Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / 40e9b92ec19acffb46f83a6e55b18974da5d708e / . / include / ssl_key_handler.hpp
blob: dbc2720b2accbeca3fb0fb724faaa4cab7b6e7f9 [file] [log] [blame]
Ed Tanous40e9b922024-09-10 13:50:16 -0700[diff] [blame^]1// SPDX-License-Identifier: Apache-2.0
2// SPDX-FileCopyrightText: Copyright OpenBMC Authors
Ed Tanous724985f2024-06-05 09:19:06 -0700[diff] [blame]3
Ed Tanous0fdddb12017-02-28 11:06:34 -0800[diff] [blame]4#pragma once
5
Ed Tanous3112a142018-11-29 15:45:10 -0800[diff] [blame]6#include <boost/asio/ssl/context.hpp>
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]7
Ed Tanous3ccb3ad2023-01-13 17:40:03 -0800[diff] [blame]8#include <optional>
Ed Tanous3ccb3ad2023-01-13 17:40:03 -0800[diff] [blame]9#include <string>
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]10
11namespace ensuressl
12{
AppaRao Pulie38778a2022-06-27 23:09:03 +0000[diff] [blame]13
Ed Tanous19bb3622024-07-05 10:07:40 -0500[diff] [blame]14enum class VerifyCertificate
15{
16 Verify,
17 NoVerify
18};
19
Ed Tanous724985f2024-06-05 09:19:06 -0700[diff] [blame]20constexpr const char* trustStorePath = "/etc/ssl/certs/authority";
21constexpr const char* x509Comment = "Generated from OpenBMC service";
Abhilash Rajud5fb5842024-06-03 11:40:17 -0500[diff] [blame]22
Ed Tanous724985f2024-06-05 09:19:06 -0700[diff] [blame]23bool isTrustChainError(int errnum);
AppaRao Pulie38778a2022-06-27 23:09:03 +0000[diff] [blame]24
Ed Tanous724985f2024-06-05 09:19:06 -0700[diff] [blame]25bool validateCertificate(X509* cert);
AppaRao Pulie38778a2022-06-27 23:09:03 +0000[diff] [blame]26
Ed Tanous724985f2024-06-05 09:19:06 -0700[diff] [blame]27std::string verifyOpensslKeyCert(const std::string& filepath);
AppaRao Pulie38778a2022-06-27 23:09:03 +0000[diff] [blame]28
Ed Tanous724985f2024-06-05 09:19:06 -0700[diff] [blame]29X509* loadCert(const std::string& filePath);
AppaRao Pulie38778a2022-06-27 23:09:03 +0000[diff] [blame]30
Ed Tanous724985f2024-06-05 09:19:06 -0700[diff] [blame]31int addExt(X509* cert, int nid, const char* value);
Ed Tanous19bb3622024-07-05 10:07:40 -0500[diff] [blame]32
Ed Tanous724985f2024-06-05 09:19:06 -0700[diff] [blame]33std::string generateSslCertificate(const std::string& cn);
AppaRao Pulie38778a2022-06-27 23:09:03 +0000[diff] [blame]34
Ed Tanous724985f2024-06-05 09:19:06 -0700[diff] [blame]35void writeCertificateToFile(const std::string& filepath,
36 const std::string& certificate);
AppaRao Pulie38778a2022-06-27 23:09:03 +0000[diff] [blame]37
Ed Tanous724985f2024-06-05 09:19:06 -0700[diff] [blame]38std::string ensureOpensslKeyPresentAndValid(const std::string& filepath);
39
40std::shared_ptr<boost::asio::ssl::context> getSslServerContext();
41
42std::optional<boost::asio::ssl::context>
43 getSSLClientContext(VerifyCertificate verifyCertificate);
AppaRao Pulie38778a2022-06-27 23:09:03 +0000[diff] [blame]44
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]45} // namespace ensuressl