27 #include "stir_shaken.h"
29 #define CONFIG_TYPE "profile"
31 #define DEFAULT_endpoint_behavior endpoint_behavior_OFF
33 #define DEFAULT_ca_file NULL
34 #define DEFAULT_ca_path NULL
35 #define DEFAULT_crl_file NULL
36 #define DEFAULT_crl_path NULL
37 #define DEFAULT_cert_cache_dir NULL
39 #define DEFAULT_curl_timeout 0
40 #define DEFAULT_max_iat_age 0
41 #define DEFAULT_max_date_header_age 0
42 #define DEFAULT_max_cache_entry_age 0
43 #define DEFAULT_max_cache_size 0
45 #define DEFAULT_stir_shaken_failure_action stir_shaken_failure_action_NOT_SET
46 #define DEFAULT_use_rfc9410_responses use_rfc9410_responses_NOT_SET
47 #define DEFAULT_relax_x5u_port_scheme_restrictions relax_x5u_port_scheme_restrictions_NOT_SET
48 #define DEFAULT_relax_x5u_path_restrictions relax_x5u_path_restrictions_NOT_SET
49 #define DEFAULT_load_system_certs load_system_certs_NOT_SET
51 #define DEFAULT_check_tn_cert_public_url check_tn_cert_public_url_NOT_SET
52 #define DEFAULT_private_key_file NULL
53 #define DEFAULT_public_cert_url NULL
54 #define DEFAULT_attest_level attest_level_NOT_SET
55 #define DEFAULT_send_mky send_mky_NOT_SET
57 static void profile_destructor(
void *obj)
62 acfg_cleanup(&cfg->acfg_common);
63 vcfg_cleanup(&cfg->vcfg_common);
65 ao2_cleanup(cfg->eprofile);
70 static void *profile_alloc(
const char *name)
109 struct profile_cfg *profile_get_cfg(
const char *
id)
111 if (ast_strlen_zero(
id)) {
123 struct profile_cfg *eprofile_get_cfg(
const char *
id)
125 if (ast_strlen_zero(
id)) {
131 static struct profile_cfg *create_effective_profile(
143 ast_log(LOG_ERROR,
"%s: Unable to allocate memory for effective profile\n",
id);
147 rc = vs_copy_cfg_common(
id, &eprofile->vcfg_common,
150 ao2_cleanup(eprofile);
154 rc = vs_copy_cfg_common(
id, &eprofile->vcfg_common,
155 &base_profile->vcfg_common);
157 ao2_cleanup(eprofile);
161 rc = as_copy_cfg_common(
id, &eprofile->acfg_common,
164 ao2_cleanup(eprofile);
168 rc = as_copy_cfg_common(
id, &eprofile->acfg_common,
169 &base_profile->acfg_common);
171 ao2_cleanup(eprofile);
175 eprofile->endpoint_behavior = base_profile->endpoint_behavior;
177 if (eprofile->endpoint_behavior == endpoint_behavior_ON) {
178 if (acfg->global_disable && vcfg->global_disable) {
179 eprofile->endpoint_behavior = endpoint_behavior_OFF;
180 }
else if (acfg->global_disable && !vcfg->global_disable) {
181 eprofile->endpoint_behavior = endpoint_behavior_VERIFY;
182 }
else if (!acfg->global_disable && vcfg->global_disable) {
183 eprofile->endpoint_behavior = endpoint_behavior_ATTEST;
185 }
else if (eprofile->endpoint_behavior == endpoint_behavior_ATTEST
186 && acfg->global_disable) {
187 eprofile->endpoint_behavior = endpoint_behavior_OFF;
188 }
else if (eprofile->endpoint_behavior == endpoint_behavior_VERIFY
189 && vcfg->global_disable) {
190 eprofile->endpoint_behavior = endpoint_behavior_OFF;
194 if (existing_eprofile) {
195 ao2_cleanup(existing_eprofile);
211 static int profile_apply(
const struct ast_sorcery *sorcery,
void *obj)
216 if (PROFILE_ALLOW_ATTEST(cfg)
217 && as_check_common_config(
id, &cfg->acfg_common) != 0) {
221 if (PROFILE_ALLOW_VERIFY(cfg)
222 && vs_check_common_config(
id, &cfg->vcfg_common) !=0) {
226 cfg->eprofile = create_effective_profile(cfg);
227 if (!cfg->eprofile) {
234 static int eprofile_apply(
const struct ast_sorcery *sorcery,
void *obj)
239 if (PROFILE_ALLOW_VERIFY(cfg) && !cfg->vcfg_common.tcs) {
240 ast_log(LOG_ERROR,
"%s: Neither this profile nor default"
241 " verification options specify ca_file or ca_path\n",
id);
247 generate_acfg_common_sorcery_handlers(
profile_cfg);
248 generate_vcfg_common_sorcery_handlers(
profile_cfg);
250 generate_sorcery_enum_from_str(
profile_cfg, , endpoint_behavior, UNKNOWN);
251 generate_sorcery_enum_to_str(
profile_cfg, , endpoint_behavior);
258 .object_type = config_object_type_profile,
263 e->
command =
"stir_shaken show profile";
265 "Usage: stir_shaken show profile <id>\n"
266 " Show the stir/shaken profile settings for a given id\n";
270 return config_object_tab_complete_name(a->word, profile_get_all());
277 return CLI_SHOWUSAGE;
280 profile = profile_get_cfg(a->argv[3]);
282 ast_log(LOG_ERROR,
"Profile %s doesn't exist\n", a->argv[3]);
285 config_object_cli_show(profile, a, &data, 0);
287 ao2_cleanup(profile);
297 .object_type = config_object_type_profile,
302 e->
command =
"stir_shaken show profiles";
304 "Usage: stir_shaken show profiles\n"
305 " Show all profiles for stir/shaken\n";
312 return CLI_SHOWUSAGE;
315 container = profile_get_all();
317 ast_cli(a->fd,
"No stir/shaken profiles found\n");
318 ao2_cleanup(container);
322 ao2_callback_data(container,
OBJ_NODATA, config_object_cli_show, a, &data);
332 .title =
"Effective Profile",
333 .object_type = config_object_type_profile,
338 e->
command =
"stir_shaken show eprofile";
340 "Usage: stir_shaken show eprofile <id>\n"
341 " Show the stir/shaken eprofile settings for a given id\n";
345 return config_object_tab_complete_name(a->word, eprofile_get_all());
352 return CLI_SHOWUSAGE;
355 profile = eprofile_get_cfg(a->argv[3]);
357 ast_log(LOG_ERROR,
"Effective Profile %s doesn't exist\n", a->argv[3]);
360 config_object_cli_show(profile, a, &data, 0);
362 ao2_cleanup(profile);
371 .title =
"Effective Profile",
372 .object_type = config_object_type_profile,
377 e->
command =
"stir_shaken show eprofiles";
379 "Usage: stir_shaken show eprofiles\n"
380 " Show all eprofiles for stir/shaken\n";
387 return CLI_SHOWUSAGE;
390 container = eprofile_get_all();
392 ast_cli(a->fd,
"No stir/shaken eprofiles found\n");
393 ao2_cleanup(container);
397 ao2_callback_data(container,
OBJ_NODATA, config_object_cli_show, a, &data);
404 AST_CLI_DEFINE(cli_profile_show,
"Show stir/shaken profile by id"),
405 AST_CLI_DEFINE(cli_profile_show_all,
"Show all stir/shaken profiles"),
406 AST_CLI_DEFINE(cli_eprofile_show,
"Show stir/shaken eprofile by id"),
407 AST_CLI_DEFINE(cli_eprofile_show_all,
"Show all stir/shaken eprofiles"),
410 int profile_reload(
void)
418 int profile_unload(
void)
421 ARRAY_LEN(stir_shaken_profile_cli));
426 int profile_load(
void)
434 apply_rc = ast_sorcery_apply_default(sorcery,
"eprofile",
"memory", NULL);
439 profile_alloc, NULL, eprofile_apply)) {
440 ast_log(LOG_ERROR,
"stir/shaken - failed to register '%s' sorcery object\n",
"eprofile");
445 enum_option_register(sorcery,
"eprofile", endpoint_behavior, _nodoc);
446 register_common_verification_fields(sorcery,
profile_cfg,
"eprofile", _nodoc);
447 register_common_attestation_fields(sorcery,
profile_cfg,
"eprofile", _nodoc);
452 ast_sorcery_apply_default(sorcery, CONFIG_TYPE,
"config",
"stir_shaken.conf,criteria=type=profile");
454 NULL, profile_apply)) {
455 ast_log(LOG_ERROR,
"stir/shaken - failed to register '%s' sorcery object\n", CONFIG_TYPE);
460 enum_option_register(sorcery, CONFIG_TYPE, endpoint_behavior,);
461 register_common_verification_fields(sorcery,
profile_cfg, CONFIG_TYPE,);
462 register_common_attestation_fields(sorcery,
profile_cfg, CONFIG_TYPE,);
468 ARRAY_LEN(stir_shaken_profile_cli));
Security Event Reporting API.
#define ast_sorcery_object_field_register_nodoc(sorcery, type, name, default_val, opt_type, flags,...)
Register a field within an object without documentation.
Asterisk main include file. File version handling, generic pbx functions.
int ao2_container_count(struct ao2_container *c)
Returns the number of elements in a container.
int ast_cli_unregister_multiple(struct ast_cli_entry *e, int len)
Unregister multiple commands.
void ast_sorcery_force_reload_object(const struct ast_sorcery *sorcery, const char *type)
Inform any wizards of a specific object type to reload persistent objects even if no changes determin...
Stasis Message Bus API. See Stasis Message Bus API for detailed documentation.
descriptor for a cli entry.
Perform no matching, return all objects.
Full structure for sorcery.
Type for a default handler that should do nothing.
#define ast_cli_register_multiple(e, len)
Register multiple commands.
int ast_sorcery_objectset_apply(const struct ast_sorcery *sorcery, void *object, struct ast_variable *objectset)
Apply an object set (KVP list) to an object.
Return all matching objects.
void ast_sorcery_load_object(const struct ast_sorcery *sorcery, const char *type)
Inform any wizards of a specific object type to load persistent objects.
void * ast_sorcery_retrieve_by_id(const struct ast_sorcery *sorcery, const char *type, const char *id)
Retrieve an object using its unique identifier.
int ast_sorcery_create(const struct ast_sorcery *sorcery, void *object)
Create and potentially persist an object using an available wizard.
#define ast_string_field_init(x, size)
Initialize a field pool and fields.
Access Control of various sorts.
#define ao2_ref(o, delta)
Reference/unreference an object and return the old refcount.
const char * ast_sorcery_object_get_id(const void *object)
Get the unique identifier of a sorcery object.
struct ao2_container * container
#define ast_sorcery_object_register(sorcery, type, alloc, transform, apply)
Register an object type.
#define ast_sorcery_internal_object_register(sorcery, type, alloc, transform, apply)
Register an internal, hidden object type.
void * ast_sorcery_alloc(const struct ast_sorcery *sorcery, const char *type, const char *id)
Allocate an object.
void * ast_sorcery_retrieve_by_fields(const struct ast_sorcery *sorcery, const char *type, unsigned int flags, struct ast_variable *fields)
Retrieve an object or multiple objects using specific fields.
#define ast_sorcery_object_field_register(sorcery, type, name, default_val, opt_type, flags,...)
Register a field within an object.
Standard Command Line Interface.
Profile configuration for stir/shaken.
void * ast_sorcery_generic_alloc(size_t size, ao2_destructor_fn destructor)
Allocate a generic sorcery capable object.
#define RAII_VAR(vartype, varname, initval, dtor)
Declare a variable that will call a destructor function when it goes out of scope.
#define ast_string_field_free_memory(x)
free all memory - to be called before destroying the object
Sorcery Data Access Layer API.
int ast_sorcery_update(const struct ast_sorcery *sorcery, void *object)
Update an object.