#include <openssl/evp.h>
#include "asterisk.h"
#include "asterisk/paths.h"
#include "asterisk/sorcery.h"
#include "asterisk/stringfields.h"

Include dependency graph for common_config.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures
struct	attestation_cfg

struct	attestation_cfg_common
	Attestation Service configuration for stir/shaken. More...

struct	config_object_cli_data

struct	profile_cfg
	Profile configuration for stir/shaken. More...

struct	tn_cfg
	TN configuration for stir/shaken. More...

struct	verification_cfg

struct	verification_cfg_common
	Verification Service configuration for stir/shaken. More...

Macros
#define	cfg_enum_copy(__cfg_dst, __cfg_src, __field) cfg_enum_copy_ex(__cfg_dst, __cfg_src, __field, __field ## _NOT_SET, __field ## _UNKNOWN)

#define	cfg_enum_copy_ex(__cfg_dst, __cfg_src, __field, __not_set, __unknown)
	cfg_enum_copy

#define	cfg_sf_copy_wrapper(id, __cfg_dst, __cfg_src, __field)
	cfg_copy_wrapper

#define	cfg_stringfield_copy(__cfg_dst, __cfg_src, __field)
	Common config copy utilities.

#define	cfg_uint_copy(__cfg_dst, __cfg_src, __field)
	cfg_uint_copy

#define	EFFECTIVE_ENUM(__enum1, __enum2, __field, __default)

#define	EFFECTIVE_ENUM_BOOL(__enum1, __enum2, __field, __default)

#define	ENUM_BOOL(__enum1, __field) (__enum1 == ( __field ## _ ## YES ))

#define	enum_option_register(sorcery, CONFIG_TYPE, name, nodoc) enum_option_register_ex(sorcery, CONFIG_TYPE, name, name, name, nodoc)

#define	enum_option_register_ex(sorcery, CONFIG_TYPE, name, field, function_prefix, nodoc)

#define	generate_acfg_common_sorcery_handlers(object)

#define	generate_bool_string_prototypes(param_name)
	Boolean field to/from string prototype generator.

#define	generate_enum_string_prototypes(param_name, ...)
	Enum field to/from string prototype generator.

#define	generate_sorcery_acl_from_str(__struct, __lc_param, __unknown)

#define	generate_sorcery_acl_to_str(__struct, __lc_param)

#define	generate_sorcery_enum_from_str(__struct, __substruct, __lc_param, __unknown) generate_sorcery_enum_from_str_ex(__struct, __substruct, __lc_param, __lc_param, __unknown) \

#define	generate_sorcery_enum_from_str_ex(__struct, __substruct, __lc_param, __base_enum, __unknown)

#define	generate_sorcery_enum_to_str(__struct, __substruct, __lc_param) generate_sorcery_enum_to_str_ex(__struct, __substruct, __lc_param, __lc_param)

#define	generate_sorcery_enum_to_str_ex(__struct, __substruct, __lc_param, __base_enum)
	Enum sorcery handler generator.

#define	generate_vcfg_common_sorcery_handlers(object)

#define	PROFILE_ALLOW_ATTEST(__profile)

#define	PROFILE_ALLOW_VERIFY(__profile)

#define	register_common_attestation_fields(sorcery, object, CONFIG_TYPE, nodoc)

#define	register_common_verification_fields(sorcery, object, CONFIG_TYPE, nodoc)

#define	stringfield_option_register(sorcery, CONFIG_TYPE, object, name, field, nodoc)
	Sorcery fields register helpers.

#define	uint_option_register(sorcery, CONFIG_TYPE, object, name, field, nodoc)

Enumerations
enum	config_object_type { config_object_type_attestation = 0 , config_object_type_verification , config_object_type_profile , config_object_type_tn }

Functions
void	acfg_cleanup (struct attestation_cfg_common *cfg)

int	as_check_common_config (const char id, struct attestation_cfg_common acfg_common)

int	as_config_load (void)

int	as_config_reload (void)

int	as_config_unload (void)

int	as_copy_cfg_common (const char id, struct attestation_cfg_common cfg_dst, struct attestation_cfg_common *cfg_src)

struct attestation_cfg *	as_get_cfg (void)

int	as_is_config_loaded (void)

char *	canonicalize_tn (const char tn, char dest_tn)
	Canonicalize a TN.

char *	canonicalize_tn_alloc (const char *tn)
	Canonicalize a TN into nre buffer.

int	common_config_load (void)

int	common_config_reload (void)

int	common_config_unload (void)

int	config_object_cli_show (void obj, void arg, void *data, int flags)
	Output configuration settings to the Asterisk CLI.

char *	config_object_tab_complete_name (const char word, struct ao2_container container)
	Tab completion for name matching with STIR/SHAKEN CLI commands.

struct ao2_container *	eprofile_get_all (void)

struct profile_cfg *	eprofile_get_cfg (const char *id)

	generate_bool_string_prototypes (check_tn_cert_public_url)

	generate_bool_string_prototypes (ignore_sip_date_header)

	generate_bool_string_prototypes (load_system_certs)

	generate_bool_string_prototypes (relax_x5u_path_restrictions)

	generate_bool_string_prototypes (relax_x5u_port_scheme_restrictions)

	generate_bool_string_prototypes (send_mky)

	generate_bool_string_prototypes (use_rfc9410_responses)

	generate_enum_string_prototypes (attest_level, attest_level_UNKNOWN=-1, attest_level_NOT_SET=0, attest_level_A, attest_level_B, attest_level_C,)

	generate_enum_string_prototypes (endpoint_behavior, endpoint_behavior_UNKNOWN=-1, endpoint_behavior_OFF=0, endpoint_behavior_ATTEST, endpoint_behavior_VERIFY, endpoint_behavior_ON, endpoint_behavior_NOT_SET)

struct ast_acl_list *	get_default_acl_list (void)

struct ao2_container *	profile_get_all (void)

struct profile_cfg *	profile_get_cfg (const char *id)

int	profile_load (void)

int	profile_reload (void)

int	profile_unload (void)

enum stir_shaken_failure_action_enum	stir_shaken_failure_action_from_str (const char *action_str)

const char *	stir_shaken_failure_action_to_str (enum stir_shaken_failure_action_enum action)

int	tn_config_load (void)

int	tn_config_reload (void)

int	tn_config_unload (void)

struct tn_cfg *	tn_get_cfg (const char *tn)

struct tn_cfg *	tn_get_etn (const char tn, struct profile_cfg eprofile)

enum attest_level_enum	unknown_tn_attest_level_from_str (const char *value)

const char *	unknown_tn_attest_level_to_str (enum attest_level_enum value)

void	vcfg_cleanup (struct verification_cfg_common *cfg)

int	vs_check_common_config (const char id, struct verification_cfg_common vcfg_common)

int	vs_config_load (void)

int	vs_config_reload (void)

int	vs_config_unload (void)

int	vs_copy_cfg_common (const char id, struct verification_cfg_common cfg_dst, struct verification_cfg_common *cfg_src)

struct verification_cfg *	vs_get_cfg (void)

int	vs_is_config_loaded (void)

Macro Definition Documentation

◆ cfg_enum_copy

#define cfg_enum_copy	(	__cfg_dst,
		__cfg_src,
		__field
	)	cfg_enum_copy_ex(__cfg_dst, __cfg_src, __field, __field ## _NOT_SET, __field ## _UNKNOWN)

Definition at line 285 of file common_config.h.

                              {
    AST_DECLARE_STRING_FIELDS(
        AST_STRING_FIELD(private_key_file);
        AST_STRING_FIELD(public_cert_url);
    );
    enum attest_level_enum attest_level;
    enum check_tn_cert_public_url_enum check_tn_cert_public_url;
    enum send_mky_enum send_mky;
    unsigned char *raw_key;
    size_t raw_key_length;
};
 
#define generate_acfg_common_sorcery_handlers(object) \
    generate_sorcery_enum_from_str(object, acfg_common., check_tn_cert_public_url, UNKNOWN); \
    generate_sorcery_enum_to_str(object, acfg_common., check_tn_cert_public_url); \
    generate_sorcery_enum_from_str(object, acfg_common., send_mky, UNKNOWN); \
    generate_sorcery_enum_to_str(object, acfg_common., send_mky); \
    generate_sorcery_enum_from_str(object, acfg_common., attest_level, UNKNOWN); \
    generate_sorcery_enum_to_str(object, acfg_common., attest_level);
 
int as_check_common_config(const char *id,
    struct attestation_cfg_common *acfg_common);
 
int as_copy_cfg_common(const char *id, struct attestation_cfg_common *cfg_dst,
    struct attestation_cfg_common *cfg_src);
 
void acfg_cleanup(struct attestation_cfg_common *cfg);
 
struct attestation_cfg {
    SORCERY_OBJECT(details);
    /*
     * We need an empty AST_DECLARE_STRING_FIELDS() here
     * because when STRFLDSET is used with sorcery, the
     * memory for all sub-structures that have stringfields
     * is allocated from the parent's stringfield pool.
     */
    AST_DECLARE_STRING_FIELDS();
    struct attestation_cfg_common acfg_common;
    enum attest_level_enum unknown_tn_attest_level;
    int global_disable;
};
 
struct attestation_cfg *as_get_cfg(void);
int as_is_config_loaded(void);
int as_config_load(void);
int as_config_reload(void);
int as_config_unload(void);
 
/*!
 * \brief Verification Service configuration for stir/shaken
 *
 * The common structure also appears in profile_cfg.
 */
struct verification_cfg_common {
    AST_DECLARE_STRING_FIELDS(
        AST_STRING_FIELD(ca_file);
        AST_STRING_FIELD(ca_path);
        AST_STRING_FIELD(crl_file);
        AST_STRING_FIELD(crl_path);
        AST_STRING_FIELD(untrusted_cert_file);
        AST_STRING_FIELD(untrusted_cert_path);
        AST_STRING_FIELD(cert_cache_dir);
    );
    unsigned int curl_timeout;
    unsigned int max_iat_age;
    unsigned int max_date_header_age;
    unsigned int max_cache_entry_age;
    unsigned int max_cache_size;
    enum stir_shaken_failure_action_enum
        stir_shaken_failure_action;
    enum use_rfc9410_responses_enum use_rfc9410_responses;
    enum relax_x5u_port_scheme_restrictions_enum
        relax_x5u_port_scheme_restrictions;
    enum relax_x5u_path_restrictions_enum
        relax_x5u_path_restrictions;
    enum load_system_certs_enum load_system_certs;
    enum ignore_sip_date_header_enum ignore_sip_date_header;
    struct ast_acl_list *acl;
    struct crypto_cert_store *tcs;
};
 
#define generate_vcfg_common_sorcery_handlers(object) \
    generate_sorcery_enum_from_str(object, vcfg_common.,use_rfc9410_responses, UNKNOWN); \
    generate_sorcery_enum_to_str(object, vcfg_common.,use_rfc9410_responses); \
    generate_sorcery_enum_from_str(object, vcfg_common.,stir_shaken_failure_action, UNKNOWN); \
    generate_sorcery_enum_to_str(object, vcfg_common.,stir_shaken_failure_action); \
    generate_sorcery_enum_from_str(object, vcfg_common.,relax_x5u_port_scheme_restrictions, UNKNOWN); \
    generate_sorcery_enum_to_str(object, vcfg_common.,relax_x5u_port_scheme_restrictions); \
    generate_sorcery_enum_from_str(object, vcfg_common.,relax_x5u_path_restrictions, UNKNOWN); \
    generate_sorcery_enum_to_str(object, vcfg_common.,relax_x5u_path_restrictions); \
    generate_sorcery_enum_from_str(object, vcfg_common.,load_system_certs, UNKNOWN); \
    generate_sorcery_enum_to_str(object, vcfg_common.,load_system_certs); \
    generate_sorcery_enum_from_str(object, vcfg_common.,ignore_sip_date_header, UNKNOWN); \
    generate_sorcery_enum_to_str(object, vcfg_common.,ignore_sip_date_header); \
    generate_sorcery_acl_from_str(object, acl, NULL); \
    generate_sorcery_acl_to_str(object, acl);
 
int vs_check_common_config(const char *id,
    struct verification_cfg_common *vcfg_common);
 
int vs_copy_cfg_common(const char *id, struct verification_cfg_common *cfg_dst,
    struct verification_cfg_common *cfg_src);
 
void vcfg_cleanup(struct verification_cfg_common *cfg);
 
struct verification_cfg {
    SORCERY_OBJECT(details);
    /*
     * We need an empty AST_DECLARE_STRING_FIELDS() here
     * because when STRFLDSET is used with sorcery, the
     * memory for all sub-structures that have stringfields
     * is allocated from the parent's stringfield pool.
     */
    AST_DECLARE_STRING_FIELDS();
    struct verification_cfg_common vcfg_common;
    int global_disable;
};
 
struct verification_cfg *vs_get_cfg(void);
int vs_is_config_loaded(void);
int vs_config_load(void);
int vs_config_reload(void);
int vs_config_unload(void);
 
/*!
 * \brief Profile configuration for stir/shaken
 */
struct profile_cfg {
    SORCERY_OBJECT(details);
    /*
     * We need an empty AST_DECLARE_STRING_FIELDS() here
     * because when STRFLDSET is used with sorcery, the
     * memory for all sub-structures that have stringfields
     * is allocated from the parent's stringfield pool.
     */
    AST_DECLARE_STRING_FIELDS();
    struct attestation_cfg_common acfg_common;
    struct verification_cfg_common vcfg_common;
    enum endpoint_behavior_enum endpoint_behavior;
    enum attest_level_enum unknown_tn_attest_level;
    struct profile_cfg *eprofile;
};
 
struct profile_cfg *profile_get_cfg(const char *id);
struct ao2_container *profile_get_all(void);
struct profile_cfg *eprofile_get_cfg(const char *id);
struct ao2_container *eprofile_get_all(void);
int profile_load(void);
int profile_reload(void);
int profile_unload(void);
 
#define PROFILE_ALLOW_ATTEST(__profile) \
    (__profile->endpoint_behavior == endpoint_behavior_ON || \
        __profile->endpoint_behavior == endpoint_behavior_ATTEST)
 
#define PROFILE_ALLOW_VERIFY(__profile) \
    (__profile->endpoint_behavior == endpoint_behavior_ON || \
        __profile->endpoint_behavior == endpoint_behavior_VERIFY)
 
/*!
 * \brief TN configuration for stir/shaken
 *
 * TN-specific attestation_cfg.
 */
 
struct tn_cfg {
    SORCERY_OBJECT(details);
    /*
     * We need an empty AST_DECLARE_STRING_FIELDS() here
     * because when STRFLDSET is used with sorcery, the
     * memory for all sub-structures that have stringfields
     * is allocated from the parent's stringfield pool.
     */
    AST_DECLARE_STRING_FIELDS();
    struct attestation_cfg_common acfg_common;
};
 
struct tn_cfg *tn_get_cfg(const char *tn);
struct tn_cfg *tn_get_etn(const char *tn,
    struct profile_cfg *eprofile);
int tn_config_load(void);
int tn_config_reload(void);
int tn_config_unload(void);
 
/*!
 * \brief Sorcery fields register helpers
 *
 * Most of the fields on attestation_cfg and verification_cfg are also
 * in profile_cfg.  To prevent having to maintain duplicate sets of
 * sorcery register statements, we can do this once here and call
 * register_common_verification_fields() from both profile_config and
 * verification_config and call register_common_attestation_fields()
 * from profile_cfg and attestation_config.
 *
 * Most of the fields in question are in sub-structures like
 * verification_cfg.vcfg_common which is why there are separate name
 * and field parameters.  For verification_cfg.vcfg_common.ca_file
 * for instance, name would be ca_file and field would be
 * vcfg_common.ca_file.
 *
 *\note These macros depend on default values being defined
 * in the 4 _config.c files as DEFAULT_<field_name>.
 *
 */
#define stringfield_option_register(sorcery, CONFIG_TYPE, object, name, field, nodoc) \
    ast_sorcery_object_field_register ## nodoc(sorcery, CONFIG_TYPE, #name, \
        DEFAULT_ ## name, OPT_STRINGFIELD_T, 0, \
        STRFLDSET(struct object, field))
 
#define uint_option_register(sorcery, CONFIG_TYPE, object, name, field, nodoc) \
    ast_sorcery_object_field_register ## nodoc(sorcery, CONFIG_TYPE, #name, \
        __stringify(DEFAULT_ ## name), OPT_UINT_T, 0, \
        FLDSET(struct object, field))
 
#define enum_option_register_ex(sorcery, CONFIG_TYPE, name, field, function_prefix, nodoc) \
    ast_sorcery_object_field_register_custom ## nodoc(sorcery, CONFIG_TYPE, \
        #name, function_prefix ## _to_str(DEFAULT_ ## field), \
        sorcery_ ## field ## _from_str, sorcery_ ## field ## _to_str, NULL, 0, 0)
 
#define enum_option_register(sorcery, CONFIG_TYPE, name, nodoc) \
    enum_option_register_ex(sorcery, CONFIG_TYPE, name, name, name, nodoc)
 
#define register_common_verification_fields(sorcery, object, CONFIG_TYPE, nodoc) \
({ \
    stringfield_option_register(sorcery, CONFIG_TYPE, object, ca_file, vcfg_common.ca_file, nodoc); \
    stringfield_option_register(sorcery, CONFIG_TYPE, object, ca_path, vcfg_common.ca_path, nodoc); \
    stringfield_option_register(sorcery, CONFIG_TYPE, object, crl_file, vcfg_common.crl_file, nodoc); \
    stringfield_option_register(sorcery, CONFIG_TYPE, object, crl_path, vcfg_common.crl_path, nodoc); \
    stringfield_option_register(sorcery, CONFIG_TYPE, object, untrusted_cert_file, vcfg_common.untrusted_cert_file, nodoc); \
    stringfield_option_register(sorcery, CONFIG_TYPE, object, untrusted_cert_path, vcfg_common.untrusted_cert_path, nodoc); \
    stringfield_option_register(sorcery, CONFIG_TYPE, object, cert_cache_dir, vcfg_common.cert_cache_dir, nodoc); \
\
    uint_option_register(sorcery, CONFIG_TYPE, object, curl_timeout, vcfg_common.curl_timeout, nodoc);\
    uint_option_register(sorcery, CONFIG_TYPE, object, max_iat_age, vcfg_common.max_iat_age, nodoc);\
    uint_option_register(sorcery, CONFIG_TYPE, object, max_date_header_age, vcfg_common.max_date_header_age, nodoc);\
    uint_option_register(sorcery, CONFIG_TYPE, object, max_cache_entry_age, vcfg_common.max_cache_entry_age, nodoc);\
    uint_option_register(sorcery, CONFIG_TYPE, object, max_cache_size, vcfg_common.max_cache_size, nodoc);\
\
    enum_option_register_ex(sorcery, CONFIG_TYPE, failure_action, stir_shaken_failure_action, stir_shaken_failure_action, nodoc); \
    enum_option_register(sorcery, CONFIG_TYPE, use_rfc9410_responses, nodoc); \
    enum_option_register(sorcery, CONFIG_TYPE, \
        relax_x5u_port_scheme_restrictions, nodoc); \
    enum_option_register(sorcery, CONFIG_TYPE, \
        relax_x5u_path_restrictions, nodoc); \
        enum_option_register(sorcery, CONFIG_TYPE, \
            load_system_certs, nodoc); \
    enum_option_register(sorcery, CONFIG_TYPE, ignore_sip_date_header, nodoc); \
\
    ast_sorcery_object_field_register_custom ## nodoc(sorcery, CONFIG_TYPE, "x5u_deny", "", sorcery_acl_from_str, NULL, NULL, 0, 0); \
    ast_sorcery_object_field_register_custom ## nodoc(sorcery, CONFIG_TYPE, "x5u_permit", "", sorcery_acl_from_str, NULL, NULL, 0, 0); \
    ast_sorcery_object_field_register_custom ## nodoc(sorcery, CONFIG_TYPE, "x5u_acl", "", sorcery_acl_from_str, sorcery_acl_to_str, NULL, 0, 0); \
})
 
#define register_common_attestation_fields(sorcery, object, CONFIG_TYPE, nodoc) \
({ \
    stringfield_option_register(sorcery, CONFIG_TYPE, object, private_key_file, acfg_common.private_key_file, nodoc); \
    stringfield_option_register(sorcery, CONFIG_TYPE, object, public_cert_url, acfg_common.public_cert_url, nodoc); \
    enum_option_register(sorcery, CONFIG_TYPE, attest_level, nodoc); \
    enum_option_register(sorcery, CONFIG_TYPE, check_tn_cert_public_url, nodoc); \
    enum_option_register(sorcery, CONFIG_TYPE, send_mky, nodoc); \
})
 
int common_config_load(void);
int common_config_unload(void);
int common_config_reload(void);
 
enum config_object_type {
    config_object_type_attestation = 0,
    config_object_type_verification,
    config_object_type_profile,
    config_object_type_tn,
};
 
struct config_object_cli_data {
    const char *title;
    enum config_object_type object_type;
};
 
/*!
 * \brief Output configuration settings to the Asterisk CLI
 *
 * \param obj A sorcery object containing configuration data
 * \param arg Asterisk CLI argument object
 * \param flags ao2 container flags
 *
 * \retval 0
 */
int config_object_cli_show(void *obj, void *arg, void *data, int flags);
 
/*!
 * \brief Tab completion for name matching with STIR/SHAKEN CLI commands
 *
 * \param word The word to tab complete on
 * \param container The sorcery container to iterate through
 *
 * \retval The tab completion options
 */
char *config_object_tab_complete_name(const char *word, struct ao2_container *container);
 
/*!
 * \brief Canonicalize a TN
 *
 * \param tn TN to canonicalize
 * \param dest_tn Pointer to destination buffer to receive the new TN
 *
 * \retval dest_tn or NULL on failure
 */
char *canonicalize_tn(const char *tn, char *dest_tn);
 
/*!
 * \brief Canonicalize a TN into nre buffer
 *
 * \param tn TN to canonicalize
 *
 * \retval dest_tn (which must be freed with ast_free) or NULL on failure
 */
char *canonicalize_tn_alloc(const char *tn);
 
#endif /* COMMON_CONFIG_H_ */

◆ cfg_enum_copy_ex

#define cfg_enum_copy_ex	(	__cfg_dst,
		__cfg_src,
		__field,
		__not_set,
		__unknown
	)

cfg_enum_copy

Copy an enum from the source to the dest only if the source is neither NOT_SET nor UNKNOWN

Definition at line 277 of file common_config.h.

 { \
    if (__cfg_src->__field != __not_set \
        && __cfg_src->__field != __unknown) { \
        __cfg_dst->__field = __cfg_src->__field; \
    } \
})

◆ cfg_sf_copy_wrapper

#define cfg_sf_copy_wrapper	(	id,
		__cfg_dst,
		__cfg_src,
		__field
	)

cfg_copy_wrapper

Invoke cfg_stringfield_copy and cause the calling runction to return a -1 of the copy fails.

Definition at line 248 of file common_config.h.

{ \
    int rc = cfg_stringfield_copy(__cfg_dst, __cfg_src, __field); \
    if (rc != 0) { \
        ast_log(LOG_ERROR, "%s: Unable to copy field %s from %s to %s\n", \
            id, #__field, #__cfg_src, #__cfg_dst); \
        return -1; \
    } \
}

◆ cfg_stringfield_copy

#define cfg_stringfield_copy	(	__cfg_dst,
		__cfg_src,
		__field
	)

Common config copy utilities.

These macros are designed to be called from as_copy_cfg_common and vs_copy_cfg_common only. They'll only copy a field if the field contains a vaild value. Thus a NOT_SET value in the source won't override a pre-existing good value in the dest. A good value in the source WILL overwrite a good value in the dest.

Definition at line 233 of file common_config.h.

 { \
    int __res = 0; \
    if (!ast_strlen_zero(__cfg_src->__field)) { \
        __res = ast_string_field_set(__cfg_dst, __field, __cfg_src->__field); \
    } \
    __res; \
})

◆ cfg_uint_copy

#define cfg_uint_copy	(	__cfg_dst,
		__cfg_src,
		__field
	)

Value:

({ \
    if (__cfg_src->__field > 0) { \
        __cfg_dst->__field = __cfg_src->__field; \
    } \
})

cfg_uint_copy

Copy a uint from the source to the dest only if the source > 0. For stir-shaken, 0 isn't a valid value for any uint fields.

Definition at line 264 of file common_config.h.

 { \
    if (__cfg_src->__field > 0) { \
        __cfg_dst->__field = __cfg_src->__field; \
    } \
})

◆ EFFECTIVE_ENUM

#define EFFECTIVE_ENUM	(	__enum1,
		__enum2,
		__field,
		__default
	)

Value:

    ( __enum1 != ( __field ## _ ## NOT_SET ) ? __enum1 : \
        (__enum2 != __field ## _ ## NOT_SET ? \
            __enum2 : __default ))

Definition at line 210 of file common_config.h.

                                                       : \
        (__enum2 != __field ## _ ## NOT_SET ? \
            __enum2 : __default ))

◆ EFFECTIVE_ENUM_BOOL

#define EFFECTIVE_ENUM_BOOL	(	__enum1,
		__enum2,
		__field,
		__default
	)

Value:

    (( __enum1 != ( __field ## _ ## NOT_SET ) ? __enum1 : \
        (__enum2 != __field ## _ ## NOT_SET ? \
            __enum2 : __field ## _ ## __default )) == __field ## _ ## YES)

Definition at line 215 of file common_config.h.

                                                        : \
        (__enum2 != __field ## _ ## NOT_SET ? \
            __enum2 : __field ## _ ## __default )) == __field ## _ ## YES)

◆ ENUM_BOOL

#define ENUM_BOOL	(	__enum1,
		__field
	)	(__enum1 == ( __field ## _ ## YES ))

Definition at line 220 of file common_config.h.

◆ enum_option_register

#define enum_option_register	(	sorcery,
		CONFIG_TYPE,
		name,
		nodoc
	)	enum_option_register_ex(sorcery, CONFIG_TYPE, name, name, name, nodoc)

Definition at line 513 of file common_config.h.

◆ enum_option_register_ex

#define enum_option_register_ex	(	sorcery,
		CONFIG_TYPE,
		name,
		field,
		function_prefix,
		nodoc
	)

Value:

    ast_sorcery_object_field_register_custom ## nodoc(sorcery, CONFIG_TYPE, \
        #name, function_prefix ## _to_str(DEFAULT_ ## field), \
        sorcery_ ## field ## _from_str, sorcery_ ## field ## _to_str, NULL, 0, 0)

Definition at line 508 of file common_config.h.

◆ generate_acfg_common_sorcery_handlers

#define generate_acfg_common_sorcery_handlers ( object )

Definition at line 306 of file common_config.h.

◆ generate_bool_string_prototypes

#define generate_bool_string_prototypes ( param_name )

Boolean field to/from string prototype generator.

Most of the boolean fields that appear in the verification and attestation objects can be ovrridden in the profile object; "use_rfc9410_responses" for instance. If they were registered as normal YESNO types, we couldn't tell if a "0" value in the profile object meant the user set it to "no" to override a value of "yes" in the verification object, or it just defaulted to "0". By making the _NOT_SET enum a non-0/1 and making it the default value, we can tell the difference. The _UNKNOWN enum gets set if the string value provided to the _from_str function wasn't recognized as one of the values acceptable to ast_true() or ast_false().

The result of calling the generator for a field will look like:

 enum use_rfc9410_responses_enum {
    use_rfc9410_responses_UNKNOWN = -1,
    use_rfc9410_responses_NO = 0,
    use_rfc9410_responses_YES,
    use_rfc9410_responses_NOT_SET,
};
enum use_rfc9410_responses_enum
    use_rfc9410_responses_from_str(const char *value);
const char *use_rfc9410_responses_to_str(enum use_rfc9410_responses_enum value);

Most of the macros that follow depend on enum values formatted as <param_name>SOMETHING and their defaults as DEFAULT<param_name>.

Definition at line 60 of file common_config.h.

                         { \
    param_name ## _UNKNOWN = -1, \
    param_name ## _NO = 0, \
    param_name ## _YES, \
    param_name ## _NOT_SET, \
}; \
enum param_name ## _enum \
    param_name ## _from_str(const char *value); \
const char *param_name ## _to_str(enum param_name ## _enum value);

◆ generate_enum_string_prototypes

#define generate_enum_string_prototypes	(	param_name,
		...
	)

Enum field to/from string prototype generator.

This operates like the bool generator except you supply a list of the enum values. The first one MUST be param_name_UNKNOWN with a value of -1 and the rest running sequentially with the last being param_name_NOT_SET.

Definition at line 96 of file common_config.h.

                         { \
    __VA_ARGS__ \
}; \
enum param_name ## _enum \
    param_name ## _from_str(const char *value); \
const char *param_name ## _to_str(enum param_name ## _enum value);

◆ generate_sorcery_acl_from_str

#define generate_sorcery_acl_from_str	(	__struct,
		__lc_param,
		__unknown
	)

Definition at line 194 of file common_config.h.

{ \
    struct __struct *cfg = obj; \
    int error = 0; \
    int ignore; \
    const char *name = var->name + strlen("x5u_"); \
    if (ast_strlen_zero(var->value)) { \
        return 0; \
    } \
    ast_append_acl(name, var->value, &cfg->vcfg_common.acl, &error, &ignore); \
    return error; \
}

◆ generate_sorcery_acl_to_str

#define generate_sorcery_acl_to_str	(	__struct,
		__lc_param
	)

Definition at line 175 of file common_config.h.

{ \
    const struct __struct *cfg = obj; \
    struct ast_acl *first_acl; \
    if (!ast_acl_list_is_empty(cfg->vcfg_common.acl)) { \
        AST_LIST_LOCK(cfg->vcfg_common.acl); \
        first_acl = AST_LIST_FIRST(cfg->vcfg_common.acl); \
        if (ast_strlen_zero(first_acl->name)) { \
            *buf = "deny/permit"; \
        } else { \
            *buf = first_acl->name; \
        } \
        AST_LIST_UNLOCK(cfg->vcfg_common.acl); \
    } \
    *buf = ast_strdup(*buf); \
    return 0; \
}

◆ generate_sorcery_enum_from_str

#define generate_sorcery_enum_from_str	(	__struct,
		__substruct,
		__lc_param,
		__unknown
	)	generate_sorcery_enum_from_str_ex(__struct, __substruct, __lc_param, __lc_param, __unknown) \

Definition at line 171 of file common_config.h.

◆ generate_sorcery_enum_from_str_ex

#define generate_sorcery_enum_from_str_ex	(	__struct,
		__substruct,
		__lc_param,
		__base_enum,
		__unknown
	)

Definition at line 158 of file common_config.h.

{ \
    struct __struct *cfg = obj; \
    cfg->__substruct __lc_param = __base_enum ## _from_str (var->value); \
    if (cfg->__substruct __lc_param == __base_enum ## _ ## __unknown) { \
        ast_log(LOG_WARNING, "Unknown value '%s' specified for %s\n", \
            var->value, var->name); \
        return -1; \
    } \
    return 0; \
}

◆ generate_sorcery_enum_to_str

#define generate_sorcery_enum_to_str	(	__struct,
		__substruct,
		__lc_param
	)	generate_sorcery_enum_to_str_ex(__struct, __substruct, __lc_param, __lc_param)

Definition at line 155 of file common_config.h.

◆ generate_sorcery_enum_to_str_ex

#define generate_sorcery_enum_to_str_ex	(	__struct,
		__substruct,
		__lc_param,
		__base_enum
	)

Enum sorcery handler generator.

These macros can create the two functions needed to register an enum field with sorcery as long as there are _to_str and _from_str functions defined elsewhere.

Definition at line 147 of file common_config.h.

{ \
    const struct __struct *cfg = obj; \
    *buf = ast_strdup(__base_enum ## _to_str(cfg->__substruct __lc_param)); \
    return *buf ? 0 : -1; \
}

◆ generate_vcfg_common_sorcery_handlers

#define generate_vcfg_common_sorcery_handlers ( object )

Definition at line 375 of file common_config.h.

◆ PROFILE_ALLOW_ATTEST

#define PROFILE_ALLOW_ATTEST ( __profile )

Value:

(__profile->endpoint_behavior == endpoint_behavior_ON || \

__profile->endpoint_behavior == endpoint_behavior_ATTEST)

Definition at line 445 of file common_config.h.

◆ PROFILE_ALLOW_VERIFY

#define PROFILE_ALLOW_VERIFY ( __profile )

Value:

(__profile->endpoint_behavior == endpoint_behavior_ON || \

__profile->endpoint_behavior == endpoint_behavior_VERIFY)

Definition at line 449 of file common_config.h.

◆ register_common_attestation_fields

#define register_common_attestation_fields	(	sorcery,
		object,
		CONFIG_TYPE,
		nodoc
	)

Definition at line 547 of file common_config.h.

 { \
    stringfield_option_register(sorcery, CONFIG_TYPE, object, private_key_file, acfg_common.private_key_file, nodoc); \
    stringfield_option_register(sorcery, CONFIG_TYPE, object, public_cert_url, acfg_common.public_cert_url, nodoc); \
    enum_option_register(sorcery, CONFIG_TYPE, attest_level, nodoc); \
    enum_option_register(sorcery, CONFIG_TYPE, check_tn_cert_public_url, nodoc); \
    enum_option_register(sorcery, CONFIG_TYPE, send_mky, nodoc); \
})

◆ register_common_verification_fields

#define register_common_verification_fields	(	sorcery,
		object,
		CONFIG_TYPE,
		nodoc
	)

Definition at line 516 of file common_config.h.

 { \
    stringfield_option_register(sorcery, CONFIG_TYPE, object, ca_file, vcfg_common.ca_file, nodoc); \
    stringfield_option_register(sorcery, CONFIG_TYPE, object, ca_path, vcfg_common.ca_path, nodoc); \
    stringfield_option_register(sorcery, CONFIG_TYPE, object, crl_file, vcfg_common.crl_file, nodoc); \
    stringfield_option_register(sorcery, CONFIG_TYPE, object, crl_path, vcfg_common.crl_path, nodoc); \
    stringfield_option_register(sorcery, CONFIG_TYPE, object, untrusted_cert_file, vcfg_common.untrusted_cert_file, nodoc); \
    stringfield_option_register(sorcery, CONFIG_TYPE, object, untrusted_cert_path, vcfg_common.untrusted_cert_path, nodoc); \
    stringfield_option_register(sorcery, CONFIG_TYPE, object, cert_cache_dir, vcfg_common.cert_cache_dir, nodoc); \
\
    uint_option_register(sorcery, CONFIG_TYPE, object, curl_timeout, vcfg_common.curl_timeout, nodoc);\
    uint_option_register(sorcery, CONFIG_TYPE, object, max_iat_age, vcfg_common.max_iat_age, nodoc);\
    uint_option_register(sorcery, CONFIG_TYPE, object, max_date_header_age, vcfg_common.max_date_header_age, nodoc);\
    uint_option_register(sorcery, CONFIG_TYPE, object, max_cache_entry_age, vcfg_common.max_cache_entry_age, nodoc);\
    uint_option_register(sorcery, CONFIG_TYPE, object, max_cache_size, vcfg_common.max_cache_size, nodoc);\
\
    enum_option_register_ex(sorcery, CONFIG_TYPE, failure_action, stir_shaken_failure_action, stir_shaken_failure_action, nodoc); \
    enum_option_register(sorcery, CONFIG_TYPE, use_rfc9410_responses, nodoc); \
    enum_option_register(sorcery, CONFIG_TYPE, \
        relax_x5u_port_scheme_restrictions, nodoc); \
    enum_option_register(sorcery, CONFIG_TYPE, \
        relax_x5u_path_restrictions, nodoc); \
        enum_option_register(sorcery, CONFIG_TYPE, \
            load_system_certs, nodoc); \
    enum_option_register(sorcery, CONFIG_TYPE, ignore_sip_date_header, nodoc); \
\
    ast_sorcery_object_field_register_custom ## nodoc(sorcery, CONFIG_TYPE, "x5u_deny", "", sorcery_acl_from_str, NULL, NULL, 0, 0); \
    ast_sorcery_object_field_register_custom ## nodoc(sorcery, CONFIG_TYPE, "x5u_permit", "", sorcery_acl_from_str, NULL, NULL, 0, 0); \
    ast_sorcery_object_field_register_custom ## nodoc(sorcery, CONFIG_TYPE, "x5u_acl", "", sorcery_acl_from_str, sorcery_acl_to_str, NULL, 0, 0); \
})

◆ stringfield_option_register

#define stringfield_option_register	(	sorcery,
		CONFIG_TYPE,
		object,
		name,
		field,
		nodoc
	)

Value:

    ast_sorcery_object_field_register ## nodoc(sorcery, CONFIG_TYPE, #name, \
        DEFAULT_ ## name, OPT_STRINGFIELD_T, 0, \
        STRFLDSET(struct object, field))

Sorcery fields register helpers.

Most of the fields on attestation_cfg and verification_cfg are also in profile_cfg. To prevent having to maintain duplicate sets of sorcery register statements, we can do this once here and call register_common_verification_fields() from both profile_config and verification_config and call register_common_attestation_fields() from profile_cfg and attestation_config.

Most of the fields in question are in sub-structures like verification_cfg.vcfg_common which is why there are separate name and field parameters. For verification_cfg.vcfg_common.ca_file for instance, name would be ca_file and field would be vcfg_common.ca_file.

Note: These macros depend on default values being defined in the 4 config.c files as DEFAULT<field_name>.

Definition at line 498 of file common_config.h.

◆ uint_option_register

#define uint_option_register	(	sorcery,
		CONFIG_TYPE,
		object,
		name,
		field,
		nodoc
	)

Value:

    ast_sorcery_object_field_register ## nodoc(sorcery, CONFIG_TYPE, #name, \
        __stringify(DEFAULT_ ## name), OPT_UINT_T, 0, \
        FLDSET(struct object, field))

Definition at line 503 of file common_config.h.

Enumeration Type Documentation

◆ config_object_type

enum config_object_type

Enumerator
config_object_type_attestation
config_object_type_verification
config_object_type_profile
config_object_type_tn

Definition at line 560 of file common_config.h.

                        {
    config_object_type_attestation = 0,
    config_object_type_verification,
    config_object_type_profile,
    config_object_type_tn,
};

Function Documentation

◆ acfg_cleanup()

void acfg_cleanup ( struct attestation_cfg_common * cfg )

Definition at line 68 of file attestation_config.c.

{
    if (!acfg_common) {
        return;
    }
    ast_string_field_free_memory(acfg_common);
    ao2_cleanup(acfg_common->raw_key);
}

References attestation_cfg::acfg_common, ao2_cleanup, ast_string_field_free_memory, and attestation_cfg_common::raw_key.

Referenced by attestation_destructor(), profile_destructor(), and tn_destructor().

◆ as_check_common_config()

int as_check_common_config	(	const char *	id,
		struct attestation_cfg_common *	acfg_common
	)

Definition at line 139 of file attestation_config.c.

{
    SCOPE_ENTER(3, "%s: Checking common config\n", id);
 
    if (!ast_strlen_zero(acfg_common->private_key_file)
        && !ast_file_is_readable(acfg_common->private_key_file)) {
        SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: default_private_key_path %s is missing or not readable\n", id,
            acfg_common->private_key_file);
    }
 
    if (ENUM_BOOL(acfg_common->check_tn_cert_public_url,
        check_tn_cert_public_url)
        && !ast_strlen_zero(acfg_common->public_cert_url)) {
        RAII_VAR(char *, public_cert_data, NULL, ast_std_free);
        X509 *public_cert;
        size_t public_cert_len;
        int rc = 0;
        long http_code;
        SCOPE_ENTER(3 , "%s: Checking public cert url '%s'\n",
            id, acfg_common->public_cert_url);
 
        http_code = curl_download_to_memory(acfg_common->public_cert_url,
            &public_cert_len, &public_cert_data, NULL);
        if (http_code / 100 != 2) {
            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: public_cert '%s' could not be downloaded\n", id,
                acfg_common->public_cert_url);
        }
 
        public_cert = crypto_load_cert_chain_from_memory(public_cert_data,
            public_cert_len, NULL);
        if (!public_cert) {
            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: public_cert '%s' could not be parsed as a certificate\n", id,
                acfg_common->public_cert_url);
        }
        rc = crypto_is_cert_time_valid(public_cert, 0);
        X509_free(public_cert);
        if (!rc) {
            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: public_cert '%s' is not valid yet or has expired\n", id,
                acfg_common->public_cert_url);
        }
 
        rc = crypto_has_private_key_from_memory(public_cert_data, public_cert_len);
        if (rc) {
            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: DANGER!!! public_cert_url '%s' has a private key in the file!!!\n", id,
                acfg_common->public_cert_url);
        }
        SCOPE_EXIT("%s: Done\n", id);
    }
 
    if (!ast_strlen_zero(acfg_common->private_key_file)) {
        EVP_PKEY *private_key;
        RAII_VAR(unsigned char *, raw_key, NULL, ast_free);
 
        private_key = crypto_load_privkey_from_file(acfg_common->private_key_file);
        if (!private_key) {
            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: Could not extract raw private key from file '%s'\n", id,
                acfg_common->private_key_file);
        }
 
        acfg_common->raw_key_length = crypto_extract_raw_privkey(private_key, &raw_key);
        EVP_PKEY_free(private_key);
        if (acfg_common->raw_key_length == 0 || raw_key == NULL) {
            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: Could not extract raw private key from file '%s'\n", id,
                acfg_common->private_key_file);
        }
 
        /*
         * We're making this an ao2 object so it can be referenced
         * by a profile instead of having to copy it.
         */
        acfg_common->raw_key = ao2_alloc(acfg_common->raw_key_length, NULL);
        if (!acfg_common->raw_key) {
            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
                "%s: Could not allocate memory for raw private key\n", id);
        }
        memcpy(acfg_common->raw_key, raw_key, acfg_common->raw_key_length);
 
    }
 
    SCOPE_EXIT_RTN_VALUE(0, "%s: Done\n", id);
}

References attestation_cfg::acfg_common, ao2_alloc, ast_file_is_readable(), ast_free, ast_std_free(), ast_strlen_zero(), attestation_cfg_common::check_tn_cert_public_url, crypto_extract_raw_privkey(), crypto_has_private_key_from_memory(), crypto_is_cert_time_valid(), crypto_load_cert_chain_from_memory(), crypto_load_privkey_from_file(), curl_download_to_memory(), ENUM_BOOL, LOG_ERROR, NULL, attestation_cfg_common::private_key_file, attestation_cfg_common::public_cert_url, RAII_VAR, attestation_cfg_common::raw_key, attestation_cfg_common::raw_key_length, SCOPE_ENTER, SCOPE_EXIT, SCOPE_EXIT_LOG_RTN_VALUE, and SCOPE_EXIT_RTN_VALUE.

Referenced by attestation_apply(), profile_apply(), and tn_apply().

◆ as_config_load()

int as_config_load ( void )

Definition at line 300 of file attestation_config.c.

{
    struct ast_sorcery *sorcery = get_sorcery();
 
    ast_sorcery_apply_default(sorcery, CONFIG_TYPE, "config",
        "stir_shaken.conf,criteria=type=" CONFIG_TYPE ",single_object=yes,explicit_name=" CONFIG_TYPE);
 
    if (ast_sorcery_object_register(sorcery, CONFIG_TYPE, attestation_alloc,
            NULL, attestation_apply)) {
        ast_log(LOG_ERROR, "stir/shaken - failed to register '%s' sorcery object\n", CONFIG_TYPE);
        return -1;
    }
 
    ast_sorcery_object_field_register_nodoc(sorcery, CONFIG_TYPE, "type",
        "", OPT_NOOP_T, 0, 0);
 
    ast_sorcery_object_field_register(sorcery, CONFIG_TYPE, "global_disable",
        DEFAULT_global_disable ? "yes" : "no",
        OPT_YESNO_T, 1, FLDSET(struct attestation_cfg, global_disable));
 
    enum_option_register_ex(sorcery, CONFIG_TYPE, unknown_tn_attest_level,
        unknown_tn_attest_level, attest_level,);
 
    register_common_attestation_fields(sorcery, attestation_cfg, CONFIG_TYPE,);
 
    ast_sorcery_load_object(sorcery, CONFIG_TYPE);
 
    if (!as_is_config_loaded()) {
        ast_log(LOG_WARNING,"Stir/Shaken attestation service disabled.  Either there were errors in the 'attestation' object in stir_shaken.conf or it was missing altogether.\n");
    }
    if (!empty_cfg) {
        empty_cfg = attestation_alloc(CONFIG_TYPE);
        if (!empty_cfg) {
            return -1;
        }
        empty_cfg->global_disable = 1;
    }
 
    ast_cli_register_multiple(attestation_cli,
        ARRAY_LEN(attestation_cli));
 
    return 0;
}

References ARRAY_LEN, as_is_config_loaded(), ast_cli_register_multiple, ast_log, ast_sorcery_apply_default, ast_sorcery_load_object(), ast_sorcery_object_field_register, ast_sorcery_object_field_register_nodoc, ast_sorcery_object_register, attestation_alloc(), attestation_apply(), attestation_cli, CONFIG_TYPE, DEFAULT_global_disable, empty_cfg, enum_option_register_ex, FLDSET, get_sorcery(), attestation_cfg::global_disable, LOG_ERROR, LOG_WARNING, NULL, OPT_NOOP_T, OPT_YESNO_T, register_common_attestation_fields, and sorcery.

Referenced by as_load().

◆ as_config_reload()

int as_config_reload ( void )

Definition at line 272 of file attestation_config.c.

{
    struct ast_sorcery *sorcery = get_sorcery();
    ast_sorcery_force_reload_object(sorcery, CONFIG_TYPE);
 
    if (!as_is_config_loaded()) {
        ast_log(LOG_WARNING,"Stir/Shaken attestation service disabled.  Either there were errors in the 'attestation' object in stir_shaken.conf or it was missing altogether.\n");
    }
    if (!empty_cfg) {
        empty_cfg = attestation_alloc(CONFIG_TYPE);
        if (!empty_cfg) {
            return -1;
        }
        empty_cfg->global_disable = 1;
    }
 
    return 0;
}

References as_is_config_loaded(), ast_log, ast_sorcery_force_reload_object(), attestation_alloc(), CONFIG_TYPE, empty_cfg, get_sorcery(), attestation_cfg::global_disable, LOG_WARNING, and sorcery.

Referenced by as_reload().

◆ as_config_unload()

int as_config_unload ( void )

Definition at line 291 of file attestation_config.c.

{
    ast_cli_unregister_multiple(attestation_cli,
        ARRAY_LEN(attestation_cli));
    ao2_cleanup(empty_cfg);
 
    return 0;
}

References ao2_cleanup, ARRAY_LEN, ast_cli_unregister_multiple(), attestation_cli, and empty_cfg.

Referenced by as_unload().

◆ as_copy_cfg_common()

int as_copy_cfg_common	(	const char *	id,
		struct attestation_cfg_common *	cfg_dst,
		struct attestation_cfg_common *	cfg_src
	)

Definition at line 113 of file attestation_config.c.

{
    int rc = 0;
 
    if (!cfg_dst || !cfg_src) {
        return -1;
    }
 
    cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, private_key_file);
    cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, public_cert_url);
 
    cfg_enum_copy(cfg_dst, cfg_src, attest_level);
    cfg_enum_copy(cfg_dst, cfg_src, check_tn_cert_public_url);
    cfg_enum_copy(cfg_dst, cfg_src, send_mky);
 
    if (cfg_src->raw_key) {
        /* Free and overwrite the destination */
        ao2_cleanup(cfg_dst->raw_key);
        cfg_dst->raw_key = ao2_bump(cfg_src->raw_key);
        cfg_dst->raw_key_length = cfg_src->raw_key_length;
    }
 
    return rc;
}

References ao2_bump, ao2_cleanup, cfg_enum_copy, cfg_sf_copy_wrapper, attestation_cfg_common::raw_key, and attestation_cfg_common::raw_key_length.

Referenced by create_effective_profile(), and tn_get_etn().

◆ as_get_cfg()

struct attestation_cfg * as_get_cfg ( void )

Definition at line 43 of file attestation_config.c.

{
    struct attestation_cfg *cfg = ast_sorcery_retrieve_by_id(get_sorcery(),
        CONFIG_TYPE, CONFIG_TYPE);
    if (cfg) {
        return cfg;
    }
 
    return empty_cfg ? ao2_bump(empty_cfg) : NULL;
}

References ao2_bump, ast_sorcery_retrieve_by_id(), CONFIG_TYPE, empty_cfg, get_sorcery(), and NULL.

Referenced by ast_stir_shaken_as_ctx_create(), attestation_show(), and create_effective_profile().

◆ as_is_config_loaded()

int as_is_config_loaded ( void )

Definition at line 54 of file attestation_config.c.

{
    struct attestation_cfg *cfg = ast_sorcery_retrieve_by_id(get_sorcery(),
        CONFIG_TYPE, CONFIG_TYPE);
    ao2_cleanup(cfg);
 
    return !!cfg;
}

References ao2_cleanup, ast_sorcery_retrieve_by_id(), CONFIG_TYPE, and get_sorcery().

Referenced by as_config_load(), as_config_reload(), and attestation_show().

◆ canonicalize_tn()

char * canonicalize_tn	(	const char *	tn,
		char *	dest_tn
	)

Canonicalize a TN.

Parameters

tn	TN to canonicalize
dest_tn	Pointer to destination buffer to receive the new TN

Return values

dest_tn or NULL on failure

Definition at line 267 of file common_config.c.

{
    int i;
    const char *s = tn;
    size_t len = tn ? strlen(tn) : 0;
    char *new_tn = dest_tn;
    SCOPE_ENTER(3, "tn: %s\n", S_OR(tn, "(null)"));
 
    if (ast_strlen_zero(tn)) {
        *dest_tn = '\0';
        SCOPE_EXIT_RTN_VALUE(NULL, "Empty TN\n");
    }
 
    if (!dest_tn) {
        SCOPE_EXIT_RTN_VALUE(NULL, "No destination buffer\n");
    }
 
    for (i = 0; i < len; i++) {
        if (isdigit(*s) || *s == '#' || *s == '*') { /* Only characters allowed */
            *new_tn++ = *s;
        }
        s++;
    }
    *new_tn = '\0';
    SCOPE_EXIT_RTN_VALUE(dest_tn, "Canonicalized '%s' -> '%s'\n", tn, dest_tn);
}

References ast_strlen_zero(), len(), NULL, S_OR, SCOPE_ENTER, and SCOPE_EXIT_RTN_VALUE.

Referenced by canonicalize_tn_alloc().

◆ canonicalize_tn_alloc()

char * canonicalize_tn_alloc ( const char * tn )

Canonicalize a TN into nre buffer.

Parameters

tn	TN to canonicalize

Return values

dest_tn (which must be freed with ast_free) or NULL on failure

Definition at line 294 of file common_config.c.

{
    char *canon_tn = ast_strlen_zero(tn) ? NULL : ast_malloc(strlen(tn) + 1);
    if (!canon_tn) {
        return NULL;
    }
    return canonicalize_tn(tn, canon_tn);
}

References ast_malloc, ast_strlen_zero(), canonicalize_tn(), and NULL.

Referenced by ast_stir_shaken_as_ctx_create(), and ast_stir_shaken_vs_ctx_create().

◆ common_config_load()

int common_config_load ( void )

Definition at line 425 of file common_config.c.

{
    SCOPE_ENTER(2, "Stir Shaken Load\n");
 
    if (!(sorcery = ast_sorcery_open())) {
        common_config_unload();
        SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken sorcery load failed\n");
    }
 
    if (vs_load()) {
        common_config_unload();
        SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken VS load failed\n");
    }
 
    if (as_load()) {
        common_config_unload();
        SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken AS load failed\n");
    }
 
    if (tn_config_load()) {
        common_config_unload();
        SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken TN load failed\n");
    }
 
    if (profile_load()) {
        common_config_unload();
        SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken profile load failed\n");
    }
 
    if (!named_acl_changed_sub) {
        named_acl_changed_sub = stasis_subscribe(ast_security_topic(),
            named_acl_changed_cb, NULL);
        if (!named_acl_changed_sub) {
            common_config_unload();
            SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken acl change subscribe failed\n");
        }
        stasis_subscription_accept_message_type(
            named_acl_changed_sub, ast_named_acl_change_type());
    }
 
    ast_cli_register_multiple(cli_commands, ARRAY_LEN(cli_commands));
 
    SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_SUCCESS, "Stir Shaken Load Done\n");
}

References ARRAY_LEN, as_load(), ast_cli_register_multiple, AST_MODULE_LOAD_DECLINE, AST_MODULE_LOAD_SUCCESS, ast_named_acl_change_type(), ast_security_topic(), ast_sorcery_open, cli_commands, common_config_unload(), named_acl_changed_cb(), named_acl_changed_sub, NULL, profile_load(), SCOPE_ENTER, SCOPE_EXIT_RTN_VALUE, sorcery, stasis_subscribe, stasis_subscription_accept_message_type(), tn_config_load(), and vs_load().

Referenced by load_module().

◆ common_config_reload()

int common_config_reload ( void )

Definition at line 374 of file common_config.c.

{
    SCOPE_ENTER(2, "Stir Shaken Reload\n");
    if (vs_reload()) {
        SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken VS Reload failed\n");
    }
 
    if (as_reload()) {
        SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken AS Reload failed\n");
    }
 
    if (tn_config_reload()) {
        SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken TN Reload failed\n");
    }
 
    if (profile_reload()) {
        SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken Profile Reload failed\n");
    }
 
    SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_SUCCESS, "Stir Shaken Reload Done\n");
}

References as_reload(), AST_MODULE_LOAD_DECLINE, AST_MODULE_LOAD_SUCCESS, profile_reload(), SCOPE_ENTER, SCOPE_EXIT_RTN_VALUE, tn_config_reload(), and vs_reload().

Referenced by named_acl_changed_cb(), and reload_module().

◆ common_config_unload()

int common_config_unload ( void )

Definition at line 396 of file common_config.c.

{
    ast_cli_unregister_multiple(cli_commands, ARRAY_LEN(cli_commands));
 
    profile_unload();
    tn_config_unload();
    as_unload();
    vs_unload();
 
    if (named_acl_changed_sub) {
        stasis_unsubscribe(named_acl_changed_sub);
        named_acl_changed_sub = NULL;
    }
    ast_sorcery_unref(sorcery);
    sorcery = NULL;
 
    return 0;
}

References ARRAY_LEN, as_unload(), ast_cli_unregister_multiple(), ast_sorcery_unref, cli_commands, named_acl_changed_sub, NULL, profile_unload(), sorcery, stasis_unsubscribe(), tn_config_unload(), and vs_unload().

Referenced by common_config_load(), and unload_module().

◆ config_object_cli_show()

int config_object_cli_show	(	void *	obj,
		void *	arg,
		void *	data,
		int	flags
	)

Output configuration settings to the Asterisk CLI.

Parameters

obj	A sorcery object containing configuration data
arg	Asterisk CLI argument object
flags	ao2 container flags

Return values

0

Definition at line 173 of file common_config.c.

{
    struct ast_cli_args *a = arg;
    struct config_object_cli_data *cli_data = data;
    struct ast_variable *options;
    struct ast_variable *i;
    const char *title = NULL;
    const char *cfg_name = NULL;
    int max_name_len = 0;
 
    if (!obj) {
        ast_cli(a->fd, "No stir/shaken configuration found\n");
        return 0;
    }
 
    if (!ast_strlen_zero(cli_data->title)) {
        title = cli_data->title;
    } else {
        title = ast_sorcery_object_get_type(obj);
    }
    max_name_len = strlen(title);
 
    if (cli_data->object_type == config_object_type_profile
        || cli_data->object_type == config_object_type_tn) {
        cfg_name = ast_sorcery_object_get_id(obj);
        max_name_len += strlen(cfg_name) + 2 /* ": " */;
    }
 
    options = ast_variable_list_sort(ast_sorcery_objectset_create2(
        get_sorcery(), obj, AST_HANDLER_ONLY_STRING));
    if (!options) {
        return 0;
    }
 
    for (i = options; i; i = i->next) {
        int nlen = strlen(i->name);
        max_name_len = (nlen > max_name_len) ? nlen : max_name_len;
    }
 
    ast_cli(a->fd, "\n==============================================================================\n");
    if (ast_strlen_zero(cfg_name))  {
        ast_cli(a->fd, "%s\n", title);
    } else {
        ast_cli(a->fd, "%s: %s\n", title, cfg_name);
    }
    ast_cli(a->fd, "------------------------------------------------------------------------------\n");
 
    for (i = options; i; i = i->next) {
        if (!ast_strings_equal(i->name, "x5u_acl")) {
            ast_cli(a->fd, "%-*s: %s\n", max_name_len, i->name,
                translate_value(i->value));
        }
    }
 
    ast_variables_destroy(options);
 
    if (cli_data->object_type == config_object_type_profile) {
        struct profile_cfg *cfg = obj;
        print_acl_cert_store(cfg, a, max_name_len);
    } else if (cli_data->object_type == config_object_type_verification) {
        struct verification_cfg *cfg = obj;
        print_acl_cert_store(cfg, a, max_name_len);
    }
    ast_cli(a->fd, "---------------------------------------------\n\n"); \
 
    return 0;
}

References a, ast_cli(), AST_HANDLER_ONLY_STRING, ast_sorcery_object_get_id(), ast_sorcery_object_get_type(), ast_sorcery_objectset_create2(), ast_strings_equal(), ast_strlen_zero(), ast_variable_list_sort(), ast_variables_destroy(), config_object_type_profile, config_object_type_tn, config_object_type_verification, get_sorcery(), ast_variable::name, ast_variable::next, NULL, config_object_cli_data::object_type, options, print_acl_cert_store, config_object_cli_data::title, translate_value(), and ast_variable::value.

Referenced by attestation_show(), cli_eprofile_show(), cli_eprofile_show_all(), cli_profile_show(), cli_profile_show_all(), cli_tn_show(), cli_tn_show_all(), and cli_verification_show().

◆ config_object_tab_complete_name()

char * config_object_tab_complete_name	(	const char *	word,
		struct ao2_container *	container
	)

Tab completion for name matching with STIR/SHAKEN CLI commands.

Parameters

word	The word to tab complete on
container	The sorcery container to iterate through

Return values

The	tab completion options

Definition at line 241 of file common_config.c.

{
    void *obj;
    struct ao2_iterator it;
    int wordlen = strlen(word);
    int ret;
 
    it = ao2_iterator_init(container, 0);
    while ((obj = ao2_iterator_next(&it))) {
        if (!strncasecmp(word, ast_sorcery_object_get_id(obj), wordlen)) {
            ret = ast_cli_completion_add(ast_strdup(ast_sorcery_object_get_id(obj)));
            if (ret) {
                ao2_ref(obj, -1);
                break;
            }
        }
        ao2_ref(obj, -1);
    }
    ao2_iterator_destroy(&it);
 
    return NULL;
}

References ao2_iterator_destroy(), ao2_iterator_init(), ao2_iterator_next, ao2_ref, ast_cli_completion_add(), ast_sorcery_object_get_id(), ast_strdup, container, and NULL.

Referenced by cli_eprofile_show(), cli_profile_show(), cli_tn_show(), and cli_verify_cert().

◆ eprofile_get_all()

struct ao2_container * eprofile_get_all ( void )

Definition at line 121 of file profile_config.c.

{
    return ast_sorcery_retrieve_by_fields(get_sorcery(), "eprofile",
        AST_RETRIEVE_FLAG_MULTIPLE | AST_RETRIEVE_FLAG_ALL, NULL);
}

References AST_RETRIEVE_FLAG_ALL, AST_RETRIEVE_FLAG_MULTIPLE, ast_sorcery_retrieve_by_fields(), get_sorcery(), and NULL.

Referenced by cli_eprofile_show(), and cli_eprofile_show_all().

◆ eprofile_get_cfg()

struct profile_cfg * eprofile_get_cfg ( const char * id )

Definition at line 127 of file profile_config.c.

{
    if (ast_strlen_zero(id)) {
        return NULL;
    }
    return ast_sorcery_retrieve_by_id(get_sorcery(), "eprofile", id);
}

References ast_sorcery_retrieve_by_id(), ast_strlen_zero(), get_sorcery(), and NULL.

Referenced by ast_stir_shaken_as_ctx_create(), ast_stir_shaken_vs_ctx_create(), and cli_eprofile_show().

◆ generate_bool_string_prototypes() [1/7]

generate_bool_string_prototypes ( check_tn_cert_public_url )

◆ generate_bool_string_prototypes() [2/7]

generate_bool_string_prototypes ( ignore_sip_date_header )

◆ generate_bool_string_prototypes() [3/7]

generate_bool_string_prototypes ( load_system_certs )

◆ generate_bool_string_prototypes() [4/7]

generate_bool_string_prototypes ( relax_x5u_path_restrictions )

◆ generate_bool_string_prototypes() [5/7]

generate_bool_string_prototypes ( relax_x5u_port_scheme_restrictions )

◆ generate_bool_string_prototypes() [6/7]

generate_bool_string_prototypes ( send_mky )

◆ generate_bool_string_prototypes() [7/7]

generate_bool_string_prototypes ( use_rfc9410_responses )

◆ generate_enum_string_prototypes() [1/2]

generate_enum_string_prototypes	(	attest_level	,
		attest_level_UNKNOWN	= `-1`,
		attest_level_NOT_SET	= `0`,
		attest_level_A	,
		attest_level_B	,
		attest_level_C
	)

◆ generate_enum_string_prototypes() [2/2]

generate_enum_string_prototypes	(	endpoint_behavior	,
		endpoint_behavior_UNKNOWN	= `-1`,
		endpoint_behavior_OFF	= `0`,
		endpoint_behavior_ATTEST	,
		endpoint_behavior_VERIFY	,
		endpoint_behavior_ON	,
		endpoint_behavior_NOT_SET
	)

◆ get_default_acl_list()

struct ast_acl_list * get_default_acl_list ( void )

◆ profile_get_all()

struct ao2_container * profile_get_all ( void )

Definition at line 107 of file profile_config.c.

{
    return ast_sorcery_retrieve_by_fields(get_sorcery(), CONFIG_TYPE,
        AST_RETRIEVE_FLAG_MULTIPLE | AST_RETRIEVE_FLAG_ALL, NULL);
}

References AST_RETRIEVE_FLAG_ALL, AST_RETRIEVE_FLAG_MULTIPLE, ast_sorcery_retrieve_by_fields(), CONFIG_TYPE, get_sorcery(), and NULL.

Referenced by cli_profile_show(), cli_profile_show_all(), and cli_verify_cert().

◆ profile_get_cfg()

struct profile_cfg * profile_get_cfg ( const char * id )

Definition at line 113 of file profile_config.c.

{
    if (ast_strlen_zero(id)) {
        return NULL;
    }
    return ast_sorcery_retrieve_by_id(get_sorcery(), CONFIG_TYPE, id);
}

References ast_sorcery_retrieve_by_id(), ast_strlen_zero(), CONFIG_TYPE, get_sorcery(), and NULL.

Referenced by cli_profile_show(), and cli_verify_cert().

◆ profile_load()

int profile_load ( void )

Definition at line 440 of file profile_config.c.

{
    struct ast_sorcery *sorcery = get_sorcery();
    enum ast_sorcery_apply_result apply_rc;
 
    /*
     * eprofile MUST be registered first because profile needs it.
     */
    apply_rc = ast_sorcery_apply_default(sorcery, "eprofile", "memory", NULL);
    if (apply_rc != AST_SORCERY_APPLY_SUCCESS) {
        abort();
    }
    if (ast_sorcery_internal_object_register(sorcery, "eprofile",
        profile_alloc, NULL, eprofile_apply)) {
        ast_log(LOG_ERROR, "stir/shaken - failed to register '%s' sorcery object\n", "eprofile");
        return -1;
    }
 
    ast_sorcery_object_field_register_nodoc(sorcery, "eprofile", "type", "", OPT_NOOP_T, 0, 0);
    enum_option_register(sorcery, "eprofile", endpoint_behavior, _nodoc);
    enum_option_register_ex(sorcery, "eprofile", unknown_tn_attest_level,
        unknown_tn_attest_level, attest_level,_nodoc);
 
    register_common_verification_fields(sorcery, profile_cfg, "eprofile", _nodoc);
    register_common_attestation_fields(sorcery, profile_cfg, "eprofile", _nodoc);
 
    /*
     * Now we can do profile
     */
    ast_sorcery_apply_default(sorcery, CONFIG_TYPE, "config", "stir_shaken.conf,criteria=type=profile");
    if (ast_sorcery_object_register(sorcery, CONFIG_TYPE, profile_alloc,
        NULL, profile_apply)) {
        ast_log(LOG_ERROR, "stir/shaken - failed to register '%s' sorcery object\n", CONFIG_TYPE);
        return -1;
    }
 
    ast_sorcery_object_field_register(sorcery, CONFIG_TYPE, "type", "", OPT_NOOP_T, 0, 0);
    enum_option_register(sorcery, CONFIG_TYPE, endpoint_behavior,);
    enum_option_register_ex(sorcery, CONFIG_TYPE, unknown_tn_attest_level,
        unknown_tn_attest_level, attest_level,);
 
    register_common_verification_fields(sorcery, profile_cfg, CONFIG_TYPE,);
    register_common_attestation_fields(sorcery, profile_cfg, CONFIG_TYPE,);
 
    ast_sorcery_load_object(sorcery, CONFIG_TYPE);
    ast_sorcery_load_object(sorcery, "eprofile");
 
    ast_cli_register_multiple(stir_shaken_profile_cli,
        ARRAY_LEN(stir_shaken_profile_cli));
 
    return 0;
}

References ARRAY_LEN, ast_cli_register_multiple, ast_log, ast_sorcery_apply_default, AST_SORCERY_APPLY_SUCCESS, ast_sorcery_internal_object_register, ast_sorcery_load_object(), ast_sorcery_object_field_register, ast_sorcery_object_field_register_nodoc, ast_sorcery_object_register, CONFIG_TYPE, enum_option_register, enum_option_register_ex, eprofile_apply(), get_sorcery(), LOG_ERROR, NULL, OPT_NOOP_T, profile_alloc(), profile_apply(), register_common_attestation_fields, register_common_verification_fields, sorcery, and stir_shaken_profile_cli.

Referenced by common_config_load().

◆ profile_reload()

int profile_reload ( void )

Definition at line 424 of file profile_config.c.

{
    struct ast_sorcery *sorcery = get_sorcery();
    ast_sorcery_force_reload_object(sorcery, CONFIG_TYPE);
    ast_sorcery_force_reload_object(sorcery, "eprofile");
    return 0;
}

References ast_sorcery_force_reload_object(), CONFIG_TYPE, get_sorcery(), and sorcery.

Referenced by common_config_reload().

◆ profile_unload()

int profile_unload ( void )

Definition at line 432 of file profile_config.c.

{
    ast_cli_unregister_multiple(stir_shaken_profile_cli,
        ARRAY_LEN(stir_shaken_profile_cli));
 
    return 0;
}

References ARRAY_LEN, ast_cli_unregister_multiple(), and stir_shaken_profile_cli.

Referenced by common_config_unload().

◆ stir_shaken_failure_action_from_str()

enum stir_shaken_failure_action_enum stir_shaken_failure_action_from_str ( const char * action_str )

◆ stir_shaken_failure_action_to_str()

const char * stir_shaken_failure_action_to_str ( enum stir_shaken_failure_action_enum action )

◆ tn_config_load()

int tn_config_load ( void )

Definition at line 268 of file tn_config.c.

{
    struct ast_sorcery *sorcery = get_sorcery();
 
    ast_sorcery_apply_default(sorcery, CONFIG_TYPE, "config", "stir_shaken.conf,criteria=type=tn");
 
    if (ast_sorcery_object_register(sorcery, CONFIG_TYPE, tn_alloc,
            NULL, tn_apply)) {
        ast_log(LOG_ERROR, "stir/shaken - failed to register '%s' sorcery object\n", CONFIG_TYPE);
        return AST_MODULE_LOAD_DECLINE;
    }
 
    ast_sorcery_object_field_register(sorcery, CONFIG_TYPE, "type", "",
        OPT_NOOP_T, 0, 0);
 
    register_common_attestation_fields(sorcery, tn_cfg, CONFIG_TYPE,);
 
    ast_sorcery_load_object(sorcery, CONFIG_TYPE);
 
    ast_cli_register_multiple(stir_shaken_certificate_cli,
        ARRAY_LEN(stir_shaken_certificate_cli));
 
    return AST_MODULE_LOAD_SUCCESS;
}

References ARRAY_LEN, ast_cli_register_multiple, ast_log, AST_MODULE_LOAD_DECLINE, AST_MODULE_LOAD_SUCCESS, ast_sorcery_apply_default, ast_sorcery_load_object(), ast_sorcery_object_field_register, ast_sorcery_object_register, CONFIG_TYPE, get_sorcery(), LOG_ERROR, NULL, OPT_NOOP_T, register_common_attestation_fields, sorcery, stir_shaken_certificate_cli, tn_alloc(), and tn_apply().

Referenced by common_config_load().

◆ tn_config_reload()

int tn_config_reload ( void )

Definition at line 253 of file tn_config.c.

{
    struct ast_sorcery *sorcery = get_sorcery();
    ast_sorcery_force_reload_object(sorcery, CONFIG_TYPE);
    return AST_MODULE_LOAD_SUCCESS;
}

References AST_MODULE_LOAD_SUCCESS, ast_sorcery_force_reload_object(), CONFIG_TYPE, get_sorcery(), and sorcery.

Referenced by common_config_reload().

◆ tn_config_unload()

int tn_config_unload ( void )

Definition at line 260 of file tn_config.c.

{
    ast_cli_unregister_multiple(stir_shaken_certificate_cli,
        ARRAY_LEN(stir_shaken_certificate_cli));
 
    return 0;
}

References ARRAY_LEN, ast_cli_unregister_multiple(), and stir_shaken_certificate_cli.

Referenced by common_config_unload().

◆ tn_get_cfg()

struct tn_cfg * tn_get_cfg ( const char * tn )

Definition at line 39 of file tn_config.c.

{
    return ast_sorcery_retrieve_by_id(get_sorcery(), CONFIG_TYPE, id);
}

References ast_sorcery_retrieve_by_id(), CONFIG_TYPE, and get_sorcery().

Referenced by cli_tn_show().

◆ tn_get_etn()

struct tn_cfg * tn_get_etn	(	const char *	tn,
		struct profile_cfg *	eprofile
	)

Definition at line 111 of file tn_config.c.

{
    const char *profile_id = eprofile ? ast_sorcery_object_get_id(eprofile) : "unknown";
    RAII_VAR(struct tn_cfg *, tn,
        ast_sorcery_retrieve_by_id(get_sorcery(), CONFIG_TYPE, S_OR(id, "")),
        ao2_cleanup);
    RAII_VAR(struct tn_cfg *, etn, etn_alloc(id), ao2_cleanup);
    enum attest_level_enum effective_al = attest_level_NOT_SET;
    int rc = 0;
    SCOPE_ENTER(3, "%s:%s: Getting effective TN\n", profile_id, S_OR(id, ""));
 
    if (ast_strlen_zero(id) || !eprofile || !etn) {
        SCOPE_EXIT_RTN_VALUE(NULL, "Missing params\n");
    }
 
    if (!tn) {
        if (eprofile->unknown_tn_attest_level != attest_level_NOT_SET
            && eprofile->unknown_tn_attest_level != attest_level_UNKNOWN) {
            effective_al = eprofile->unknown_tn_attest_level;
            ast_trace(-1, "%s:%s: TN not found. Using unknown_tn_attest_level %s\n",
                profile_id, id, attest_level_to_str(effective_al));
        } else {
            SCOPE_EXIT_RTN_VALUE(NULL, "%s:%s: TN not found and unknown_tn_attest_level not set\n", profile_id, id);
        }
    }
 
    /* Initialize with the acfg from the eprofile first */
    rc = as_copy_cfg_common(id, &etn->acfg_common,
        &eprofile->acfg_common);
    if (rc != 0) {
        SCOPE_EXIT_RTN_VALUE(NULL, "%s:%s: Couldn't copy from eprofile\n", profile_id, id);
    }
 
    /* Overwrite with anything in the TN itself */
    if (tn) {
        rc = as_copy_cfg_common(id, &etn->acfg_common,
            &tn->acfg_common);
        if (rc != 0) {
            SCOPE_EXIT_RTN_VALUE(NULL, "%s:%s: Couldn't copy from tn\n", profile_id, id);
        }
    } else {
        etn->acfg_common.attest_level = effective_al;
    }
 
    /*
     * Unlike profile, we're not going to actually add a
     * new object to sorcery because, although unlikely,
     * the same TN could be used with multiple profiles.
     */
 
    SCOPE_EXIT_RTN_VALUE(ao2_bump(etn), "%s:%s: Done\n", profile_id, id);
}

References profile_cfg::acfg_common, ao2_bump, ao2_cleanup, as_copy_cfg_common(), ast_sorcery_object_get_id(), ast_sorcery_retrieve_by_id(), ast_strlen_zero(), ast_trace, CONFIG_TYPE, etn_alloc(), get_sorcery(), NULL, RAII_VAR, S_OR, SCOPE_ENTER, SCOPE_EXIT_RTN_VALUE, and profile_cfg::unknown_tn_attest_level.

Referenced by ast_stir_shaken_as_ctx_create().

◆ unknown_tn_attest_level_from_str()

enum attest_level_enum unknown_tn_attest_level_from_str ( const char * value )

◆ unknown_tn_attest_level_to_str()

const char * unknown_tn_attest_level_to_str ( enum attest_level_enum value )

◆ vcfg_cleanup()

void vcfg_cleanup ( struct verification_cfg_common * cfg )

Definition at line 77 of file verification_config.c.

{
    if (!vcfg_common) {
        return;
    }
    ast_string_field_free_memory(vcfg_common);
    if (vcfg_common->tcs) {
        crypto_free_cert_store(vcfg_common->tcs);
    }
    ast_free_acl_list(vcfg_common->acl);
}

References verification_cfg_common::acl, ast_free_acl_list(), ast_string_field_free_memory, crypto_free_cert_store, verification_cfg_common::tcs, and verification_cfg::vcfg_common.

Referenced by profile_destructor(), and verification_destructor().

◆ vs_check_common_config()

int vs_check_common_config	(	const char *	id,
		struct verification_cfg_common *	vcfg_common
	)

Definition at line 167 of file verification_config.c.

{
    SCOPE_ENTER(3, "%s: Checking common config\n", id);
 
    if (!ast_strlen_zero(vcfg_common->ca_file)
        && !ast_file_is_readable(vcfg_common->ca_file)) {
        SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
            "%s: ca_file '%s' not found, or is unreadable\n",
            id, vcfg_common->ca_file);
    }
 
    if (!ast_strlen_zero(vcfg_common->ca_path)
        && !ast_file_is_readable(vcfg_common->ca_path)) {
        SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
            "%s: ca_path '%s' not found, or is unreadable\n",
            id, vcfg_common->ca_path);
    }
 
    if (!ast_strlen_zero(vcfg_common->crl_file)
        && !ast_file_is_readable(vcfg_common->crl_file)) {
        SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
            "%s: crl_file '%s' not found, or is unreadable\n",
            id, vcfg_common->crl_file);
    }
 
    if (!ast_strlen_zero(vcfg_common->crl_path)
        && !ast_file_is_readable(vcfg_common->crl_path)) {
        SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
            "%s: crl_path '%s' not found, or is unreadable\n",
            id, vcfg_common->crl_path);
    }
 
    if (!ast_strlen_zero(vcfg_common->untrusted_cert_file)
        && !ast_file_is_readable(vcfg_common->untrusted_cert_file)) {
        SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
            "%s: untrusted_cert_file '%s' not found, or is unreadable\n",
            id, vcfg_common->untrusted_cert_file);
    }
 
    if (!ast_strlen_zero(vcfg_common->untrusted_cert_path)
        && !ast_file_is_readable(vcfg_common->untrusted_cert_path)) {
        SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
            "%s: untrusted_cert_path '%s' not found, or is unreadable\n",
            id, vcfg_common->untrusted_cert_path);
    }
 
    if (!ast_strlen_zero(vcfg_common->ca_file)
        || !ast_strlen_zero(vcfg_common->ca_path)) {
        int rc = 0;
 
        if (!vcfg_common->tcs) {
            vcfg_common->tcs = crypto_create_cert_store();
            if (!vcfg_common->tcs) {
                SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
                    "%s: Unable to create CA cert store\n", id);
            }
        }
        rc = crypto_load_cert_store(vcfg_common->tcs,
            vcfg_common->ca_file, vcfg_common->ca_path);
        if (rc != 0) {
            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
                "%s: Unable to load CA cert store from '%s' or '%s'\n",
                id, vcfg_common->ca_file, vcfg_common->ca_path);
        }
    }
 
    if (!ast_strlen_zero(vcfg_common->crl_file)
        || !ast_strlen_zero(vcfg_common->crl_path)) {
        int rc = 0;
 
        if (!vcfg_common->tcs) {
            vcfg_common->tcs = crypto_create_cert_store();
            if (!vcfg_common->tcs) {
                SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
                    "%s: Unable to create CA cert store\n", id);
            }
        }
        rc = crypto_load_crl_store(vcfg_common->tcs,
            vcfg_common->crl_file, vcfg_common->crl_path);
        if (rc != 0) {
            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
                "%s: Unable to load CA CRL store from '%s' or '%s'\n",
                id, vcfg_common->crl_file, vcfg_common->crl_path);
        }
    }
 
    if (!ast_strlen_zero(vcfg_common->untrusted_cert_file)
        || !ast_strlen_zero(vcfg_common->untrusted_cert_path)) {
        int rc = 0;
 
        if (!vcfg_common->tcs) {
            vcfg_common->tcs = crypto_create_cert_store();
            if (!vcfg_common->tcs) {
                SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
                    "%s: Unable to create CA cert store\n", id);
            }
        }
        rc = crypto_load_untrusted_cert_store(vcfg_common->tcs,
            vcfg_common->untrusted_cert_file, vcfg_common->untrusted_cert_path);
        if (rc != 0) {
            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
                "%s: Unable to load CA CRL store from '%s' or '%s'\n",
                id, vcfg_common->untrusted_cert_file, vcfg_common->untrusted_cert_path);
        }
    }
 
    if (vcfg_common->tcs) {
        if (ENUM_BOOL(vcfg_common->load_system_certs, load_system_certs)) {
            X509_STORE_set_default_paths(vcfg_common->tcs->certs);
        }
 
        if (!ast_strlen_zero(vcfg_common->crl_file)
            || !ast_strlen_zero(vcfg_common->crl_path)) {
            X509_STORE_set_flags(vcfg_common->tcs->certs, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_EXTENDED_CRL_SUPPORT);
        }
    }
 
    if (!ast_strlen_zero(vcfg_common->cert_cache_dir)) {
        FILE *fp;
        char *testfile;
 
        if (ast_asprintf(&testfile, "%s/testfile", vcfg_common->cert_cache_dir) <= 0) {
            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
                "%s: Unable to allocate memory for testfile\n", id);
        }
 
        fp = fopen(testfile, "w+");
        if (!fp) {
            ast_free(testfile);
            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
                "%s: cert_cache_dir '%s' was not writable\n",
                id, vcfg_common->cert_cache_dir);
        }
        fclose(fp);
        remove(testfile);
        ast_free(testfile);
    }
 
    SCOPE_EXIT_RTN_VALUE(0, "%s: Done\n", id);
}

Referenced by profile_apply(), and verification_apply().

◆ vs_config_load()

int vs_config_load ( void )

Definition at line 446 of file verification_config.c.

{
    struct ast_sorcery *sorcery = get_sorcery();
 
    snprintf(DEFAULT_cert_cache_dir, sizeof(DEFAULT_cert_cache_dir), "%s/keys/%s/cache",
        ast_config_AST_DATA_DIR, STIR_SHAKEN_DIR_NAME);
 
    ast_sorcery_apply_default(sorcery, CONFIG_TYPE, "config",
        "stir_shaken.conf,criteria=type=" CONFIG_TYPE ",single_object=yes,explicit_name=" CONFIG_TYPE);
 
    if (ast_sorcery_object_register(sorcery, CONFIG_TYPE, verification_alloc,
            NULL, verification_apply)) {
        ast_log(LOG_ERROR, "stir/shaken - failed to register '%s' sorcery object\n", CONFIG_TYPE);
        return -1;
    }
 
    ast_sorcery_object_field_register_nodoc(sorcery, CONFIG_TYPE, "type", "",
        OPT_NOOP_T, 0, 0);
 
    ast_sorcery_object_field_register(sorcery, CONFIG_TYPE, "global_disable",
        DEFAULT_global_disable ? "yes" : "no",
        OPT_YESNO_T, 1, FLDSET(struct verification_cfg, global_disable));
 
    register_common_verification_fields(sorcery, verification_cfg, CONFIG_TYPE,);
 
    ast_sorcery_load_object(sorcery, CONFIG_TYPE);
 
    if (!vs_is_config_loaded()) {
        ast_log(LOG_WARNING,"Stir/Shaken verification service disabled.  Either there were errors in the 'verification' object in stir_shaken.conf or it was missing altogether.\n");
    }
    if (!empty_cfg) {
        empty_cfg = verification_alloc(CONFIG_TYPE);
        if (!empty_cfg) {
            return -1;
        }
        empty_cfg->global_disable = 1;
    }
 
    ast_cli_register_multiple(verification_cli,
        ARRAY_LEN(verification_cli));
 
    return 0;
}

References ARRAY_LEN, ast_cli_register_multiple, ast_config_AST_DATA_DIR, ast_log, ast_sorcery_apply_default, ast_sorcery_load_object(), ast_sorcery_object_field_register, ast_sorcery_object_field_register_nodoc, ast_sorcery_object_register, CONFIG_TYPE, DEFAULT_cert_cache_dir, DEFAULT_global_disable, empty_cfg, FLDSET, get_sorcery(), verification_cfg::global_disable, LOG_ERROR, LOG_WARNING, NULL, OPT_NOOP_T, OPT_YESNO_T, register_common_verification_fields, sorcery, STIR_SHAKEN_DIR_NAME, verification_alloc(), verification_apply(), verification_cli, and vs_is_config_loaded().

Referenced by vs_load().

◆ vs_config_reload()

int vs_config_reload ( void )

Definition at line 418 of file verification_config.c.

{
    struct ast_sorcery *sorcery = get_sorcery();
    ast_sorcery_force_reload_object(sorcery, CONFIG_TYPE);
 
    if (!vs_is_config_loaded()) {
        ast_log(LOG_WARNING,"Stir/Shaken verification service disabled.  Either there were errors in the 'verification' object in stir_shaken.conf or it was missing altogether.\n");
    }
    if (!empty_cfg) {
        empty_cfg = verification_alloc(CONFIG_TYPE);
        if (!empty_cfg) {
            return -1;
        }
        empty_cfg->global_disable = 1;
    }
 
    return 0;
}

References ast_log, ast_sorcery_force_reload_object(), CONFIG_TYPE, empty_cfg, get_sorcery(), verification_cfg::global_disable, LOG_WARNING, sorcery, verification_alloc(), and vs_is_config_loaded().

Referenced by vs_reload().

◆ vs_config_unload()

int vs_config_unload ( void )

Definition at line 437 of file verification_config.c.

{
    ast_cli_unregister_multiple(verification_cli,
        ARRAY_LEN(verification_cli));
    ao2_cleanup(empty_cfg);
 
    return 0;
}

References ao2_cleanup, ARRAY_LEN, ast_cli_unregister_multiple(), empty_cfg, and verification_cli.

Referenced by vs_unload().

◆ vs_copy_cfg_common()

int vs_copy_cfg_common	(	const char *	id,
		struct verification_cfg_common *	cfg_dst,
		struct verification_cfg_common *	cfg_src
	)

Definition at line 124 of file verification_config.c.

{
    int rc = 0;
 
    if (!cfg_dst || !cfg_src) {
        return -1;
    }
 
    if (!cfg_dst->tcs && cfg_src->tcs) {
        cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, ca_file);
        cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, ca_path);
        cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, crl_file);
        cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, crl_path);
        cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, untrusted_cert_file);
        cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, untrusted_cert_path);
        ao2_bump(cfg_src->tcs);
        cfg_dst->tcs = cfg_src->tcs;
    }
 
    cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, cert_cache_dir);
 
    cfg_uint_copy(cfg_dst, cfg_src, curl_timeout);
    cfg_uint_copy(cfg_dst, cfg_src, max_iat_age);
    cfg_uint_copy(cfg_dst, cfg_src, max_date_header_age);
    cfg_uint_copy(cfg_dst, cfg_src, max_cache_entry_age);
    cfg_uint_copy(cfg_dst, cfg_src, max_cache_size);
 
    cfg_enum_copy(cfg_dst, cfg_src, stir_shaken_failure_action);
    cfg_enum_copy(cfg_dst, cfg_src, use_rfc9410_responses);
    cfg_enum_copy(cfg_dst, cfg_src, relax_x5u_port_scheme_restrictions);
    cfg_enum_copy(cfg_dst, cfg_src, relax_x5u_path_restrictions);
    cfg_enum_copy(cfg_dst, cfg_src, load_system_certs);
    cfg_enum_copy(cfg_dst, cfg_src, ignore_sip_date_header);
 
    if (cfg_src->acl) {
        ast_free_acl_list(cfg_dst->acl);
        cfg_dst->acl = ast_duplicate_acl_list(cfg_src->acl);
    }
 
    return rc;
}

References verification_cfg_common::acl, ao2_bump, ast_duplicate_acl_list(), ast_free_acl_list(), cfg_enum_copy, cfg_sf_copy_wrapper, cfg_uint_copy, and verification_cfg_common::tcs.

Referenced by create_effective_profile().

◆ vs_get_cfg()

struct verification_cfg * vs_get_cfg ( void )

Definition at line 55 of file verification_config.c.

{
    struct verification_cfg *cfg = ast_sorcery_retrieve_by_id(get_sorcery(),
        CONFIG_TYPE, CONFIG_TYPE);
    if (cfg) {
        return cfg;
    }
 
    return empty_cfg ? ao2_bump(empty_cfg) : NULL;
}

References ao2_bump, ast_sorcery_retrieve_by_id(), CONFIG_TYPE, empty_cfg, get_sorcery(), and NULL.

Referenced by add_cert_expiration_to_astdb(), ast_stir_shaken_vs_ctx_create(), cli_verification_show(), cli_verify_cert(), and create_effective_profile().

◆ vs_is_config_loaded()

int vs_is_config_loaded ( void )

Definition at line 66 of file verification_config.c.

{
    struct verification_cfg *cfg = ast_sorcery_retrieve_by_id(get_sorcery(),
        CONFIG_TYPE, CONFIG_TYPE);
    ao2_cleanup(cfg);
 
    return !!cfg;
}

References ao2_cleanup, ast_sorcery_retrieve_by_id(), CONFIG_TYPE, and get_sorcery().

Referenced by cli_verification_show(), vs_config_load(), and vs_config_reload().

Data Structures

Macros

Enumerations

Functions

Macro Definition Documentation

◆ cfg_enum_copy

◆ cfg_enum_copy_ex

◆ cfg_sf_copy_wrapper

◆ cfg_stringfield_copy

◆ cfg_uint_copy

◆ EFFECTIVE_ENUM

◆ EFFECTIVE_ENUM_BOOL

◆ ENUM_BOOL

◆ enum_option_register

◆ enum_option_register_ex

◆ generate_acfg_common_sorcery_handlers

◆ generate_bool_string_prototypes

◆ generate_enum_string_prototypes

◆ generate_sorcery_acl_from_str

◆ generate_sorcery_acl_to_str

◆ generate_sorcery_enum_from_str

◆ generate_sorcery_enum_from_str_ex

◆ generate_sorcery_enum_to_str

◆ generate_sorcery_enum_to_str_ex

◆ generate_vcfg_common_sorcery_handlers

◆ PROFILE_ALLOW_ATTEST

◆ PROFILE_ALLOW_VERIFY

◆ register_common_attestation_fields

◆ register_common_verification_fields

◆ stringfield_option_register

◆ uint_option_register

Enumeration Type Documentation

◆ config_object_type

Function Documentation

◆ acfg_cleanup()

◆ as_check_common_config()

◆ as_config_load()

◆ as_config_reload()

◆ as_config_unload()

◆ as_copy_cfg_common()

◆ as_get_cfg()

◆ as_is_config_loaded()

◆ canonicalize_tn()

◆ canonicalize_tn_alloc()

◆ common_config_load()

◆ common_config_reload()

◆ common_config_unload()

◆ config_object_cli_show()

◆ config_object_tab_complete_name()

◆ eprofile_get_all()

◆ eprofile_get_cfg()

◆ generate_bool_string_prototypes() [1/7]

◆ generate_bool_string_prototypes() [2/7]

◆ generate_bool_string_prototypes() [3/7]

◆ generate_bool_string_prototypes() [4/7]

◆ generate_bool_string_prototypes() [5/7]

◆ generate_bool_string_prototypes() [6/7]

◆ generate_bool_string_prototypes() [7/7]

◆ generate_enum_string_prototypes() [1/2]

◆ generate_enum_string_prototypes() [2/2]

◆ get_default_acl_list()

◆ profile_get_all()

◆ profile_get_cfg()

◆ profile_load()

◆ profile_reload()

◆ profile_unload()

◆ stir_shaken_failure_action_from_str()

◆ stir_shaken_failure_action_to_str()

◆ tn_config_load()

◆ tn_config_reload()

◆ tn_config_unload()

◆ tn_get_cfg()

◆ tn_get_etn()

◆ unknown_tn_attest_level_from_str()

◆ unknown_tn_attest_level_to_str()

◆ vcfg_cleanup()

◆ vs_check_common_config()

◆ vs_config_load()

◆ vs_config_reload()

◆ vs_config_unload()