app_listener_free (application_t * app, app_listener_t * app_listener)
{
clib_bitmap_free (app_listener->workers);
- pool_put (app->listeners, app_listener);
if (CLIB_DEBUG)
clib_memset (app_listener, 0xfa, sizeof (*app_listener));
+ pool_put (app->listeners, app_listener);
}
session_handle_t
if (application_is_builtin (app))
application_name_table_del (app);
vec_free (app->name);
- vec_free (app->tls_cert);
- vec_free (app->tls_key);
pool_put (app_main.app_pool, app);
}
clib_error_t *
vnet_app_add_tls_cert (vnet_app_add_tls_cert_args_t * a)
{
- application_t *app;
- app = application_get (a->app_index);
- if (!app)
- return clib_error_return_code (0, VNET_API_ERROR_APPLICATION_NOT_ATTACHED,
- 0, "app %u doesn't exist", a->app_index);
- app->tls_cert = vec_dup (a->cert);
+ /* Deprected, will be remove after 20.01 */
+ app_cert_key_pair_t *ckpair;
+ ckpair = app_cert_key_pair_get_default ();
+ ckpair->cert = vec_dup (a->cert);
return 0;
}
clib_error_t *
vnet_app_add_tls_key (vnet_app_add_tls_key_args_t * a)
{
- application_t *app;
- app = application_get (a->app_index);
- if (!app)
- return clib_error_return_code (0, VNET_API_ERROR_APPLICATION_NOT_ATTACHED,
- 0, "app %u doesn't exist", a->app_index);
- app->tls_key = vec_dup (a->key);
+ /* Deprected, will be remove after 20.01 */
+ app_cert_key_pair_t *ckpair;
+ ckpair = app_cert_key_pair_get_default ();
+ ckpair->key = vec_dup (a->key);
return 0;
}
/* *INDENT-ON* */
}
+u8 *
+format_cert_key_pair (u8 * s, va_list * args)
+{
+ app_cert_key_pair_t *ckpair = va_arg (*args, app_cert_key_pair_t *);
+ int key_len = 0, cert_len = 0;
+ cert_len = vec_len (ckpair->cert);
+ key_len = vec_len (ckpair->key);
+ if (ckpair->cert_key_index == 0)
+ s = format (s, "DEFAULT (cert:%d, key:%d)", cert_len, key_len);
+ else
+ s =
+ format (s, "%d (cert:%d, key:%d)", ckpair->cert_key_index, cert_len,
+ key_len);
+ return s;
+}
+
+u8 *
+format_crypto_engine (u8 * s, va_list * args)
+{
+ u32 engine = va_arg (*args, u32);
+ switch (engine)
+ {
+ case CRYPTO_ENGINE_NONE:
+ return format (s, "none");
+ case CRYPTO_ENGINE_MBEDTLS:
+ return format (s, "mbedtls");
+ case CRYPTO_ENGINE_OPENSSL:
+ return format (s, "openssl");
+ case CRYPTO_ENGINE_PICOTLS:
+ return format (s, "picotls");
+ case CRYPTO_ENGINE_VPP:
+ return format (s, "vpp");
+ default:
+ return format (s, "unknown engine");
+ }
+ return s;
+}
+
+uword
+unformat_crypto_engine (unformat_input_t * input, va_list * args)
+{
+ u8 *a = va_arg (*args, u8 *);
+ if (unformat (input, "mbedtls"))
+ *a = CRYPTO_ENGINE_MBEDTLS;
+ else if (unformat (input, "openssl"))
+ *a = CRYPTO_ENGINE_OPENSSL;
+ else if (unformat (input, "picotls"))
+ *a = CRYPTO_ENGINE_PICOTLS;
+ else if (unformat (input, "vpp"))
+ *a = CRYPTO_ENGINE_VPP;
+ else
+ return 0;
+ return 1;
+}
+
+u8 *
+format_crypto_context (u8 * s, va_list * args)
+{
+ crypto_context_t *crctx = va_arg (*args, crypto_context_t *);
+ s =
+ format (s, "[0x%x][sub%d,ckpair%x]", crctx->ctx_index,
+ crctx->n_subscribers, crctx->ckpair_index);
+ s = format (s, "[%U]", format_crypto_engine, crctx->crypto_engine);
+ if (crctx->stale)
+ s = format (s, " -- DELETED");
+ return s;
+}
+
u8 *
format_application (u8 * s, va_list * args)
{
/* *INDENT-ON* */
}
+static clib_error_t *
+show_certificate_command_fn (vlib_main_t * vm, unformat_input_t * input,
+ vlib_cli_command_t * cmd)
+{
+ app_cert_key_pair_t *ckpair;
+ session_cli_return_if_not_enabled ();
+
+ /* *INDENT-OFF* */
+ pool_foreach (ckpair, app_main.cert_key_pair_store, ({
+ vlib_cli_output (vm, "%U", format_cert_key_pair, ckpair);
+ }));
+ /* *INDENT-ON* */
+ return 0;
+}
+
static clib_error_t *
show_app_command_fn (vlib_main_t * vm, unformat_input_t * input,
vlib_cli_command_t * cmd)
return 0;
}
+/* Certificate store */
+
+static app_cert_key_pair_t *
+app_cert_key_pair_alloc ()
+{
+ app_cert_key_pair_t *ckpair;
+ pool_get (app_main.cert_key_pair_store, ckpair);
+ clib_memset (ckpair, 0, sizeof (*ckpair));
+ ckpair->cert_key_index = ckpair - app_main.cert_key_pair_store;
+ return ckpair;
+}
+
+app_cert_key_pair_t *
+app_cert_key_pair_get_if_valid (u32 index)
+{
+ if (pool_is_free_index (app_main.cert_key_pair_store, index))
+ return 0;
+ return app_cert_key_pair_get (index);
+}
+
+app_cert_key_pair_t *
+app_cert_key_pair_get (u32 index)
+{
+ return pool_elt_at_index (app_main.cert_key_pair_store, index);
+}
+
+app_cert_key_pair_t *
+app_cert_key_pair_get_default ()
+{
+ /* To maintain legacy bapi */
+ return app_cert_key_pair_get (0);
+}
+
+int
+vnet_app_add_cert_key_pair (vnet_app_add_cert_key_pair_args_t * a)
+{
+ app_cert_key_pair_t *ckpair = app_cert_key_pair_alloc ();
+ ckpair->cert = vec_dup (a->cert);
+ ckpair->key = vec_dup (a->key);
+ a->index = ckpair->cert_key_index;
+ return 0;
+}
+
+int
+vnet_app_add_cert_key_interest (u32 index, u32 app_index)
+{
+ app_cert_key_pair_t *ckpair;
+ if (!(ckpair = app_cert_key_pair_get_if_valid (index)))
+ return -1;
+ if (vec_search (ckpair->app_interests, app_index) != ~0)
+ vec_add1 (ckpair->app_interests, app_index);
+ return 0;
+}
+
+int
+vnet_app_del_cert_key_pair (u32 index)
+{
+ app_cert_key_pair_t *ckpair;
+ application_t *app;
+ u32 *app_index;
+
+ if (!(ckpair = app_cert_key_pair_get_if_valid (index)))
+ return (VNET_API_ERROR_INVALID_VALUE);
+
+ vec_foreach (app_index, ckpair->app_interests)
+ {
+ if ((app = application_get_if_valid (*app_index))
+ && app->cb_fns.app_cert_key_pair_delete_callback)
+ app->cb_fns.app_cert_key_pair_delete_callback (ckpair);
+ }
+
+ vec_free (ckpair->cert);
+ vec_free (ckpair->key);
+ pool_put (app_main.cert_key_pair_store, ckpair);
+ return 0;
+}
+
+clib_error_t *
+application_init (vlib_main_t * vm)
+{
+ /* Add a certificate with index 0 to support legacy apis */
+ (void) app_cert_key_pair_alloc ();
+ app_main.last_crypto_engine = CRYPTO_ENGINE_LAST;
+ return 0;
+}
+
/* *INDENT-OFF* */
+VLIB_INIT_FUNCTION (application_init);
+
VLIB_CLI_COMMAND (show_app_command, static) =
{
.path = "show app",
.short_help = "show app [server|client] [verbose]",
.function = show_app_command_fn,
};
+
+VLIB_CLI_COMMAND (show_certificate_command, static) =
+{
+ .path = "show app certificate",
+ .short_help = "list app certs and keys present in store",
+ .function = show_certificate_command_fn,
+};
/* *INDENT-ON* */
+crypto_engine_type_t
+app_crypto_engine_type_add (void)
+{
+ return (++app_main.last_crypto_engine);
+}
+
+u8
+app_crypto_engine_n_types (void)
+{
+ return (app_main.last_crypto_engine + 1);
+}
+
/*
* fd.io coding-style-patch-verification: ON
*