Blame - include/ssl_key_handler.hpp - openbmc/bmcweb

blob: dbc2720b2accbeca3fb0fb724faaa4cab7b6e7f9 [file] [log] [blame]

Ed Tanous	40e9b92	2024-09-10 13:50:16 -0700	[diff] [blame]	1	// SPDX-License-Identifier: Apache-2.0
				2	// SPDX-FileCopyrightText: Copyright OpenBMC Authors
Ed Tanous	724985f	2024-06-05 09:19:06 -0700	[diff] [blame]	3
Ed Tanous	0fdddb1	2017-02-28 11:06:34 -0800	[diff] [blame]	4	#pragma once
				5
Ed Tanous	3112a14	2018-11-29 15:45:10 -0800	[diff] [blame]	6	#include <boost/asio/ssl/context.hpp>
Gunnar Mills	1214b7e	2020-06-04 10:11:30 -0500	[diff] [blame]	7
Ed Tanous	3ccb3ad	2023-01-13 17:40:03 -0800	[diff] [blame]	8	#include <optional>
Ed Tanous	3ccb3ad	2023-01-13 17:40:03 -0800	[diff] [blame]	9	#include <string>
Ed Tanous	1abe55e	2018-09-05 08:30:59 -0700	[diff] [blame]	10
				11	namespace ensuressl
				12	{
AppaRao Puli	e38778a	2022-06-27 23:09:03 +0000	[diff] [blame]	13
Ed Tanous	19bb362	2024-07-05 10:07:40 -0500	[diff] [blame]	14	enum class VerifyCertificate
				15	{
				16	Verify,
				17	NoVerify
				18	};
				19
Ed Tanous	724985f	2024-06-05 09:19:06 -0700	[diff] [blame]	20	constexpr const char* trustStorePath = "/etc/ssl/certs/authority";
				21	constexpr const char* x509Comment = "Generated from OpenBMC service";
Abhilash Raju	d5fb584	2024-06-03 11:40:17 -0500	[diff] [blame]	22
Ed Tanous	724985f	2024-06-05 09:19:06 -0700	[diff] [blame]	23	bool isTrustChainError(int errnum);
AppaRao Puli	e38778a	2022-06-27 23:09:03 +0000	[diff] [blame]	24
Ed Tanous	724985f	2024-06-05 09:19:06 -0700	[diff] [blame]	25	bool validateCertificate(X509* cert);
AppaRao Puli	e38778a	2022-06-27 23:09:03 +0000	[diff] [blame]	26
Ed Tanous	724985f	2024-06-05 09:19:06 -0700	[diff] [blame]	27	std::string verifyOpensslKeyCert(const std::string& filepath);
AppaRao Puli	e38778a	2022-06-27 23:09:03 +0000	[diff] [blame]	28
Ed Tanous	724985f	2024-06-05 09:19:06 -0700	[diff] [blame]	29	X509* loadCert(const std::string& filePath);
AppaRao Puli	e38778a	2022-06-27 23:09:03 +0000	[diff] [blame]	30
Ed Tanous	724985f	2024-06-05 09:19:06 -0700	[diff] [blame]	31	int addExt(X509* cert, int nid, const char* value);
Ed Tanous	19bb362	2024-07-05 10:07:40 -0500	[diff] [blame]	32
Ed Tanous	724985f	2024-06-05 09:19:06 -0700	[diff] [blame]	33	std::string generateSslCertificate(const std::string& cn);
AppaRao Puli	e38778a	2022-06-27 23:09:03 +0000	[diff] [blame]	34
Ed Tanous	724985f	2024-06-05 09:19:06 -0700	[diff] [blame]	35	void writeCertificateToFile(const std::string& filepath,
				36	const std::string& certificate);
AppaRao Puli	e38778a	2022-06-27 23:09:03 +0000	[diff] [blame]	37
Ed Tanous	724985f	2024-06-05 09:19:06 -0700	[diff] [blame]	38	std::string ensureOpensslKeyPresentAndValid(const std::string& filepath);
				39
				40	std::shared_ptr<boost::asio::ssl::context> getSslServerContext();
				41
				42	std::optional<boost::asio::ssl::context>
				43	getSSLClientContext(VerifyCertificate verifyCertificate);
AppaRao Puli	e38778a	2022-06-27 23:09:03 +0000	[diff] [blame]	44
Ed Tanous	1abe55e	2018-09-05 08:30:59 -0700	[diff] [blame]	45	} // namespace ensuressl