@@ -505,6 +505,98 @@ np2srv_sm_oper_cb(sr_session_ctx_t *session, uint32_t UNUSED(sub_id), const char
505
505
return rc ;
506
506
}
507
507
508
+ #ifdef NC_ENABLED_SSH_TLS
509
+
510
+ /**
511
+ * @brief Callback for sending certificate expiration notifications generated by libnetconf2.
512
+ */
513
+ static void
514
+ np2srv_cert_exp_notif_cb (const char * expiration_time , const char * xpath , void * user_data )
515
+ {
516
+ sr_session_ctx_t * sr_sess = user_data ;
517
+ const struct ly_ctx * ly_ctx = NULL ;
518
+ int rc , stop_thread = 0 ;
519
+ struct lyd_node * ntf = NULL ;
520
+
521
+ ly_ctx = sr_acquire_context (np2srv .sr_conn );
522
+ if (!ly_ctx ) {
523
+ ERR ("Failed to acquire sysrepo context." );
524
+ stop_thread = 1 ;
525
+ goto cleanup ;
526
+ }
527
+
528
+ rc = lyd_new_path (NULL , ly_ctx , xpath , expiration_time , 0 , & ntf );
529
+ if (rc ) {
530
+ ERR ("Failed to create certificate expiration notification data." );
531
+ stop_thread = 1 ;
532
+ goto cleanup ;
533
+ }
534
+
535
+ rc = sr_notif_send_tree (sr_sess , ntf , 0 , 0 );
536
+ if (rc ) {
537
+ ERR ("Failed to send certificate expiration notification." );
538
+ stop_thread = 1 ;
539
+ goto cleanup ;
540
+ }
541
+
542
+ cleanup :
543
+ lyd_free_tree (ntf );
544
+ if (ly_ctx ) {
545
+ sr_release_context (np2srv .sr_conn );
546
+ }
547
+ if (stop_thread ) {
548
+ nc_server_notif_cert_expiration_thread_stop (1 );
549
+ }
550
+ }
551
+
552
+ /**
553
+ * @brief Start the certificate expiration notification thread.
554
+ *
555
+ * The thread is started only if the 'certificate-expiration-notification' feature is enabled.
556
+ *
557
+ * @return 0 if the thread is successfully started or if the feature is disabled, -1 on error.
558
+ */
559
+ static int
560
+ np2srv_start_cert_exp_notif_thread (void )
561
+ {
562
+ int r , ret = 0 ;
563
+ const struct ly_ctx * ly_ctx ;
564
+ const struct lys_module * mod ;
565
+
566
+ ly_ctx = sr_acquire_context (np2srv .sr_conn );
567
+ if (!ly_ctx ) {
568
+ ERR ("Failed to acquire SR connection context." );
569
+ return -1 ;
570
+ }
571
+
572
+ mod = ly_ctx_get_module_implemented (ly_ctx , "ietf-crypto-types" );
573
+ if (!mod ) {
574
+ ERR ("Module \"ietf-crypto-types\" not implemented in sysrepo." );
575
+ ret = -1 ;
576
+ goto cleanup ;
577
+ }
578
+
579
+ /* check if the feature is enabled and if so, then start the thread */
580
+ r = lys_feature_value (mod , "certificate-expiration-notification" );
581
+ if (r == LY_SUCCESS ) {
582
+ if (nc_server_notif_cert_expiration_thread_start (np2srv_cert_exp_notif_cb , np2srv .sr_sess , NULL )) {
583
+ ERR ("Failed to start certificate expiration notification thread." );
584
+ ret = -1 ;
585
+ goto cleanup ;
586
+ }
587
+ } else if (r == LY_ENOTFOUND ) {
588
+ ERR ("Feature \"certificate-expiration-notification\" not found in module \"ietf-crypto-types\"." );
589
+ ret = -1 ;
590
+ goto cleanup ;
591
+ }
592
+
593
+ cleanup :
594
+ sr_release_context (np2srv .sr_conn );
595
+ return ret ;
596
+ }
597
+
598
+ #endif /* NC_ENABLED_SSH_TLS */
599
+
508
600
/**
509
601
* @brief Initialize the server,
510
602
*
@@ -562,6 +654,12 @@ server_init(void)
562
654
ERR ("Setting authorized_keys path format failed." );
563
655
goto error ;
564
656
}
657
+
658
+ /* start certificate expiration notification thread if the certificate-expiration-notification feature is enabled */
659
+ if (np2srv_start_cert_exp_notif_thread ()) {
660
+ ERR ("Starting certificate expiration notification thread failed." );
661
+ goto error ;
662
+ }
565
663
#endif /* NC_ENABLED_SSH_TLS */
566
664
567
665
/* set capabilities for the NETCONF Notifications */
0 commit comments