Skip to content

Commit 520ef26

Browse files
author
roman
committed
main UPDATE add cert exp notif support
1 parent b7978d5 commit 520ef26

File tree

1 file changed

+86
-0
lines changed

1 file changed

+86
-0
lines changed

src/main.c

Lines changed: 86 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -505,6 +505,86 @@ np2srv_sm_oper_cb(sr_session_ctx_t *session, uint32_t UNUSED(sub_id), const char
505505
return rc;
506506
}
507507

508+
#ifdef NC_ENABLED_SSH_TLS
509+
510+
void
511+
np2srv_cert_exp_notif_cb(const char *expiration_time, const char *xpath, void *user_data)
512+
{
513+
sr_session_ctx_t *sr_sess = user_data;
514+
const struct ly_ctx *ly_ctx = NULL;
515+
int r;
516+
struct lyd_node *ntf = NULL;
517+
518+
ly_ctx = sr_acquire_context(np2srv.sr_conn);
519+
if (!ly_ctx) {
520+
ERR("Failed to acquire sysrepo context.");
521+
r = 1;
522+
goto cleanup;
523+
}
524+
525+
r = lyd_new_path(NULL, ly_ctx, xpath, expiration_time, 0, &ntf);
526+
if (r) {
527+
ERR("Failed to create certificate expiration notification data.");
528+
goto cleanup;
529+
}
530+
531+
r = sr_notif_send_tree(sr_sess, ntf, 0, 0);
532+
if (r) {
533+
ERR("Failed to send certificate expiration notification.");
534+
goto cleanup;
535+
}
536+
537+
cleanup:
538+
lyd_free_tree(ntf);
539+
if (ly_ctx) {
540+
sr_release_context(np2srv.sr_conn);
541+
}
542+
if (r) {
543+
nc_server_notif_cert_expiration_thread_stop(1);
544+
}
545+
}
546+
547+
static int
548+
np2srv_start_cert_exp_notif_thread()
549+
{
550+
int r, ret = 0;
551+
const struct ly_ctx *ly_ctx;
552+
const struct lys_module *mod;
553+
554+
ly_ctx = sr_acquire_context(np2srv.sr_conn);
555+
if (!ly_ctx) {
556+
ERR("Failed to acquire SR connection context.");
557+
return -1;
558+
}
559+
560+
mod = ly_ctx_get_module_implemented(ly_ctx, "ietf-crypto-types");
561+
if (!mod) {
562+
ERR("Module \"ietf-crypto-types\" not implemented in sysrepo.");
563+
ret = -1;
564+
goto cleanup;
565+
}
566+
567+
/* check if the feature is enabled and if so, then start the thread */
568+
r = lys_feature_value(mod, "certificate-expiration-notification");
569+
if (r == LY_SUCCESS) {
570+
if (nc_server_notif_cert_expiration_thread_start(np2srv_cert_exp_notif_cb, np2srv.sr_sess, NULL)) {
571+
ERR("Failed to start certificate expiration notification thread.");
572+
ret = -1;
573+
goto cleanup;
574+
}
575+
} else if (r == LY_ENOTFOUND) {
576+
ERR("Feature \"certificate-expiration-notification\" not found in module \"ietf-crypto-types\".");
577+
ret = -1;
578+
goto cleanup;
579+
}
580+
581+
cleanup:
582+
sr_release_context(np2srv.sr_conn);
583+
return ret;
584+
}
585+
586+
#endif /* NC_ENABLED_SSH_TLS */
587+
508588
/**
509589
* @brief Initialize the server,
510590
*
@@ -562,6 +642,12 @@ server_init(void)
562642
ERR("Setting authorized_keys path format failed.");
563643
goto error;
564644
}
645+
646+
/* start certificate expiration notification thread if the certificate-expiration-notification feature is enabled */
647+
if (np2srv_start_cert_exp_notif_thread()) {
648+
ERR("Starting certificate expiration notification thread failed.");
649+
goto error;
650+
}
565651
#endif /* NC_ENABLED_SSH_TLS */
566652

567653
/* set capabilities for the NETCONF Notifications */

0 commit comments

Comments
 (0)