+static void
+vl_api_app_add_cert_key_pair_t_handler (vl_api_app_add_cert_key_pair_t * mp)
+{
+ vl_api_app_add_cert_key_pair_reply_t *rmp;
+ vnet_app_add_cert_key_pair_args_t _a, *a = &_a;
+ u32 certkey_len, key_len, cert_len;
+ int rv = 0;
+ if (session_main_is_enabled () == 0)
+ {
+ rv = VNET_API_ERROR_FEATURE_DISABLED;
+ goto done;
+ }
+
+ cert_len = clib_net_to_host_u16 (mp->cert_len);
+ if (cert_len > 10000)
+ {
+ rv = VNET_API_ERROR_INVALID_VALUE;
+ goto done;
+ }
+
+ certkey_len = clib_net_to_host_u16 (mp->certkey_len);
+ if (certkey_len < cert_len)
+ {
+ rv = VNET_API_ERROR_INVALID_VALUE;
+ goto done;
+ }
+
+ key_len = certkey_len - cert_len;
+ if (key_len > 10000)
+ {
+ rv = VNET_API_ERROR_INVALID_VALUE;
+ goto done;
+ }
+
+ clib_memset (a, 0, sizeof (*a));
+ vec_validate (a->cert, cert_len);
+ vec_validate (a->key, key_len);
+ clib_memcpy_fast (a->cert, mp->certkey, cert_len);
+ clib_memcpy_fast (a->key, mp->certkey + cert_len, key_len);
+ rv = vnet_app_add_cert_key_pair (a);
+ vec_free (a->cert);
+ vec_free (a->key);
+
+done:
+ /* *INDENT-OFF* */
+ REPLY_MACRO2 (VL_API_APP_ADD_CERT_KEY_PAIR_REPLY, ({
+ if (!rv)
+ rmp->index = clib_host_to_net_u32 (a->index);
+ }));
+ /* *INDENT-ON* */
+}
+
+static void
+vl_api_app_del_cert_key_pair_t_handler (vl_api_app_del_cert_key_pair_t * mp)
+{
+ vl_api_app_del_cert_key_pair_reply_t *rmp;
+ u32 ckpair_index;
+ int rv = 0;
+ if (session_main_is_enabled () == 0)
+ {
+ rv = VNET_API_ERROR_FEATURE_DISABLED;
+ goto done;
+ }
+ ckpair_index = clib_net_to_host_u32 (mp->index);
+ rv = vnet_app_del_cert_key_pair (ckpair_index);
+
+done:
+ REPLY_MACRO (VL_API_APP_DEL_CERT_KEY_PAIR_REPLY);
+}
+
+/* ### WILL BE DEPRECATED POST 20.01 ### */
+static void
+vl_api_application_tls_cert_add_t_handler (vl_api_application_tls_cert_add_t *
+ mp)
+{
+ vl_api_application_tls_cert_add_reply_t *rmp;
+ app_cert_key_pair_t *ckpair;
+ application_t *app;
+ u32 cert_len;
+ int rv = 0;
+ if (session_main_is_enabled () == 0)
+ {
+ rv = VNET_API_ERROR_FEATURE_DISABLED;
+ goto done;
+ }
+ if (!(app = application_lookup (mp->client_index)))
+ {
+ rv = VNET_API_ERROR_APPLICATION_NOT_ATTACHED;
+ goto done;
+ }
+ cert_len = clib_net_to_host_u16 (mp->cert_len);
+ if (cert_len > 10000)
+ {
+ rv = VNET_API_ERROR_INVALID_VALUE;
+ goto done;
+ }
+ ckpair = app_cert_key_pair_get_default ();
+ vec_validate (ckpair->cert, cert_len);
+ clib_memcpy_fast (ckpair->cert, mp->cert, cert_len);
+
+done:
+ REPLY_MACRO (VL_API_APPLICATION_TLS_CERT_ADD_REPLY);
+}
+
+/* ### WILL BE DEPRECATED POST 20.01 ### */
+static void
+vl_api_application_tls_key_add_t_handler (vl_api_application_tls_key_add_t *
+ mp)
+{
+ vl_api_application_tls_key_add_reply_t *rmp;
+ app_cert_key_pair_t *ckpair;
+ application_t *app;
+ u32 key_len;
+ int rv = 0;
+ if (session_main_is_enabled () == 0)
+ {
+ rv = VNET_API_ERROR_FEATURE_DISABLED;
+ goto done;
+ }
+ if (!(app = application_lookup (mp->client_index)))
+ {
+ rv = VNET_API_ERROR_APPLICATION_NOT_ATTACHED;
+ goto done;
+ }
+ key_len = clib_net_to_host_u16 (mp->key_len);
+ if (key_len > 10000)
+ {
+ rv = VNET_API_ERROR_INVALID_VALUE;
+ goto done;
+ }
+ ckpair = app_cert_key_pair_get_default ();
+ vec_validate (ckpair->key, key_len);
+ clib_memcpy_fast (ckpair->key, mp->key, key_len);
+done:
+ REPLY_MACRO (VL_API_APPLICATION_TLS_KEY_ADD_REPLY);
+}
+