cryptops-api.c

#include <includes/common-includes.h>
#include <includes/settings.h>

#define FIFO_PATH "/tmp/cryptops-api-stop"

#include <auxiliary.c>
#include <encryption_functions.c>
#include <api/default.c>
#include <api/encryption_add.c>
#include <api/encryption_unlock.c>
#include <api/encryption_keys_put.c>
#include <api/ssh_keys_get.c>

int main(int argc, char ** argv)
{
    y_init_logs("cryptops-api", Y_LOG_MODE_CONSOLE, Y_LOG_LEVEL_DEBUG,
        NULL, "Starting cryptops-api");

    // Set address to bind to.
    struct sockaddr_in address;
    bzero(&address, sizeof(address));
    address.sin_family = AF_INET;
    address.sin_port = htons((unsigned short)PORT);
    inet_pton(AF_INET, BIND_ADDRESS, &address.sin_addr);

    struct _u_instance instance;
    if (ulfius_init_instance(&instance, PORT, &address, NULL) != U_OK)
    {
        y_log_message(Y_LOG_LEVEL_ERROR, "Error ulfius_init_instance, abort");
        return(1);
    }

    u_map_put(instance.default_headers, "Access-Control-Allow-Origin", "*");

    // Maximum body size sent by the client is 1 Kb.
    instance.max_post_body_size = 1024;

    // Add api endpoints.
    bool reboot = false;
    ulfius_add_endpoint_by_val(&instance, "POST", PREFIX,
        "/encryption/add",
        0, &callback_encryption_add, &reboot);
    ulfius_add_endpoint_by_val(&instance, "POST", PREFIX,
        "/encryption/unlock",
        0, &callback_encryption_unlock, NULL);
    ulfius_add_endpoint_by_val(&instance, "PUT" , PREFIX,
        "/encryption/keys/:slot",
        0, &callback_encryption_keys_put, NULL);
    ulfius_add_endpoint_by_val(&instance, "GET" , PREFIX,
        "/ssh/keys",
        0, &callback_ssh_keys_get, NULL);

    // Add default endpoint.
    ulfius_set_default_endpoint(&instance, &callback_default, NULL);

    // Start the framework.
    int ret;
    if (argc == 4 && strcmp("-secure", argv[1]) == 0)
    {
        // If command-line options are -secure <key_file> <cert_file>,
        // then listen for https connections.
        char * key_pem = read_file(argv[2]);
        char * cert_pem = read_file(argv[3]);
        ret = ulfius_start_secure_framework(&instance, key_pem, cert_pem);
        o_free(key_pem);
        o_free(cert_pem);
    }
    else
    {
        // Listen for http connections.
        ret = ulfius_start_framework(&instance);
    }

    if (ret == U_OK)
    {
        y_log_message(Y_LOG_LEVEL_DEBUG, "Start %sframework on port %d",
            ((argc == 4 && strcmp("-secure", argv[1]) == 0) ? "secure " : ""),
            instance.port);
        
        // Wait for signal from fifo to quit.
        y_init_logs("cryptops-api", Y_LOG_MODE_CONSOLE, Y_LOG_LEVEL_DEBUG,
            NULL, "Waiting for fifo signal to quit");
        int fifo = 0;
        char buf[4];
        char fifo_path[] = FIFO_PATH;
        mkfifo(fifo_path, 0600);
        fifo = open(fifo_path, O_RDONLY);
        // This will block until the fifo is written to.
        read(fifo, &buf, 4);
    }
    else
    {
        y_log_message(Y_LOG_LEVEL_DEBUG, "Error starting framework");
    }
    y_log_message(Y_LOG_LEVEL_DEBUG, "End framework");
    
    y_close_logs();
    
    ulfius_stop_framework(&instance);
    ulfius_clean_instance(&instance);

    // Check if the encryption/add said that we should reboot.
    if (reboot)
    {
        printf("rebooting...");
        reboot_initrd();
    }

    return 0;
}