docker-compose.yml

version: '3.8'

services:
  http_server_b:
    build:
      context: ./docker/http_server_b
    ports:
      - "5000:5000"
    volumes:
      - ./docker/http_server_b:/app
    hostname: http_server_b
    networks:
      - rsa_lab_net
  
  http_server_b_patched:
    build:
      context: ./docker/http_server_b_patched
    ports:
      - "5001:5001"   # host 5001 -> container 5001
    volumes:
      - ./docker/http_server_b_patched:/app
    hostname: http_server_b_patched
    networks:
      - rsa_lab_net

  # tls-like oracle (socket based) for Bleichenbacher PoC
  tls_like_server:
    build:
      context: ./docker/tls_like_server
    container_name: tls_like_server
    ports:
      - "1337:1337"
    volumes:
      - ./poc:/app/poc                 # public key visible here
    environment:
      - HOST=0.0.0.0
      - PORT=1337
      - PUB_DIR=/app/poc/Bleichenbacher
      - PRIVATE_DIR=/app/keys
    healthcheck:
      test: ["CMD-SHELL", "sh -c 'nc -z localhost 1337 || exit 1'"]
      interval: 2s
      timeout: 2s
      retries: 30
    networks:
      - rsa_lab_net
  # tls-like oracle (socket based) - PATCHED (no padding oracle)
  tls_like_server_patched:
    build:
      context: ./docker/tls_like_server_patched
    container_name: tls_like_server_patched
    ports:
      - "1338:1338"   # host 1338 -> container 1337
    volumes:
      - ./poc:/app/poc
    environment:
      - HOST=0.0.0.0
      - PORT=1338
      - PUB_DIR=/app/poc/Bleichenbacher
      - PRIVATE_DIR=/app/keys
    healthcheck:
      test: ["CMD-SHELL", "sh -c 'nc -z localhost 1337 || exit 1'"]
      interval: 2s
      timeout: 2s
      retries: 30
    networks:
      - rsa_lab_net

  http_server_c:
    build:
      context: ./docker/http_server_c
    ports:
      - "8000:8000"
    hostname: http_server_c
    volumes:
      - http_server_c_keys:/app/keys
    networks:
      - rsa_lab_net

  attack:
    build:
      context: ./docker/attack
    container_name: attack       # giữ tên 'attack' để khớp attack.sh
    volumes:
      - ./poc:/app/poc
      - ./logs:/app/logs
      - ./poc/Bleichenbacher/attack.sh:/app/attackA.sh:ro   # optional: mount script
    depends_on:
      - tls_like_server
      - http_server_b
      - http_server_b_patched
      - http_server_c
      - tls_like_server_patched
    environment:
      - ORACLE_HOST=tls_like_server
      - ORACLE_HOST_PATCHED=tls_like_server_patched
      - ORACLE_PORT=1337
      - ORACLE_PORT_PATCHED=1338
      - KEY_PATH=/app/poc/Bleichenbacher/public.pem
    # keep container alive, do NOT auto-run attack
    command: ["bash", "-lc", "sleep infinity"]
    stdin_open: true
    tty: true
    networks:
      - rsa_lab_net


volumes:
  http_server_c_keys:
    driver: local

networks:
  rsa_lab_net:
    driver: bridge