Redfish: Extend GenerateCSR action for LDAP certificate collection
Tested:
1) Tested schema with validator and no issues
curl -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token" -X POST
https://${bmc}/redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR/
-d @generate_ldap_required.json
{
"CSRString": "-----BEGIN CERTIFICATE
REQUEST-----\\nLoyR0IExAw==\n-----END
CERTIFICATE REQUEST-----\n",
"CertificateCollection": {
"@odata.id": "/redfish/v1/AccountService/LDAP/Certificates/"
}
}
Change-Id: Iae0919a2f222c1f85e5428d9140e386f8695370d
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
diff --git a/redfish-core/lib/certificate_service.hpp b/redfish-core/lib/certificate_service.hpp
index 712baf1..10fe554 100644
--- a/redfish-core/lib/certificate_service.hpp
+++ b/redfish-core/lib/certificate_service.hpp
@@ -298,6 +298,12 @@
objectPath = certs::httpsObjectPath;
service = certs::httpsServiceName;
}
+ else if (boost::starts_with(
+ certURI, "/redfish/v1/AccountService/LDAP/Certificates"))
+ {
+ objectPath = certs::ldapObjectPath;
+ service = certs::ldapServiceName;
+ }
else
{
messages::actionParameterNotSupported(
@@ -349,6 +355,29 @@
return;
}
}
+ else if (boost::starts_with(
+ certURI, "/redfish/v1/AccountService/LDAP/Certificates"))
+ {
+ if (optKeyUsage->size() == 0)
+ {
+ optKeyUsage->push_back("ClientAuthentication");
+ }
+ else if (optKeyUsage->size() == 1)
+ {
+ if ((*optKeyUsage)[0] != "ClientAuthentication")
+ {
+ messages::propertyValueNotInList(
+ asyncResp->res, (*optKeyUsage)[0], "KeyUsage");
+ return;
+ }
+ }
+ else
+ {
+ messages::actionParameterNotSupported(
+ asyncResp->res, "KeyUsage", "GenerateCSR");
+ return;
+ }
+ }
// Only allow one CSR matcher at a time so setting retry time-out and
// timer expiry to 10 seconds for now.