main.go

/*
Copyright © 2024 da/net Research Group <danet@h-da.de>
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:

 1. Redistributions of source code must retain the above copyright notice,
    this list of conditions and the following disclaimer.

 2. Redistributions in binary form must reproduce the above copyright notice,
    this list of conditions and the following disclaimer in the documentation
    and/or other materials provided with the distribution.

 3. Neither the name of the copyright holder nor the names of its contributors
    may be used to endorse or promote products derived from this software
    without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
package main

import (
	"context"
	"flag"
	"os"
	"os/signal"
	"syscall"

	gnmitarget "code.fbi.h-da.de/danet/gnmi-target"
	"code.fbi.h-da.de/danet/gnmi-target/handler"
	"code.fbi.h-da.de/danet/quant/goKMS/config"
	kmsHandler "code.fbi.h-da.de/danet/quant/goKMS/gnmiHandlers/kms"
	"code.fbi.h-da.de/danet/quant/goKMS/gnmiHandlers/system"
	"code.fbi.h-da.de/danet/quant/goKMS/kms"
	"code.fbi.h-da.de/danet/quant/goKMS/kms/peers"
	"code.fbi.h-da.de/danet/quant/goKMS/kms/receiver"
	gnmitargetygot "code.fbi.h-da.de/danet/quant/goKMS/model"
	qkdnmanager "code.fbi.h-da.de/danet/quant/goKMS/qkdnManager"
	"github.com/google/uuid"
	log "github.com/sirupsen/logrus"
	"google.golang.org/grpc/resolver"
	"gopkg.in/yaml.v3"
)

func main() {
	configPath := flag.String("kms_config", "", "path to the config file")
	logLevel := flag.String("log", "info", "logrus lof level (debug, info, warn, error, fatal, panic)")
	gnmiBindAddress := flag.String("gnmiBindAddress", ":7030", "address to bind gNMI to (overwrites settings in config file)")
	gnmiTLS := flag.Bool("gnmiTLS", false, "If true do use TLS for gNMI, paths to ca, cert and key must be set aswell (overwrites settings in config file)")
	certFile := flag.String("certFile", "", "location of the gNMI cert file (overwrites settings in config file)")
	keyFile := flag.String("keyFile", "", "location of the gNMI key file (overwrites settings in config file)")
	caFile := flag.String("caFile", "", "location of the gNMI ca file (overwrites settings in config file)")
	noGRPCPassthrough := flag.Bool("noGRPCPassthrough", false, "set the default resolve scheme for grpc to not use passthrough, default is false")

	flag.Parse()

	if *noGRPCPassthrough {
		log.Info("gRPC default resolver scheme is not set to passthrough. This might cause issues with the gRPC connection when no real DNS server is available as each gRPC requests requires a DNS request.")
	} else {
		log.Info("Setting gRPC default resolver scheme to passthrough. No DNS queries are being made when doing a gRPC request.")
		resolver.SetDefaultScheme("passthrough")
	}

	// parse string, this is built-in feature of logrus
	ll, err := log.ParseLevel(*logLevel)
	if err != nil {
		ll = log.InfoLevel
		log.Warn("invalid log level, using default: ", ll)
	}
	// set global log level
	log.Info("setting log level to ", ll)
	log.SetLevel(ll)

	// Parse config file
	kmsConfig := &config.Config{}
	log.Debugf("current config path: %s", *configPath)
	file, err := os.ReadFile(*configPath)
	if err != nil {
		currentFolder, _ := os.Getwd()
		log.Fatalf("error reading config file: %s, current folder: %s", *configPath, currentFolder)
	}
	if err := yaml.Unmarshal(file, kmsConfig); err != nil {
		log.Fatal(err)
	}

	if kmsConfig.GRPCTimeoutInSeconds == 0 || kmsConfig.GRPCTimeoutInSeconds < 0 {
		log.Warnf("gRPC timeout is set to 0 or lower, setting it to default value: %d", config.DefaultGRPCTimeoutInSeconds)
		kmsConfig.GRPCTimeoutInSeconds = config.DefaultGRPCTimeoutInSeconds
	}

	// All gNMI settings which are provided via cli arguments should overwrite the settings in the config file.
	overwriteConfigFieldsWithFlags(kmsConfig, gnmiBindAddress, gnmiTLS, certFile, keyFile, caFile)

	// initialize id for the kms
	var kmsId uuid.UUID
	if kmsConfig.Id != "" {
		kmsId = uuid.MustParse(kmsConfig.Id)
	} else {
		kmsId = uuid.New()
	}

	outputTlsSettings(kmsConfig)
	kmsInfo := generateKMSInfo(kmsId)
	receiver := &receiver.Receiver{
		Receivers: make(map[uuid.UUID]chan<- struct{}),
	}

	kms := kms.NewKMS(kmsId, os.Stdout, log.GetLevel(), false, kmsConfig, receiver)

	// start Qkdn Manager server, if there is info about it in the config
	if kmsConfig.QkdnManagerServer != nil {
		go setupQkdnManagerServer(kms, *kmsConfig.QkdnManagerServer)
	} else {
		log.Info("No server for QkdnManager running.")
	}

	schema, err := gnmitargetygot.Schema()
	if err != nil {
		log.Fatal(err)
	}

	maxKeyFillLevels := getMaxKeyFillLevelsFromConfig(kmsConfig.Peers)

	// The registered path handlers sorted by priority. If specific
	// handlers should be able to process their workload before others,
	// then they should be placed in the front of the slice.
	handlers := []handler.PathHandler{
		system.NewHostnameHandler(),
		system.NewMemoryHandler(),
		system.NewStateHandler(),
		system.NewSystemHandler(),
		kmsHandler.NewCreateRouteHandler(kms),
		kmsHandler.NewKmsHandler(kmsInfo),
		kmsHandler.NewPeerHandler(kms),
		kmsHandler.NewKeyRoutingSessionHandler(kms),
		kmsHandler.NewAssignForwardingHandler(kms),
		kmsHandler.NewKeyStoreHandler(kms, maxKeyFillLevels),
	}

	// The gnmiTarget implementation uses a flag to pass NO tls, so we have to invert our flag for it to work.
	gnmiInsecure := !kmsConfig.GnmiTLS.Active
	gnmitTarget := gnmitarget.NewGnmiTarget(schema, &gnmitargetygot.Gnmitarget{}, gnmitargetygot.ΓModelData, gnmitargetygot.Unmarshal, gnmitargetygot.ΛEnum, handlers...)
	if err := gnmitTarget.Start(*gnmiBindAddress, kmsConfig.GnmiTLS.CertFile, kmsConfig.GnmiTLS.KeyFile, kmsConfig.GnmiTLS.CAFile, gnmiInsecure); err != nil {
		log.Fatal(err)
	}
}

func outputTlsSettings(config *config.Config) {
	currentDirectory, _ := os.Getwd()
	log.Debugf("current relative file path: %s", currentDirectory)

	log.Infof("TLS enabled for gNMI: %t", config.GnmiTLS.Active)
	if config.GnmiTLS.Active {
		log.Infof("TLS filepaths for gNMI: ca: %s, cert: %s, key: %s", config.GnmiTLS.CAFile, config.GnmiTLS.CertFile, config.GnmiTLS.KeyFile)
	}

	log.Infof("TLS enabled for KMS: %t", config.KmsTLS.Active)
	if config.KmsTLS.Active {
		log.Infof("TLS filepaths for KMS: ca: %s, cert: %s, key: %s", config.KmsTLS.CAFile, config.KmsTLS.CertFile, config.KmsTLS.KeyFile)
	}

	for _, peer := range config.Peers {
		log.Infof("TLS enabled for Quantum Module for peer %s: %t", peer.PeerId, peer.QuantumModule.TLS.Active)
		if peer.QuantumModule.TLS.Active {
			log.Infof("TLS filepaths for Quantum Module for peer %s: ca: %s, cert: %s, key: %s", peer.PeerId, peer.QuantumModule.TLS.CAFile, peer.QuantumModule.TLS.CertFile, peer.QuantumModule.TLS.KeyFile)
		}
	}

	log.Infof("TLS enabled for AKMS-CKMS Client interface: %t", config.AKMS.ClientTLS.Active)
	if config.AKMS.ClientTLS.Active {
		log.Infof("TLS filepaths for AKMS-CKMS Client interface: ca: %s, cert: %s, key: %s", config.AKMS.ClientTLS.CAFile, config.AKMS.ClientTLS.CertFile, config.AKMS.ClientTLS.KeyFile)
	}
	log.Infof("TLS enabled for AKMS-CKMS Server interface: %t", config.AKMS.ServerTLS.Active)
	if config.AKMS.ServerTLS.Active {
		log.Infof("TLS filepaths for AKMS-CKMS Server interface: ca: %s, cert: %s, key: %s", config.AKMS.ServerTLS.CAFile, config.AKMS.ServerTLS.CertFile, config.AKMS.ServerTLS.KeyFile)
	}
}

func isFlagPassed(name string) bool {
	found := false
	flag.Visit(func(f *flag.Flag) {
		if f.Name == name {
			found = true
		}
	})
	return found
}

func overwriteConfigFieldsWithFlags(config *config.Config, gnmiBindAddress *string, gnmiTLS *bool, certFile *string, keyFile *string, caFile *string) {
	if isFlagPassed("gnmiTLS") {
		config.GnmiTLS.Active = *gnmiTLS
	}

	if isFlagPassed("gnmiBindAddress") {
		config.GnmiBindAddress = *gnmiBindAddress
	}

	if *caFile != "" {
		config.GnmiTLS.CAFile = *caFile
	}

	if *certFile != "" {
		config.GnmiTLS.CertFile = *certFile
	}

	if *keyFile != "" {
		config.GnmiTLS.KeyFile = *keyFile
	}
}

func generateKMSInfo(id uuid.UUID) *config.KMSInfo {
	kmsVersionInformation := config.NewKMSVersionInformation("danet-emulated-kms", "0.1.0", "0.1.0")

	return config.NewKMSInfo(id, kmsVersionInformation, make(chan string))
}

func setupQkdnManagerServer(kms *kms.KMS, config config.QkdnManagerServer) {
	qkdnManagerServer := qkdnmanager.NewQkdnManagerServer(kms)

	qkdnManagerServer.InitHTTPServer(config)

	ctx, cancel := context.WithCancel(context.Background())
	stopChannel := make(chan os.Signal, 1)
	signal.Notify(stopChannel, syscall.SIGINT)

	defer func() {
		log.Info("Shutting down server...")
		if err := qkdnManagerServer.Server.Shutdown(ctx); err != nil {
			log.Errorf("Error shutting down server: %v", err)
			_ = qkdnManagerServer.Server.Close()
			return
		}
		log.Info("Gracefully shutdown server completed.")
	}()

	<-stopChannel

	cancel()
}

func getMaxKeyFillLevelsFromConfig(configPeers []config.Peer) map[string]uint64 {
	maxKeyFillLevels := make(map[string]uint64, 0)

	for _, peer := range configPeers {
		maxKeyFillLevel := uint64(peer.QuantumModule.MaxKeyFillLevel)

		if maxKeyFillLevel == 0 {
			maxKeyFillLevel = peers.DefaultMaxKeyFillLevel
		}

		maxKeyFillLevels[peer.PeerId] = maxKeyFillLevel
	}

	return maxKeyFillLevels
}