Skip to content

Commit 1351f86

Browse files
author
roman
committed
main UPDATE add cert exp notif support
1 parent b7978d5 commit 1351f86

File tree

1 file changed

+88
-0
lines changed

1 file changed

+88
-0
lines changed

src/main.c

Lines changed: 88 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -505,6 +505,88 @@ np2srv_sm_oper_cb(sr_session_ctx_t *session, uint32_t UNUSED(sub_id), const char
505505
return rc;
506506
}
507507

508+
#ifdef NC_ENABLED_SSH_TLS
509+
510+
void
511+
np2srv_cert_exp_notif_cb(const char *expiration_time, const char *xpath, void *user_data)
512+
{
513+
sr_session_ctx_t *sr_sess = user_data;
514+
const struct ly_ctx *ly_ctx = NULL;
515+
int rc, stop_thread = 0;
516+
struct lyd_node *ntf = NULL;
517+
518+
ly_ctx = sr_acquire_context(np2srv.sr_conn);
519+
if (!ly_ctx) {
520+
ERR("Failed to acquire sysrepo context.");
521+
stop_thread = 1;
522+
goto cleanup;
523+
}
524+
525+
rc = lyd_new_path(NULL, ly_ctx, xpath, expiration_time, 0, &ntf);
526+
if (rc) {
527+
ERR("Failed to create certificate expiration notification data.");
528+
stop_thread = 1;
529+
goto cleanup;
530+
}
531+
532+
rc = sr_notif_send_tree(sr_sess, ntf, 0, 0);
533+
if (rc) {
534+
ERR("Failed to send certificate expiration notification.");
535+
stop_thread = 1;
536+
goto cleanup;
537+
}
538+
539+
cleanup:
540+
lyd_free_tree(ntf);
541+
if (ly_ctx) {
542+
sr_release_context(np2srv.sr_conn);
543+
}
544+
if (stop_thread) {
545+
nc_server_notif_cert_expiration_thread_stop(1);
546+
}
547+
}
548+
549+
static int
550+
np2srv_start_cert_exp_notif_thread()
551+
{
552+
int r, ret = 0;
553+
const struct ly_ctx *ly_ctx;
554+
const struct lys_module *mod;
555+
556+
ly_ctx = sr_acquire_context(np2srv.sr_conn);
557+
if (!ly_ctx) {
558+
ERR("Failed to acquire SR connection context.");
559+
return -1;
560+
}
561+
562+
mod = ly_ctx_get_module_implemented(ly_ctx, "ietf-crypto-types");
563+
if (!mod) {
564+
ERR("Module \"ietf-crypto-types\" not implemented in sysrepo.");
565+
ret = -1;
566+
goto cleanup;
567+
}
568+
569+
/* check if the feature is enabled and if so, then start the thread */
570+
r = lys_feature_value(mod, "certificate-expiration-notification");
571+
if (r == LY_SUCCESS) {
572+
if (nc_server_notif_cert_expiration_thread_start(np2srv_cert_exp_notif_cb, np2srv.sr_sess, NULL)) {
573+
ERR("Failed to start certificate expiration notification thread.");
574+
ret = -1;
575+
goto cleanup;
576+
}
577+
} else if (r == LY_ENOTFOUND) {
578+
ERR("Feature \"certificate-expiration-notification\" not found in module \"ietf-crypto-types\".");
579+
ret = -1;
580+
goto cleanup;
581+
}
582+
583+
cleanup:
584+
sr_release_context(np2srv.sr_conn);
585+
return ret;
586+
}
587+
588+
#endif /* NC_ENABLED_SSH_TLS */
589+
508590
/**
509591
* @brief Initialize the server,
510592
*
@@ -562,6 +644,12 @@ server_init(void)
562644
ERR("Setting authorized_keys path format failed.");
563645
goto error;
564646
}
647+
648+
/* start certificate expiration notification thread if the certificate-expiration-notification feature is enabled */
649+
if (np2srv_start_cert_exp_notif_thread()) {
650+
ERR("Starting certificate expiration notification thread failed.");
651+
goto error;
652+
}
565653
#endif /* NC_ENABLED_SSH_TLS */
566654

567655
/* set capabilities for the NETCONF Notifications */

0 commit comments

Comments
 (0)