Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / 27f5ecf750efa7ef437d3a078e766a84265adf67 / . / include / ssl_key_handler.hpp
blob: fad89fc2bc95be3a5574bd9510cb21dafe6bb7eb [file] [log] [blame]
Ed Tanous40e9b922024-09-10 13:50:16 -0700[diff] [blame]1// SPDX-License-Identifier: Apache-2.0
2// SPDX-FileCopyrightText: Copyright OpenBMC Authors
Ed Tanous724985f2024-06-05 09:19:06 -0700[diff] [blame]3
Ed Tanous0fdddb12017-02-28 11:06:34 -0800[diff] [blame]4#pragma once
5
Ed Tanousd7857202025-01-28 15:32:26 -0800[diff] [blame]6#include <openssl/crypto.h>
7
Ed Tanous3112a142018-11-29 15:45:10 -0800[diff] [blame]8#include <boost/asio/ssl/context.hpp>
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]9
Ed Tanousd7857202025-01-28 15:32:26 -0800[diff] [blame]10#include <memory>
Ed Tanous3ccb3ad2023-01-13 17:40:03 -0800[diff] [blame]11#include <optional>
Ed Tanous3ccb3ad2023-01-13 17:40:03 -0800[diff] [blame]12#include <string>
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]13
14namespace ensuressl
15{
AppaRao Pulie38778a2022-06-27 23:09:03 +0000[diff] [blame]16
Ed Tanous19bb3622024-07-05 10:07:40 -0500[diff] [blame]17enum class VerifyCertificate
18{
19 Verify,
20 NoVerify
21};
22
Ed Tanous724985f2024-06-05 09:19:06 -0700[diff] [blame]23constexpr const char* trustStorePath = "/etc/ssl/certs/authority";
24constexpr const char* x509Comment = "Generated from OpenBMC service";
Abhilash Rajud5fb5842024-06-03 11:40:17 -0500[diff] [blame]25
Ed Tanous724985f2024-06-05 09:19:06 -0700[diff] [blame]26bool isTrustChainError(int errnum);
AppaRao Pulie38778a2022-06-27 23:09:03 +0000[diff] [blame]27
Ed Tanous724985f2024-06-05 09:19:06 -0700[diff] [blame]28bool validateCertificate(X509* cert);
AppaRao Pulie38778a2022-06-27 23:09:03 +0000[diff] [blame]29
Ed Tanous724985f2024-06-05 09:19:06 -0700[diff] [blame]30std::string verifyOpensslKeyCert(const std::string& filepath);
AppaRao Pulie38778a2022-06-27 23:09:03 +0000[diff] [blame]31
Ed Tanous724985f2024-06-05 09:19:06 -0700[diff] [blame]32X509* loadCert(const std::string& filePath);
AppaRao Pulie38778a2022-06-27 23:09:03 +0000[diff] [blame]33
Ed Tanous724985f2024-06-05 09:19:06 -0700[diff] [blame]34int addExt(X509* cert, int nid, const char* value);
Ed Tanous19bb3622024-07-05 10:07:40 -0500[diff] [blame]35
Ed Tanous724985f2024-06-05 09:19:06 -0700[diff] [blame]36std::string generateSslCertificate(const std::string& cn);
AppaRao Pulie38778a2022-06-27 23:09:03 +0000[diff] [blame]37
Ed Tanous724985f2024-06-05 09:19:06 -0700[diff] [blame]38void writeCertificateToFile(const std::string& filepath,
39 const std::string& certificate);
AppaRao Pulie38778a2022-06-27 23:09:03 +0000[diff] [blame]40
Ed Tanous724985f2024-06-05 09:19:06 -0700[diff] [blame]41std::string ensureOpensslKeyPresentAndValid(const std::string& filepath);
42
43std::shared_ptr<boost::asio::ssl::context> getSslServerContext();
44
Patrick Williams504af5a2025-02-03 14:29:03 -0500[diff] [blame]45std::optional<boost::asio::ssl::context> getSSLClientContext(
46 VerifyCertificate verifyCertificate);
AppaRao Pulie38778a2022-06-27 23:09:03 +0000[diff] [blame]47
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]48} // namespace ensuressl