98e6b76584
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
wine-csp-build / Build Wine CSP Image (push) Has been cancelled
- Implemented PqSoftCryptoProvider for software-only post-quantum algorithms (Dilithium3, Falcon512) using BouncyCastle. - Added PqSoftProviderOptions and PqSoftKeyOptions for configuration. - Created unit tests for Dilithium3 and Falcon512 signing and verification. - Introduced EcdsaPolicyCryptoProvider for compliance profiles (FIPS/eIDAS) with explicit allow-lists. - Added KcmvpHashOnlyProvider for KCMVP baseline compliance. - Updated project files and dependencies for new libraries and testing frameworks.
228 lines
6.6 KiB
Bash
228 lines
6.6 KiB
Bash
#!/bin/bash
|
|
# Wine CSP Service Entrypoint
|
|
#
|
|
# Initializes Wine environment and starts the WineCspService under Wine.
|
|
# For TEST VECTOR GENERATION ONLY - not for production signing.
|
|
|
|
set -euo pipefail
|
|
|
|
# ------------------------------------------------------------------------------
|
|
# Configuration
|
|
# ------------------------------------------------------------------------------
|
|
WINE_CSP_PORT="${WINE_CSP_PORT:-5099}"
|
|
WINE_CSP_MODE="${WINE_CSP_MODE:-limited}"
|
|
WINE_CSP_INSTALLER_PATH="${WINE_CSP_INSTALLER_PATH:-/opt/cryptopro/csp-installer.msi}"
|
|
WINE_CSP_LOG_LEVEL="${WINE_CSP_LOG_LEVEL:-Information}"
|
|
WINE_PREFIX="${WINEPREFIX:-$HOME/.wine}"
|
|
DISPLAY="${DISPLAY:-:99}"
|
|
|
|
# Marker files
|
|
CSP_INSTALLED_MARKER="${WINE_PREFIX}/.csp_installed"
|
|
WINE_INITIALIZED_MARKER="${WINE_PREFIX}/.wine_initialized"
|
|
|
|
# Log prefix for structured logging
|
|
log() {
|
|
echo "[$(date -u '+%Y-%m-%dT%H:%M:%SZ')] [entrypoint] $*"
|
|
}
|
|
|
|
log_error() {
|
|
echo "[$(date -u '+%Y-%m-%dT%H:%M:%SZ')] [entrypoint] [ERROR] $*" >&2
|
|
}
|
|
|
|
# ------------------------------------------------------------------------------
|
|
# Virtual Framebuffer Management
|
|
# ------------------------------------------------------------------------------
|
|
start_xvfb() {
|
|
if ! pgrep -x Xvfb > /dev/null; then
|
|
log "Starting Xvfb virtual framebuffer on display ${DISPLAY}"
|
|
Xvfb "${DISPLAY}" -screen 0 1024x768x24 &
|
|
sleep 2
|
|
fi
|
|
}
|
|
|
|
stop_xvfb() {
|
|
if pgrep -x Xvfb > /dev/null; then
|
|
log "Stopping Xvfb"
|
|
pkill -x Xvfb || true
|
|
fi
|
|
}
|
|
|
|
# ------------------------------------------------------------------------------
|
|
# Wine Initialization
|
|
# ------------------------------------------------------------------------------
|
|
initialize_wine() {
|
|
if [[ -f "${WINE_INITIALIZED_MARKER}" ]]; then
|
|
log "Wine prefix already initialized"
|
|
return 0
|
|
fi
|
|
|
|
log "Initializing Wine prefix at ${WINE_PREFIX}"
|
|
|
|
start_xvfb
|
|
|
|
# Initialize Wine prefix
|
|
wine64 wineboot --init 2>/dev/null || true
|
|
wineserver --wait
|
|
|
|
# Set Windows version for CryptoPro compatibility
|
|
wine64 reg add "HKCU\\Software\\Wine\\Version" /v Windows /d "win10" /f 2>/dev/null || true
|
|
wineserver --wait
|
|
|
|
# Create marker
|
|
touch "${WINE_INITIALIZED_MARKER}"
|
|
log "Wine prefix initialized successfully"
|
|
}
|
|
|
|
# ------------------------------------------------------------------------------
|
|
# CryptoPro CSP Installation
|
|
# ------------------------------------------------------------------------------
|
|
install_cryptopro() {
|
|
# Check if already installed
|
|
if [[ -f "${CSP_INSTALLED_MARKER}" ]]; then
|
|
log "CryptoPro CSP already installed"
|
|
return 0
|
|
fi
|
|
|
|
# Check if installer is available
|
|
if [[ ! -f "${WINE_CSP_INSTALLER_PATH}" ]]; then
|
|
log "CryptoPro CSP installer not found at ${WINE_CSP_INSTALLER_PATH}"
|
|
log "Service will run in limited mode without CSP"
|
|
return 0
|
|
fi
|
|
|
|
log "Installing CryptoPro CSP from ${WINE_CSP_INSTALLER_PATH}"
|
|
|
|
start_xvfb
|
|
|
|
# Run the CSP installation script
|
|
if /usr/local/bin/install-csp.sh; then
|
|
touch "${CSP_INSTALLED_MARKER}"
|
|
log "CryptoPro CSP installed successfully"
|
|
else
|
|
log_error "CryptoPro CSP installation failed"
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
# ------------------------------------------------------------------------------
|
|
# Service Configuration
|
|
# ------------------------------------------------------------------------------
|
|
configure_service() {
|
|
log "Configuring Wine CSP service"
|
|
log " Mode: ${WINE_CSP_MODE}"
|
|
log " Port: ${WINE_CSP_PORT}"
|
|
log " Log Level: ${WINE_CSP_LOG_LEVEL}"
|
|
|
|
# Configure Wine debug output based on log level
|
|
case "${WINE_CSP_LOG_LEVEL}" in
|
|
Trace|Debug)
|
|
export WINEDEBUG="warn+all"
|
|
;;
|
|
Information)
|
|
export WINEDEBUG="-all"
|
|
;;
|
|
Warning|Error|Critical)
|
|
export WINEDEBUG="-all"
|
|
;;
|
|
*)
|
|
export WINEDEBUG="-all"
|
|
;;
|
|
esac
|
|
|
|
# Set ASP.NET Core environment
|
|
export ASPNETCORE_URLS="http://+:${WINE_CSP_PORT}"
|
|
export ASPNETCORE_ENVIRONMENT="${ASPNETCORE_ENVIRONMENT:-Production}"
|
|
export Logging__LogLevel__Default="${WINE_CSP_LOG_LEVEL}"
|
|
|
|
# Check if CSP is available
|
|
if [[ -f "${CSP_INSTALLED_MARKER}" ]]; then
|
|
export WINE_CSP_CSP_AVAILABLE="true"
|
|
log "CryptoPro CSP is available"
|
|
else
|
|
export WINE_CSP_CSP_AVAILABLE="false"
|
|
log "Running without CryptoPro CSP (limited mode)"
|
|
fi
|
|
}
|
|
|
|
# ------------------------------------------------------------------------------
|
|
# Startup Validation
|
|
# ------------------------------------------------------------------------------
|
|
validate_environment() {
|
|
log "Validating environment"
|
|
|
|
# Check Wine is available
|
|
if ! command -v wine64 &> /dev/null; then
|
|
log_error "wine64 not found in PATH"
|
|
exit 1
|
|
fi
|
|
|
|
# Check application exists
|
|
if [[ ! -f "/app/WineCspService.exe" ]]; then
|
|
log_error "WineCspService.exe not found at /app/"
|
|
exit 1
|
|
fi
|
|
|
|
# Verify Wine prefix is writable
|
|
if [[ ! -w "${WINE_PREFIX}" ]]; then
|
|
log_error "Wine prefix ${WINE_PREFIX} is not writable"
|
|
exit 1
|
|
fi
|
|
|
|
log "Environment validation passed"
|
|
}
|
|
|
|
# ------------------------------------------------------------------------------
|
|
# Signal Handlers
|
|
# ------------------------------------------------------------------------------
|
|
cleanup() {
|
|
log "Received shutdown signal, cleaning up..."
|
|
|
|
# Stop Wine server gracefully
|
|
wineserver -k 15 2>/dev/null || true
|
|
sleep 2
|
|
wineserver -k 9 2>/dev/null || true
|
|
|
|
stop_xvfb
|
|
|
|
log "Cleanup complete"
|
|
exit 0
|
|
}
|
|
|
|
trap cleanup SIGTERM SIGINT SIGQUIT
|
|
|
|
# ------------------------------------------------------------------------------
|
|
# Main Entry Point
|
|
# ------------------------------------------------------------------------------
|
|
main() {
|
|
log "=========================================="
|
|
log "Wine CSP Service Entrypoint"
|
|
log "=========================================="
|
|
log "WARNING: For TEST VECTOR GENERATION ONLY"
|
|
log "=========================================="
|
|
|
|
validate_environment
|
|
initialize_wine
|
|
|
|
# Only attempt CSP installation in full mode
|
|
if [[ "${WINE_CSP_MODE}" == "full" ]]; then
|
|
install_cryptopro
|
|
fi
|
|
|
|
configure_service
|
|
|
|
# Start Xvfb for the main process
|
|
start_xvfb
|
|
|
|
log "Starting WineCspService..."
|
|
log "Listening on port ${WINE_CSP_PORT}"
|
|
|
|
# Execute the command passed to the container (or default)
|
|
if [[ $# -gt 0 ]]; then
|
|
exec "$@"
|
|
else
|
|
exec wine64 /app/WineCspService.exe
|
|
fi
|
|
}
|
|
|
|
main "$@"
|