config UPDATE CH TLS keystore and truststore
diff --git a/src/config_new_tls.c b/src/config_new_tls.c
index d80af8a..d1e9f81 100644
--- a/src/config_new_tls.c
+++ b/src/config_new_tls.c
@@ -181,30 +181,56 @@
"certificate/inline-definition", client_name, endpt_name);
}
-API int
-nc_server_config_new_tls_keystore_reference(const struct ly_ctx *ctx, const char *endpt_name, const char *asym_key_ref,
+static int
+_nc_server_config_new_tls_keystore_reference(const struct ly_ctx *ctx, const char *tree_path, const char *asym_key_ref,
const char *cert_ref, struct lyd_node **config)
{
int ret = 0;
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, asym_key_ref, cert_ref, config, 1);
-
/* create asymmetric key pair reference */
- ret = nc_config_new_create(ctx, config, asym_key_ref, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
- "tls/tls-server-parameters/server-identity/certificate/keystore-reference/asymmetric-key", endpt_name);
+ ret = nc_config_new_create_append(ctx, tree_path, "asymmetric-key", asym_key_ref, config);
if (ret) {
goto cleanup;
}
/* create cert reference, this cert has to belong to the asym key */
- ret = nc_config_new_create(ctx, config, cert_ref, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
- "tls/tls-server-parameters/server-identity/certificate/keystore-reference/certificate", endpt_name);
+ ret = nc_config_new_create_append(ctx, tree_path, "certificate", cert_ref, config);
+ if (ret) {
+ goto cleanup;
+ }
cleanup:
return ret;
}
API int
+nc_server_config_new_tls_keystore_reference(const struct ly_ctx *ctx, const char *endpt_name, const char *asym_key_ref,
+ const char *cert_ref, struct lyd_node **config)
+{
+ int ret = 0;
+ char *path = NULL;
+
+ NC_CHECK_ARG_RET(NULL, ctx, endpt_name, asym_key_ref, cert_ref, config, 1);
+
+ if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
+ "tls/tls-server-parameters/server-identity/certificate/keystore-reference", endpt_name) == -1) {
+ ERRMEM;
+ path = NULL;
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = _nc_server_config_new_tls_keystore_reference(ctx, path, asym_key_ref, cert_ref, config);
+ if (ret) {
+ goto cleanup;
+ }
+
+cleanup:
+ free(path);
+ return ret;
+}
+
+API int
nc_server_config_new_tls_del_keystore_reference(const char *endpt_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
@@ -213,6 +239,46 @@
"tls/tls-server-parameters/server-identity/certificate/keystore-reference", endpt_name);
}
+API int
+nc_server_config_new_ch_tls_keystore_reference(const struct ly_ctx *ctx, const char *client_name,
+ const char *endpt_name, const char *asym_key_ref, const char *cert_ref, struct lyd_node **config)
+{
+ int ret = 0;
+ char *path = NULL;
+
+ NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, asym_key_ref, cert_ref, 1);
+ NC_CHECK_ARG_RET(NULL, config, 1);
+
+ if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
+ "endpoint[name='%s']/tls/tls-server-parameters/server-identity/certificate/"
+ "keystore-reference", client_name, endpt_name) == -1) {
+ ERRMEM;
+ path = NULL;
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = _nc_server_config_new_tls_keystore_reference(ctx, path, asym_key_ref, cert_ref, config);
+ if (ret) {
+ goto cleanup;
+ }
+
+cleanup:
+ free(path);
+ return ret;
+}
+
+API int
+nc_server_config_new_ch_tls_del_keystore_reference(const char *client_name, const char *endpt_name,
+ struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
+
+ return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
+ "endpoints/endpoint[name='%s']/tls/tls-server-parameters/server-identity/certificate/"
+ "keystore-reference", client_name, endpt_name);
+}
+
static int
_nc_server_config_new_tls_client_certificate(const struct ly_ctx *ctx, const char *tree_path,
const char *cert_path, struct lyd_node **config)
@@ -347,6 +413,28 @@
}
API int
+nc_server_config_new_ch_tls_client_cert_truststore_ref(const struct ly_ctx *ctx, const char *client_name,
+ const char *endpt_name, const char *cert_bag_ref, struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, cert_bag_ref, config, 1);
+
+ return nc_config_new_create(ctx, config, cert_bag_ref, "/ietf-netconf-server:netconf-server/call-home/"
+ "netconf-client[name='%s']/endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
+ "client-authentication/ee-certs/truststore-reference", client_name, endpt_name);
+}
+
+API int
+nc_server_config_new_ch_tls_del_client_cert_truststore_ref(const char *client_name, const char *endpt_name,
+ struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
+
+ return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
+ "netconf-client[name='%s']/endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
+ "client-authentication/ee-certs/truststore-reference", client_name, endpt_name);
+}
+
+API int
nc_server_config_new_tls_client_ca(const struct ly_ctx *ctx, const char *endpt_name, const char *cert_name,
const char *cert_path, struct lyd_node **config)
{
@@ -456,6 +544,28 @@
"tls-server-parameters/client-authentication/ca-certs/truststore-reference", endpt_name);
}
+API int
+nc_server_config_new_ch_tls_client_ca_truststore_ref(const struct ly_ctx *ctx, const char *client_name,
+ const char *endpt_name, const char *cert_bag_ref, struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, cert_bag_ref, config, 1);
+
+ return nc_config_new_create(ctx, config, cert_bag_ref, "/ietf-netconf-server:netconf-server/call-home/"
+ "netconf-client[name='%s']/endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
+ "client-authentication/ca-certs/truststore-reference", client_name, endpt_name);
+}
+
+API int
+nc_server_config_new_ch_tls_del_client_ca_truststore_ref(const char *client_name, const char *endpt_name,
+ struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
+
+ return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
+ "netconf-client[name='%s']/endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
+ "client-authentication/ca-certs/truststore-reference", client_name, endpt_name);
+}
+
static const char *
nc_config_new_tls_maptype2str(NC_TLS_CTN_MAPTYPE map_type)
{
diff --git a/src/server_config.h b/src/server_config.h
index 3456291..daeb822 100644
--- a/src/server_config.h
+++ b/src/server_config.h
@@ -1587,7 +1587,7 @@
* it will be generated from the private key.
* @param[in] privkey_path Path to the server's private key file.
* @param[in] certificate_path Path to the server's certificate file.
- * @param config Configuration YANG data tree. If *config is NULL, it will be created.
+ * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
@@ -1606,6 +1606,34 @@
struct lyd_node **config);
/**
+ * @brief Creates new YANG configuration data nodes for a keystore reference to the Call Home TLS server's certificate.
+ *
+ * @param[in] ctx libyang context.
+ * @param[in] client_name Arbitrary identifier of the call-home client.
+ * If a call-home client with this identifier already exists, its contents will be changed.
+ * @param[in] endpt_name Arbitrary identifier of the call-home client's endpoint.
+ * If a call-home client's endpoint with this identifier already exists, its contents will be changed.
+ * @param[in] asym_key_ref Name of the asymmetric key pair in the keystore to be referenced.
+ * @param[in] cert_ref Name of the certificate, which must belong to the given asymmetric key pair, to be referenced.
+ * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
+ * Otherwise the new YANG data will be added to the previous data and may override it.
+ * @return 0 on success, non-zero otherwise.
+ */
+int nc_server_config_new_ch_tls_keystore_reference(const struct ly_ctx *ctx, const char *client_name,
+ const char *endpt_name, const char *asym_key_ref, const char *cert_ref, struct lyd_node **config);
+
+/**
+ * @brief Deletes a TLS server certificate keystore reference from the YANG data.
+ *
+ * @param[in] client_name Identifier of an existing Call-Home client.
+ * @param[in] endpt_name Identifier of an existing Call-Home endpoint that belongs to the given client.
+ * @param[in,out] config Modified configuration YANG data tree.
+ * @return 0 on success, non-zero otherwise.
+ */
+int nc_server_config_new_ch_tls_del_keystore_reference(const char *client_name, const char *endpt_name,
+ struct lyd_node **config);
+
+/**
* @brief Creates new YANG configuration data nodes for a call-home client's (end-entity) certificate.
*
* @param[in] ctx libyang context.
@@ -1616,7 +1644,7 @@
* @param[in] cert_name Arbitrary identifier of the call-home endpoint's end-entity certificate.
* If an call-home endpoint's end-entity certificate with this identifier already exists, its contents will be changed.
* @param[in] cert_path Path to the certificate file.
- * @param config Configuration YANG data tree. If *config is NULL, it will be created.
+ * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
@@ -1637,6 +1665,33 @@
const char *cert_name, struct lyd_node **config);
/**
+ * @brief Creates new YANG configuration data nodes for a Call Home truststore reference to a set of client (end-entity) certificates.
+ *
+ * @param[in] ctx libyang context.
+ * @param[in] client_name Arbitrary identifier of the call-home client.
+ * If a call-home client with this identifier already exists, its contents will be changed.
+ * @param[in] endpt_name Arbitrary identifier of the call-home client's endpoint.
+ * If a call-home client's endpoint with this identifier already exists, its contents will be changed.
+ * @param[in] cert_bag_ref Identifier of the certificate bag in the truststore to be referenced.
+ * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
+ * Otherwise the new YANG data will be added to the previous data and may override it.
+ * @return 0 on success, non-zero otherwise.
+ */
+int nc_server_config_new_ch_tls_client_cert_truststore_ref(const struct ly_ctx *ctx, const char *client_name,
+ const char *endpt_name, const char *cert_bag_ref, struct lyd_node **config);
+
+/**
+ * @brief Deletes a Call Home client (end-entity) certificates truststore reference from the YANG data.
+ *
+ * @param[in] client_name Identifier of an existing Call-Home client.
+ * @param[in] endpt_name Identifier of an existing Call-Home endpoint that belongs to the given client.
+ * @param[in,out] config Modified configuration YANG data tree.
+ * @return 0 on success, non-zero otherwise.
+ */
+int nc_server_config_new_ch_tls_del_client_cert_truststore_ref(const char *client_name, const char *endpt_name,
+ struct lyd_node **config);
+
+/**
* @brief Creates new YANG configuration data nodes for a client certificate authority (trust-anchor) certificate.
*
* @param[in] ctx libyang context.
@@ -1668,6 +1723,33 @@
const char *cert_name, struct lyd_node **config);
/**
+ * @brief Creates new YANG configuration data nodes for a Call Home truststore reference to a set of client certificate authority (trust-anchor) certificates.
+ *
+ * @param[in] ctx libyang context.
+ * @param[in] client_name Arbitrary identifier of the call-home client.
+ * If a call-home client with this identifier already exists, its contents will be changed.
+ * @param[in] endpt_name Arbitrary identifier of the call-home client's endpoint.
+ * If a call-home client's endpoint with this identifier already exists, its contents will be changed.
+ * @param[in] cert_bag_ref Identifier of the certificate bag in the truststore to be referenced.
+ * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
+ * Otherwise the new YANG data will be added to the previous data and may override it.
+ * @return 0 on success, non-zero otherwise.
+ */
+int nc_server_config_new_ch_tls_client_ca_truststore_ref(const struct ly_ctx *ctx, const char *client_name,
+ const char *endpt_name, const char *cert_bag_ref, struct lyd_node **config);
+
+/**
+ * @brief Deletes a Call Home client certificate authority (trust-anchor) certificates truststore reference from the YANG data.
+ *
+ * @param[in] client_name Identifier of an existing Call-Home client.
+ * @param[in] endpt_name Identifier of an existing Call-Home endpoint that belongs to the given client.
+ * @param[in,out] config Modified configuration YANG data tree.
+ * @return 0 on success, non-zero otherwise.
+ */
+int nc_server_config_new_ch_tls_del_client_ca_truststore_ref(const char *client_name, const char *endpt_name,
+ struct lyd_node **config);
+
+/**
* @brief Creates new YANG configuration data nodes for a call-home cert-to-name entry.
*
* @param[in] ctx libyang context.