#include <openssl/evp.h>
#include "asterisk.h"
#include "asterisk/paths.h"
#include "asterisk/sorcery.h"
#include "asterisk/stringfields.h"

Include dependency graph for common_config.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures
struct	attestation_cfg

struct	attestation_cfg_common
	Attestation Service configuration for stir/shaken. More...

struct	config_object_cli_data

struct	profile_cfg
	Profile configuration for stir/shaken. More...

struct	tn_cfg
	TN configuration for stir/shaken. More...

struct	verification_cfg

struct	verification_cfg_common
	Verification Service configuration for stir/shaken. More...

Macros
#define	cfg_enum_copy(__cfg_dst, __cfg_src, __field)
	cfg_enum_copy More...

#define	cfg_sf_copy_wrapper(id, __cfg_dst, __cfg_src, __field)
	cfg_copy_wrapper More...

#define	cfg_stringfield_copy(__cfg_dst, __cfg_src, __field)
	Common config copy utilities. More...

#define	cfg_uint_copy(__cfg_dst, __cfg_src, __field)
	cfg_uint_copy More...

#define	EFFECTIVE_ENUM(__enum1, __enum2, __field, __default)

#define	EFFECTIVE_ENUM_BOOL(__enum1, __enum2, __field, __default)

#define	ENUM_BOOL(__enum1, __field) (__enum1 == ( __field ## _ ## YES ))

#define	enum_option_register(sorcery, CONFIG_TYPE, name, nodoc) enum_option_register_ex(sorcery, CONFIG_TYPE, name, name, nodoc)

#define	enum_option_register_ex(sorcery, CONFIG_TYPE, name, field, nodoc)

#define	generate_acfg_common_sorcery_handlers(object)

#define	generate_bool_string_prototypes(param_name)
	Boolean field to/from string prototype generator. More...

#define	generate_enum_string_prototypes(param_name, ...)
	Enum field to/from string prototype generator. More...

#define	generate_sorcery_acl_from_str(__struct, __lc_param, __unknown)

#define	generate_sorcery_acl_to_str(__struct, __lc_param)

#define	generate_sorcery_enum_from_str(__struct, __substruct, __lc_param, __unknown) generate_sorcery_enum_from_str_ex(__struct, __substruct, __lc_param, __lc_param ## _ ## __unknown) \

#define	generate_sorcery_enum_from_str_ex(__struct, __substruct, __lc_param, __unknown)

#define	generate_sorcery_enum_to_str(__struct, __substruct, __lc_param)
	Enum sorcery handler generator. More...

#define	generate_vcfg_common_sorcery_handlers(object)

#define	PROFILE_ALLOW_ATTEST(__profile)

#define	PROFILE_ALLOW_VERIFY(__profile)

#define	register_common_attestation_fields(sorcery, object, CONFIG_TYPE, nodoc)

#define	register_common_verification_fields(sorcery, object, CONFIG_TYPE, nodoc)

#define	stringfield_option_register(sorcery, CONFIG_TYPE, object, name, field, nodoc)
	Sorcery fields register helpers. More...

#define	uint_option_register(sorcery, CONFIG_TYPE, object, name, field, nodoc)

Enumerations
enum	config_object_type { config_object_type_attestation = 0 , config_object_type_verification , config_object_type_profile , config_object_type_tn }

Functions
void	acfg_cleanup (struct attestation_cfg_common *cfg)

int	as_check_common_config (const char id, struct attestation_cfg_common acfg_common)

int	as_config_load (void)

int	as_config_reload (void)

int	as_config_unload (void)

int	as_copy_cfg_common (const char id, struct attestation_cfg_common cfg_dst, struct attestation_cfg_common *cfg_src)

struct attestation_cfg *	as_get_cfg (void)

int	as_is_config_loaded (void)

char *	canonicalize_tn (const char tn, char dest_tn)
	Canonicalize a TN. More...

char *	canonicalize_tn_alloc (const char *tn)
	Canonicalize a TN into nre buffer. More...

int	common_config_load (void)

int	common_config_reload (void)

int	common_config_unload (void)

int	config_object_cli_show (void obj, void arg, void *data, int flags)
	Output configuration settings to the Asterisk CLI. More...

char *	config_object_tab_complete_name (const char word, struct ao2_container container)
	Tab completion for name matching with STIR/SHAKEN CLI commands. More...

struct ao2_container *	eprofile_get_all (void)

struct profile_cfg *	eprofile_get_cfg (const char *id)

	generate_bool_string_prototypes (check_tn_cert_public_url)

	generate_bool_string_prototypes (load_system_certs)

	generate_bool_string_prototypes (relax_x5u_path_restrictions)

	generate_bool_string_prototypes (relax_x5u_port_scheme_restrictions)

	generate_bool_string_prototypes (send_mky)

	generate_bool_string_prototypes (use_rfc9410_responses)

	generate_enum_string_prototypes (attest_level, attest_level_UNKNOWN=-1, attest_level_NOT_SET=0, attest_level_A, attest_level_B, attest_level_C,)

	generate_enum_string_prototypes (endpoint_behavior, endpoint_behavior_UNKNOWN=-1, endpoint_behavior_OFF=0, endpoint_behavior_ATTEST, endpoint_behavior_VERIFY, endpoint_behavior_ON, endpoint_behavior_NOT_SET)

struct ast_acl_list *	get_default_acl_list (void)

struct ao2_container *	profile_get_all (void)

struct profile_cfg *	profile_get_cfg (const char *id)

int	profile_load (void)

int	profile_reload (void)

int	profile_unload (void)

enum stir_shaken_failure_action_enum	stir_shaken_failure_action_from_str (const char *action_str)

const char *	stir_shaken_failure_action_to_str (enum stir_shaken_failure_action_enum action)

int	tn_config_load (void)

int	tn_config_reload (void)

int	tn_config_unload (void)

struct tn_cfg *	tn_get_cfg (const char *tn)

struct tn_cfg *	tn_get_etn (const char tn, struct profile_cfg eprofile)

void	vcfg_cleanup (struct verification_cfg_common *cfg)

int	vs_check_common_config (const char id, struct verification_cfg_common vcfg_common)

int	vs_config_load (void)

int	vs_config_reload (void)

int	vs_config_unload (void)

int	vs_copy_cfg_common (const char id, struct verification_cfg_common cfg_dst, struct verification_cfg_common *cfg_src)

struct verification_cfg *	vs_get_cfg (void)

int	vs_is_config_loaded (void)

Macro Definition Documentation

◆ cfg_enum_copy

#define cfg_enum_copy	(	__cfg_dst,
		__cfg_src,
		__field
	)

cfg_enum_copy

Copy an enum from the source to the dest only if the source is neither NOT_SET nor UNKNOWN

Definition at line 266 of file common_config.h.

◆ cfg_sf_copy_wrapper

#define cfg_sf_copy_wrapper	(	id,
		__cfg_dst,
		__cfg_src,
		__field
	)

cfg_copy_wrapper

Invoke cfg_stringfield_copy and cause the calling runction to return a -1 of the copy fails.

Definition at line 237 of file common_config.h.

◆ cfg_stringfield_copy

#define cfg_stringfield_copy	(	__cfg_dst,
		__cfg_src,
		__field
	)

Common config copy utilities.

These macros are designed to be called from as_copy_cfg_common and vs_copy_cfg_common only. They'll only copy a field if the field contains a vaild value. Thus a NOT_SET value in the source won't override a pre-existing good value in the dest. A good value in the source WILL overwrite a good value in the dest.

Definition at line 222 of file common_config.h.

◆ cfg_uint_copy

#define cfg_uint_copy	(	__cfg_dst,
		__cfg_src,
		__field
	)

Value:

({ \
    if (__cfg_src->__field > 0) { \
        __cfg_dst->__field = __cfg_src->__field; \
    } \
})

cfg_uint_copy

Copy a uint from the source to the dest only if the source > 0. For stir-shaken, 0 isn't a valid value for any uint fields.

Definition at line 253 of file common_config.h.

◆ EFFECTIVE_ENUM

#define EFFECTIVE_ENUM	(	__enum1,
		__enum2,
		__field,
		__default
	)

Value:

    ( __enum1 != ( __field ## _ ## NOT_SET ) ? __enum1 : \
        (__enum2 != __field ## _ ## NOT_SET ? \
            __enum2 : __default ))

Definition at line 199 of file common_config.h.

◆ EFFECTIVE_ENUM_BOOL

#define EFFECTIVE_ENUM_BOOL	(	__enum1,
		__enum2,
		__field,
		__default
	)

Value:

    (( __enum1 != ( __field ## _ ## NOT_SET ) ? __enum1 : \
        (__enum2 != __field ## _ ## NOT_SET ? \
            __enum2 : __field ## _ ## __default )) == __field ## _ ## YES)

Definition at line 204 of file common_config.h.

◆ ENUM_BOOL

#define ENUM_BOOL	(	__enum1,
		__field
	)	(__enum1 == ( __field ## _ ## YES ))

Definition at line 209 of file common_config.h.

◆ enum_option_register

#define enum_option_register	(	sorcery,
		CONFIG_TYPE,
		name,
		nodoc
	)	enum_option_register_ex(sorcery, CONFIG_TYPE, name, name, nodoc)

Definition at line 494 of file common_config.h.

◆ enum_option_register_ex

#define enum_option_register_ex	(	sorcery,
		CONFIG_TYPE,
		name,
		field,
		nodoc
	)

Value:

    ast_sorcery_object_field_register_custom ## nodoc(sorcery, CONFIG_TYPE, \
        #name, field ## _to_str(DEFAULT_ ## field), \
        sorcery_ ## field ## _from_str, sorcery_ ## field ## _to_str, NULL, 0, 0)

Definition at line 489 of file common_config.h.

◆ generate_acfg_common_sorcery_handlers

#define generate_acfg_common_sorcery_handlers ( object )

Definition at line 291 of file common_config.h.

◆ generate_bool_string_prototypes

#define generate_bool_string_prototypes ( param_name )

Boolean field to/from string prototype generator.

Most of the boolean fields that appear in the verification and attestation objects can be ovrridden in the profile object; "use_rfc9410_responses" for instance. If they were registered as normal YESNO types, we couldn't tell if a "0" value in the profile object meant the user set it to "no" to override a value of "yes" in the verification object, or it just defaulted to "0". By making the _NOT_SET enum a non-0/1 and making it the default value, we can tell the difference. The _UNKNOWN enum gets set if the string value provided to the _from_str function wasn't recognized as one of the values acceptable to ast_true() or ast_false().

The result of calling the generator for a field will look like:

 enum use_rfc9410_responses_enum {
    use_rfc9410_responses_UNKNOWN = -1,
    use_rfc9410_responses_NO = 0,
    use_rfc9410_responses_YES,
    use_rfc9410_responses_NOT_SET,
};
enum use_rfc9410_responses_enum
    use_rfc9410_responses_from_str(const char *value);
const char *use_rfc9410_responses_to_str(enum use_rfc9410_responses_enum value);

Most of the macros that follow depend on enum values formatted as <param_name>SOMETHING and their defaults as DEFAULT<param_name>.

Definition at line 60 of file common_config.h.

◆ generate_enum_string_prototypes

#define generate_enum_string_prototypes	(	param_name,
		...
	)

Enum field to/from string prototype generator.

This operates like the bool generator except you supply a list of the enum values. The first one MUST be param_name_UNKNOWN with a value of -1 and the rest running sequentially with the last being param_name_NOT_SET.

Definition at line 94 of file common_config.h.

◆ generate_sorcery_acl_from_str

#define generate_sorcery_acl_from_str	(	__struct,
		__lc_param,
		__unknown
	)

Definition at line 183 of file common_config.h.

◆ generate_sorcery_acl_to_str

#define generate_sorcery_acl_to_str	(	__struct,
		__lc_param
	)

Definition at line 164 of file common_config.h.

◆ generate_sorcery_enum_from_str

#define generate_sorcery_enum_from_str	(	__struct,
		__substruct,
		__lc_param,
		__unknown
	)	generate_sorcery_enum_from_str_ex(__struct, __substruct, __lc_param, __lc_param ## _ ## __unknown) \

Definition at line 160 of file common_config.h.

◆ generate_sorcery_enum_from_str_ex

#define generate_sorcery_enum_from_str_ex	(	__struct,
		__substruct,
		__lc_param,
		__unknown
	)

Definition at line 147 of file common_config.h.

◆ generate_sorcery_enum_to_str

#define generate_sorcery_enum_to_str	(	__struct,
		__substruct,
		__lc_param
	)

Enum sorcery handler generator.

These macros can create the two functions needed to register an enum field with sorcery as long as there are _to_str and _from_str functions defined elsewhere.

Definition at line 139 of file common_config.h.

◆ generate_vcfg_common_sorcery_handlers

#define generate_vcfg_common_sorcery_handlers ( object )

Definition at line 359 of file common_config.h.

◆ PROFILE_ALLOW_ATTEST

#define PROFILE_ALLOW_ATTEST ( __profile )

Value:

(__profile->endpoint_behavior == endpoint_behavior_ON || \

__profile->endpoint_behavior == endpoint_behavior_ATTEST)

Definition at line 426 of file common_config.h.

◆ PROFILE_ALLOW_VERIFY

#define PROFILE_ALLOW_VERIFY ( __profile )

Value:

(__profile->endpoint_behavior == endpoint_behavior_ON || \

__profile->endpoint_behavior == endpoint_behavior_VERIFY)

Definition at line 430 of file common_config.h.

◆ register_common_attestation_fields

#define register_common_attestation_fields	(	sorcery,
		object,
		CONFIG_TYPE,
		nodoc
	)

Definition at line 527 of file common_config.h.

◆ register_common_verification_fields

#define register_common_verification_fields	(	sorcery,
		object,
		CONFIG_TYPE,
		nodoc
	)

Definition at line 497 of file common_config.h.

◆ stringfield_option_register

#define stringfield_option_register	(	sorcery,
		CONFIG_TYPE,
		object,
		name,
		field,
		nodoc
	)

Value:

    ast_sorcery_object_field_register ## nodoc(sorcery, CONFIG_TYPE, #name, \
        DEFAULT_ ## name, OPT_STRINGFIELD_T, 0, \
        STRFLDSET(struct object, field))

Sorcery fields register helpers.

Most of the fields on attestation_cfg and verification_cfg are also in profile_cfg. To prevent having to maintain duplicate sets of sorcery register statements, we can do this once here and call register_common_verification_fields() from both profile_config and verification_config and call register_common_attestation_fields() from profile_cfg and attestation_config.

Most of the fields in question are in sub-structures like verification_cfg.vcfg_common which is why there are separate name and field parameters. For verification_cfg.vcfg_common.ca_file for instance, name would be ca_file and field would be vcfg_common.ca_file.

Note: These macros depend on default values being defined in the 4 config.c files as DEFAULT<field_name>.

Definition at line 479 of file common_config.h.

◆ uint_option_register

#define uint_option_register	(	sorcery,
		CONFIG_TYPE,
		object,
		name,
		field,
		nodoc
	)

Value:

    ast_sorcery_object_field_register ## nodoc(sorcery, CONFIG_TYPE, #name, \
        __stringify(DEFAULT_ ## name), OPT_UINT_T, 0, \
        FLDSET(struct object, field))

Definition at line 484 of file common_config.h.

Enumeration Type Documentation

◆ config_object_type

enum config_object_type

Enumerator
config_object_type_attestation
config_object_type_verification
config_object_type_profile
config_object_type_tn

Definition at line 540 of file common_config.h.

                        {
    config_object_type_attestation = 0,
    config_object_type_verification,
    config_object_type_profile,
    config_object_type_tn,
};

Function Documentation

◆ acfg_cleanup()

void acfg_cleanup ( struct attestation_cfg_common * cfg )

Definition at line 60 of file attestation_config.c.

{
    if (!acfg_common) {
        return;
    }
    ast_string_field_free_memory(acfg_common);
    ao2_cleanup(acfg_common->raw_key);
}

References attestation_cfg::acfg_common, ao2_cleanup, ast_string_field_free_memory, and attestation_cfg_common::raw_key.

Referenced by attestation_destructor(), profile_destructor(), and tn_destructor().

◆ as_check_common_config()

int as_check_common_config	(	const char *	id,
		struct attestation_cfg_common *	acfg_common
	)

Definition at line 131 of file attestation_config.c.

{
    SCOPE_ENTER(3, "%s: Checking common config\n", id);
 
    if (!ast_strlen_zero(acfg_common->private_key_file)
        && !ast_file_is_readable(acfg_common->private_key_file)) {
        SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: default_private_key_path %s is missing or not readable\n", id,
            acfg_common->private_key_file);
    }
 
    if (ENUM_BOOL(acfg_common->check_tn_cert_public_url,
        check_tn_cert_public_url)
        && !ast_strlen_zero(acfg_common->public_cert_url)) {
        RAII_VAR(char *, public_cert_data, NULL, ast_std_free);
        X509 *public_cert;
        size_t public_cert_len;
        int rc = 0;
        long http_code;
        SCOPE_ENTER(3 , "%s: Checking public cert url '%s'\n",
            id, acfg_common->public_cert_url);
 
        http_code = curl_download_to_memory(acfg_common->public_cert_url,
            &public_cert_len, &public_cert_data, NULL);
        if (http_code / 100 != 2) {
            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: public_cert '%s' could not be downloaded\n", id,
                acfg_common->public_cert_url);
        }
 
        public_cert = crypto_load_cert_from_memory(public_cert_data,
            public_cert_len);
        if (!public_cert) {
            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: public_cert '%s' could not be parsed as a certificate\n", id,
                acfg_common->public_cert_url);
        }
        rc = crypto_is_cert_time_valid(public_cert, 0);
        X509_free(public_cert);
        if (!rc) {
            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: public_cert '%s' is not valid yet or has expired\n", id,
                acfg_common->public_cert_url);
        }
 
        rc = crypto_has_private_key_from_memory(public_cert_data, public_cert_len);
        if (rc) {
            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: DANGER!!! public_cert_url '%s' has a private key in the file!!!\n", id,
                acfg_common->public_cert_url);
        }
        SCOPE_EXIT("%s: Done\n", id);
    }
 
    if (!ast_strlen_zero(acfg_common->private_key_file)) {
        EVP_PKEY *private_key;
        RAII_VAR(unsigned char *, raw_key, NULL, ast_free);
 
        private_key = crypto_load_privkey_from_file(acfg_common->private_key_file);
        if (!private_key) {
            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: Could not extract raw private key from file '%s'\n", id,
                acfg_common->private_key_file);
        }
 
        acfg_common->raw_key_length = crypto_extract_raw_privkey(private_key, &raw_key);
        EVP_PKEY_free(private_key);
        if (acfg_common->raw_key_length == 0 || raw_key == NULL) {
            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: Could not extract raw private key from file '%s'\n", id,
                acfg_common->private_key_file);
        }
 
        /*
         * We're making this an ao2 object so it can be referenced
         * by a profile instead of having to copy it.
         */
        acfg_common->raw_key = ao2_alloc(acfg_common->raw_key_length, NULL);
        if (!acfg_common->raw_key) {
            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
                "%s: Could not allocate memory for raw private key\n", id);
        }
        memcpy(acfg_common->raw_key, raw_key, acfg_common->raw_key_length);
 
    }
 
    SCOPE_EXIT_RTN_VALUE(0, "%s: Done\n", id);
}

References attestation_cfg::acfg_common, ao2_alloc, ast_file_is_readable(), ast_free, ast_std_free(), ast_strlen_zero(), attestation_cfg_common::check_tn_cert_public_url, crypto_extract_raw_privkey(), crypto_has_private_key_from_memory(), crypto_is_cert_time_valid(), crypto_load_cert_from_memory(), crypto_load_privkey_from_file(), curl_download_to_memory(), ENUM_BOOL, LOG_ERROR, NULL, attestation_cfg_common::private_key_file, attestation_cfg_common::public_cert_url, RAII_VAR, attestation_cfg_common::raw_key, attestation_cfg_common::raw_key_length, SCOPE_ENTER, SCOPE_EXIT, SCOPE_EXIT_LOG_RTN_VALUE, and SCOPE_EXIT_RTN_VALUE.

Referenced by attestation_apply(), profile_apply(), and tn_apply().

◆ as_config_load()

int as_config_load ( void )

Definition at line 292 of file attestation_config.c.

{
    struct ast_sorcery *sorcery = get_sorcery();
 
    ast_sorcery_apply_default(sorcery, CONFIG_TYPE, "config",
        "stir_shaken.conf,criteria=type=" CONFIG_TYPE ",single_object=yes,explicit_name=" CONFIG_TYPE);
 
    if (ast_sorcery_object_register(sorcery, CONFIG_TYPE, attestation_alloc,
            NULL, attestation_apply)) {
        ast_log(LOG_ERROR, "stir/shaken - failed to register '%s' sorcery object\n", CONFIG_TYPE);
        return -1;
    }
 
    ast_sorcery_object_field_register_nodoc(sorcery, CONFIG_TYPE, "type",
        "", OPT_NOOP_T, 0, 0);
 
    ast_sorcery_object_field_register(sorcery, CONFIG_TYPE, "global_disable",
        DEFAULT_global_disable ? "yes" : "no",
        OPT_YESNO_T, 1, FLDSET(struct attestation_cfg, global_disable));
 
    register_common_attestation_fields(sorcery, attestation_cfg, CONFIG_TYPE,);
 
    ast_sorcery_load_object(sorcery, CONFIG_TYPE);
 
    if (!as_is_config_loaded()) {
        ast_log(LOG_WARNING,"Stir/Shaken attestation service disabled.  Either there were errors in the 'attestation' object in stir_shaken.conf or it was missing altogether.\n");
    }
    if (!empty_cfg) {
        empty_cfg = attestation_alloc(CONFIG_TYPE);
        if (!empty_cfg) {
            return -1;
        }
        empty_cfg->global_disable = 1;
    }
 
    ast_cli_register_multiple(attestation_cli,
        ARRAY_LEN(attestation_cli));
 
    return 0;
}

References ARRAY_LEN, as_is_config_loaded(), ast_cli_register_multiple, ast_log, ast_sorcery_apply_default, ast_sorcery_load_object(), ast_sorcery_object_field_register, ast_sorcery_object_field_register_nodoc, ast_sorcery_object_register, attestation_alloc(), attestation_apply(), attestation_cli, CONFIG_TYPE, DEFAULT_global_disable, empty_cfg, FLDSET, get_sorcery(), attestation_cfg::global_disable, LOG_ERROR, LOG_WARNING, NULL, OPT_NOOP_T, OPT_YESNO_T, register_common_attestation_fields, and sorcery.

Referenced by as_load().

◆ as_config_reload()

int as_config_reload ( void )

Definition at line 264 of file attestation_config.c.

{
    struct ast_sorcery *sorcery = get_sorcery();
    ast_sorcery_force_reload_object(sorcery, CONFIG_TYPE);
 
    if (!as_is_config_loaded()) {
        ast_log(LOG_WARNING,"Stir/Shaken attestation service disabled.  Either there were errors in the 'attestation' object in stir_shaken.conf or it was missing altogether.\n");
    }
    if (!empty_cfg) {
        empty_cfg = attestation_alloc(CONFIG_TYPE);
        if (!empty_cfg) {
            return -1;
        }
        empty_cfg->global_disable = 1;
    }
 
    return 0;
}

References as_is_config_loaded(), ast_log, ast_sorcery_force_reload_object(), attestation_alloc(), CONFIG_TYPE, empty_cfg, get_sorcery(), attestation_cfg::global_disable, LOG_WARNING, and sorcery.

Referenced by as_reload().

◆ as_config_unload()

int as_config_unload ( void )

Definition at line 283 of file attestation_config.c.

{
    ast_cli_unregister_multiple(attestation_cli,
        ARRAY_LEN(attestation_cli));
    ao2_cleanup(empty_cfg);
 
    return 0;
}

References ao2_cleanup, ARRAY_LEN, ast_cli_unregister_multiple(), attestation_cli, and empty_cfg.

Referenced by as_unload().

◆ as_copy_cfg_common()

int as_copy_cfg_common	(	const char *	id,
		struct attestation_cfg_common *	cfg_dst,
		struct attestation_cfg_common *	cfg_src
	)

Definition at line 105 of file attestation_config.c.

{
    int rc = 0;
 
    if (!cfg_dst || !cfg_src) {
        return -1;
    }
 
    cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, private_key_file);
    cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, public_cert_url);
 
    cfg_enum_copy(cfg_dst, cfg_src, attest_level);
    cfg_enum_copy(cfg_dst, cfg_src, check_tn_cert_public_url);
    cfg_enum_copy(cfg_dst, cfg_src, send_mky);
 
    if (cfg_src->raw_key) {
        /* Free and overwrite the destination */
        ao2_cleanup(cfg_dst->raw_key);
        cfg_dst->raw_key = ao2_bump(cfg_src->raw_key);
        cfg_dst->raw_key_length = cfg_src->raw_key_length;
    }
 
    return rc;
}

References ao2_bump, ao2_cleanup, cfg_enum_copy, cfg_sf_copy_wrapper, attestation_cfg_common::raw_key, and attestation_cfg_common::raw_key_length.

Referenced by create_effective_profile(), and tn_get_etn().

◆ as_get_cfg()

struct attestation_cfg * as_get_cfg ( void )

Definition at line 38 of file attestation_config.c.

{
    struct attestation_cfg *cfg = ast_sorcery_retrieve_by_id(get_sorcery(),
        CONFIG_TYPE, CONFIG_TYPE);
    if (cfg) {
        return cfg;
    }
 
    return empty_cfg ? ao2_bump(empty_cfg) : NULL;
}

References ao2_bump, ast_sorcery_retrieve_by_id(), CONFIG_TYPE, empty_cfg, get_sorcery(), and NULL.

Referenced by ast_stir_shaken_as_ctx_create(), attestation_show(), and create_effective_profile().

◆ as_is_config_loaded()

int as_is_config_loaded ( void )

Definition at line 49 of file attestation_config.c.

{
    struct attestation_cfg *cfg = ast_sorcery_retrieve_by_id(get_sorcery(),
        CONFIG_TYPE, CONFIG_TYPE);
    ao2_cleanup(cfg);
 
    return !!cfg;
}

References ao2_cleanup, ast_sorcery_retrieve_by_id(), CONFIG_TYPE, and get_sorcery().

Referenced by as_config_load(), as_config_reload(), and attestation_show().

◆ canonicalize_tn()

char * canonicalize_tn	(	const char *	tn,
		char *	dest_tn
	)

Canonicalize a TN.

Parameters

tn	TN to canonicalize
dest_tn	Pointer to destination buffer to receive the new TN

Return values

dest_tn or NULL on failure

Definition at line 266 of file common_config.c.

{
    int i;
    const char *s = tn;
    size_t len = tn ? strlen(tn) : 0;
    char *new_tn = dest_tn;
    SCOPE_ENTER(3, "tn: %s\n", S_OR(tn, "(null)"));
 
    if (ast_strlen_zero(tn)) {
        *dest_tn = '\0';
        SCOPE_EXIT_RTN_VALUE(NULL, "Empty TN\n");
    }
 
    if (!dest_tn) {
        SCOPE_EXIT_RTN_VALUE(NULL, "No destination buffer\n");
    }
 
    for (i = 0; i < len; i++) {
        if (isdigit(*s) || *s == '#' || *s == '*') { /* Only characters allowed */
            *new_tn++ = *s;
        }
        s++;
    }
    *new_tn = '\0';
    SCOPE_EXIT_RTN_VALUE(dest_tn, "Canonicalized '%s' -> '%s'\n", tn, dest_tn);
}

References ast_strlen_zero(), len(), NULL, S_OR, SCOPE_ENTER, and SCOPE_EXIT_RTN_VALUE.

Referenced by canonicalize_tn_alloc().

◆ canonicalize_tn_alloc()

char * canonicalize_tn_alloc ( const char * tn )

Canonicalize a TN into nre buffer.

Parameters

tn	TN to canonicalize

Return values

dest_tn (which must be freed with ast_free) or NULL on failure

Definition at line 293 of file common_config.c.

{
    char *canon_tn = ast_strlen_zero(tn) ? NULL : ast_malloc(strlen(tn) + 1);
    if (!canon_tn) {
        return NULL;
    }
    return canonicalize_tn(tn, canon_tn);
}

References ast_malloc, ast_strlen_zero(), canonicalize_tn(), and NULL.

Referenced by ast_stir_shaken_as_ctx_create(), and ast_stir_shaken_vs_ctx_create().

◆ common_config_load()

int common_config_load ( void )

Definition at line 420 of file common_config.c.

{
    SCOPE_ENTER(2, "Stir Shaken Load\n");
 
    if (!(sorcery = ast_sorcery_open())) {
        common_config_unload();
        SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken sorcery load failed\n");
    }
 
    if (vs_load()) {
        common_config_unload();
        SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken VS load failed\n");
    }
 
    if (as_load()) {
        common_config_unload();
        SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken AS load failed\n");
    }
 
    if (tn_config_load()) {
        common_config_unload();
        SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken TN load failed\n");
    }
 
    if (profile_load()) {
        common_config_unload();
        SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken profile load failed\n");
    }
 
    if (!named_acl_changed_sub) {
        named_acl_changed_sub = stasis_subscribe(ast_security_topic(),
            named_acl_changed_cb, NULL);
        if (!named_acl_changed_sub) {
            common_config_unload();
            SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken acl change subscribe failed\n");
        }
        stasis_subscription_accept_message_type(
            named_acl_changed_sub, ast_named_acl_change_type());
    }
 
    ast_cli_register_multiple(cli_commands, ARRAY_LEN(cli_commands));
 
    SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_SUCCESS, "Stir Shaken Load Done\n");
}

References ARRAY_LEN, as_load(), ast_cli_register_multiple, AST_MODULE_LOAD_DECLINE, AST_MODULE_LOAD_SUCCESS, ast_named_acl_change_type(), ast_security_topic(), ast_sorcery_open, cli_commands, common_config_unload(), named_acl_changed_cb(), named_acl_changed_sub, NULL, profile_load(), SCOPE_ENTER, SCOPE_EXIT_RTN_VALUE, sorcery, stasis_subscribe, stasis_subscription_accept_message_type(), tn_config_load(), and vs_load().

Referenced by load_module().

◆ common_config_reload()

int common_config_reload ( void )

Definition at line 369 of file common_config.c.

{
    SCOPE_ENTER(2, "Stir Shaken Reload\n");
    if (vs_reload()) {
        SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken VS Reload failed\n");
    }
 
    if (as_reload()) {
        SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken AS Reload failed\n");
    }
 
    if (tn_config_reload()) {
        SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken TN Reload failed\n");
    }
 
    if (profile_reload()) {
        SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken Profile Reload failed\n");
    }
 
    SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_SUCCESS, "Stir Shaken Reload Done\n");
}

References as_reload(), AST_MODULE_LOAD_DECLINE, AST_MODULE_LOAD_SUCCESS, profile_reload(), SCOPE_ENTER, SCOPE_EXIT_RTN_VALUE, tn_config_reload(), and vs_reload().

Referenced by named_acl_changed_cb(), and reload_module().

◆ common_config_unload()

int common_config_unload ( void )

Definition at line 391 of file common_config.c.

{
    ast_cli_unregister_multiple(cli_commands, ARRAY_LEN(cli_commands));
 
    profile_unload();
    tn_config_unload();
    as_unload();
    vs_unload();
 
    if (named_acl_changed_sub) {
        stasis_unsubscribe(named_acl_changed_sub);
        named_acl_changed_sub = NULL;
    }
    ast_sorcery_unref(sorcery);
    sorcery = NULL;
 
    return 0;
}

References ARRAY_LEN, as_unload(), ast_cli_unregister_multiple(), ast_sorcery_unref, cli_commands, named_acl_changed_sub, NULL, profile_unload(), sorcery, stasis_unsubscribe(), tn_config_unload(), and vs_unload().

Referenced by common_config_load(), and unload_module().

◆ config_object_cli_show()

int config_object_cli_show	(	void *	obj,
		void *	arg,
		void *	data,
		int	flags
	)

Output configuration settings to the Asterisk CLI.

Parameters

obj	A sorcery object containing configuration data
arg	Asterisk CLI argument object
flags	ao2 container flags

Return values

0

Definition at line 172 of file common_config.c.

{
    struct ast_cli_args *a = arg;
    struct config_object_cli_data *cli_data = data;
    struct ast_variable *options;
    struct ast_variable *i;
    const char *title = NULL;
    const char *cfg_name = NULL;
    int max_name_len = 0;
 
    if (!obj) {
        ast_cli(a->fd, "No stir/shaken configuration found\n");
        return 0;
    }
 
    if (!ast_strlen_zero(cli_data->title)) {
        title = cli_data->title;
    } else {
        title = ast_sorcery_object_get_type(obj);
    }
    max_name_len = strlen(title);
 
    if (cli_data->object_type == config_object_type_profile
        || cli_data->object_type == config_object_type_tn) {
        cfg_name = ast_sorcery_object_get_id(obj);
        max_name_len += strlen(cfg_name) + 2 /* ": " */;
    }
 
    options = ast_variable_list_sort(ast_sorcery_objectset_create2(
        get_sorcery(), obj, AST_HANDLER_ONLY_STRING));
    if (!options) {
        return 0;
    }
 
    for (i = options; i; i = i->next) {
        int nlen = strlen(i->name);
        max_name_len = (nlen > max_name_len) ? nlen : max_name_len;
    }
 
    ast_cli(a->fd, "\n==============================================================================\n");
    if (ast_strlen_zero(cfg_name))  {
        ast_cli(a->fd, "%s\n", title);
    } else {
        ast_cli(a->fd, "%s: %s\n", title, cfg_name);
    }
    ast_cli(a->fd, "------------------------------------------------------------------------------\n");
 
    for (i = options; i; i = i->next) {
        if (!ast_strings_equal(i->name, "x5u_acl")) {
            ast_cli(a->fd, "%-*s: %s\n", max_name_len, i->name,
                translate_value(i->value));
        }
    }
 
    ast_variables_destroy(options);
 
    if (cli_data->object_type == config_object_type_profile) {
        struct profile_cfg *cfg = obj;
        print_acl_cert_store(cfg, a, max_name_len);
    } else if (cli_data->object_type == config_object_type_verification) {
        struct verification_cfg *cfg = obj;
        print_acl_cert_store(cfg, a, max_name_len);
    }
    ast_cli(a->fd, "---------------------------------------------\n\n"); \
 
    return 0;
}

References a, ast_cli(), AST_HANDLER_ONLY_STRING, ast_sorcery_object_get_id(), ast_sorcery_object_get_type(), ast_sorcery_objectset_create2(), ast_strings_equal(), ast_strlen_zero(), ast_variable_list_sort(), ast_variables_destroy(), config_object_type_profile, config_object_type_tn, config_object_type_verification, get_sorcery(), ast_variable::name, ast_variable::next, NULL, config_object_cli_data::object_type, options, print_acl_cert_store, config_object_cli_data::title, translate_value(), and ast_variable::value.

Referenced by attestation_show(), cli_eprofile_show(), cli_eprofile_show_all(), cli_profile_show(), cli_profile_show_all(), cli_tn_show(), cli_tn_show_all(), and cli_verification_show().

◆ config_object_tab_complete_name()

char * config_object_tab_complete_name	(	const char *	word,
		struct ao2_container *	container
	)

Tab completion for name matching with STIR/SHAKEN CLI commands.

Parameters

word	The word to tab complete on
container	The sorcery container to iterate through

Return values

The	tab completion options

Definition at line 240 of file common_config.c.

{
    void *obj;
    struct ao2_iterator it;
    int wordlen = strlen(word);
    int ret;
 
    it = ao2_iterator_init(container, 0);
    while ((obj = ao2_iterator_next(&it))) {
        if (!strncasecmp(word, ast_sorcery_object_get_id(obj), wordlen)) {
            ret = ast_cli_completion_add(ast_strdup(ast_sorcery_object_get_id(obj)));
            if (ret) {
                ao2_ref(obj, -1);
                break;
            }
        }
        ao2_ref(obj, -1);
    }
    ao2_iterator_destroy(&it);
 
    return NULL;
}

References ao2_iterator_destroy(), ao2_iterator_init(), ao2_iterator_next, ao2_ref, ast_cli_completion_add(), ast_sorcery_object_get_id(), ast_strdup, container, and NULL.

Referenced by cli_eprofile_show(), cli_profile_show(), cli_tn_show(), and cli_verify_cert().

◆ eprofile_get_all()

struct ao2_container * eprofile_get_all ( void )

Definition at line 119 of file profile_config.c.

{
    return ast_sorcery_retrieve_by_fields(get_sorcery(), "eprofile",
        AST_RETRIEVE_FLAG_MULTIPLE | AST_RETRIEVE_FLAG_ALL, NULL);
}

References AST_RETRIEVE_FLAG_ALL, AST_RETRIEVE_FLAG_MULTIPLE, ast_sorcery_retrieve_by_fields(), get_sorcery(), and NULL.

Referenced by cli_eprofile_show(), and cli_eprofile_show_all().

◆ eprofile_get_cfg()

struct profile_cfg * eprofile_get_cfg ( const char * id )

Definition at line 125 of file profile_config.c.

{
    if (ast_strlen_zero(id)) {
        return NULL;
    }
    return ast_sorcery_retrieve_by_id(get_sorcery(), "eprofile", id);
}

References ast_sorcery_retrieve_by_id(), ast_strlen_zero(), get_sorcery(), and NULL.

Referenced by ast_stir_shaken_as_ctx_create(), ast_stir_shaken_vs_ctx_create(), and cli_eprofile_show().

◆ generate_bool_string_prototypes() [1/6]

generate_bool_string_prototypes ( check_tn_cert_public_url )

◆ generate_bool_string_prototypes() [2/6]

generate_bool_string_prototypes ( load_system_certs )

◆ generate_bool_string_prototypes() [3/6]

generate_bool_string_prototypes ( relax_x5u_path_restrictions )

◆ generate_bool_string_prototypes() [4/6]

generate_bool_string_prototypes ( relax_x5u_port_scheme_restrictions )

◆ generate_bool_string_prototypes() [5/6]

generate_bool_string_prototypes ( send_mky )

◆ generate_bool_string_prototypes() [6/6]

generate_bool_string_prototypes ( use_rfc9410_responses )

◆ generate_enum_string_prototypes() [1/2]

generate_enum_string_prototypes	(	attest_level	,
		attest_level_UNKNOWN	= `-1`,
		attest_level_NOT_SET	= `0`,
		attest_level_A	,
		attest_level_B	,
		attest_level_C
	)

◆ generate_enum_string_prototypes() [2/2]

generate_enum_string_prototypes	(	endpoint_behavior	,
		endpoint_behavior_UNKNOWN	= `-1`,
		endpoint_behavior_OFF	= `0`,
		endpoint_behavior_ATTEST	,
		endpoint_behavior_VERIFY	,
		endpoint_behavior_ON	,
		endpoint_behavior_NOT_SET
	)

◆ get_default_acl_list()

struct ast_acl_list * get_default_acl_list ( void )

◆ profile_get_all()

struct ao2_container * profile_get_all ( void )

Definition at line 105 of file profile_config.c.

{
    return ast_sorcery_retrieve_by_fields(get_sorcery(), CONFIG_TYPE,
        AST_RETRIEVE_FLAG_MULTIPLE | AST_RETRIEVE_FLAG_ALL, NULL);
}

References AST_RETRIEVE_FLAG_ALL, AST_RETRIEVE_FLAG_MULTIPLE, ast_sorcery_retrieve_by_fields(), CONFIG_TYPE, get_sorcery(), and NULL.

Referenced by cli_profile_show(), cli_profile_show_all(), and cli_verify_cert().

◆ profile_get_cfg()

struct profile_cfg * profile_get_cfg ( const char * id )

Definition at line 111 of file profile_config.c.

{
    if (ast_strlen_zero(id)) {
        return NULL;
    }
    return ast_sorcery_retrieve_by_id(get_sorcery(), CONFIG_TYPE, id);
}

References ast_sorcery_retrieve_by_id(), ast_strlen_zero(), CONFIG_TYPE, get_sorcery(), and NULL.

Referenced by cli_profile_show(), and cli_verify_cert().

◆ profile_load()

int profile_load ( void )

Definition at line 428 of file profile_config.c.

{
    struct ast_sorcery *sorcery = get_sorcery();
    enum ast_sorcery_apply_result apply_rc;
 
    /*
     * eprofile MUST be registered first because profile needs it.
     */
    apply_rc = ast_sorcery_apply_default(sorcery, "eprofile", "memory", NULL);
    if (apply_rc != AST_SORCERY_APPLY_SUCCESS) {
        abort();
    }
    if (ast_sorcery_internal_object_register(sorcery, "eprofile",
        profile_alloc, NULL, eprofile_apply)) {
        ast_log(LOG_ERROR, "stir/shaken - failed to register '%s' sorcery object\n", "eprofile");
        return -1;
    }
 
    ast_sorcery_object_field_register_nodoc(sorcery, "eprofile", "type", "", OPT_NOOP_T, 0, 0);
    enum_option_register(sorcery, "eprofile", endpoint_behavior, _nodoc);
    register_common_verification_fields(sorcery, profile_cfg, "eprofile", _nodoc);
    register_common_attestation_fields(sorcery, profile_cfg, "eprofile", _nodoc);
 
    /*
     * Now we can do profile
     */
    ast_sorcery_apply_default(sorcery, CONFIG_TYPE, "config", "stir_shaken.conf,criteria=type=profile");
    if (ast_sorcery_object_register(sorcery, CONFIG_TYPE, profile_alloc,
        NULL, profile_apply)) {
        ast_log(LOG_ERROR, "stir/shaken - failed to register '%s' sorcery object\n", CONFIG_TYPE);
        return -1;
    }
 
    ast_sorcery_object_field_register(sorcery, CONFIG_TYPE, "type", "", OPT_NOOP_T, 0, 0);
    enum_option_register(sorcery, CONFIG_TYPE, endpoint_behavior,);
    register_common_verification_fields(sorcery, profile_cfg, CONFIG_TYPE,);
    register_common_attestation_fields(sorcery, profile_cfg, CONFIG_TYPE,);
 
    ast_sorcery_load_object(sorcery, CONFIG_TYPE);
    ast_sorcery_load_object(sorcery, "eprofile");
 
    ast_cli_register_multiple(stir_shaken_profile_cli,
        ARRAY_LEN(stir_shaken_profile_cli));
 
    return 0;
}

References ARRAY_LEN, ast_cli_register_multiple, ast_log, ast_sorcery_apply_default, AST_SORCERY_APPLY_SUCCESS, ast_sorcery_internal_object_register, ast_sorcery_load_object(), ast_sorcery_object_field_register, ast_sorcery_object_field_register_nodoc, ast_sorcery_object_register, CONFIG_TYPE, enum_option_register, eprofile_apply(), get_sorcery(), LOG_ERROR, NULL, OPT_NOOP_T, profile_alloc(), profile_apply(), register_common_attestation_fields, register_common_verification_fields, sorcery, and stir_shaken_profile_cli.

Referenced by common_config_load().

◆ profile_reload()

int profile_reload ( void )

Definition at line 412 of file profile_config.c.

{
    struct ast_sorcery *sorcery = get_sorcery();
    ast_sorcery_force_reload_object(sorcery, CONFIG_TYPE);
    ast_sorcery_force_reload_object(sorcery, "eprofile");
    return 0;
}

References ast_sorcery_force_reload_object(), CONFIG_TYPE, get_sorcery(), and sorcery.

Referenced by common_config_reload().

◆ profile_unload()

int profile_unload ( void )

Definition at line 420 of file profile_config.c.

{
    ast_cli_unregister_multiple(stir_shaken_profile_cli,
        ARRAY_LEN(stir_shaken_profile_cli));
 
    return 0;
}

References ARRAY_LEN, ast_cli_unregister_multiple(), and stir_shaken_profile_cli.

Referenced by common_config_unload().

◆ stir_shaken_failure_action_from_str()

enum stir_shaken_failure_action_enum stir_shaken_failure_action_from_str ( const char * action_str )

◆ stir_shaken_failure_action_to_str()

const char * stir_shaken_failure_action_to_str ( enum stir_shaken_failure_action_enum action )

◆ tn_config_load()

int tn_config_load ( void )

Definition at line 251 of file tn_config.c.

{
    struct ast_sorcery *sorcery = get_sorcery();
 
    ast_sorcery_apply_default(sorcery, CONFIG_TYPE, "config", "stir_shaken.conf,criteria=type=tn");
 
    if (ast_sorcery_object_register(sorcery, CONFIG_TYPE, tn_alloc,
            NULL, tn_apply)) {
        ast_log(LOG_ERROR, "stir/shaken - failed to register '%s' sorcery object\n", CONFIG_TYPE);
        return AST_MODULE_LOAD_DECLINE;
    }
 
    ast_sorcery_object_field_register(sorcery, CONFIG_TYPE, "type", "",
        OPT_NOOP_T, 0, 0);
 
    register_common_attestation_fields(sorcery, tn_cfg, CONFIG_TYPE,);
 
    ast_sorcery_load_object(sorcery, CONFIG_TYPE);
 
    ast_cli_register_multiple(stir_shaken_certificate_cli,
        ARRAY_LEN(stir_shaken_certificate_cli));
 
    return AST_MODULE_LOAD_SUCCESS;
}

References ARRAY_LEN, ast_cli_register_multiple, ast_log, AST_MODULE_LOAD_DECLINE, AST_MODULE_LOAD_SUCCESS, ast_sorcery_apply_default, ast_sorcery_load_object(), ast_sorcery_object_field_register, ast_sorcery_object_register, CONFIG_TYPE, get_sorcery(), LOG_ERROR, NULL, OPT_NOOP_T, register_common_attestation_fields, sorcery, stir_shaken_certificate_cli, tn_alloc(), and tn_apply().

Referenced by common_config_load().

◆ tn_config_reload()

int tn_config_reload ( void )

Definition at line 236 of file tn_config.c.

{
    struct ast_sorcery *sorcery = get_sorcery();
    ast_sorcery_force_reload_object(sorcery, CONFIG_TYPE);
    return AST_MODULE_LOAD_SUCCESS;
}

References AST_MODULE_LOAD_SUCCESS, ast_sorcery_force_reload_object(), CONFIG_TYPE, get_sorcery(), and sorcery.

Referenced by common_config_reload().

◆ tn_config_unload()

int tn_config_unload ( void )

Definition at line 243 of file tn_config.c.

{
    ast_cli_unregister_multiple(stir_shaken_certificate_cli,
        ARRAY_LEN(stir_shaken_certificate_cli));
 
    return 0;
}

References ARRAY_LEN, ast_cli_unregister_multiple(), and stir_shaken_certificate_cli.

Referenced by common_config_unload().

◆ tn_get_cfg()

struct tn_cfg * tn_get_cfg ( const char * tn )

Definition at line 37 of file tn_config.c.

{
    return ast_sorcery_retrieve_by_id(get_sorcery(), CONFIG_TYPE, id);
}

References ast_sorcery_retrieve_by_id(), CONFIG_TYPE, and get_sorcery().

Referenced by cli_tn_show().

◆ tn_get_etn()

struct tn_cfg * tn_get_etn	(	const char *	tn,
		struct profile_cfg *	eprofile
	)

Definition at line 109 of file tn_config.c.

{
    RAII_VAR(struct tn_cfg *, tn,
        ast_sorcery_retrieve_by_id(get_sorcery(), CONFIG_TYPE, S_OR(id, "")),
        ao2_cleanup);
    struct tn_cfg *etn = etn_alloc(id);
    int rc = 0;
 
    if (!tn || !eprofile || !etn) {
        ao2_cleanup(etn);
        return NULL;
    }
 
    /* Initialize with the acfg from the eprofile first */
    rc = as_copy_cfg_common(id, &etn->acfg_common,
        &eprofile->acfg_common);
    if (rc != 0) {
        ao2_cleanup(etn);
        return NULL;
    }
 
    /* Overwrite with anything in the TN itself */
    rc = as_copy_cfg_common(id, &etn->acfg_common,
        &tn->acfg_common);
    if (rc != 0) {
        ao2_cleanup(etn);
        return NULL;
    }
 
    /*
     * Unlike profile, we're not going to actually add a
     * new object to sorcery because, although unlikely,
     * the same TN could be used with multiple profiles.
     */
 
    return etn;
}

References profile_cfg::acfg_common, tn_cfg::acfg_common, ao2_cleanup, as_copy_cfg_common(), ast_sorcery_retrieve_by_id(), CONFIG_TYPE, etn_alloc(), get_sorcery(), NULL, RAII_VAR, and S_OR.

Referenced by ast_stir_shaken_as_ctx_create().

◆ vcfg_cleanup()

void vcfg_cleanup ( struct verification_cfg_common * cfg )

Definition at line 73 of file verification_config.c.

{
    if (!vcfg_common) {
        return;
    }
    ast_string_field_free_memory(vcfg_common);
    if (vcfg_common->tcs) {
        crypto_free_cert_store(vcfg_common->tcs);
    }
    ast_free_acl_list(vcfg_common->acl);
}

References verification_cfg_common::acl, ast_free_acl_list(), ast_string_field_free_memory, crypto_free_cert_store, verification_cfg_common::tcs, and verification_cfg::vcfg_common.

Referenced by profile_destructor(), and verification_destructor().

◆ vs_check_common_config()

int vs_check_common_config	(	const char *	id,
		struct verification_cfg_common *	vcfg_common
	)

Definition at line 162 of file verification_config.c.

{
    SCOPE_ENTER(3, "%s: Checking common config\n", id);
 
    if (!ast_strlen_zero(vcfg_common->ca_file)
        && !ast_file_is_readable(vcfg_common->ca_file)) {
        SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
            "%s: ca_file '%s' not found, or is unreadable\n",
            id, vcfg_common->ca_file);
    }
 
    if (!ast_strlen_zero(vcfg_common->ca_path)
        && !ast_file_is_readable(vcfg_common->ca_path)) {
        SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
            "%s: ca_path '%s' not found, or is unreadable\n",
            id, vcfg_common->ca_path);
    }
 
    if (!ast_strlen_zero(vcfg_common->crl_file)
        && !ast_file_is_readable(vcfg_common->crl_file)) {
        SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
            "%s: crl_file '%s' not found, or is unreadable\n",
            id, vcfg_common->crl_file);
    }
 
    if (!ast_strlen_zero(vcfg_common->crl_path)
        && !ast_file_is_readable(vcfg_common->crl_path)) {
        SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
            "%s: crl_path '%s' not found, or is unreadable\n",
            id, vcfg_common->crl_path);
    }
 
    if (!ast_strlen_zero(vcfg_common->untrusted_cert_file)
        && !ast_file_is_readable(vcfg_common->untrusted_cert_file)) {
        SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
            "%s: untrusted_cert_file '%s' not found, or is unreadable\n",
            id, vcfg_common->untrusted_cert_file);
    }
 
    if (!ast_strlen_zero(vcfg_common->untrusted_cert_path)
        && !ast_file_is_readable(vcfg_common->untrusted_cert_path)) {
        SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
            "%s: untrusted_cert_path '%s' not found, or is unreadable\n",
            id, vcfg_common->untrusted_cert_path);
    }
 
    if (!ast_strlen_zero(vcfg_common->ca_file)
        || !ast_strlen_zero(vcfg_common->ca_path)) {
        int rc = 0;
 
        if (!vcfg_common->tcs) {
            vcfg_common->tcs = crypto_create_cert_store();
            if (!vcfg_common->tcs) {
                SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
                    "%s: Unable to create CA cert store\n", id);
            }
        }
        rc = crypto_load_cert_store(vcfg_common->tcs,
            vcfg_common->ca_file, vcfg_common->ca_path);
        if (rc != 0) {
            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
                "%s: Unable to load CA cert store from '%s' or '%s'\n",
                id, vcfg_common->ca_file, vcfg_common->ca_path);
        }
    }
 
    if (!ast_strlen_zero(vcfg_common->crl_file)
        || !ast_strlen_zero(vcfg_common->crl_path)) {
        int rc = 0;
 
        if (!vcfg_common->tcs) {
            vcfg_common->tcs = crypto_create_cert_store();
            if (!vcfg_common->tcs) {
                SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
                    "%s: Unable to create CA cert store\n", id);
            }
        }
        rc = crypto_load_crl_store(vcfg_common->tcs,
            vcfg_common->crl_file, vcfg_common->crl_path);
        if (rc != 0) {
            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
                "%s: Unable to load CA CRL store from '%s' or '%s'\n",
                id, vcfg_common->crl_file, vcfg_common->crl_path);
        }
    }
 
    if (!ast_strlen_zero(vcfg_common->untrusted_cert_file)
        || !ast_strlen_zero(vcfg_common->untrusted_cert_path)) {
        int rc = 0;
 
        if (!vcfg_common->tcs) {
            vcfg_common->tcs = crypto_create_cert_store();
            if (!vcfg_common->tcs) {
                SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
                    "%s: Unable to create CA cert store\n", id);
            }
        }
        rc = crypto_load_untrusted_cert_store(vcfg_common->tcs,
            vcfg_common->untrusted_cert_file, vcfg_common->untrusted_cert_path);
        if (rc != 0) {
            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
                "%s: Unable to load CA CRL store from '%s' or '%s'\n",
                id, vcfg_common->untrusted_cert_file, vcfg_common->untrusted_cert_path);
        }
    }
 
    if (vcfg_common->tcs) {
        if (ENUM_BOOL(vcfg_common->load_system_certs, load_system_certs)) {
            X509_STORE_set_default_paths(vcfg_common->tcs->certs);
        }
 
        if (!ast_strlen_zero(vcfg_common->crl_file)
            || !ast_strlen_zero(vcfg_common->crl_path)) {
            X509_STORE_set_flags(vcfg_common->tcs->certs, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_EXTENDED_CRL_SUPPORT);
        }
    }
 
    if (!ast_strlen_zero(vcfg_common->cert_cache_dir)) {
        FILE *fp;
        char *testfile;
 
        if (ast_asprintf(&testfile, "%s/testfile", vcfg_common->cert_cache_dir) <= 0) {
            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
                "%s: Unable to allocate memory for testfile\n", id);
        }
 
        fp = fopen(testfile, "w+");
        if (!fp) {
            ast_free(testfile);
            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
                "%s: cert_cache_dir '%s' was not writable\n",
                id, vcfg_common->cert_cache_dir);
        }
        fclose(fp);
        remove(testfile);
        ast_free(testfile);
    }
 
    SCOPE_EXIT_RTN_VALUE(0, "%s: Done\n", id);
}

Referenced by profile_apply(), and verification_apply().

◆ vs_config_load()

int vs_config_load ( void )

Definition at line 441 of file verification_config.c.

{
    struct ast_sorcery *sorcery = get_sorcery();
 
    snprintf(DEFAULT_cert_cache_dir, sizeof(DEFAULT_cert_cache_dir), "%s/keys/%s/cache",
        ast_config_AST_DATA_DIR, STIR_SHAKEN_DIR_NAME);
 
    ast_sorcery_apply_default(sorcery, CONFIG_TYPE, "config",
        "stir_shaken.conf,criteria=type=" CONFIG_TYPE ",single_object=yes,explicit_name=" CONFIG_TYPE);
 
    if (ast_sorcery_object_register(sorcery, CONFIG_TYPE, verification_alloc,
            NULL, verification_apply)) {
        ast_log(LOG_ERROR, "stir/shaken - failed to register '%s' sorcery object\n", CONFIG_TYPE);
        return -1;
    }
 
    ast_sorcery_object_field_register_nodoc(sorcery, CONFIG_TYPE, "type", "",
        OPT_NOOP_T, 0, 0);
 
    ast_sorcery_object_field_register(sorcery, CONFIG_TYPE, "global_disable",
        DEFAULT_global_disable ? "yes" : "no",
        OPT_YESNO_T, 1, FLDSET(struct verification_cfg, global_disable));
 
    register_common_verification_fields(sorcery, verification_cfg, CONFIG_TYPE,);
 
    ast_sorcery_load_object(sorcery, CONFIG_TYPE);
 
    if (!vs_is_config_loaded()) {
        ast_log(LOG_WARNING,"Stir/Shaken verification service disabled.  Either there were errors in the 'verification' object in stir_shaken.conf or it was missing altogether.\n");
    }
    if (!empty_cfg) {
        empty_cfg = verification_alloc(CONFIG_TYPE);
        if (!empty_cfg) {
            return -1;
        }
        empty_cfg->global_disable = 1;
    }
 
    ast_cli_register_multiple(verification_cli,
        ARRAY_LEN(verification_cli));
 
    return 0;
}

References ARRAY_LEN, ast_cli_register_multiple, ast_config_AST_DATA_DIR, ast_log, ast_sorcery_apply_default, ast_sorcery_load_object(), ast_sorcery_object_field_register, ast_sorcery_object_field_register_nodoc, ast_sorcery_object_register, CONFIG_TYPE, DEFAULT_cert_cache_dir, DEFAULT_global_disable, empty_cfg, FLDSET, get_sorcery(), verification_cfg::global_disable, LOG_ERROR, LOG_WARNING, NULL, OPT_NOOP_T, OPT_YESNO_T, register_common_verification_fields, sorcery, STIR_SHAKEN_DIR_NAME, verification_alloc(), verification_apply(), verification_cli, and vs_is_config_loaded().

Referenced by vs_load().

◆ vs_config_reload()

int vs_config_reload ( void )

Definition at line 413 of file verification_config.c.

{
    struct ast_sorcery *sorcery = get_sorcery();
    ast_sorcery_force_reload_object(sorcery, CONFIG_TYPE);
 
    if (!vs_is_config_loaded()) {
        ast_log(LOG_WARNING,"Stir/Shaken verification service disabled.  Either there were errors in the 'verification' object in stir_shaken.conf or it was missing altogether.\n");
    }
    if (!empty_cfg) {
        empty_cfg = verification_alloc(CONFIG_TYPE);
        if (!empty_cfg) {
            return -1;
        }
        empty_cfg->global_disable = 1;
    }
 
    return 0;
}

References ast_log, ast_sorcery_force_reload_object(), CONFIG_TYPE, empty_cfg, get_sorcery(), verification_cfg::global_disable, LOG_WARNING, sorcery, verification_alloc(), and vs_is_config_loaded().

Referenced by vs_reload().

◆ vs_config_unload()

int vs_config_unload ( void )

Definition at line 432 of file verification_config.c.

{
    ast_cli_unregister_multiple(verification_cli,
        ARRAY_LEN(verification_cli));
    ao2_cleanup(empty_cfg);
 
    return 0;
}

References ao2_cleanup, ARRAY_LEN, ast_cli_unregister_multiple(), empty_cfg, and verification_cli.

Referenced by vs_unload().

◆ vs_copy_cfg_common()

int vs_copy_cfg_common	(	const char *	id,
		struct verification_cfg_common *	cfg_dst,
		struct verification_cfg_common *	cfg_src
	)

Definition at line 120 of file verification_config.c.

{
    int rc = 0;
 
    if (!cfg_dst || !cfg_src) {
        return -1;
    }
 
    if (!cfg_dst->tcs && cfg_src->tcs) {
        cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, ca_file);
        cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, ca_path);
        cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, crl_file);
        cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, crl_path);
        cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, untrusted_cert_file);
        cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, untrusted_cert_path);
        ao2_bump(cfg_src->tcs);
        cfg_dst->tcs = cfg_src->tcs;
    }
 
    cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, cert_cache_dir);
 
    cfg_uint_copy(cfg_dst, cfg_src, curl_timeout);
    cfg_uint_copy(cfg_dst, cfg_src, max_iat_age);
    cfg_uint_copy(cfg_dst, cfg_src, max_date_header_age);
    cfg_uint_copy(cfg_dst, cfg_src, max_cache_entry_age);
    cfg_uint_copy(cfg_dst, cfg_src, max_cache_size);
 
    cfg_enum_copy(cfg_dst, cfg_src, stir_shaken_failure_action);
    cfg_enum_copy(cfg_dst, cfg_src, use_rfc9410_responses);
    cfg_enum_copy(cfg_dst, cfg_src, relax_x5u_port_scheme_restrictions);
    cfg_enum_copy(cfg_dst, cfg_src, relax_x5u_path_restrictions);
    cfg_enum_copy(cfg_dst, cfg_src, load_system_certs);
 
    if (cfg_src->acl) {
        ast_free_acl_list(cfg_dst->acl);
        cfg_dst->acl = ast_duplicate_acl_list(cfg_src->acl);
    }
 
    return rc;
}

References verification_cfg_common::acl, ao2_bump, ast_duplicate_acl_list(), ast_free_acl_list(), cfg_enum_copy, cfg_sf_copy_wrapper, cfg_uint_copy, and verification_cfg_common::tcs.

Referenced by create_effective_profile().

◆ vs_get_cfg()

struct verification_cfg * vs_get_cfg ( void )

Definition at line 51 of file verification_config.c.

{
    struct verification_cfg *cfg = ast_sorcery_retrieve_by_id(get_sorcery(),
        CONFIG_TYPE, CONFIG_TYPE);
    if (cfg) {
        return cfg;
    }
 
    return empty_cfg ? ao2_bump(empty_cfg) : NULL;
}

References ao2_bump, ast_sorcery_retrieve_by_id(), CONFIG_TYPE, empty_cfg, get_sorcery(), and NULL.

Referenced by add_cert_expiration_to_astdb(), ast_stir_shaken_vs_ctx_create(), cli_verification_show(), cli_verify_cert(), and create_effective_profile().

◆ vs_is_config_loaded()

int vs_is_config_loaded ( void )

Definition at line 62 of file verification_config.c.

{
    struct verification_cfg *cfg = ast_sorcery_retrieve_by_id(get_sorcery(),
        CONFIG_TYPE, CONFIG_TYPE);
    ao2_cleanup(cfg);
 
    return !!cfg;
}

References ao2_cleanup, ast_sorcery_retrieve_by_id(), CONFIG_TYPE, and get_sorcery().

Referenced by cli_verification_show(), vs_config_load(), and vs_config_reload().

Data Structures

Macros

Enumerations

Functions

Macro Definition Documentation

◆ cfg_enum_copy

◆ cfg_sf_copy_wrapper

◆ cfg_stringfield_copy

◆ cfg_uint_copy

◆ EFFECTIVE_ENUM

◆ EFFECTIVE_ENUM_BOOL

◆ ENUM_BOOL

◆ enum_option_register

◆ enum_option_register_ex

◆ generate_acfg_common_sorcery_handlers

◆ generate_bool_string_prototypes

◆ generate_enum_string_prototypes

◆ generate_sorcery_acl_from_str

◆ generate_sorcery_acl_to_str

◆ generate_sorcery_enum_from_str

◆ generate_sorcery_enum_from_str_ex

◆ generate_sorcery_enum_to_str

◆ generate_vcfg_common_sorcery_handlers

◆ PROFILE_ALLOW_ATTEST

◆ PROFILE_ALLOW_VERIFY

◆ register_common_attestation_fields

◆ register_common_verification_fields

◆ stringfield_option_register

◆ uint_option_register

Enumeration Type Documentation

◆ config_object_type

Function Documentation

◆ acfg_cleanup()

◆ as_check_common_config()

◆ as_config_load()

◆ as_config_reload()

◆ as_config_unload()

◆ as_copy_cfg_common()

◆ as_get_cfg()

◆ as_is_config_loaded()

◆ canonicalize_tn()

◆ canonicalize_tn_alloc()

◆ common_config_load()

◆ common_config_reload()

◆ common_config_unload()

◆ config_object_cli_show()

◆ config_object_tab_complete_name()

◆ eprofile_get_all()

◆ eprofile_get_cfg()

◆ generate_bool_string_prototypes() [1/6]

◆ generate_bool_string_prototypes() [2/6]

◆ generate_bool_string_prototypes() [3/6]

◆ generate_bool_string_prototypes() [4/6]

◆ generate_bool_string_prototypes() [5/6]

◆ generate_bool_string_prototypes() [6/6]

◆ generate_enum_string_prototypes() [1/2]

◆ generate_enum_string_prototypes() [2/2]

◆ get_default_acl_list()

◆ profile_get_all()

◆ profile_get_cfg()

◆ profile_load()

◆ profile_reload()

◆ profile_unload()

◆ stir_shaken_failure_action_from_str()

◆ stir_shaken_failure_action_to_str()

◆ tn_config_load()

◆ tn_config_reload()

◆ tn_config_unload()

◆ tn_get_cfg()

◆ tn_get_etn()

◆ vcfg_cleanup()

◆ vs_check_common_config()

◆ vs_config_load()

◆ vs_config_reload()

◆ vs_config_unload()

◆ vs_copy_cfg_common()

◆ vs_get_cfg()

◆ vs_is_config_loaded()