Skip to content

Commit 49ad5d4

Browse files
author
roman
committed
main UPDATE add cert exp notif support
1 parent b7978d5 commit 49ad5d4

File tree

1 file changed

+98
-0
lines changed

1 file changed

+98
-0
lines changed

src/main.c

Lines changed: 98 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -505,6 +505,98 @@ np2srv_sm_oper_cb(sr_session_ctx_t *session, uint32_t UNUSED(sub_id), const char
505505
return rc;
506506
}
507507

508+
#ifdef NC_ENABLED_SSH_TLS
509+
510+
/**
511+
* @brief Callback for sending certificate expiration notifications generated by libnetconf2.
512+
*/
513+
static void
514+
np2srv_cert_exp_notif_cb(const char *expiration_time, const char *xpath, void *user_data)
515+
{
516+
sr_session_ctx_t *sr_sess = user_data;
517+
const struct ly_ctx *ly_ctx = NULL;
518+
int rc, stop_thread = 0;
519+
struct lyd_node *ntf = NULL;
520+
521+
ly_ctx = sr_acquire_context(np2srv.sr_conn);
522+
if (!ly_ctx) {
523+
ERR("Failed to acquire sysrepo context.");
524+
stop_thread = 1;
525+
goto cleanup;
526+
}
527+
528+
rc = lyd_new_path(NULL, ly_ctx, xpath, expiration_time, 0, &ntf);
529+
if (rc) {
530+
ERR("Failed to create certificate expiration notification data.");
531+
stop_thread = 1;
532+
goto cleanup;
533+
}
534+
535+
rc = sr_notif_send_tree(sr_sess, ntf, 0, 0);
536+
if (rc) {
537+
ERR("Failed to send certificate expiration notification.");
538+
stop_thread = 1;
539+
goto cleanup;
540+
}
541+
542+
cleanup:
543+
lyd_free_tree(ntf);
544+
if (ly_ctx) {
545+
sr_release_context(np2srv.sr_conn);
546+
}
547+
if (stop_thread) {
548+
nc_server_notif_cert_expiration_thread_stop(1);
549+
}
550+
}
551+
552+
/**
553+
* @brief Start the certificate expiration notification thread.
554+
*
555+
* The thread is started only if the 'certificate-expiration-notification' feature is enabled.
556+
*
557+
* @return 0 if the thread is successfully started or if the feature is disabled, -1 on error.
558+
*/
559+
static int
560+
np2srv_start_cert_exp_notif_thread(void)
561+
{
562+
int r, ret = 0;
563+
const struct ly_ctx *ly_ctx;
564+
const struct lys_module *mod;
565+
566+
ly_ctx = sr_acquire_context(np2srv.sr_conn);
567+
if (!ly_ctx) {
568+
ERR("Failed to acquire SR connection context.");
569+
return -1;
570+
}
571+
572+
mod = ly_ctx_get_module_implemented(ly_ctx, "ietf-crypto-types");
573+
if (!mod) {
574+
ERR("Module \"ietf-crypto-types\" not implemented in sysrepo.");
575+
ret = -1;
576+
goto cleanup;
577+
}
578+
579+
/* check if the feature is enabled and if so, then start the thread */
580+
r = lys_feature_value(mod, "certificate-expiration-notification");
581+
if (r == LY_SUCCESS) {
582+
if (nc_server_notif_cert_expiration_thread_start(np2srv_cert_exp_notif_cb, np2srv.sr_sess, NULL)) {
583+
ERR("Failed to start certificate expiration notification thread.");
584+
ret = -1;
585+
goto cleanup;
586+
}
587+
} else if (r == LY_ENOTFOUND) {
588+
ERR("Feature \"certificate-expiration-notification\" not found in module \"ietf-crypto-types\".");
589+
ret = -1;
590+
goto cleanup;
591+
}
592+
593+
cleanup:
594+
sr_release_context(np2srv.sr_conn);
595+
return ret;
596+
}
597+
598+
#endif /* NC_ENABLED_SSH_TLS */
599+
508600
/**
509601
* @brief Initialize the server,
510602
*
@@ -562,6 +654,12 @@ server_init(void)
562654
ERR("Setting authorized_keys path format failed.");
563655
goto error;
564656
}
657+
658+
/* start certificate expiration notification thread if the certificate-expiration-notification feature is enabled */
659+
if (np2srv_start_cert_exp_notif_thread()) {
660+
ERR("Starting certificate expiration notification thread failed.");
661+
goto error;
662+
}
565663
#endif /* NC_ENABLED_SSH_TLS */
566664

567665
/* set capabilities for the NETCONF Notifications */

0 commit comments

Comments
 (0)