Terminal quit (POSIX)
+	// Use syscall.SIGHUP for Hangup (POSIX)
+	// Use syscall.SIGABRT for Abort (POSIX)
+	gracefulShutdownContext, stop := signal.NotifyContext(context.TODO(),
+		os.Interrupt, syscall.SIGKILL, syscall.SIGTERM, syscall.SIGINT, syscall.SIGQUIT, syscall.SIGHUP, syscall.SIGABRT)
+	defer stop()
+
 	// etcd Section
 	// Connect to the etcd cluster
 	etcdClient, etcdErr := clientv3.New(clientv3.Config{
@@ -615,21 +644,11 @@ func main() {
 	// Enable encryption or not
 	CBNet.EnableEncryption(config.CBNetwork.Host.IsEncrypted)
 
-	// A context for graceful shutdown (It is based on the signal package)
-	// NOTE -
-	// Use os.Interrupt Ctrl+C or Ctrl+Break on Windows
-	// Use syscall.KILL for Kill(can't be caught or ignored) (POSIX)
-	// Use syscall.SIGTERM for Termination (ANSI)
-	// Use syscall.SIGINT for Terminal interrupt (ANSI)
-	// Use syscall.SIGQUIT for Terminal quit (POSIX)
-	// Use syscall.SIGHUP for Hangup (POSIX)
-	// Use syscall.SIGABRT for Abort (POSIX)
-	gracefulShutdownContext, stop := signal.NotifyContext(context.TODO(),
-		os.Interrupt, syscall.SIGKILL, syscall.SIGTERM, syscall.SIGINT, syscall.SIGQUIT, syscall.SIGHUP, syscall.SIGABRT)
-	defer stop()
-
-	// Wait for multiple goroutines to complete
-	var wg sync.WaitGroup
+	wg.Add(1)
+	// Watch the other agents' secrets (RSA public keys)
+	go watchSecret(gracefulShutdownContext, etcdClient, &wg)
+	// Wait until the goroutine is started
+	time.Sleep(200 * time.Millisecond)
 
 	wg.Add(1)
 	// Watch the control command from the remote
@@ -643,14 +662,6 @@ func main() {
 	// Wait until the goroutine is started
 	time.Sleep(200 * time.Millisecond)
 
-	// Watch the other agents' secrets (RSA public keys)
-	if CBNet.IsEncryptionEnabled() {
-		wg.Add(1)
-		go watchSecret(gracefulShutdownContext, etcdClient, &wg)
-		// Wait until the goroutine is started
-		time.Sleep(200 * time.Millisecond)
-	}
-
 	// Turn up the network interface (TUN) for Cloud Adaptive Network
 	handleCommand(cmdtype.Up, etcdClient)
 

diff --git a/poc-cb-net/pkg/cb-network/cb-network.go b/poc-cb-net/pkg/cb-network/cb-network.go
@@ -115,6 +115,8 @@ func New(name string, port int) *CBNetwork {
 		isEncryptionEnabled:   false,
 		isInterfaceConfigured: false,
 		notificationChannel:   make(chan bool),
+		keyring:               make(map[string]*rsa.PublicKey),
+		keyringMutex:          new(sync.Mutex),
 	}
 	temp.UpdateHostNetworkInformation()
 
@@ -599,12 +601,15 @@ func (cbnetwork *CBNetwork) EnableEncryption(isTrue bool) {
 		if err != nil {
 			CBLogger.Error(err)
 		}
-		cbnetwork.keyring = make(map[string]*rsa.PublicKey)
-		cbnetwork.keyringMutex = new(sync.Mutex)
 		cbnetwork.isEncryptionEnabled = true
 	}
 }
 
+// DisableEncryption represents a function to set a status for message encryption.
+func (cbnetwork *CBNetwork) DisableEncryption() {
+	cbnetwork.isEncryptionEnabled = false
+}
+
 // IsEncryptionEnabled represents a function to check if a message is encrypted or not.
 func (cbnetwork CBNetwork) IsEncryptionEnabled() bool {
 	return cbnetwork.isEncryptionEnabled

diff --git a/poc-cb-net/pkg/test-type/test-type.go b/poc-cb-net/pkg/test-type/test-type.go
@@ -7,7 +7,7 @@ import (
 )
 
 const (
-	// CheckConnectivity is a constant variable for test "CONNECTIVITY"
+	// Connectivity is a constant variable for test "CONNECTIVITY"
 	Connectivity = "CONNECTIVITY"
 )
 

diff --git a/poc-cb-net/web/public/index.html b/poc-cb-net/web/public/index.html
@@ -179,9 +179,13 @@ <h4 class="align-center">Remote-control</h4>
                                 </select>
                             </div>                    
                         </div>
-                        <br/>
+                        <div>Network Interface: </div>
                         <button type="button" onclick="cladnetUp()">Up</button>
                         <button type="button" onclick="cladnetDown()">Down</button>
+                        <br/>
+                        <div>End-to-end encryption: </div>
+                        <button type="button" onclick="enableEncryption()">Enable</button>
+                        <button type="button" onclick="disableEncryption()">Disable</button>
                     </div>
                 </div>
             </div>
@@ -344,6 +348,44 @@ <h4 class="align-center">Status chart</h4>
         console.log("End - cladnetDown() ");        
     }
 
+    function enableEncryption(){
+        console.log("Start - enableEncryption() ");
+        let cladnetID = document.getElementById('cladnet-id-for-remote-control').value;
+
+        console.log("CLADNetID:" + cladnetID);
+        if (cladnetID == "") {
+            alert("CLADNet ID를 선택해주세요.")
+            return
+        }
+        // Build JSON data            
+        let message = JSON.stringify({
+            CLADNetID: cladnetID,
+            commandType: COMMAND_TYPE.ENABLE_ENCRYPTION
+        });
+
+        sendDataframe("control-cladnet", message);
+        console.log("End - enableEncryption() ");
+    }
+
+    function disableEncryption(){
+        console.log("Start - disableEncryption() ");
+        let cladnetID = document.getElementById('cladnet-id-for-remote-control').value;
+
+        console.log("CLADNetID:" + cladnetID);
+        if (cladnetID == "") {
+            alert("CLADNet ID를 선택해주세요.")
+            return
+        }
+        // Build JSON data            
+        let message = JSON.stringify({
+            CLADNetID: cladnetID,
+            commandType: COMMAND_TYPE.DISABLE_ENCRYPTION
+        });
+
+        sendDataframe("control-cladnet", message);
+        console.log("End - disableEncryption() ");
+    }
+
     function createCLADNet() {
 
         // Get the network (IPv4 CIDR block) and description to create CLADNet