29#define CONFIG_TYPE "profile"
31#define DEFAULT_endpoint_behavior endpoint_behavior_OFF
33#define DEFAULT_ca_file NULL
34#define DEFAULT_ca_path NULL
35#define DEFAULT_crl_file NULL
36#define DEFAULT_crl_path NULL
37#define DEFAULT_untrusted_cert_file NULL
38#define DEFAULT_untrusted_cert_path NULL
39#define DEFAULT_cert_cache_dir NULL
41#define DEFAULT_curl_timeout 0
42#define DEFAULT_max_iat_age 0
43#define DEFAULT_max_date_header_age 0
44#define DEFAULT_max_cache_entry_age 0
45#define DEFAULT_max_cache_size 0
47#define DEFAULT_stir_shaken_failure_action stir_shaken_failure_action_NOT_SET
48#define DEFAULT_use_rfc9410_responses use_rfc9410_responses_NOT_SET
49#define DEFAULT_relax_x5u_port_scheme_restrictions relax_x5u_port_scheme_restrictions_NOT_SET
50#define DEFAULT_relax_x5u_path_restrictions relax_x5u_path_restrictions_NOT_SET
51#define DEFAULT_load_system_certs load_system_certs_NOT_SET
53#define DEFAULT_check_tn_cert_public_url check_tn_cert_public_url_NOT_SET
54#define DEFAULT_private_key_file NULL
55#define DEFAULT_public_cert_url NULL
56#define DEFAULT_attest_level attest_level_NOT_SET
57#define DEFAULT_unknown_tn_attest_level attest_level_NOT_SET
58#define DEFAULT_send_mky send_mky_NOT_SET
146 ast_log(
LOG_ERROR,
"%s: Unable to allocate memory for effective profile\n",
id);
172 attest_level_NOT_SET, attest_level_UNKNOWN);
182 attest_level_NOT_SET, attest_level_UNKNOWN);
188 if (acfg->global_disable && vcfg->global_disable) {
190 }
else if (acfg->global_disable && !vcfg->global_disable) {
192 }
else if (!acfg->global_disable && vcfg->global_disable) {
196 && acfg->global_disable) {
199 && vcfg->global_disable) {
204 if (existing_eprofile) {
251 " verification options specify ca_file or ca_path\n",
id);
276 e->
command =
"stir_shaken show profile";
278 "Usage: stir_shaken show profile <id>\n"
279 " Show the stir/shaken profile settings for a given id\n";
315 e->
command =
"stir_shaken show profiles";
317 "Usage: stir_shaken show profiles\n"
318 " Show all profiles for stir/shaken\n";
330 ast_cli(
a->fd,
"No stir/shaken profiles found\n");
345 .
title =
"Effective Profile",
351 e->
command =
"stir_shaken show eprofile";
353 "Usage: stir_shaken show eprofile <id>\n"
354 " Show the stir/shaken eprofile settings for a given id\n";
384 .
title =
"Effective Profile",
390 e->
command =
"stir_shaken show eprofiles";
392 "Usage: stir_shaken show eprofiles\n"
393 " Show all eprofiles for stir/shaken\n";
405 ast_cli(
a->fd,
"No stir/shaken eprofiles found\n");
453 ast_log(
LOG_ERROR,
"stir/shaken - failed to register '%s' sorcery object\n",
"eprofile");
460 unknown_tn_attest_level, attest_level,_nodoc);
478 unknown_tn_attest_level, attest_level,);
Access Control of various sorts.
Asterisk main include file. File version handling, generic pbx functions.
int ao2_container_count(struct ao2_container *c)
Returns the number of elements in a container.
#define ao2_callback_data(container, flags, cb_fn, arg, data)
#define ao2_ref(o, delta)
Reference/unreference an object and return the old refcount.
struct attestation_cfg * as_get_cfg(void)
int as_check_common_config(const char *id, struct attestation_cfg_common *acfg_common)
void acfg_cleanup(struct attestation_cfg_common *acfg_common)
int as_copy_cfg_common(const char *id, struct attestation_cfg_common *cfg_dst, struct attestation_cfg_common *cfg_src)
Standard Command Line Interface.
int ast_cli_unregister_multiple(struct ast_cli_entry *e, int len)
Unregister multiple commands.
#define AST_CLI_DEFINE(fn, txt,...)
void ast_cli(int fd, const char *fmt,...)
#define ast_cli_register_multiple(e, len)
Register multiple commands.
int config_object_cli_show(void *obj, void *arg, void *data, int flags)
Output configuration settings to the Asterisk CLI.
char * config_object_tab_complete_name(const char *word, struct ao2_container *container)
Tab completion for name matching with STIR/SHAKEN CLI commands.
struct ast_sorcery * get_sorcery(void)
Retrieve the stir/shaken sorcery context.
@ config_object_type_profile
#define register_common_verification_fields(sorcery, object, CONFIG_TYPE, nodoc)
struct verification_cfg * vs_get_cfg(void)
#define register_common_attestation_fields(sorcery, object, CONFIG_TYPE, nodoc)
#define PROFILE_ALLOW_VERIFY(__profile)
#define enum_option_register(sorcery, CONFIG_TYPE, name, nodoc)
int vs_copy_cfg_common(const char *id, struct verification_cfg_common *cfg_dst, struct verification_cfg_common *cfg_src)
#define PROFILE_ALLOW_ATTEST(__profile)
int vs_check_common_config(const char *id, struct verification_cfg_common *vcfg_common)
void vcfg_cleanup(struct verification_cfg_common *cfg)
#define enum_option_register_ex(sorcery, CONFIG_TYPE, name, field, function_prefix, nodoc)
#define cfg_enum_copy_ex(__cfg_dst, __cfg_src, __field, __not_set, __unknown)
cfg_enum_copy
@ OPT_NOOP_T
Type for a default handler that should do nothing.
generate_sorcery_enum_from_str(profile_cfg,, endpoint_behavior, UNKNOWN)
static char * cli_profile_show_all(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
static void profile_destructor(void *obj)
generate_vcfg_common_sorcery_handlers(profile_cfg)
static int eprofile_apply(const struct ast_sorcery *sorcery, void *obj)
static struct profile_cfg * create_effective_profile(struct profile_cfg *base_profile)
static void * profile_alloc(const char *name)
static char * cli_eprofile_show(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
generate_sorcery_enum_to_str(profile_cfg,, endpoint_behavior)
generate_sorcery_enum_from_str_ex(profile_cfg,, unknown_tn_attest_level, attest_level, UNKNOWN)
struct profile_cfg * eprofile_get_cfg(const char *id)
struct ao2_container * eprofile_get_all(void)
struct profile_cfg * profile_get_cfg(const char *id)
struct ao2_container * profile_get_all(void)
static struct ast_cli_entry stir_shaken_profile_cli[]
static int profile_apply(const struct ast_sorcery *sorcery, void *obj)
static char * cli_profile_show(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
generate_sorcery_enum_to_str_ex(profile_cfg,, unknown_tn_attest_level, attest_level)
static char * cli_eprofile_show_all(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
generate_acfg_common_sorcery_handlers(profile_cfg)
struct ao2_container * container
static struct ast_sorcery * sorcery
Security Event Reporting API.
Sorcery Data Access Layer API.
const char * ast_sorcery_object_get_id(const void *object)
Get the unique identifier of a sorcery object.
#define ast_sorcery_object_field_register_nodoc(sorcery, type, name, default_val, opt_type, flags,...)
Register a field within an object without documentation.
@ AST_RETRIEVE_FLAG_MULTIPLE
Return all matching objects.
@ AST_RETRIEVE_FLAG_ALL
Perform no matching, return all objects.
int ast_sorcery_create(const struct ast_sorcery *sorcery, void *object)
Create and potentially persist an object using an available wizard.
void * ast_sorcery_retrieve_by_id(const struct ast_sorcery *sorcery, const char *type, const char *id)
Retrieve an object using its unique identifier.
#define ast_sorcery_object_register(sorcery, type, alloc, transform, apply)
Register an object type.
void ast_sorcery_load_object(const struct ast_sorcery *sorcery, const char *type)
Inform any wizards of a specific object type to load persistent objects.
#define ast_sorcery_internal_object_register(sorcery, type, alloc, transform, apply)
Register an internal, hidden object type.
void * ast_sorcery_generic_alloc(size_t size, ao2_destructor_fn destructor)
Allocate a generic sorcery capable object.
#define ast_sorcery_object_field_register(sorcery, type, name, default_val, opt_type, flags,...)
Register a field within an object.
void * ast_sorcery_alloc(const struct ast_sorcery *sorcery, const char *type, const char *id)
Allocate an object.
int ast_sorcery_update(const struct ast_sorcery *sorcery, void *object)
Update an object.
int ast_sorcery_objectset_apply(const struct ast_sorcery *sorcery, void *object, struct ast_variable *objectset)
Apply an object set (KVP list) to an object.
void ast_sorcery_force_reload_object(const struct ast_sorcery *sorcery, const char *type)
Inform any wizards of a specific object type to reload persistent objects even if no changes determin...
#define ast_sorcery_apply_default(sorcery, type, name, data)
void * ast_sorcery_retrieve_by_fields(const struct ast_sorcery *sorcery, const char *type, unsigned int flags, struct ast_variable *fields)
Retrieve an object or multiple objects using specific fields.
@ AST_SORCERY_APPLY_SUCCESS
Stasis Message Bus API. See Stasis Message Bus API for detailed documentation.
#define ast_string_field_init(x, size)
Initialize a field pool and fields.
#define ast_string_field_free_memory(x)
free all memory - to be called before destroying the object
static force_inline int attribute_pure ast_strlen_zero(const char *s)
descriptor for a cli entry.
Full structure for sorcery.
Profile configuration for stir/shaken.
enum endpoint_behavior_enum endpoint_behavior
struct attestation_cfg_common acfg_common
struct profile_cfg * eprofile
enum attest_level_enum unknown_tn_attest_level
struct verification_cfg_common vcfg_common
struct crypto_cert_store * tcs
#define RAII_VAR(vartype, varname, initval, dtor)
Declare a variable that will call a destructor function when it goes out of scope.
