Gitiles
Code Review Sign In
gerrit.cesnet.cz / github / CESNET / libnetconf2 / d30af55519c7acb3039d2a17aafd06b5ccf6638c / . / src / config_new_tls.c
blob: e0d03416488bd7a09442422bc77c903604a69679 [file] [log] [blame]
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1/**
2 * @file config_new_tls.c
3 * @author Roman Janota <janota@cesnet.cz>
4 * @brief libnetconf2 TLS server new configuration creation functions
5 *
6 * @copyright
7 * Copyright (c) 2023 CESNET, z.s.p.o.
8 *
9 * This source code is licensed under BSD 3-Clause License (the "License").
10 * You may not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * https://opensource.org/licenses/BSD-3-Clause
14 */
15
16#define _GNU_SOURCE
17
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]18#include <stdarg.h>
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]19#include <stdint.h>
20#include <stdio.h>
21#include <stdlib.h>
22#include <string.h>
23
24#include <libyang/libyang.h>
25
26#include "compat.h"
27#include "config.h"
28#include "config_new.h"
29#include "log_p.h"
30#include "server_config.h"
31#include "session.h"
32#include "session_p.h"
33
34API int
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]35nc_server_config_new_tls_server_certificate(const struct ly_ctx *ctx, const char *endpt_name, const char *pubkey_path,
36 const char *privkey_path, const char *certificate_path, struct lyd_node **config)
37{
38 int ret = 0;
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]39 char *privkey = NULL, *pubkey = NULL, *cert = NULL;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]40 NC_PRIVKEY_FORMAT privkey_type;
41 NC_PUBKEY_FORMAT pubkey_type;
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]42 const char *privkey_format, *pubkey_format;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]43
44 NC_CHECK_ARG_RET(NULL, ctx, endpt_name, privkey_path, certificate_path, 1);
45 NC_CHECK_ARG_RET(NULL, config, 1);
46
47 /* get the keys as a string from the given files */
48 ret = nc_server_config_new_get_keys(privkey_path, pubkey_path, &privkey, &pubkey, &privkey_type, &pubkey_type);
49 if (ret) {
50 ERR(NULL, "Getting keys from file(s) failed.");
51 goto cleanup;
52 }
53
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]54 /* get cert data from file */
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]55 ret = nc_server_config_new_read_certificate(certificate_path, &cert);
56 if (ret) {
57 ERR(NULL, "Getting certificate from file \"%s\" failed.", certificate_path);
58 goto cleanup;
59 }
60
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]61 /* get pubkey format str */
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]62 if (pubkey_type == NC_PUBKEY_FORMAT_X509) {
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]63 pubkey_format = "ietf-crypto-types:public-key-info-format";
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]64 } else {
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]65 pubkey_format = "ietf-crypto-types:ssh-public-key-format";
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]66 }
67
68 /* get privkey identityref value */
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]69 privkey_format = nc_config_new_privkey_format_to_identityref(privkey_type);
70 if (!privkey_format) {
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]71 ret = 1;
72 goto cleanup;
73 }
74
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]75 ret = nc_config_new_insert(ctx, config, pubkey_format, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
76 "tls/tls-server-parameters/server-identity/certificate/inline-definition/public-key-format", endpt_name);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]77 if (ret) {
78 goto cleanup;
79 }
80
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]81 ret = nc_config_new_insert(ctx, config, pubkey, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
82 "tls/tls-server-parameters/server-identity/certificate/inline-definition/public-key", endpt_name);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]83 if (ret) {
84 goto cleanup;
85 }
86
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]87 ret = nc_config_new_insert(ctx, config, privkey_format, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
88 "tls/tls-server-parameters/server-identity/certificate/inline-definition/private-key-format", endpt_name);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]89 if (ret) {
90 goto cleanup;
91 }
92
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]93 ret = nc_config_new_insert(ctx, config, privkey, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
94 "tls/tls-server-parameters/server-identity/certificate/inline-definition/cleartext-private-key", endpt_name);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]95 if (ret) {
96 goto cleanup;
97 }
98
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]99 ret = nc_config_new_insert(ctx, config, cert, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
100 "tls/tls-server-parameters/server-identity/certificate/inline-definition/cert-data", endpt_name);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]101 if (ret) {
102 goto cleanup;
103 }
104
105cleanup:
106 free(privkey);
107 free(pubkey);
108 free(cert);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]109 return ret;
110}
111
112API int
113nc_server_config_new_tls_client_certificate(const struct ly_ctx *ctx, const char *endpt_name, const char *cert_name,
114 const char *cert_path, struct lyd_node **config)
115{
116 int ret = 0;
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]117 char *cert = NULL;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]118
119 NC_CHECK_ARG_RET(NULL, ctx, endpt_name, cert_name, cert_path, config, 1);
120
121 ret = nc_server_config_new_read_certificate(cert_path, &cert);
122 if (ret) {
123 ERR(NULL, "Getting certificate from file \"%s\" failed.", cert_path);
124 goto cleanup;
125 }
126
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]127 ret = nc_config_new_insert(ctx, config, cert, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
128 "client-authentication/ee-certs/inline-definition/certificate[name='%s']/cert-data", endpt_name, cert_name);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]129 if (ret) {
130 goto cleanup;
131 }
132
133cleanup:
134 free(cert);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]135 return ret;
136}
137
138API int
139nc_server_config_new_tls_client_ca(const struct ly_ctx *ctx, const char *endpt_name, const char *cert_name,
140 const char *cert_path, struct lyd_node **config)
141{
142 int ret = 0;
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]143 char *cert = NULL;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]144
145 NC_CHECK_ARG_RET(NULL, ctx, endpt_name, cert_name, cert_path, config, 1);
146
147 ret = nc_server_config_new_read_certificate(cert_path, &cert);
148 if (ret) {
149 ERR(NULL, "Getting certificate from file \"%s\" failed.", cert_path);
150 goto cleanup;
151 }
152
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]153 ret = nc_config_new_insert(ctx, config, cert, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
154 "client-authentication/ca-certs/inline-definition/certificate[name='%s']/cert-data", endpt_name, cert_name);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]155 if (ret) {
156 goto cleanup;
157 }
158
159cleanup:
160 free(cert);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]161 return ret;
162}
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]163
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]164static const char *
165nc_config_new_tls_maptype2str(NC_TLS_CTN_MAPTYPE map_type)
166{
167 switch (map_type) {
168 case NC_TLS_CTN_SPECIFIED:
169 return "ietf-x509-cert-to-name:specified";
170 case NC_TLS_CTN_SAN_RFC822_NAME:
171 return "ietf-x509-cert-to-name:san-rfc822-name";
172 case NC_TLS_CTN_SAN_DNS_NAME:
173 return "ietf-x509-cert-to-name:san-dns-name";
174 case NC_TLS_CTN_SAN_IP_ADDRESS:
175 return "ietf-x509-cert-to-name:san-ip-address";
176 case NC_TLS_CTN_SAN_ANY:
177 return "ietf-x509-cert-to-name:san-any";
178 case NC_TLS_CTN_COMMON_NAME:
179 return "ietf-x509-cert-to-name:common-name";
180 case NC_TLS_CTN_UNKNOWN:
181 default:
182 ERR(NULL, "Unknown map_type.");
183 return NULL;
184 }
185}
186
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]187API int
188nc_server_config_new_tls_ctn(const struct ly_ctx *ctx, const char *endpt_name, uint32_t id, const char *fingerprint,
189 NC_TLS_CTN_MAPTYPE map_type, const char *name, struct lyd_node **config)
190{
191 int ret = 0;
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]192 const char *map;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]193
194 NC_CHECK_ARG_RET(NULL, ctx, endpt_name, id, map_type, name, 1);
195 NC_CHECK_ARG_RET(NULL, config, 1);
196
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]197 if (fingerprint) {
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]198 /* optional */
199 ret = nc_config_new_insert(ctx, config, fingerprint, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/"
200 "netconf-server-parameters/client-identity-mappings/cert-to-name[id='%d']/fingerprint", endpt_name, id);
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]201 if (ret) {
202 goto cleanup;
203 }
204 }
205
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]206 /* get map str */
207 map = nc_config_new_tls_maptype2str(map_type);
208 if (!map) {
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]209 ret = 1;
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]210 goto cleanup;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]211 }
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]212
213 ret = nc_config_new_insert(ctx, config, map, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/"
214 "netconf-server-parameters/client-identity-mappings/cert-to-name[id='%d']/map-type", endpt_name, id);
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]215 if (ret) {
216 goto cleanup;
217 }
218
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]219 ret = nc_config_new_insert(ctx, config, name, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/"
220 "netconf-server-parameters/client-identity-mappings/cert-to-name[id='%d']/name", endpt_name, id);
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]221 if (ret) {
222 goto cleanup;
223 }
224
225cleanup:
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]226 return ret;
227}
228
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]229static const char *
230nc_config_new_tls_tlsversion2str(NC_TLS_VERSION version)
231{
232 switch (version) {
233 case NC_TLS_VERSION_10:
234 return "ietf-tls-common:tls10";
235 case NC_TLS_VERSION_11:
236 return "ietf-tls-common:tls11";
237 case NC_TLS_VERSION_12:
238 return "ietf-tls-common:tls12";
239 case NC_TLS_VERSION_13:
240 return "ietf-tls-common:tls13";
241 default:
242 ERR(NULL, "Unknown TLS version.");
243 return NULL;
244 }
245}
246
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]247API int
248nc_server_config_new_tls_version(const struct ly_ctx *ctx, const char *endpt_name,
249 NC_TLS_VERSION tls_version, struct lyd_node **config)
250{
251 int ret = 0;
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]252 const char *version;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]253
254 NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, 1);
255
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]256 version = nc_config_new_tls_tlsversion2str(tls_version);
257 if (!version) {
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]258 ret = 1;
259 goto cleanup;
260 }
261
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]262 ret = nc_config_new_insert(ctx, config, version, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
263 "hello-params/tls-versions/tls-version", endpt_name);
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]264 if (ret) {
265 goto cleanup;
266 }
267
268cleanup:
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]269 return ret;
270}
271
272API int
273nc_server_config_new_tls_ciphers(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config,
roman08f67f42023-06-08 13:51:54 +0200[diff] [blame]274 int cipher_count, ...)
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]275{
276 int ret = 0;
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]277 struct lyd_node *old = NULL;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]278 va_list ap;
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]279 char *cipher = NULL, *cipher_ident = NULL, *old_path = NULL;
roman08f67f42023-06-08 13:51:54 +0200[diff] [blame]280 int i;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]281
282 NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, 1);
283
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]284 va_start(ap, cipher_count);
285
286 ret = asprintf(&old_path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
287 "tls/tls-server-parameters/hello-params/cipher-suites", endpt_name);
288 if (ret == -1) {
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]289 ERRMEM;
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]290 old_path = NULL;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]291 goto cleanup;
292 }
293
294 /* delete all older algorithms (if any) se they can be replaced by the new ones */
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]295 ret = lyd_find_path(*config, old_path, 0, &old);
296 if (!ret) {
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]297 lyd_free_tree(old);
298 }
299
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]300 for (i = 0; i < cipher_count; i++) {
301 cipher = va_arg(ap, char *);
302
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]303 ret = asprintf(&cipher_ident, "iana-tls-cipher-suite-algs:%s", cipher);
304 if (ret == -1) {
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]305 ERRMEM;
306 ret = 1;
307 goto cleanup;
308 }
309
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]310 ret = nc_config_new_insert(ctx, config, cipher_ident, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
311 "tls/tls-server-parameters/hello-params/cipher-suites/cipher-suite", endpt_name);
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]312 if (ret) {
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]313 goto cleanup;
314 }
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]315
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]316 free(cipher_ident);
317 cipher_ident = NULL;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]318 }
319
320cleanup:
321 va_end(ap);
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]322 free(old_path);
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]323 return ret;
324}
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]325
326API int
327nc_server_config_new_tls_crl_path(const struct ly_ctx *ctx, const char *endpt_name, const char *path, struct lyd_node **config)
328{
329 int ret = 0;
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]330 struct lyd_node *node = NULL;
331 char *url_path = NULL, *ext_path = NULL;
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]332
333 NC_CHECK_ARG_RET(NULL, ctx, endpt_name, path, config, 1);
334
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]335 ret = nc_config_new_insert(ctx, config, path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
336 "client-authentication/libnetconf2-netconf-server:crl-path", endpt_name);
337 if (ret) {
338 goto cleanup;
339 }
340
341 if (asprintf(&url_path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
342 "client-authentication/libnetconf2-netconf-server:crl-url", endpt_name) == -1) {
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]343 ERRMEM;
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]344 url_path = NULL;
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]345 ret = 1;
346 goto cleanup;
347 }
348
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]349 if (asprintf(&ext_path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
350 "client-authentication/libnetconf2-netconf-server:crl-cert-ext", endpt_name) == -1) {
351 ERRMEM;
352 ext_path = NULL;
353 ret = 1;
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]354 goto cleanup;
355 }
356
357 /* delete other choice nodes if they are present */
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]358 ret = lyd_find_path(*config, url_path, 0, &node);
359 if (!ret) {
360 lyd_free_tree(node);
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]361 }
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]362 ret = lyd_find_path(*config, ext_path, 0, &node);
363 if (!ret) {
364 lyd_free_tree(node);
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]365 }
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]366 /* don't care about the return values from lyd_find_path */
367 ret = 0;
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]368
369cleanup:
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]370 free(url_path);
371 free(ext_path);
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]372 return ret;
373}
374
375API int
376nc_server_config_new_tls_crl_url(const struct ly_ctx *ctx, const char *endpt_name, const char *url, struct lyd_node **config)
377{
378 int ret = 0;
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]379 struct lyd_node *node = NULL;
380 char *crl_path = NULL, *ext_path = NULL;
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]381
382 NC_CHECK_ARG_RET(NULL, ctx, endpt_name, url, config, 1);
383
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]384 ret = nc_config_new_insert(ctx, config, url, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
385 "client-authentication/libnetconf2-netconf-server:crl-url", endpt_name);
386 if (ret) {
387 goto cleanup;
388 }
389
390 if (asprintf(&crl_path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
391 "client-authentication/libnetconf2-netconf-server:crl-path", endpt_name) == -1) {
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]392 ERRMEM;
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]393 crl_path = NULL;
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]394 ret = 1;
395 goto cleanup;
396 }
397
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]398 if (asprintf(&ext_path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
399 "client-authentication/libnetconf2-netconf-server:crl-cert-ext", endpt_name) == -1) {
400 ERRMEM;
401 ext_path = NULL;
402 ret = 1;
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]403 goto cleanup;
404 }
405
406 /* delete other choice nodes if they are present */
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]407 ret = lyd_find_path(*config, crl_path, 0, &node);
408 if (!ret) {
409 lyd_free_tree(node);
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]410 }
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]411 ret = lyd_find_path(*config, ext_path, 0, &node);
412 if (!ret) {
413 lyd_free_tree(node);
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]414 }
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]415 /* don't care about the return values from lyd_find_path */
416 ret = 0;
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]417
418cleanup:
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]419 free(crl_path);
420 free(ext_path);
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]421 return ret;
422}
423
424API int
425nc_server_config_new_tls_crl_cert_ext(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config)
426{
427 int ret = 0;
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]428 struct lyd_node *node = NULL;
429 char *crl_path = NULL, *url_path = NULL;
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]430
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]431 ret = nc_config_new_insert(ctx, config, NULL, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
432 "client-authentication/libnetconf2-netconf-server:crl-cert-ext", endpt_name);
433 if (ret) {
434 goto cleanup;
435 }
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]436
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]437 if (asprintf(&crl_path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
438 "client-authentication/libnetconf2-netconf-server:crl-path", endpt_name) == -1) {
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]439 ERRMEM;
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]440 crl_path = NULL;
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]441 ret = 1;
442 goto cleanup;
443 }
444
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]445 if (asprintf(&url_path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
446 "client-authentication/libnetconf2-netconf-server:crl-url", endpt_name) == -1) {
447 ERRMEM;
448 url_path = NULL;
449 ret = 1;
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]450 goto cleanup;
451 }
452
453 /* delete other choice nodes if they are present */
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]454 ret = lyd_find_path(*config, crl_path, 0, &node);
455 if (!ret) {
456 lyd_free_tree(node);
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]457 }
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]458 ret = lyd_find_path(*config, url_path, 0, &node);
459 if (!ret) {
460 lyd_free_tree(node);
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]461 }
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]462 /* don't care about the return values from lyd_find_path */
463 ret = 0;
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]464
465cleanup:
romand30af552023-06-16 15:18:27 +0200[diff] [blame^]466 free(crl_path);
467 free(url_path);
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]468 return ret;
469}