Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / 37cce918ede6489ab980712c243b526a30396ca4^! / . / redfish-core / include
commit37cce918ede6489ab980712c243b526a30396ca4[log] [tgz]
authorMarri Devender Rao <devenrao@in.ibm.com>Wed Feb 20 01:05:22 2019 -0600
committerEd Tanous <ed.tanous@intel.com>Wed Jul 03 16:24:11 2019 +0000
tree5874c52f670e2c4dbf6d2e2a6f9601bd39c2a1a1
parent6913228d184308c9e848a5cf60ce9b8d2cb44aee [diff]
Redfish: Add support to upload/replace/view LDAP Certificate

Implements CertificateCollection schema to upload/list
existing LDAP certificates

Implements Certificate schema to view existing LDAP
certificate

Implements ReplaceCertificate action to replace existing
LDAP certificate.

Tested:
1. Tested schema with validator and no issues
2. Privilege map for certificate service is not yet pubished
3. POST on /redfish/v1/AccountService/LDAP/Certificates
curl -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token" -H "Content-Type: application/octet-stream" -X POST -T testcert.pem https://${bmc}/redfish/v1/AccountServie/LDAP/Certificates
{
  "@odata.context": "/redfish/v1/$metadata#Certificate.Certificate",
  "@odata.id": "/redfish/v1/AccountService/LDAP/Certificates/1",
  "@odata.type": "#Certificate.v1_0_0.Certificate",
  "CertificateString": "-----BEGIN CERTIFICATE---------END CERTIFICATE-----\n",
  "Description": "LDAP Certificate",
  "Id": "1",
  "Issuer": {
    "City": "SomeCity",
    "CommonName": "www.company.com",
    "Country": "US",
    "Organization": "MyCompany",
    "State": "VA",
    "organizationUnit": "MyDivision"
  },
  "KeyUsage": [
    "KeyAgreement",
    "ServerAuthentication"
  ],
  "Name": "LDAP Certificate",
  "Subject": {
    "City": "SomeCity",
    "CommonName": "www.company.com",
    "Organization": "MyCompany",
    "State": "VA",
    "organizationUnit": "MyDivision"
  },
  "ValidNotAfter": "2029-03-14T02:11:02+00:00",
  "ValidNotBefore": "2019-03-17T02:11:02+00:00"
}

4. GET on /redfish/v1/AccountService/LDAP/Certificates/
{
  "@odata.context":
  "/redfish/v1/$metadata#CertificateCollection.CertificateCollection",
  "@odata.id": "/redfish/v1/AccountService/LDAP/Certificates",
  "@odata.type": "#CertificateCollection.CertificatesCollection",
  "Description": "A Collection of LDAP certificate instances",
  "Members": [
    {
      "@odata.id": "/redfish/v1/AccountService/LDAP/Certificates/1"
    }
  ],
  "Members@odata.count": 1,
  "Name": "LDAP Certificate Collection"
}

5.GET on /redfish/v1/CertificateService/CertificateLocations/
{
  "@odata.context":
  "/redfish/v1/$metadata#CertificateLocations.CertificateLocations",
  "@odata.id": "/redfish/v1/CertificateService/CertificateLocations",
  "@odata.type": "#CertificateLocations.v1_0_0.CertificateLocations",
  "Description": "Defines a resource that an administrator can use in order to
   locate all certificates installed on a given service",
  "Id": "CertificateLocations",
  "Links": {
    "Certificates": [
      {
        "@odata.id":
"/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1"
      },
      {
        "@odata.id": "/redfish/v1/AccountService/LDAP/Certificates/1"
      }
    ],
    "Certificates@odata.count": 2
  },
  "Name": "Certificate Locations"
}

6.GET on  /redfish/v1/AccountService/LDAP/Certificates/1
{
  "@odata.context": "/redfish/v1/$metadata#Certificate.Certificate",
  "@odata.id": "/redfish/v1/AccountService/LDAP/Certificates/1",
  "@odata.type": "#Certificate.v1_0_0.Certificate",
  "CertificateString": "-----BEGINCERTIFICATE-----\n ... -----ENDCERTIFICATE-----\n",
  "CertificateType": "PEM",
  "Description": "LDAP Certificate",
  "Id": "1",
  "Issuer": {
    "CommonName": "localhost",
    "Organization": "openbmc-project.xyz"
  },
  "KeyUsage": [],
  "Name": "LDAP Certificate",
  "Subject": {
    "CommonName": "localhost"
}

7.Replace certificate
POST on /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate/
{
  "@odata.context": "/redfish/v1/$metadata#Certificate.Certificate",
  "@odata.id": "/redfish/v1/AccountService/LDAP/Certificates/1",
  "@odata.type": "#Certificate.v1_0_0.Certificate",
 ...
}
8.GET on AccountService
curl -k -H "X-Auth-Token: $bmc_token" -X GET
https://${bmc}/redfish/v1/AccountService
{
  "@odata.context": "/redfish/v1/$metadata#AccountService.AccountService",
  "@odata.id": "/redfish/v1/AccountService",
  "@odata.type": "#AccountService.v1_4_0.AccountService",
  "Id": "AccountService",
  "LDAP": {
    "AccountProviderType": "LDAPService",
    "Certificates": {
      "@odata.id": "/redfish/v1/AccountService/LDAP/Certificates"
    },

Change-Id: I056a4cea8b0377e156b660984857cdfadbfe1b2c
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>

diff --git a/redfish-core/include/redfish.hpp b/redfish-core/include/redfish.hpp
index 36546c6..8cb9e01 100644
--- a/redfish-core/include/redfish.hpp
+++ b/redfish-core/include/redfish.hpp

@@ -126,6 +126,8 @@
         nodes.emplace_back(std::make_unique<CertificateLocations>(app));
         nodes.emplace_back(std::make_unique<HTTPSCertificateCollection>(app));
         nodes.emplace_back(std::make_unique<HTTPSCertificate>(app));
+        nodes.emplace_back(std::make_unique<LDAPCertificateCollection>(app));
+        nodes.emplace_back(std::make_unique<LDAPCertificate>(app));
         for (const auto& node : nodes)
         {
             node->initPrivileges();