Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 1 | #pragma once |
Ed Tanous | 3ccb3ad | 2023-01-13 17:40:03 -0800 | [diff] [blame] | 2 | #include "dbus_singleton.hpp" |
| 3 | #include "dbus_utility.hpp" |
| 4 | #include "include/dbus_utility.hpp" |
| 5 | #include "logging.hpp" |
| 6 | #include "ssl_key_handler.hpp" |
| 7 | |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 8 | #include <sdbusplus/bus/match.hpp> |
| 9 | #include <sdbusplus/message/types.hpp> |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 10 | |
| 11 | namespace crow |
| 12 | { |
| 13 | namespace hostname_monitor |
| 14 | { |
Ed Tanous | cf9e417 | 2022-12-21 09:30:16 -0800 | [diff] [blame] | 15 | // NOLINTNEXTLINE(cppcoreguidelines-avoid-non-const-global-variables) |
Patrick Williams | 59d494e | 2022-07-22 19:26:55 -0500 | [diff] [blame] | 16 | static std::unique_ptr<sdbusplus::bus::match_t> hostnameSignalMonitor; |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 17 | |
| 18 | inline void installCertificate(const std::filesystem::path& certPath) |
| 19 | { |
| 20 | crow::connections::systemBus->async_method_call( |
Ed Tanous | 5e7e2dc | 2023-02-16 10:37:01 -0800 | [diff] [blame] | 21 | [certPath](const boost::system::error_code& ec) { |
Ed Tanous | 002d39b | 2022-05-31 08:59:27 -0700 | [diff] [blame] | 22 | if (ec) |
| 23 | { |
Ed Tanous | 62598e3 | 2023-07-17 17:06:25 -0700 | [diff] [blame] | 24 | BMCWEB_LOG_ERROR("Replace Certificate Fail.."); |
Ed Tanous | 002d39b | 2022-05-31 08:59:27 -0700 | [diff] [blame] | 25 | return; |
| 26 | } |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 27 | |
Ed Tanous | 62598e3 | 2023-07-17 17:06:25 -0700 | [diff] [blame] | 28 | BMCWEB_LOG_INFO("Replace HTTPs Certificate Success, " |
| 29 | "remove temporary certificate file.."); |
Ed Tanous | 4c521c3 | 2024-04-07 13:47:06 -0700 | [diff] [blame] | 30 | std::error_code ec2; |
| 31 | std::filesystem::remove(certPath.c_str(), ec2); |
| 32 | if (ec2) |
| 33 | { |
| 34 | BMCWEB_LOG_ERROR("Failed to remove certificate"); |
| 35 | } |
Patrick Williams | 5a39f77 | 2023-10-20 11:20:21 -0500 | [diff] [blame] | 36 | }, |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 37 | "xyz.openbmc_project.Certs.Manager.Server.Https", |
| 38 | "/xyz/openbmc_project/certs/server/https/1", |
| 39 | "xyz.openbmc_project.Certs.Replace", "Replace", certPath.string()); |
| 40 | } |
| 41 | |
| 42 | inline int onPropertyUpdate(sd_bus_message* m, void* /* userdata */, |
Ed Tanous | 81ce609 | 2020-12-17 16:54:55 +0000 | [diff] [blame] | 43 | sd_bus_error* retError) |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 44 | { |
Ed Tanous | e662eae | 2022-01-25 10:39:19 -0800 | [diff] [blame] | 45 | if (retError == nullptr || (sd_bus_error_is_set(retError) != 0)) |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 46 | { |
Ed Tanous | 62598e3 | 2023-07-17 17:06:25 -0700 | [diff] [blame] | 47 | BMCWEB_LOG_ERROR("Got sdbus error on match"); |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 48 | return 0; |
| 49 | } |
| 50 | |
Patrick Williams | 59d494e | 2022-07-22 19:26:55 -0500 | [diff] [blame] | 51 | sdbusplus::message_t message(m); |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 52 | std::string iface; |
Ed Tanous | b9d36b4 | 2022-02-26 21:42:46 -0800 | [diff] [blame] | 53 | dbus::utility::DBusPropertiesMap changedProperties; |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 54 | |
| 55 | message.read(iface, changedProperties); |
Ed Tanous | b9d36b4 | 2022-02-26 21:42:46 -0800 | [diff] [blame] | 56 | const std::string* hostname = nullptr; |
| 57 | for (const auto& propertyPair : changedProperties) |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 58 | { |
Ed Tanous | b9d36b4 | 2022-02-26 21:42:46 -0800 | [diff] [blame] | 59 | if (propertyPair.first == "HostName") |
| 60 | { |
| 61 | hostname = std::get_if<std::string>(&propertyPair.second); |
| 62 | } |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 63 | } |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 64 | if (hostname == nullptr) |
| 65 | { |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 66 | return 0; |
| 67 | } |
| 68 | |
Ed Tanous | 62598e3 | 2023-07-17 17:06:25 -0700 | [diff] [blame] | 69 | BMCWEB_LOG_DEBUG("Read hostname from signal: {}", *hostname); |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 70 | const std::string certFile = "/etc/ssl/certs/https/server.pem"; |
| 71 | |
| 72 | X509* cert = ensuressl::loadCert(certFile); |
| 73 | if (cert == nullptr) |
| 74 | { |
Ed Tanous | 62598e3 | 2023-07-17 17:06:25 -0700 | [diff] [blame] | 75 | BMCWEB_LOG_ERROR("Failed to read cert"); |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 76 | return 0; |
| 77 | } |
| 78 | |
| 79 | const int maxKeySize = 256; |
| 80 | std::array<char, maxKeySize> cnBuffer{}; |
| 81 | |
Patrick Williams | 89492a1 | 2023-05-10 07:51:34 -0500 | [diff] [blame] | 82 | int cnLength = X509_NAME_get_text_by_NID(X509_get_subject_name(cert), |
| 83 | NID_commonName, cnBuffer.data(), |
| 84 | cnBuffer.size()); |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 85 | if (cnLength == -1) |
| 86 | { |
Ed Tanous | 62598e3 | 2023-07-17 17:06:25 -0700 | [diff] [blame] | 87 | BMCWEB_LOG_ERROR("Failed to read NID_commonName"); |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 88 | X509_free(cert); |
| 89 | return 0; |
| 90 | } |
| 91 | std::string_view cnValue(std::begin(cnBuffer), |
| 92 | static_cast<size_t>(cnLength)); |
| 93 | |
| 94 | EVP_PKEY* pPubKey = X509_get_pubkey(cert); |
| 95 | if (pPubKey == nullptr) |
| 96 | { |
Ed Tanous | 62598e3 | 2023-07-17 17:06:25 -0700 | [diff] [blame] | 97 | BMCWEB_LOG_ERROR("Failed to get public key"); |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 98 | X509_free(cert); |
| 99 | return 0; |
| 100 | } |
| 101 | int isSelfSigned = X509_verify(cert, pPubKey); |
| 102 | EVP_PKEY_free(pPubKey); |
| 103 | |
Ed Tanous | 62598e3 | 2023-07-17 17:06:25 -0700 | [diff] [blame] | 104 | BMCWEB_LOG_DEBUG( |
| 105 | "Current HTTPs Certificate Subject CN: {}, New HostName: {}, isSelfSigned: {}", |
| 106 | cnValue, *hostname, isSelfSigned); |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 107 | |
| 108 | ASN1_IA5STRING* asn1 = static_cast<ASN1_IA5STRING*>( |
| 109 | X509_get_ext_d2i(cert, NID_netscape_comment, nullptr, nullptr)); |
Ed Tanous | e662eae | 2022-01-25 10:39:19 -0800 | [diff] [blame] | 110 | if (asn1 != nullptr) |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 111 | { |
Ed Tanous | 46ff87b | 2022-01-07 09:25:51 -0800 | [diff] [blame] | 112 | // NOLINTNEXTLINE(cppcoreguidelines-pro-type-reinterpret-cast) |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 113 | std::string_view comment(reinterpret_cast<const char*>(asn1->data), |
| 114 | static_cast<size_t>(asn1->length)); |
Ed Tanous | 62598e3 | 2023-07-17 17:06:25 -0700 | [diff] [blame] | 115 | BMCWEB_LOG_DEBUG("x509Comment: {}", comment); |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 116 | |
| 117 | if (ensuressl::x509Comment == comment && isSelfSigned == 1 && |
| 118 | cnValue != *hostname) |
| 119 | { |
Ed Tanous | 62598e3 | 2023-07-17 17:06:25 -0700 | [diff] [blame] | 120 | BMCWEB_LOG_INFO( |
| 121 | "Ready to generate new HTTPs certificate with subject cn: {}", |
| 122 | *hostname); |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 123 | |
Ed Tanous | 099225c | 2024-03-27 22:03:05 -0700 | [diff] [blame] | 124 | std::string certData = ensuressl::generateSslCertificate(*hostname); |
| 125 | if (certData.empty()) |
| 126 | { |
| 127 | BMCWEB_LOG_ERROR("Failed to generate cert"); |
| 128 | return 0; |
| 129 | } |
| 130 | ensuressl::writeCertificateToFile("/tmp/hostname_cert.tmp", |
| 131 | certData); |
| 132 | |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 133 | installCertificate("/tmp/hostname_cert.tmp"); |
| 134 | } |
| 135 | ASN1_STRING_free(asn1); |
| 136 | } |
| 137 | X509_free(cert); |
| 138 | return 0; |
| 139 | } |
| 140 | |
| 141 | inline void registerHostnameSignal() |
| 142 | { |
Ed Tanous | 62598e3 | 2023-07-17 17:06:25 -0700 | [diff] [blame] | 143 | BMCWEB_LOG_INFO("Register HostName PropertiesChanged Signal"); |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 144 | std::string propertiesMatchString = |
| 145 | ("type='signal'," |
| 146 | "interface='org.freedesktop.DBus.Properties'," |
| 147 | "path='/xyz/openbmc_project/network/config'," |
| 148 | "arg0='xyz.openbmc_project.Network.SystemConfiguration'," |
| 149 | "member='PropertiesChanged'"); |
| 150 | |
Patrick Williams | 59d494e | 2022-07-22 19:26:55 -0500 | [diff] [blame] | 151 | hostnameSignalMonitor = std::make_unique<sdbusplus::bus::match_t>( |
Alan Kuo | a822070 | 2020-11-26 11:15:29 +0800 | [diff] [blame] | 152 | *crow::connections::systemBus, propertiesMatchString, onPropertyUpdate, |
| 153 | nullptr); |
| 154 | } |
| 155 | } // namespace hostname_monitor |
| 156 | } // namespace crow |