feat: parametrize paths for TLS certificate and private key (#275)

* feat: parametrize paths for TLS certificate and private key Signed-off-by: Dario Faccin <[email protected]> * do not use Free5gcPath to allow any path for TLS Signed-off-by: Dario Faccin <[email protected]> * use default path if key and pem are not provided Signed-off-by: Dario Faccin <[email protected]> --------- Signed-off-by: Dario Faccin <[email protected]> Co-authored-by: Ajay Lotan Thakur <[email protected]>
omec-project · Jul 20, 2024 · 93b6e24 · 93b6e24
1 parent 8d16c5e
commit 93b6e24
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 1 deletion.
diff --git a/amfTest/amfcfg.yaml b/amfTest/amfcfg.yaml
@@ -16,6 +16,9 @@ configuration:
     registerIPv4: 127.0.0.18 # IP used to register to NRF
     bindingIPv4: 127.0.0.18  # IP used to bind the service
     port: 8000 # port used to bind the service
+    tls: # the local path of TLS key
+      key: /support/TLS/amf.pem # AMF TLS Certificate
+      pem: /support/TLS/amf.pem # AMF TLS Private key
   serviceNameList: # the SBI services provided by this AMF, refer to TS 29.518
     - namf-comm # Namf_Communication service
     - namf-evts # Namf_EventExposure service

diff --git a/context/context.go b/context/context.go
@@ -66,6 +66,8 @@ type AMFContext struct {
 	UriScheme                       models.UriScheme
 	BindingIPv4                     string
 	SBIPort                         int
+	Key                             string
+	PEM                             string
 	NgapPort                        int
 	SctpGrpcPort                    int
 	RegisterIPv4                    string

diff --git a/factory/config.go b/factory/config.go
@@ -156,11 +156,17 @@ type NetworkFeatureSupport5GS struct {
 
 type Sbi struct {
 	Scheme       string `yaml:"scheme"`
+	TLS          *TLS   `yaml:"tls"`
 	RegisterIPv4 string `yaml:"registerIPv4,omitempty"` // IP that is registered at NRF.
 	BindingIPv4  string `yaml:"bindingIPv4,omitempty"`  // IP used to run the server in the node.
 	Port         int    `yaml:"port,omitempty"`
 }
 
+type TLS struct {
+	PEM string `yaml:"pem,omitempty"`
+	Key string `yaml:"key,omitempty"`
+}
+
 type Security struct {
 	IntegrityOrder []string `yaml:"integrityOrder,omitempty"`
 	CipheringOrder []string `yaml:"cipheringOrder,omitempty"`

diff --git a/service/init.go b/service/init.go
@@ -384,7 +384,7 @@ func (amf *AMF) Start() {
 	if serverScheme == "http" {
 		err = server.ListenAndServe()
 	} else if serverScheme == "https" {
-		err = server.ListenAndServeTLS(util.AmfPemPath, util.AmfKeyPath)
+		err = server.ListenAndServeTLS(self.PEM, self.Key)
 	}
 
 	if err != nil {

diff --git a/util/init_context.go b/util/init_context.go
@@ -64,13 +64,23 @@ func InitAmfContext(context *context.AMFContext) {
 	}
 	context.RegisterIPv4 = factory.AMF_DEFAULT_IPV4 // default localhost
 	context.SBIPort = factory.AMF_DEFAULT_PORT_INT  // default port
+	context.Key = AmfKeyPath                        // default key path
+	context.PEM = AmfPemPath                        // default PEM path
 	if sbi != nil {
 		if sbi.RegisterIPv4 != "" {
 			context.RegisterIPv4 = os.Getenv("POD_IP")
 		}
 		if sbi.Port != 0 {
 			context.SBIPort = sbi.Port
 		}
+		if tls := sbi.TLS; tls != nil {
+			if tls.Key != "" {
+				context.Key = tls.Key
+			}
+			if tls.PEM != "" {
+				context.PEM = tls.PEM
+			}
+		}
 		context.BindingIPv4 = os.Getenv(sbi.BindingIPv4)
 		if context.BindingIPv4 != "" {
 			logger.UtilLog.Info("Parsing ServerIPv4 address from ENV Variable.")