Merge pull request #20 from MGTheTrain/feature/integrate-logging

Feature/integrate logging

CHANGELOG.md

@@ -12,6 +12,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **Scalable and maintainable project structure**: Referred to the [project-layout GitHub repo](https://github.com/golang-standards/project-layout) and adopted Domain-Driven Design to create a **modular, flexible and maintainable** project structure with a focus on the **domain at its core**
 - **CI workflows for quality checks**: Set up continuous integration workflows with GitHub Actions for automated linting, functional testing, building and pushing artifacts.
 - **PKCS#11 integration**: Enabled key management and cryptographic operations (such as RSA-PKCS encryption/decryption and RSA-PSS or ECDSA signing/verification) through PKCS#11 interfaces supporting both FIPS-compliant hardware and software environments.
+- **Logging**: Integrated console and file logging (e.g. using structured logging with `logrus`) 
 
 ## [0.1.0] - TBD-TBD-TBD
 

README.md

@@ -38,7 +38,8 @@ Interfaces (CLIs, gRPC APIs, RESTful Web APIs) for managing cryptographic keys a
 - [x] **CI workflows for quality checks**: Set up continuous integration workflows with GitHub Actions for automated linting, functional and non-functional testing, building and pushing artifacts.
 - [ ] **Security checks in CI workflows**: Consider non-functional testing (vulnerability scanning, SBOM generation, Static Code Analysis) in GitHub Actions.
 - [ ] **Performance optimization**: Ensure cryptographic operations are optimized for performance, especially for large files and high throughput environments.
-- [ ] **Logging and monitoring**: Integrate logging (e.g. using structured logging with `logrus`) and monitoring (e.g. Prometheus, Grafana) to track API usage, performance and errors.
+- [x] **Logging**: Integrate logging (e.g. using structured logging with `logrus`) 
+- [ ] **Monitoring**: Integrate monitoring (e.g. Prometheus, Grafana) to track API usage, performance and errors.
 - [ ] **Error handling and resiliency**: Implement comprehensive error handling and retries for operations that may fail, with clear error messages and status codes for the API.
 - [ ] **Security**: Ensure that all cryptographic material is securely encrypted before storing it in a key vault using a master key. Additionally, protect APIs with authentication mechanisms such as OAuth2 or JWT, and follow best practices for handling sensitive data.
 - [ ] **Documentation**: Provide clear API documentation (e.g. Swagger/OpenAPI) for ease of integration by other developers.

cmd/crypto-vault-cli/README.md

@@ -123,4 +123,8 @@ go run crypto_vault_cli.go list-objects --token-label "my-token"
 # Delete an object (e.g., RSA or EC key) from the PKCS#11 token
 go run crypto_vault_cli.go delete-object --token-label my-token --object-label my-rsa-key --object-type pubkey
 go run crypto_vault_cli.go delete-object --token-label my-token --object-label my-rsa-key --object-type privkey
-```
+```
+
+### Running the e2e-test
+
+In order to e2e-test the entire flow from encryption to decryption, key management, signing, and verifying signatures as outlined in previous [Getting Started](#getting-started) sections run `go test ./crypto_vault_cli_test.go`.

cmd/crypto-vault-cli/crypto_vault_cli_test.go

@@ -0,0 +1,156 @@
+package main
+
+import (
+	"bytes"
+	"fmt"
+	"os/exec"
+	"testing"
+)
+
+func runCommand(t *testing.T, cmd string, args []string) (string, error) {
+	command := exec.Command(cmd, args...)
+	var out bytes.Buffer
+	command.Stdout = &out
+	command.Stderr = &out
+
+	err := command.Run()
+	if err != nil {
+		t.Fatalf("Command failed: %v\nOutput: %v", err, out.String())
+		return "", err
+	}
+
+	return out.String(), nil
+}
+
+func TestEncryptionAndDecryption(t *testing.T) {
+	uuid := "test-uuid-1234"
+	inputFile := "data/input.txt"
+
+	encOutputFile := fmt.Sprintf("data/%s-output.enc", uuid)
+	cmdEncrypt := "go"
+	argsEncrypt := []string{"run", "crypto_vault_cli.go", "encrypt-aes", "--input-file", inputFile, "--output-file", encOutputFile, "--key-size", "16", "--key-dir", "data/"}
+
+	_, err := runCommand(t, cmdEncrypt, argsEncrypt)
+	if err != nil {
+		t.Fatalf("Encryption failed: %v", err)
+	}
+
+	decOutputFile := fmt.Sprintf("data/%s-decrypted.txt", uuid)
+	cmdDecrypt := "go"
+	argsDecrypt := []string{"run", "crypto_vault_cli.go", "decrypt-aes", "--input-file", encOutputFile, "--output-file", decOutputFile, "--symmetric-key", "your-generated-symmetric-key"}
+
+	_, err = runCommand(t, cmdDecrypt, argsDecrypt)
+	if err != nil {
+		t.Fatalf("Decryption failed: %v", err)
+	}
+}
+
+func TestRSAEncryptionAndDecryption(t *testing.T) {
+	uuid := "test-uuid-5678"
+	inputFile := "data/input.txt"
+
+	encOutputFile := fmt.Sprintf("data/%s-encrypted.txt", uuid)
+	cmdEncryptRSA := "go"
+	argsEncryptRSA := []string{"run", "crypto_vault_cli.go", "encrypt-rsa", "--input-file", inputFile, "--output-file", encOutputFile, "--key-dir", "data/"}
+
+	_, err := runCommand(t, cmdEncryptRSA, argsEncryptRSA)
+	if err != nil {
+		t.Fatalf("RSA Encryption failed: %v", err)
+	}
+
+	decOutputFile := fmt.Sprintf("data/%s-decrypted.txt", uuid)
+	cmdDecryptRSA := "go"
+	argsDecryptRSA := []string{"run", "crypto_vault_cli.go", "decrypt-rsa", "--input-file", encOutputFile, "--output-file", decOutputFile, "--private-key", "your-generated-private-key"}
+
+	_, err = runCommand(t, cmdDecryptRSA, argsDecryptRSA)
+	if err != nil {
+		t.Fatalf("RSA Decryption failed: %v", err)
+	}
+}
+
+func TestPKCS11EncryptionAndDecryption(t *testing.T) {
+	uuid := "test-uuid-pkcs11"
+	inputFile := "data/input.txt"
+
+	encOutputFile := fmt.Sprintf("data/%s-encrypted-output.enc", uuid)
+	cmdEncryptPKCS11 := "go"
+	argsEncryptPKCS11 := []string{
+		"run", "crypto_vault_cli.go", "encrypt", "--token-label", "my-token", "--object-label", "my-rsa-key", "--key-type", "RSA", "--input-file", inputFile, "--output-file", encOutputFile,
+	}
+
+	_, err := runCommand(t, cmdEncryptPKCS11, argsEncryptPKCS11)
+	if err != nil {
+		t.Fatalf("PKCS11 Encryption failed: %v", err)
+	}
+
+	decOutputFile := fmt.Sprintf("data/%s-decrypted-output.txt", uuid)
+	cmdDecryptPKCS11 := "go"
+	argsDecryptPKCS11 := []string{
+		"run", "crypto_vault_cli.go", "decrypt", "--token-label", "my-token", "--object-label", "my-rsa-key", "--key-type", "RSA", "--input-file", encOutputFile, "--output-file", decOutputFile,
+	}
+
+	_, err = runCommand(t, cmdDecryptPKCS11, argsDecryptPKCS11)
+	if err != nil {
+		t.Fatalf("PKCS11 Decryption failed: %v", err)
+	}
+}
+
+func TestSigningAndVerificationECDSA(t *testing.T) {
+	inputFile := "data/input.txt"
+	signatureFile := "data/signature.sig"
+
+	cmdSignECDSA := "go"
+	argsSignECDSA := []string{"run", "crypto_vault_cli.go", "sign-ecc", "--input-file", inputFile, "--key-dir", "data"}
+
+	_, err := runCommand(t, cmdSignECDSA, argsSignECDSA)
+	if err != nil {
+		t.Fatalf("ECDSA Signing failed: %v", err)
+	}
+
+	cmdVerifyECDSA := "go"
+	argsVerifyECDSA := []string{
+		"run", "crypto_vault_cli.go", "verify-ecc", "--input-file", inputFile, "--public-key", "your-generated-public-key", "--signature-file", signatureFile,
+	}
+
+	_, err = runCommand(t, cmdVerifyECDSA, argsVerifyECDSA)
+	if err != nil {
+		t.Fatalf("ECDSA Verification failed: %v", err)
+	}
+}
+
+func TestPKCS11KeyManagement(t *testing.T) {
+
+	cmdStorePKCS11 := "go"
+	argsStorePKCS11 := []string{
+		"run", "crypto_vault_cli.go", "store-pkcs11-settings", "--module", "/usr/lib/softhsm/libsofthsm2.so", "--so-pin", "1234", "--user-pin", "5678", "--slot-id", "0x0",
+	}
+
+	_, err := runCommand(t, cmdStorePKCS11, argsStorePKCS11)
+	if err != nil {
+		t.Fatalf("Storing PKCS#11 settings failed: %v", err)
+	}
+
+	cmdAddRSAKey := "go"
+	argsAddRSAKey := []string{"run", "crypto_vault_cli.go", "add-key", "--token-label", "my-token", "--object-label", "my-rsa-key", "--key-type", "RSA", "--key-size", "2048"}
+
+	_, err = runCommand(t, cmdAddRSAKey, argsAddRSAKey)
+	if err != nil {
+		t.Fatalf("Adding RSA Key to PKCS#11 failed: %v", err)
+	}
+
+	cmdListObjects := "go"
+	argsListObjects := []string{"run", "crypto_vault_cli.go", "list-objects", "--token-label", "my-token"}
+
+	_, err = runCommand(t, cmdListObjects, argsListObjects)
+	if err != nil {
+		t.Fatalf("Listing PKCS#11 objects failed: %v", err)
+	}
+
+	cmdDeleteRSAKey := "go"
+	argsDeleteRSAKey := []string{"run", "crypto_vault_cli.go", "delete-object", "--token-label", "my-token", "--object-label", "my-rsa-key", "--object-type", "pubkey"}
+
+	_, err = runCommand(t, cmdDeleteRSAKey, argsDeleteRSAKey)
+	if err != nil {
+		t.Fatalf("Deleting RSA Key from PKCS#11 failed: %v", err)
+	}
+}