19 #ifndef COMMON_CONFIG_H_
20 #define COMMON_CONFIG_H_
22 #include <openssl/evp.h>
60 #define generate_bool_string_prototypes(param_name) \
61 enum param_name ## _enum { \
62 param_name ## _UNKNOWN = -1, \
63 param_name ## _NO = 0, \
65 param_name ## _NOT_SET, \
67 enum param_name ## _enum \
68 param_name ## _from_str(const char *value); \
69 const char *param_name ## _to_str(enum param_name ## _enum value);
74 generate_bool_string_prototypes(use_rfc9410_responses);
76 generate_bool_string_prototypes(relax_x5u_port_scheme_restrictions);
78 generate_bool_string_prototypes(relax_x5u_path_restrictions);
80 generate_bool_string_prototypes(load_system_certs);
82 generate_bool_string_prototypes(check_tn_cert_public_url);
84 generate_bool_string_prototypes(send_mky);
94 #define generate_enum_string_prototypes(param_name, ...) \
95 enum param_name ## _enum { \
98 enum param_name ## _enum \
99 param_name ## _from_str(const char *value); \
100 const char *param_name ## _to_str(enum param_name ## _enum value);
102 generate_enum_string_prototypes(endpoint_behavior,
103 endpoint_behavior_UNKNOWN = -1,
104 endpoint_behavior_OFF = 0,
105 endpoint_behavior_ATTEST,
106 endpoint_behavior_VERIFY,
107 endpoint_behavior_ON,
108 endpoint_behavior_NOT_SET
111 generate_enum_string_prototypes(attest_level,
112 attest_level_UNKNOWN = -1,
116 attest_level_NOT_SET,
125 enum stir_shaken_failure_action_enum
126 stir_shaken_failure_action_from_str(
const char *action_str);
128 const char *stir_shaken_failure_action_to_str(
129 enum stir_shaken_failure_action_enum action);
139 #define generate_sorcery_enum_to_str(__struct, __substruct, __lc_param) \
140 static int sorcery_ ## __lc_param ## _to_str(const void *obj, const intptr_t *args, char **buf) \
142 const struct __struct *cfg = obj; \
143 *buf = ast_strdup(__lc_param ## _to_str(cfg->__substruct __lc_param)); \
144 return *buf ? 0 : -1; \
147 #define generate_sorcery_enum_from_str_ex(__struct, __substruct, __lc_param, __unknown) \
148 static int sorcery_ ## __lc_param ## _from_str(const struct aco_option *opt, struct ast_variable *var, void *obj) \
150 struct __struct *cfg = obj; \
151 cfg->__substruct __lc_param = __lc_param ## _from_str (var->value); \
152 if (cfg->__substruct __lc_param == __unknown) { \
153 ast_log(LOG_WARNING, "Unknown value '%s' specified for %s\n", \
154 var->value, var->name); \
160 #define generate_sorcery_enum_from_str(__struct, __substruct, __lc_param, __unknown) \
161 generate_sorcery_enum_from_str_ex(__struct, __substruct, __lc_param, __lc_param ## _ ## __unknown) \
164 #define generate_sorcery_acl_to_str(__struct, __lc_param) \
165 static int sorcery_acl_to_str(const void *obj, const intptr_t *args, char **buf) \
167 const struct __struct *cfg = obj; \
168 struct ast_acl *first_acl; \
169 if (!ast_acl_list_is_empty(cfg->vcfg_common.acl)) { \
170 AST_LIST_LOCK(cfg->vcfg_common.acl); \
171 first_acl = AST_LIST_FIRST(cfg->vcfg_common.acl); \
172 if (ast_strlen_zero(first_acl->name)) { \
173 *buf = "deny/permit"; \
175 *buf = first_acl->name; \
177 AST_LIST_UNLOCK(cfg->vcfg_common.acl); \
179 *buf = ast_strdup(*buf); \
183 #define generate_sorcery_acl_from_str(__struct, __lc_param, __unknown) \
184 static int sorcery_acl_from_str(const struct aco_option *opt, struct ast_variable *var, void *obj) \
186 struct __struct *cfg = obj; \
189 const char *name = var->name + strlen("x5u_"); \
190 if (ast_strlen_zero(var->value)) { \
193 ast_append_acl(name, var->value, &cfg->vcfg_common.acl, &error, &ignore); \
199 #define EFFECTIVE_ENUM(__enum1, __enum2, __field, __default) \
200 ( __enum1 != ( __field ## _ ## NOT_SET ) ? __enum1 : \
201 (__enum2 != __field ## _ ## NOT_SET ? \
202 __enum2 : __default ))
204 #define EFFECTIVE_ENUM_BOOL(__enum1, __enum2, __field, __default) \
205 (( __enum1 != ( __field ## _ ## NOT_SET ) ? __enum1 : \
206 (__enum2 != __field ## _ ## NOT_SET ? \
207 __enum2 : __field ## _ ## __default )) == __field ## _ ## YES)
209 #define ENUM_BOOL(__enum1, __field) \
210 (__enum1 == ( __field ## _ ## YES ))
222 #define cfg_stringfield_copy(__cfg_dst, __cfg_src, __field) \
225 if (!ast_strlen_zero(__cfg_src->__field)) { \
226 __res = ast_string_field_set(__cfg_dst, __field, __cfg_src->__field); \
237 #define cfg_sf_copy_wrapper(id, __cfg_dst, __cfg_src, __field) \
239 int rc = cfg_stringfield_copy(__cfg_dst, __cfg_src, __field); \
241 ast_log(LOG_ERROR, "%s: Unable to copy field %s from %s to %s\n", \
242 id, #__field, #__cfg_src, #__cfg_dst); \
253 #define cfg_uint_copy(__cfg_dst, __cfg_src, __field) \
255 if (__cfg_src->__field > 0) { \
256 __cfg_dst->__field = __cfg_src->__field; \
266 #define cfg_enum_copy(__cfg_dst, __cfg_src, __field) \
268 if (__cfg_src->__field != __field ## _NOT_SET \
269 && __cfg_src->__field != __field ## _UNKNOWN) { \
270 __cfg_dst->__field = __cfg_src->__field; \
284 enum attest_level_enum attest_level;
285 enum check_tn_cert_public_url_enum check_tn_cert_public_url;
286 enum send_mky_enum send_mky;
287 unsigned char *raw_key;
288 size_t raw_key_length;
291 #define generate_acfg_common_sorcery_handlers(object) \
292 generate_sorcery_enum_from_str(object, acfg_common., check_tn_cert_public_url, UNKNOWN); \
293 generate_sorcery_enum_to_str(object, acfg_common., check_tn_cert_public_url); \
294 generate_sorcery_enum_from_str(object, acfg_common., send_mky, UNKNOWN); \
295 generate_sorcery_enum_to_str(object, acfg_common., send_mky); \
296 generate_sorcery_enum_from_str(object, acfg_common., attest_level, UNKNOWN); \
297 generate_sorcery_enum_to_str(object, acfg_common., attest_level);
299 int as_check_common_config(
const char *
id,
308 SORCERY_OBJECT(details);
321 int as_is_config_loaded(
void);
322 int as_config_load(
void);
323 int as_config_reload(
void);
324 int as_config_unload(
void);
339 unsigned int curl_timeout;
340 unsigned int max_iat_age;
341 unsigned int max_date_header_age;
342 unsigned int max_cache_entry_age;
343 unsigned int max_cache_size;
344 enum stir_shaken_failure_action_enum
345 stir_shaken_failure_action;
346 enum use_rfc9410_responses_enum use_rfc9410_responses;
347 enum relax_x5u_port_scheme_restrictions_enum
348 relax_x5u_port_scheme_restrictions;
349 enum relax_x5u_path_restrictions_enum
350 relax_x5u_path_restrictions;
351 enum load_system_certs_enum load_system_certs;
357 #define generate_vcfg_common_sorcery_handlers(object) \
358 generate_sorcery_enum_from_str(object, vcfg_common.,use_rfc9410_responses, UNKNOWN); \
359 generate_sorcery_enum_to_str(object, vcfg_common.,use_rfc9410_responses); \
360 generate_sorcery_enum_from_str(object, vcfg_common.,stir_shaken_failure_action, UNKNOWN); \
361 generate_sorcery_enum_to_str(object, vcfg_common.,stir_shaken_failure_action); \
362 generate_sorcery_enum_from_str(object, vcfg_common.,relax_x5u_port_scheme_restrictions, UNKNOWN); \
363 generate_sorcery_enum_to_str(object, vcfg_common.,relax_x5u_port_scheme_restrictions); \
364 generate_sorcery_enum_from_str(object, vcfg_common.,relax_x5u_path_restrictions, UNKNOWN); \
365 generate_sorcery_enum_to_str(object, vcfg_common.,relax_x5u_path_restrictions); \
366 generate_sorcery_enum_from_str(object, vcfg_common.,load_system_certs, UNKNOWN); \
367 generate_sorcery_enum_to_str(object, vcfg_common.,load_system_certs); \
368 generate_sorcery_acl_from_str(object, acl, NULL); \
369 generate_sorcery_acl_to_str(object, acl);
371 int vs_check_common_config(
const char *
id,
380 SORCERY_OBJECT(details);
393 int vs_is_config_loaded(
void);
394 int vs_config_load(
void);
395 int vs_config_reload(
void);
396 int vs_config_unload(
void);
402 SORCERY_OBJECT(details);
412 enum endpoint_behavior_enum endpoint_behavior;
416 struct profile_cfg *profile_get_cfg(
const char *
id);
417 struct profile_cfg *eprofile_get_cfg(
const char *
id);
418 int profile_load(
void);
419 int profile_reload(
void);
420 int profile_unload(
void);
422 #define PROFILE_ALLOW_ATTEST(__profile) \
423 (__profile->endpoint_behavior == endpoint_behavior_ON || \
424 __profile->endpoint_behavior == endpoint_behavior_ATTEST)
426 #define PROFILE_ALLOW_VERIFY(__profile) \
427 (__profile->endpoint_behavior == endpoint_behavior_ON || \
428 __profile->endpoint_behavior == endpoint_behavior_VERIFY)
437 SORCERY_OBJECT(details);
448 struct tn_cfg *tn_get_cfg(
const char *tn);
449 struct tn_cfg *tn_get_etn(
const char *tn,
451 int tn_config_load(
void);
452 int tn_config_reload(
void);
453 int tn_config_unload(
void);
475 #define stringfield_option_register(sorcery, CONFIG_TYPE, object, name, field, nodoc) \
476 ast_sorcery_object_field_register ## nodoc(sorcery, CONFIG_TYPE, #name, \
477 DEFAULT_ ## name, OPT_STRINGFIELD_T, 0, \
478 STRFLDSET(struct object, field))
480 #define uint_option_register(sorcery, CONFIG_TYPE, object, name, field, nodoc) \
481 ast_sorcery_object_field_register ## nodoc(sorcery, CONFIG_TYPE, #name, \
482 __stringify(DEFAULT_ ## name), OPT_UINT_T, 0, \
483 FLDSET(struct object, field))
485 #define enum_option_register_ex(sorcery, CONFIG_TYPE, name, field, nodoc) \
486 ast_sorcery_object_field_register_custom ## nodoc(sorcery, CONFIG_TYPE, \
487 #name, field ## _to_str(DEFAULT_ ## field), \
488 sorcery_ ## field ## _from_str, sorcery_ ## field ## _to_str, NULL, 0, 0)
490 #define enum_option_register(sorcery, CONFIG_TYPE, name, nodoc) \
491 enum_option_register_ex(sorcery, CONFIG_TYPE, name, name, nodoc)
493 #define register_common_verification_fields(sorcery, object, CONFIG_TYPE, nodoc) \
495 stringfield_option_register(sorcery, CONFIG_TYPE, object, ca_file, vcfg_common.ca_file, nodoc); \
496 stringfield_option_register(sorcery, CONFIG_TYPE, object, ca_path, vcfg_common.ca_path, nodoc); \
497 stringfield_option_register(sorcery, CONFIG_TYPE, object, crl_file, vcfg_common.crl_file, nodoc); \
498 stringfield_option_register(sorcery, CONFIG_TYPE, object, crl_path, vcfg_common.crl_path, nodoc); \
499 stringfield_option_register(sorcery, CONFIG_TYPE, object, cert_cache_dir, vcfg_common.cert_cache_dir, nodoc); \
501 uint_option_register(sorcery, CONFIG_TYPE, object, curl_timeout, vcfg_common.curl_timeout, nodoc);\
502 uint_option_register(sorcery, CONFIG_TYPE, object, max_iat_age, vcfg_common.max_iat_age, nodoc);\
503 uint_option_register(sorcery, CONFIG_TYPE, object, max_date_header_age, vcfg_common.max_date_header_age, nodoc);\
504 uint_option_register(sorcery, CONFIG_TYPE, object, max_cache_entry_age, vcfg_common.max_cache_entry_age, nodoc);\
505 uint_option_register(sorcery, CONFIG_TYPE, object, max_cache_size, vcfg_common.max_cache_size, nodoc);\
507 enum_option_register_ex(sorcery, CONFIG_TYPE, failure_action, stir_shaken_failure_action, nodoc); \
508 enum_option_register(sorcery, CONFIG_TYPE, use_rfc9410_responses, nodoc); \
509 enum_option_register(sorcery, CONFIG_TYPE, \
510 relax_x5u_port_scheme_restrictions, nodoc); \
511 enum_option_register(sorcery, CONFIG_TYPE, \
512 relax_x5u_path_restrictions, nodoc); \
513 enum_option_register(sorcery, CONFIG_TYPE, \
514 load_system_certs, nodoc); \
516 ast_sorcery_object_field_register_custom ## nodoc(sorcery, CONFIG_TYPE, "x5u_deny", "", sorcery_acl_from_str, NULL, NULL, 0, 0); \
517 ast_sorcery_object_field_register_custom ## nodoc(sorcery, CONFIG_TYPE, "x5u_permit", "", sorcery_acl_from_str, NULL, NULL, 0, 0); \
518 ast_sorcery_object_field_register_custom ## nodoc(sorcery, CONFIG_TYPE, "x5u_acl", "", sorcery_acl_from_str, sorcery_acl_to_str, NULL, 0, 0); \
521 #define register_common_attestation_fields(sorcery, object, CONFIG_TYPE, nodoc) \
523 stringfield_option_register(sorcery, CONFIG_TYPE, object, private_key_file, acfg_common.private_key_file, nodoc); \
524 stringfield_option_register(sorcery, CONFIG_TYPE, object, public_cert_url, acfg_common.public_cert_url, nodoc); \
525 enum_option_register(sorcery, CONFIG_TYPE, attest_level, nodoc); \
526 enum_option_register(sorcery, CONFIG_TYPE, check_tn_cert_public_url, nodoc); \
527 enum_option_register(sorcery, CONFIG_TYPE, send_mky, nodoc); \
530 int common_config_load(
void);
531 int common_config_unload(
void);
532 int common_config_reload(
void);
534 enum config_object_type {
535 config_object_type_attestation = 0,
536 config_object_type_verification,
537 config_object_type_profile,
538 config_object_type_tn,
543 enum config_object_type object_type;
555 int config_object_cli_show(
void *obj,
void *arg,
void *data,
int flags);
575 char *canonicalize_tn(
const char *tn,
char *dest_tn);
584 char *canonicalize_tn_alloc(
const char *tn);
Asterisk main include file. File version handling, generic pbx functions.
TN configuration for stir/shaken.
#define AST_DECLARE_STRING_FIELDS(field_list)
Declare the fields needed in a structure.
Wrapper for an ast_acl linked list.
Asterisk file paths, configured in asterisk.conf.
#define AST_STRING_FIELD(name)
Declare a string field.
ao2 object wrapper for X509_STORE that provides locking and refcounting
struct ao2_container * container
Verification Service configuration for stir/shaken.
Attestation Service configuration for stir/shaken.
Profile configuration for stir/shaken.
Sorcery Data Access Layer API.