@@ -505,6 +505,98 @@ np2srv_sm_oper_cb(sr_session_ctx_t *session, uint32_t UNUSED(sub_id), const char
505505 return rc ;
506506}
507507
508+ #ifdef NC_ENABLED_SSH_TLS
509+
510+ /**
511+ * @brief Callback for sending certificate expiration notifications generated by libnetconf2.
512+ */
513+ static void
514+ np2srv_cert_exp_notif_cb (const char * expiration_time , const char * xpath , void * user_data )
515+ {
516+ sr_session_ctx_t * sr_sess = user_data ;
517+ const struct ly_ctx * ly_ctx = NULL ;
518+ int rc , stop_thread = 0 ;
519+ struct lyd_node * ntf = NULL ;
520+
521+ ly_ctx = sr_acquire_context (np2srv .sr_conn );
522+ if (!ly_ctx ) {
523+ ERR ("Failed to acquire sysrepo context." );
524+ stop_thread = 1 ;
525+ goto cleanup ;
526+ }
527+
528+ rc = lyd_new_path (NULL , ly_ctx , xpath , expiration_time , 0 , & ntf );
529+ if (rc ) {
530+ ERR ("Failed to create certificate expiration notification data." );
531+ stop_thread = 1 ;
532+ goto cleanup ;
533+ }
534+
535+ rc = sr_notif_send_tree (sr_sess , ntf , 0 , 0 );
536+ if (rc ) {
537+ ERR ("Failed to send certificate expiration notification." );
538+ stop_thread = 1 ;
539+ goto cleanup ;
540+ }
541+
542+ cleanup :
543+ lyd_free_tree (ntf );
544+ if (ly_ctx ) {
545+ sr_release_context (np2srv .sr_conn );
546+ }
547+ if (stop_thread ) {
548+ nc_server_notif_cert_expiration_thread_stop (1 );
549+ }
550+ }
551+
552+ /**
553+ * @brief Start the certificate expiration notification thread.
554+ *
555+ * The thread is started only if the 'certificate-expiration-notification' feature is enabled.
556+ *
557+ * @return 0 if the thread is successfully started or if the feature is disabled, -1 on error.
558+ */
559+ static int
560+ np2srv_start_cert_exp_notif_thread (void )
561+ {
562+ int r , ret = 0 ;
563+ const struct ly_ctx * ly_ctx ;
564+ const struct lys_module * mod ;
565+
566+ ly_ctx = sr_acquire_context (np2srv .sr_conn );
567+ if (!ly_ctx ) {
568+ ERR ("Failed to acquire SR connection context." );
569+ return -1 ;
570+ }
571+
572+ mod = ly_ctx_get_module_implemented (ly_ctx , "ietf-crypto-types" );
573+ if (!mod ) {
574+ ERR ("Module \"ietf-crypto-types\" not implemented in sysrepo." );
575+ ret = -1 ;
576+ goto cleanup ;
577+ }
578+
579+ /* check if the feature is enabled and if so, then start the thread */
580+ r = lys_feature_value (mod , "certificate-expiration-notification" );
581+ if (r == LY_SUCCESS ) {
582+ if (nc_server_notif_cert_expiration_thread_start (np2srv_cert_exp_notif_cb , np2srv .sr_sess , NULL )) {
583+ ERR ("Failed to start certificate expiration notification thread." );
584+ ret = -1 ;
585+ goto cleanup ;
586+ }
587+ } else if (r == LY_ENOTFOUND ) {
588+ ERR ("Feature \"certificate-expiration-notification\" not found in module \"ietf-crypto-types\"." );
589+ ret = -1 ;
590+ goto cleanup ;
591+ }
592+
593+ cleanup :
594+ sr_release_context (np2srv .sr_conn );
595+ return ret ;
596+ }
597+
598+ #endif /* NC_ENABLED_SSH_TLS */
599+
508600/**
509601 * @brief Initialize the server,
510602 *
@@ -562,6 +654,12 @@ server_init(void)
562654 ERR ("Setting authorized_keys path format failed." );
563655 goto error ;
564656 }
657+
658+ /* start certificate expiration notification thread if the certificate-expiration-notification feature is enabled */
659+ if (np2srv_start_cert_exp_notif_thread ()) {
660+ ERR ("Starting certificate expiration notification thread failed." );
661+ goto error ;
662+ }
565663#endif /* NC_ENABLED_SSH_TLS */
566664
567665 /* set capabilities for the NETCONF Notifications */
0 commit comments