Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / a2dd60a69046cdda90077463f614140aeb91edc4 / . / redfish-core / lib / certificate_service.hpp
blob: 6d17a6173b3ed9788a8df88722941883cba35a89 [file] [log] [blame]
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]1#pragma once
2
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]3#include <app.hpp>
Iwona Klimaszewskae6604b12019-10-23 00:52:55 +0200[diff] [blame]4#include <boost/convert.hpp>
5#include <boost/convert/strtol.hpp>
Ed Tanous168e20c2021-12-13 14:39:53 -0800[diff] [blame]6#include <dbus_utility.hpp>
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]7#include <registries/privilege_registry.hpp>
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]8
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]9namespace redfish
10{
11namespace certs
12{
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]13constexpr char const* httpsObjectPath =
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]14 "/xyz/openbmc_project/certs/server/https";
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]15constexpr char const* certInstallIntf = "xyz.openbmc_project.Certs.Install";
16constexpr char const* certReplaceIntf = "xyz.openbmc_project.Certs.Replace";
17constexpr char const* objDeleteIntf = "xyz.openbmc_project.Object.Delete";
18constexpr char const* certPropIntf = "xyz.openbmc_project.Certs.Certificate";
19constexpr char const* dbusPropIntf = "org.freedesktop.DBus.Properties";
20constexpr char const* dbusObjManagerIntf = "org.freedesktop.DBus.ObjectManager";
21constexpr char const* ldapObjectPath = "/xyz/openbmc_project/certs/client/ldap";
22constexpr char const* httpsServiceName =
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]23 "xyz.openbmc_project.Certs.Manager.Server.Https";
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]24constexpr char const* ldapServiceName =
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]25 "xyz.openbmc_project.Certs.Manager.Client.Ldap";
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]26constexpr char const* authorityServiceName =
Marri Devender Raocfcd5f62019-05-17 08:34:37 -0500[diff] [blame]27 "xyz.openbmc_project.Certs.Manager.Authority.Ldap";
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]28constexpr char const* authorityObjectPath =
Marri Devender Raocfcd5f62019-05-17 08:34:37 -0500[diff] [blame]29 "/xyz/openbmc_project/certs/authority/ldap";
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]30} // namespace certs
31
32/**
33 * The Certificate schema defines a Certificate Service which represents the
34 * actions available to manage certificates and links to where certificates
35 * are installed.
36 */
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]37
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]38// TODO: Issue#61 No entries are available for Certificate
39// service at https://www.dmtf.org/standards/redfish
40// "redfish standard registries". Need to modify after DMTF
41// publish Privilege details for certificate service
42
43inline void requestRoutesCertificateService(App& app)
44{
45 BMCWEB_ROUTE(app, "/redfish/v1/CertificateService/")
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]46 .privileges(redfish::privileges::getCertificateService)
Abhishek Patel72048782021-06-02 09:53:24 -0500[diff] [blame]47 .methods(
48 boost::beast::http::verb::
49 get)([](const crow::Request& req,
50 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
51 asyncResp->res.jsonValue = {
52 {"@odata.type",
53 "#CertificateService.v1_0_0.CertificateService"},
54 {"@odata.id", "/redfish/v1/CertificateService"},
55 {"Id", "CertificateService"},
56 {"Name", "Certificate Service"},
57 {"Description", "Actions available to manage certificates"}};
58 // /redfish/v1/CertificateService/CertificateLocations is something
59 // only ConfigureManager can access then only display when the user
60 // has permissions ConfigureManager
61 Privileges effectiveUserPrivileges =
62 redfish::getUserPrivileges(req.userRole);
63 if (isOperationAllowedWithPrivileges({{"ConfigureManager"}},
64 effectiveUserPrivileges))
65 {
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]66 asyncResp->res.jsonValue["CertificateLocations"] = {
67 {"@odata.id",
68 "/redfish/v1/CertificateService/CertificateLocations"}};
Abhishek Patel72048782021-06-02 09:53:24 -0500[diff] [blame]69 }
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]70 asyncResp->res
71 .jsonValue["Actions"]
72 ["#CertificateService.ReplaceCertificate"] = {
73 {"target",
74 "/redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate"},
75 {"CertificateType@Redfish.AllowableValues", {"PEM"}}};
Abhishek Patel72048782021-06-02 09:53:24 -0500[diff] [blame]76 asyncResp->res
77 .jsonValue["Actions"]["#CertificateService.GenerateCSR"] = {
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]78 {"target",
79 "/redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR"}};
Abhishek Patel72048782021-06-02 09:53:24 -0500[diff] [blame]80 });
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]81} // requestRoutesCertificateService
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]82
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]83/**
84 * @brief Find the ID specified in the URL
85 * Finds the numbers specified after the last "/" in the URL and returns.
86 * @param[in] path URL
87 * @return -1 on failure and number on success
88 */
Ed Tanous23a21a12020-07-25 04:45:05 +0000[diff] [blame]89inline long getIDFromURL(const std::string_view url)
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]90{
Ed Tanousf23b7292020-10-15 09:41:17 -0700[diff] [blame]91 std::size_t found = url.rfind('/');
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]92 if (found == std::string::npos)
93 {
94 return -1;
95 }
Iwona Klimaszewskae6604b12019-10-23 00:52:55 +0200[diff] [blame]96
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]97 if ((found + 1) < url.length())
98 {
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]99 std::string_view str = url.substr(found + 1);
Iwona Klimaszewskae6604b12019-10-23 00:52:55 +0200[diff] [blame]100
101 return boost::convert<long>(str, boost::cnv::strtol()).value_or(-1);
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]102 }
Iwona Klimaszewskae6604b12019-10-23 00:52:55 +0200[diff] [blame]103
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]104 return -1;
105}
106
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]107inline std::string getCertificateFromReqBody(
108 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
109 const crow::Request& req)
Kowalski, Kamil58eb2382019-08-12 11:54:31 +0200[diff] [blame]110{
111 nlohmann::json reqJson = nlohmann::json::parse(req.body, nullptr, false);
112
113 if (reqJson.is_discarded())
114 {
115 // We did not receive JSON request, proceed as it is RAW data
116 return req.body;
117 }
118
119 std::string certificate;
120 std::optional<std::string> certificateType = "PEM";
121
Willy Tu15ed6782021-12-14 11:03:16 -0800[diff] [blame]122 if (!json_util::readJsonPatch(req, asyncResp->res, "CertificateString",
123 certificate, "CertificateType",
124 certificateType))
Kowalski, Kamil58eb2382019-08-12 11:54:31 +0200[diff] [blame]125 {
126 BMCWEB_LOG_ERROR << "Required parameters are missing";
127 messages::internalError(asyncResp->res);
Ed Tanousabb93cd2021-09-02 14:34:57 -0700[diff] [blame]128 return {};
Kowalski, Kamil58eb2382019-08-12 11:54:31 +0200[diff] [blame]129 }
130
131 if (*certificateType != "PEM")
132 {
133 messages::propertyValueNotInList(asyncResp->res, *certificateType,
134 "CertificateType");
Ed Tanousabb93cd2021-09-02 14:34:57 -0700[diff] [blame]135 return {};
Kowalski, Kamil58eb2382019-08-12 11:54:31 +0200[diff] [blame]136 }
137
138 return certificate;
139}
140
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]141/**
142 * Class to create a temporary certificate file for uploading to system
143 */
144class CertificateFile
145{
146 public:
147 CertificateFile() = delete;
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]148 CertificateFile(const CertificateFile&) = delete;
149 CertificateFile& operator=(const CertificateFile&) = delete;
150 CertificateFile(CertificateFile&&) = delete;
151 CertificateFile& operator=(CertificateFile&&) = delete;
152 CertificateFile(const std::string& certString)
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]153 {
Ed Tanous72d52d22020-10-12 07:46:27 -0700[diff] [blame]154 std::array<char, 18> dirTemplate = {'/', 't', 'm', 'p', '/', 'C',
Ed Tanous52074382020-09-28 19:16:18 -0700[diff] [blame]155 'e', 'r', 't', 's', '.', 'X',
156 'X', 'X', 'X', 'X', 'X', '\0'};
157 char* tempDirectory = mkdtemp(dirTemplate.data());
Ed Tanouse662eae2022-01-25 10:39:19 -0800[diff] [blame]158 if (tempDirectory != nullptr)
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]159 {
160 certDirectory = tempDirectory;
161 certificateFile = certDirectory / "cert.pem";
162 std::ofstream out(certificateFile, std::ofstream::out |
163 std::ofstream::binary |
164 std::ofstream::trunc);
165 out << certString;
166 out.close();
Ed Tanous8cc8ede2022-02-28 10:20:59 -0800[diff] [blame]167 BMCWEB_LOG_DEBUG << "Creating certificate file"
168 << certificateFile.string();
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]169 }
170 }
171 ~CertificateFile()
172 {
173 if (std::filesystem::exists(certDirectory))
174 {
Ed Tanous8cc8ede2022-02-28 10:20:59 -0800[diff] [blame]175 BMCWEB_LOG_DEBUG << "Removing certificate file"
176 << certificateFile.string();
Ed Tanous23a21a12020-07-25 04:45:05 +0000[diff] [blame]177 std::error_code ec;
178 std::filesystem::remove_all(certDirectory, ec);
179 if (ec)
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]180 {
181 BMCWEB_LOG_ERROR << "Failed to remove temp directory"
Ed Tanous8cc8ede2022-02-28 10:20:59 -0800[diff] [blame]182 << certDirectory.string();
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]183 }
184 }
185 }
186 std::string getCertFilePath()
187 {
188 return certificateFile;
189 }
190
191 private:
192 std::filesystem::path certificateFile;
193 std::filesystem::path certDirectory;
194};
195
Marri Devender Rao30215812019-03-18 08:59:21 -0500[diff] [blame]196static std::unique_ptr<sdbusplus::bus::match::match> csrMatcher;
197/**
198 * @brief Read data from CSR D-bus object and set to response
199 *
200 * @param[in] asyncResp Shared pointer to the response message
201 * @param[in] certURI Link to certifiate collection URI
202 * @param[in] service D-Bus service name
203 * @param[in] certObjPath certificate D-Bus object path
204 * @param[in] csrObjPath CSR D-Bus object path
205 * @return None
206 */
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]207static void getCSR(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]208 const std::string& certURI, const std::string& service,
209 const std::string& certObjPath,
210 const std::string& csrObjPath)
Marri Devender Rao30215812019-03-18 08:59:21 -0500[diff] [blame]211{
212 BMCWEB_LOG_DEBUG << "getCSR CertObjectPath" << certObjPath
213 << " CSRObjectPath=" << csrObjPath
214 << " service=" << service;
215 crow::connections::systemBus->async_method_call(
216 [asyncResp, certURI](const boost::system::error_code ec,
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]217 const std::string& csr) {
Marri Devender Rao30215812019-03-18 08:59:21 -0500[diff] [blame]218 if (ec)
219 {
220 BMCWEB_LOG_ERROR << "DBUS response error: " << ec;
221 messages::internalError(asyncResp->res);
222 return;
223 }
224 if (csr.empty())
225 {
226 BMCWEB_LOG_ERROR << "CSR read is empty";
227 messages::internalError(asyncResp->res);
228 return;
229 }
230 asyncResp->res.jsonValue["CSRString"] = csr;
231 asyncResp->res.jsonValue["CertificateCollection"] = {
232 {"@odata.id", certURI}};
233 },
234 service, csrObjPath, "xyz.openbmc_project.Certs.CSR", "CSR");
235}
236
237/**
238 * Action to Generate CSR
239 */
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]240inline void requestRoutesCertificateActionGenerateCSR(App& app)
Marri Devender Rao30215812019-03-18 08:59:21 -0500[diff] [blame]241{
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]242 BMCWEB_ROUTE(
243 app,
244 "/redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR/")
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]245 // Incorrect Privilege; Should be ConfigureManager
246 //.privileges(redfish::privileges::postCertificateService)
Ed Tanous432a8902021-06-14 15:28:56 -0700[diff] [blame]247 .privileges({{"ConfigureComponents"}})
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]248 .methods(
249 boost::beast::http::verb::
250 post)([](const crow::Request& req,
251 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
252 static const int rsaKeyBitLength = 2048;
Marri Devender Rao30215812019-03-18 08:59:21 -0500[diff] [blame]253
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]254 // Required parameters
255 std::string city;
256 std::string commonName;
257 std::string country;
258 std::string organization;
259 std::string organizationalUnit;
260 std::string state;
261 nlohmann::json certificateCollection;
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]262
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]263 // Optional parameters
264 std::optional<std::vector<std::string>> optAlternativeNames =
265 std::vector<std::string>();
266 std::optional<std::string> optContactPerson = "";
267 std::optional<std::string> optChallengePassword = "";
268 std::optional<std::string> optEmail = "";
269 std::optional<std::string> optGivenName = "";
270 std::optional<std::string> optInitials = "";
271 std::optional<int64_t> optKeyBitLength = rsaKeyBitLength;
272 std::optional<std::string> optKeyCurveId = "secp384r1";
273 std::optional<std::string> optKeyPairAlgorithm = "EC";
274 std::optional<std::vector<std::string>> optKeyUsage =
275 std::vector<std::string>();
276 std::optional<std::string> optSurname = "";
277 std::optional<std::string> optUnstructuredName = "";
Willy Tu15ed6782021-12-14 11:03:16 -0800[diff] [blame]278 if (!json_util::readJsonAction(
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]279 req, asyncResp->res, "City", city, "CommonName", commonName,
280 "ContactPerson", optContactPerson, "Country", country,
281 "Organization", organization, "OrganizationalUnit",
282 organizationalUnit, "State", state, "CertificateCollection",
283 certificateCollection, "AlternativeNames",
284 optAlternativeNames, "ChallengePassword",
285 optChallengePassword, "Email", optEmail, "GivenName",
286 optGivenName, "Initials", optInitials, "KeyBitLength",
287 optKeyBitLength, "KeyCurveId", optKeyCurveId,
288 "KeyPairAlgorithm", optKeyPairAlgorithm, "KeyUsage",
289 optKeyUsage, "Surname", optSurname, "UnstructuredName",
290 optUnstructuredName))
291 {
292 return;
293 }
294
295 // bmcweb has no way to store or decode a private key challenge
296 // password, which will likely cause bmcweb to crash on startup
297 // if this is not set on a post so not allowing the user to set
298 // value
Ed Tanous26f69762022-01-25 09:49:11 -0800[diff] [blame]299 if (!optChallengePassword->empty())
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]300 {
301 messages::actionParameterNotSupported(
302 asyncResp->res, "GenerateCSR", "ChallengePassword");
303 return;
304 }
305
306 std::string certURI;
307 if (!redfish::json_util::readJson(certificateCollection,
308 asyncResp->res, "@odata.id",
309 certURI))
310 {
311 return;
312 }
313
314 std::string objectPath;
315 std::string service;
316 if (boost::starts_with(
317 certURI,
318 "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates"))
319 {
320 objectPath = certs::httpsObjectPath;
321 service = certs::httpsServiceName;
322 }
323 else if (boost::starts_with(
324 certURI,
325 "/redfish/v1/AccountService/LDAP/Certificates"))
326 {
327 objectPath = certs::ldapObjectPath;
328 service = certs::ldapServiceName;
329 }
330 else
331 {
332 messages::actionParameterNotSupported(
333 asyncResp->res, "CertificateCollection", "GenerateCSR");
334 return;
335 }
336
337 // supporting only EC and RSA algorithm
338 if (*optKeyPairAlgorithm != "EC" && *optKeyPairAlgorithm != "RSA")
339 {
340 messages::actionParameterNotSupported(
341 asyncResp->res, "KeyPairAlgorithm", "GenerateCSR");
342 return;
343 }
344
345 // supporting only 2048 key bit length for RSA algorithm due to
346 // time consumed in generating private key
347 if (*optKeyPairAlgorithm == "RSA" &&
348 *optKeyBitLength != rsaKeyBitLength)
349 {
350 messages::propertyValueNotInList(
351 asyncResp->res, std::to_string(*optKeyBitLength),
352 "KeyBitLength");
353 return;
354 }
355
356 // validate KeyUsage supporting only 1 type based on URL
357 if (boost::starts_with(
358 certURI,
359 "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates"))
360 {
Ed Tanous26f69762022-01-25 09:49:11 -0800[diff] [blame]361 if (optKeyUsage->empty())
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]362 {
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]363 optKeyUsage->push_back("ServerAuthentication");
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]364 }
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]365 else if (optKeyUsage->size() == 1)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]366 {
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]367 if ((*optKeyUsage)[0] != "ServerAuthentication")
368 {
369 messages::propertyValueNotInList(
370 asyncResp->res, (*optKeyUsage)[0], "KeyUsage");
371 return;
372 }
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]373 }
374 else
375 {
376 messages::actionParameterNotSupported(
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]377 asyncResp->res, "KeyUsage", "GenerateCSR");
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]378 return;
379 }
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]380 }
381 else if (boost::starts_with(
382 certURI,
383 "/redfish/v1/AccountService/LDAP/Certificates"))
384 {
Ed Tanous26f69762022-01-25 09:49:11 -0800[diff] [blame]385 if (optKeyUsage->empty())
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]386 {
387 optKeyUsage->push_back("ClientAuthentication");
388 }
389 else if (optKeyUsage->size() == 1)
390 {
391 if ((*optKeyUsage)[0] != "ClientAuthentication")
392 {
393 messages::propertyValueNotInList(
394 asyncResp->res, (*optKeyUsage)[0], "KeyUsage");
395 return;
396 }
397 }
398 else
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]399 {
400 messages::actionParameterNotSupported(
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]401 asyncResp->res, "KeyUsage", "GenerateCSR");
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]402 return;
403 }
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]404 }
Marri Devender Rao30215812019-03-18 08:59:21 -0500[diff] [blame]405
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]406 // Only allow one CSR matcher at a time so setting retry
407 // time-out and timer expiry to 10 seconds for now.
408 static const int timeOut = 10;
409 if (csrMatcher)
410 {
411 messages::serviceTemporarilyUnavailable(
412 asyncResp->res, std::to_string(timeOut));
413 return;
414 }
Marri Devender Rao30215812019-03-18 08:59:21 -0500[diff] [blame]415
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]416 // Make this static so it survives outside this method
417 static boost::asio::steady_timer timeout(*req.ioService);
418 timeout.expires_after(std::chrono::seconds(timeOut));
419 timeout.async_wait(
420 [asyncResp](const boost::system::error_code& ec) {
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]421 csrMatcher = nullptr;
422 if (ec)
423 {
424 // operation_aborted is expected if timer is canceled
425 // before completion.
426 if (ec != boost::asio::error::operation_aborted)
427 {
428 BMCWEB_LOG_ERROR << "Async_wait failed " << ec;
429 }
430 return;
431 }
432 BMCWEB_LOG_ERROR << "Timed out waiting for Generating CSR";
433 messages::internalError(asyncResp->res);
434 });
435
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]436 // create a matcher to wait on CSR object
437 BMCWEB_LOG_DEBUG << "create matcher with path " << objectPath;
438 std::string match("type='signal',"
439 "interface='org.freedesktop.DBus.ObjectManager',"
440 "path='" +
441 objectPath +
442 "',"
443 "member='InterfacesAdded'");
444 csrMatcher = std::make_unique<sdbusplus::bus::match::match>(
445 *crow::connections::systemBus, match,
446 [asyncResp, service, objectPath,
447 certURI](sdbusplus::message::message& m) {
448 timeout.cancel();
449 if (m.is_method_error())
450 {
451 BMCWEB_LOG_ERROR << "Dbus method error!!!";
452 messages::internalError(asyncResp->res);
453 return;
454 }
Ed Tanous168e20c2021-12-13 14:39:53 -0800[diff] [blame]455 std::vector<std::pair<
456 std::string,
457 std::vector<std::pair<std::string,
458 dbus::utility::DbusVariantType>>>>
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]459 interfacesProperties;
460 sdbusplus::message::object_path csrObjectPath;
461 m.read(csrObjectPath, interfacesProperties);
462 BMCWEB_LOG_DEBUG << "CSR object added" << csrObjectPath.str;
463 for (auto& interface : interfacesProperties)
464 {
465 if (interface.first == "xyz.openbmc_project.Certs.CSR")
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]466 {
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]467 getCSR(asyncResp, certURI, service, objectPath,
468 csrObjectPath.str);
469 break;
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]470 }
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]471 }
472 });
473 crow::connections::systemBus->async_method_call(
Ed Tanous914e2d52022-01-07 11:38:34 -0800[diff] [blame]474 [asyncResp](const boost::system::error_code ec,
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]475 const std::string&) {
476 if (ec)
477 {
478 BMCWEB_LOG_ERROR << "DBUS response error: "
479 << ec.message();
480 messages::internalError(asyncResp->res);
481 return;
482 }
483 },
484 service, objectPath, "xyz.openbmc_project.Certs.CSR.Create",
485 "GenerateCSR", *optAlternativeNames, *optChallengePassword,
486 city, commonName, *optContactPerson, country, *optEmail,
487 *optGivenName, *optInitials, *optKeyBitLength, *optKeyCurveId,
488 *optKeyPairAlgorithm, *optKeyUsage, organization,
489 organizationalUnit, state, *optSurname, *optUnstructuredName);
490 });
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]491} // requestRoutesCertificateActionGenerateCSR
Marri Devender Rao30215812019-03-18 08:59:21 -0500[diff] [blame]492
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]493/**
Gunnar Mills4e0453b2020-07-08 14:00:30 -0500[diff] [blame]494 * @brief Parse and update Certificate Issue/Subject property
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]495 *
496 * @param[in] asyncResp Shared pointer to the response message
497 * @param[in] str Issuer/Subject value in key=value pairs
498 * @param[in] type Issuer/Subject
499 * @return None
500 */
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]501static void updateCertIssuerOrSubject(nlohmann::json& out,
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]502 const std::string_view value)
503{
504 // example: O=openbmc-project.xyz,CN=localhost
505 std::string_view::iterator i = value.begin();
506 while (i != value.end())
507 {
508 std::string_view::iterator tokenBegin = i;
509 while (i != value.end() && *i != '=')
510 {
Manojkiran Eda17a897d2020-09-12 15:31:58 +0530[diff] [blame]511 ++i;
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]512 }
513 if (i == value.end())
514 {
515 break;
516 }
Ed Tanous271584a2019-07-09 16:24:22 -0700[diff] [blame]517 const std::string_view key(tokenBegin,
518 static_cast<size_t>(i - tokenBegin));
Manojkiran Eda17a897d2020-09-12 15:31:58 +0530[diff] [blame]519 ++i;
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]520 tokenBegin = i;
521 while (i != value.end() && *i != ',')
522 {
Manojkiran Eda17a897d2020-09-12 15:31:58 +0530[diff] [blame]523 ++i;
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]524 }
Ed Tanous271584a2019-07-09 16:24:22 -0700[diff] [blame]525 const std::string_view val(tokenBegin,
526 static_cast<size_t>(i - tokenBegin));
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]527 if (key == "L")
528 {
529 out["City"] = val;
530 }
531 else if (key == "CN")
532 {
533 out["CommonName"] = val;
534 }
535 else if (key == "C")
536 {
537 out["Country"] = val;
538 }
539 else if (key == "O")
540 {
541 out["Organization"] = val;
542 }
543 else if (key == "OU")
544 {
545 out["OrganizationalUnit"] = val;
546 }
547 else if (key == "ST")
548 {
549 out["State"] = val;
550 }
551 // skip comma character
552 if (i != value.end())
553 {
Manojkiran Eda17a897d2020-09-12 15:31:58 +0530[diff] [blame]554 ++i;
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]555 }
556 }
557}
558
559/**
560 * @brief Retrieve the certificates properties and append to the response
561 * message
562 *
563 * @param[in] asyncResp Shared pointer to the response message
564 * @param[in] objectPath Path of the D-Bus service object
565 * @param[in] certId Id of the certificate
566 * @param[in] certURL URL of the certificate object
567 * @param[in] name name of the certificate
568 * @return None
569 */
570static void getCertificateProperties(
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]571 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
572 const std::string& objectPath, const std::string& service, long certId,
573 const std::string& certURL, const std::string& name)
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]574{
Ed Tanous168e20c2021-12-13 14:39:53 -0800[diff] [blame]575 using PropertiesMap =
576 boost::container::flat_map<std::string, dbus::utility::DbusVariantType>;
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]577 BMCWEB_LOG_DEBUG << "getCertificateProperties Path=" << objectPath
578 << " certId=" << certId << " certURl=" << certURL;
579 crow::connections::systemBus->async_method_call(
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]580 [asyncResp, certURL, certId, name](const boost::system::error_code ec,
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]581 const PropertiesMap& properties) {
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]582 if (ec)
583 {
584 BMCWEB_LOG_ERROR << "DBUS response error: " << ec;
Marri Devender Rao8aae75a2019-07-16 03:26:50 -0500[diff] [blame]585 messages::resourceNotFound(asyncResp->res, name,
586 std::to_string(certId));
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]587 return;
588 }
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]589 asyncResp->res.jsonValue = {
590 {"@odata.id", certURL},
591 {"@odata.type", "#Certificate.v1_0_0.Certificate"},
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]592 {"Id", std::to_string(certId)},
593 {"Name", name},
594 {"Description", name}};
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]595 for (const auto& property : properties)
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]596 {
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]597 if (property.first == "CertificateString")
598 {
599 asyncResp->res.jsonValue["CertificateString"] = "";
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]600 const std::string* value =
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]601 std::get_if<std::string>(&property.second);
Ed Tanouse662eae2022-01-25 10:39:19 -0800[diff] [blame]602 if (value != nullptr)
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]603 {
604 asyncResp->res.jsonValue["CertificateString"] = *value;
605 }
606 }
607 else if (property.first == "KeyUsage")
608 {
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]609 nlohmann::json& keyUsage =
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]610 asyncResp->res.jsonValue["KeyUsage"];
611 keyUsage = nlohmann::json::array();
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]612 const std::vector<std::string>* value =
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]613 std::get_if<std::vector<std::string>>(&property.second);
Ed Tanouse662eae2022-01-25 10:39:19 -0800[diff] [blame]614 if (value != nullptr)
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]615 {
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]616 for (const std::string& usage : *value)
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]617 {
618 keyUsage.push_back(usage);
619 }
620 }
621 }
622 else if (property.first == "Issuer")
623 {
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]624 const std::string* value =
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]625 std::get_if<std::string>(&property.second);
Ed Tanouse662eae2022-01-25 10:39:19 -0800[diff] [blame]626 if (value != nullptr)
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]627 {
628 updateCertIssuerOrSubject(
629 asyncResp->res.jsonValue["Issuer"], *value);
630 }
631 }
632 else if (property.first == "Subject")
633 {
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]634 const std::string* value =
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]635 std::get_if<std::string>(&property.second);
Ed Tanouse662eae2022-01-25 10:39:19 -0800[diff] [blame]636 if (value != nullptr)
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]637 {
638 updateCertIssuerOrSubject(
639 asyncResp->res.jsonValue["Subject"], *value);
640 }
641 }
642 else if (property.first == "ValidNotAfter")
643 {
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]644 const uint64_t* value =
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]645 std::get_if<uint64_t>(&property.second);
Ed Tanouse662eae2022-01-25 10:39:19 -0800[diff] [blame]646 if (value != nullptr)
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]647 {
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]648 asyncResp->res.jsonValue["ValidNotAfter"] =
Nan Zhou1d8782e2021-11-29 22:23:18 -0800[diff] [blame]649 crow::utility::getDateTimeUint(*value);
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]650 }
651 }
652 else if (property.first == "ValidNotBefore")
653 {
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]654 const uint64_t* value =
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]655 std::get_if<uint64_t>(&property.second);
Ed Tanouse662eae2022-01-25 10:39:19 -0800[diff] [blame]656 if (value != nullptr)
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]657 {
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]658 asyncResp->res.jsonValue["ValidNotBefore"] =
Nan Zhou1d8782e2021-11-29 22:23:18 -0800[diff] [blame]659 crow::utility::getDateTimeUint(*value);
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]660 }
661 }
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]662 }
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]663 asyncResp->res.addHeader("Location", certURL);
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]664 },
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]665 service, objectPath, certs::dbusPropIntf, "GetAll",
666 certs::certPropIntf);
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]667}
668
669using GetObjectType =
670 std::vector<std::pair<std::string, std::vector<std::string>>>;
671
672/**
673 * Action to replace an existing certificate
674 */
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]675inline void requestRoutesCertificateActionsReplaceCertificate(App& app)
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]676{
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]677 BMCWEB_ROUTE(
678 app,
679 "/redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate/")
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]680 .privileges(redfish::privileges::postCertificateService)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]681 .methods(
682 boost::beast::http::verb::
683 post)([](const crow::Request& req,
684 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
685 std::string certificate;
686 nlohmann::json certificateUri;
687 std::optional<std::string> certificateType = "PEM";
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]688
Willy Tu15ed6782021-12-14 11:03:16 -0800[diff] [blame]689 if (!json_util::readJsonAction(req, asyncResp->res,
690 "CertificateString", certificate,
691 "CertificateUri", certificateUri,
692 "CertificateType", certificateType))
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]693 {
694 BMCWEB_LOG_ERROR << "Required parameters are missing";
695 messages::internalError(asyncResp->res);
696 return;
697 }
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]698
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]699 if (!certificateType)
700 {
701 // should never happen, but it never hurts to be paranoid.
702 return;
703 }
704 if (certificateType != "PEM")
705 {
706 messages::actionParameterNotSupported(
707 asyncResp->res, "CertificateType", "ReplaceCertificate");
708 return;
709 }
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]710
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]711 std::string certURI;
712 if (!redfish::json_util::readJson(certificateUri, asyncResp->res,
713 "@odata.id", certURI))
714 {
715 messages::actionParameterMissing(
716 asyncResp->res, "ReplaceCertificate", "CertificateUri");
717 return;
718 }
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]719
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]720 BMCWEB_LOG_INFO << "Certificate URI to replace" << certURI;
721 long id = getIDFromURL(certURI);
722 if (id < 0)
723 {
724 messages::actionParameterValueFormatError(
725 asyncResp->res, certURI, "CertificateUri",
726 "ReplaceCertificate");
727 return;
728 }
729 std::string objectPath;
730 std::string name;
731 std::string service;
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]732 if (boost::starts_with(
733 certURI,
734 "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/"))
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]735 {
736 objectPath = std::string(certs::httpsObjectPath) + "/" +
737 std::to_string(id);
738 name = "HTTPS certificate";
739 service = certs::httpsServiceName;
740 }
741 else if (boost::starts_with(
742 certURI,
743 "/redfish/v1/AccountService/LDAP/Certificates/"))
744 {
745 objectPath = std::string(certs::ldapObjectPath) + "/" +
746 std::to_string(id);
747 name = "LDAP certificate";
748 service = certs::ldapServiceName;
749 }
750 else if (boost::starts_with(
751 certURI,
752 "/redfish/v1/Managers/bmc/Truststore/Certificates/"))
753 {
754 objectPath = std::string(certs::authorityObjectPath) + "/" +
755 std::to_string(id);
756 name = "TrustStore certificate";
757 service = certs::authorityServiceName;
758 }
759 else
760 {
761 messages::actionParameterNotSupported(
762 asyncResp->res, "CertificateUri", "ReplaceCertificate");
763 return;
764 }
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]765
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]766 std::shared_ptr<CertificateFile> certFile =
767 std::make_shared<CertificateFile>(certificate);
768 crow::connections::systemBus->async_method_call(
769 [asyncResp, certFile, objectPath, service, certURI, id,
770 name](const boost::system::error_code ec) {
771 if (ec)
772 {
773 BMCWEB_LOG_ERROR << "DBUS response error: " << ec;
774 messages::resourceNotFound(asyncResp->res, name,
775 std::to_string(id));
776 return;
777 }
778 getCertificateProperties(asyncResp, objectPath, service, id,
779 certURI, name);
780 BMCWEB_LOG_DEBUG << "HTTPS certificate install file="
781 << certFile->getCertFilePath();
782 },
783 service, objectPath, certs::certReplaceIntf, "Replace",
784 certFile->getCertFilePath());
785 });
786} // requestRoutesCertificateActionsReplaceCertificate
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]787
788/**
789 * Certificate resource describes a certificate used to prove the identity
790 * of a component, account or service.
791 */
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]792
793inline void requestRoutesHTTPSCertificate(App& app)
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]794{
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]795 BMCWEB_ROUTE(
796 app,
797 "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/<str>/")
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]798 .privileges(redfish::privileges::getCertificate)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]799 .methods(
800 boost::beast::http::verb::
801 get)([](const crow::Request& req,
802 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
803 const std::string& param) -> void {
804 if (param.empty())
805 {
806 messages::internalError(asyncResp->res);
807 return;
808 }
809 long id = getIDFromURL(req.url);
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]810
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]811 BMCWEB_LOG_DEBUG << "HTTPSCertificate::doGet ID="
812 << std::to_string(id);
813 std::string certURL =
814 "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/" +
815 std::to_string(id);
816 std::string objectPath = certs::httpsObjectPath;
817 objectPath += "/";
818 objectPath += std::to_string(id);
819 getCertificateProperties(asyncResp, objectPath,
820 certs::httpsServiceName, id, certURL,
821 "HTTPS Certificate");
822 });
823}
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]824
825/**
826 * Collection of HTTPS certificates
827 */
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]828inline void requestRoutesHTTPSCertificateCollection(App& app)
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]829{
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]830 BMCWEB_ROUTE(app,
831 "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/")
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]832 .privileges(redfish::privileges::getCertificateCollection)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]833 .methods(
834 boost::beast::http::verb::
835 get)([](const crow::Request&,
836 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
837 asyncResp->res.jsonValue = {
838 {"@odata.id",
839 "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates"},
840 {"@odata.type", "#CertificateCollection.CertificateCollection"},
841 {"Name", "HTTPS Certificates Collection"},
842 {"Description", "A Collection of HTTPS certificate instances"}};
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]843
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]844 crow::connections::systemBus->async_method_call(
845 [asyncResp](const boost::system::error_code ec,
Ed Tanous711ac7a2021-12-20 09:34:41 -0800[diff] [blame]846 const dbus::utility::ManagedObjectType& certs) {
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]847 if (ec)
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]848 {
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]849 BMCWEB_LOG_ERROR << "DBUS response error: " << ec;
850 messages::internalError(asyncResp->res);
851 return;
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]852 }
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]853 nlohmann::json& members =
854 asyncResp->res.jsonValue["Members"];
855 members = nlohmann::json::array();
856 for (const auto& cert : certs)
857 {
858 long id = getIDFromURL(cert.first.str);
859 if (id >= 0)
860 {
861 members.push_back(
862 {{"@odata.id",
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]863 "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/" +
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]864 std::to_string(id)}});
865 }
866 }
867 asyncResp->res.jsonValue["Members@odata.count"] =
868 members.size();
869 },
870 certs::httpsServiceName, certs::httpsObjectPath,
871 certs::dbusObjManagerIntf, "GetManagedObjects");
872 });
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]873
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]874 BMCWEB_ROUTE(app,
875 "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/")
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]876 .privileges(redfish::privileges::postCertificateCollection)
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]877 .methods(
878 boost::beast::http::verb::
879 post)([](const crow::Request& req,
880 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
881 BMCWEB_LOG_DEBUG << "HTTPSCertificateCollection::doPost";
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]882
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]883 asyncResp->res.jsonValue = {{"Name", "HTTPS Certificate"},
884 {"Description", "HTTPS Certificate"}};
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]885
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]886 std::string certFileBody =
887 getCertificateFromReqBody(asyncResp, req);
Kowalski, Kamil58eb2382019-08-12 11:54:31 +0200[diff] [blame]888
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]889 if (certFileBody.empty())
890 {
891 BMCWEB_LOG_ERROR << "Cannot get certificate from request body.";
892 messages::unrecognizedRequestBody(asyncResp->res);
893 return;
894 }
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]895
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]896 std::shared_ptr<CertificateFile> certFile =
897 std::make_shared<CertificateFile>(certFileBody);
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]898
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]899 crow::connections::systemBus->async_method_call(
900 [asyncResp, certFile](const boost::system::error_code ec,
901 const std::string& objectPath) {
902 if (ec)
903 {
904 BMCWEB_LOG_ERROR << "DBUS response error: " << ec;
905 messages::internalError(asyncResp->res);
906 return;
907 }
908 long certId = getIDFromURL(objectPath);
909 if (certId < 0)
910 {
911 BMCWEB_LOG_ERROR << "Invalid objectPath value"
912 << objectPath;
913 messages::internalError(asyncResp->res);
914 return;
915 }
916 std::string certURL =
917 "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/" +
918 std::to_string(certId);
919 getCertificateProperties(asyncResp, objectPath,
920 certs::httpsServiceName, certId,
921 certURL, "HTTPS Certificate");
922 BMCWEB_LOG_DEBUG << "HTTPS certificate install file="
923 << certFile->getCertFilePath();
924 },
925 certs::httpsServiceName, certs::httpsObjectPath,
926 certs::certInstallIntf, "Install", certFile->getCertFilePath());
927 });
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]928} // requestRoutesHTTPSCertificateCollection
929
930/**
931 * @brief Retrieve the certificates installed list and append to the
932 * response
933 *
934 * @param[in] asyncResp Shared pointer to the response message
935 * @param[in] certURL Path of the certificate object
936 * @param[in] path Path of the D-Bus service object
937 * @return None
938 */
Ed Tanous4f48d5f2021-06-21 08:27:45 -0700[diff] [blame]939inline void
940 getCertificateLocations(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
941 const std::string& certURL, const std::string& path,
942 const std::string& service)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]943{
944 BMCWEB_LOG_DEBUG << "getCertificateLocations URI=" << certURL
945 << " Path=" << path << " service= " << service;
946 crow::connections::systemBus->async_method_call(
947 [asyncResp, certURL](const boost::system::error_code ec,
Ed Tanous711ac7a2021-12-20 09:34:41 -0800[diff] [blame]948 const dbus::utility::ManagedObjectType& certs) {
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]949 if (ec)
950 {
951 BMCWEB_LOG_WARNING
952 << "Certificate collection query failed: " << ec
953 << ", skipping " << certURL;
954 return;
955 }
956 nlohmann::json& links =
957 asyncResp->res.jsonValue["Links"]["Certificates"];
Ed Tanous9eb808c2022-01-25 10:19:23 -0800[diff] [blame]958 for (const auto& cert : certs)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]959 {
960 long id = getIDFromURL(cert.first.str);
961 if (id >= 0)
Zbigniew Kurzynski656ec7e2019-09-30 18:43:28 +0200[diff] [blame]962 {
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]963 links.push_back(
964 {{"@odata.id", certURL + std::to_string(id)}});
Zbigniew Kurzynski656ec7e2019-09-30 18:43:28 +0200[diff] [blame]965 }
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]966 }
967 asyncResp->res.jsonValue["Links"]["Certificates@odata.count"] =
968 links.size();
969 },
970 service, path, certs::dbusObjManagerIntf, "GetManagedObjects");
971}
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]972
973/**
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]974 * The certificate location schema defines a resource that an administrator
975 * can use in order to locate all certificates installed on a given service.
976 */
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]977inline void requestRoutesCertificateLocations(App& app)
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]978{
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]979 BMCWEB_ROUTE(app, "/redfish/v1/CertificateService/CertificateLocations/")
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]980 .privileges(redfish::privileges::getCertificateLocations)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]981 .methods(
982 boost::beast::http::verb::
983 get)([](const crow::Request&,
984 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
985 asyncResp->res.jsonValue = {
986 {"@odata.id",
987 "/redfish/v1/CertificateService/CertificateLocations"},
988 {"@odata.type",
989 "#CertificateLocations.v1_0_0.CertificateLocations"},
990 {"Name", "Certificate Locations"},
991 {"Id", "CertificateLocations"},
992 {"Description",
993 "Defines a resource that an administrator can use in order to "
994 "locate all certificates installed on a given service"}};
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]995
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]996 nlohmann::json& links =
997 asyncResp->res.jsonValue["Links"]["Certificates"];
998 links = nlohmann::json::array();
999 getCertificateLocations(
1000 asyncResp,
1001 "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/",
1002 certs::httpsObjectPath, certs::httpsServiceName);
1003 getCertificateLocations(
1004 asyncResp, "/redfish/v1/AccountService/LDAP/Certificates/",
1005 certs::ldapObjectPath, certs::ldapServiceName);
1006 getCertificateLocations(
1007 asyncResp, "/redfish/v1/Managers/bmc/Truststore/Certificates/",
1008 certs::authorityObjectPath, certs::authorityServiceName);
1009 });
1010}
1011// requestRoutesCertificateLocations
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]1012
1013/**
1014 * Collection of LDAP certificates
1015 */
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]1016inline void requestRoutesLDAPCertificateCollection(App& app)
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]1017{
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]1018 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/LDAP/Certificates/")
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]1019 .privileges(redfish::privileges::getCertificateCollection)
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]1020 .methods(
1021 boost::beast::http::verb::
1022 get)([](const crow::Request&,
1023 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
1024 asyncResp->res.jsonValue = {
1025 {"@odata.id", "/redfish/v1/AccountService/LDAP/Certificates"},
1026 {"@odata.type", "#CertificateCollection.CertificateCollection"},
1027 {"Name", "LDAP Certificates Collection"},
1028 {"Description", "A Collection of LDAP certificate instances"}};
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]1029
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]1030 crow::connections::systemBus->async_method_call(
1031 [asyncResp](const boost::system::error_code ec,
Ed Tanous711ac7a2021-12-20 09:34:41 -0800[diff] [blame]1032 const dbus::utility::ManagedObjectType& certs) {
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]1033 nlohmann::json& members =
1034 asyncResp->res.jsonValue["Members"];
1035 nlohmann::json& count =
1036 asyncResp->res.jsonValue["Members@odata.count"];
1037 members = nlohmann::json::array();
1038 count = 0;
1039 if (ec)
1040 {
1041 BMCWEB_LOG_WARNING << "LDAP certificate query failed: "
1042 << ec;
1043 return;
1044 }
1045 for (const auto& cert : certs)
1046 {
1047 long id = getIDFromURL(cert.first.str);
1048 if (id >= 0)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]1049 {
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]1050 members.push_back(
1051 {{"@odata.id",
1052 "/redfish/v1/AccountService/LDAP/Certificates/" +
1053 std::to_string(id)}});
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]1054 }
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]1055 }
1056 count = members.size();
1057 },
1058 certs::ldapServiceName, certs::ldapObjectPath,
1059 certs::dbusObjManagerIntf, "GetManagedObjects");
1060 });
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]1061
1062 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/LDAP/Certificates/")
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]1063 .privileges(redfish::privileges::postCertificateCollection)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]1064 .methods(boost::beast::http::verb::post)(
1065 [](const crow::Request& req,
1066 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
1067 std::string certFileBody =
1068 getCertificateFromReqBody(asyncResp, req);
1069
1070 if (certFileBody.empty())
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]1071 {
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]1072 BMCWEB_LOG_ERROR
1073 << "Cannot get certificate from request body.";
1074 messages::unrecognizedRequestBody(asyncResp->res);
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]1075 return;
1076 }
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]1077
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]1078 std::shared_ptr<CertificateFile> certFile =
1079 std::make_shared<CertificateFile>(certFileBody);
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]1080
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]1081 crow::connections::systemBus->async_method_call(
1082 [asyncResp, certFile](const boost::system::error_code ec,
1083 const std::string& objectPath) {
1084 if (ec)
1085 {
1086 BMCWEB_LOG_ERROR << "DBUS response error: " << ec;
1087 messages::internalError(asyncResp->res);
1088 return;
1089 }
1090 long certId = getIDFromURL(objectPath);
1091 if (certId < 0)
1092 {
1093 BMCWEB_LOG_ERROR << "Invalid objectPath value"
1094 << objectPath;
1095 messages::internalError(asyncResp->res);
1096 return;
1097 }
1098 std::string certURL =
1099 "/redfish/v1/AccountService/LDAP/Certificates/" +
1100 std::to_string(certId);
1101 getCertificateProperties(asyncResp, objectPath,
1102 certs::ldapServiceName, certId,
1103 certURL, "LDAP Certificate");
1104 BMCWEB_LOG_DEBUG << "LDAP certificate install file="
1105 << certFile->getCertFilePath();
1106 },
1107 certs::ldapServiceName, certs::ldapObjectPath,
1108 certs::certInstallIntf, "Install",
1109 certFile->getCertFilePath());
1110 });
1111} // requestRoutesLDAPCertificateCollection
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]1112
1113/**
1114 * Certificate resource describes a certificate used to prove the identity
1115 * of a component, account or service.
1116 */
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]1117inline void requestRoutesLDAPCertificate(App& app)
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]1118{
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]1119 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/LDAP/Certificates/<str>/")
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]1120 .privileges(redfish::privileges::getCertificate)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]1121 .methods(boost::beast::http::verb::get)(
1122 [](const crow::Request& req,
1123 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
1124 const std::string&) {
1125 long id = getIDFromURL(req.url);
1126 if (id < 0)
1127 {
1128 BMCWEB_LOG_ERROR << "Invalid url value" << req.url;
1129 messages::internalError(asyncResp->res);
1130 return;
1131 }
1132 BMCWEB_LOG_DEBUG << "LDAP Certificate ID="
1133 << std::to_string(id);
1134 std::string certURL =
1135 "/redfish/v1/AccountService/LDAP/Certificates/" +
1136 std::to_string(id);
1137 std::string objectPath = certs::ldapObjectPath;
1138 objectPath += "/";
1139 objectPath += std::to_string(id);
1140 getCertificateProperties(asyncResp, objectPath,
1141 certs::ldapServiceName, id, certURL,
1142 "LDAP Certificate");
1143 });
1144} // requestRoutesLDAPCertificate
Marri Devender Raocfcd5f62019-05-17 08:34:37 -0500[diff] [blame]1145/**
1146 * Collection of TrustStoreCertificate certificates
1147 */
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]1148inline void requestRoutesTrustStoreCertificateCollection(App& app)
Marri Devender Raocfcd5f62019-05-17 08:34:37 -0500[diff] [blame]1149{
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]1150 BMCWEB_ROUTE(app, "/redfish/v1/Managers/bmc/Truststore/Certificates/")
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]1151 .privileges(redfish::privileges::getCertificate)
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]1152 .methods(
1153 boost::beast::http::verb::
1154 get)([](const crow::Request&,
1155 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
1156 asyncResp->res.jsonValue = {
1157 {"@odata.id",
1158 "/redfish/v1/Managers/bmc/Truststore/Certificates/"},
1159 {"@odata.type", "#CertificateCollection.CertificateCollection"},
1160 {"Name", "TrustStore Certificates Collection"},
1161 {"Description",
1162 "A Collection of TrustStore certificate instances"}};
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]1163
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]1164 crow::connections::systemBus->async_method_call(
1165 [asyncResp](const boost::system::error_code ec,
Ed Tanous711ac7a2021-12-20 09:34:41 -0800[diff] [blame]1166 const dbus::utility::ManagedObjectType& certs) {
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]1167 if (ec)
1168 {
1169 BMCWEB_LOG_ERROR << "DBUS response error: " << ec;
1170 messages::internalError(asyncResp->res);
1171 return;
1172 }
1173 nlohmann::json& members =
1174 asyncResp->res.jsonValue["Members"];
1175 members = nlohmann::json::array();
1176 for (const auto& cert : certs)
1177 {
1178 long id = getIDFromURL(cert.first.str);
1179 if (id >= 0)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]1180 {
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]1181 members.push_back(
1182 {{"@odata.id",
1183 "/redfish/v1/Managers/bmc/Truststore/Certificates/" +
1184 std::to_string(id)}});
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]1185 }
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]1186 }
1187 asyncResp->res.jsonValue["Members@odata.count"] =
1188 members.size();
1189 },
1190 certs::authorityServiceName, certs::authorityObjectPath,
1191 certs::dbusObjManagerIntf, "GetManagedObjects");
1192 });
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]1193
1194 BMCWEB_ROUTE(app, "/redfish/v1/Managers/bmc/Truststore/Certificates/")
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]1195 .privileges(redfish::privileges::postCertificateCollection)
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]1196 .methods(
1197 boost::beast::http::verb::
1198 post)([](const crow::Request& req,
1199 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
1200 std::string certFileBody =
1201 getCertificateFromReqBody(asyncResp, req);
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]1202
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]1203 if (certFileBody.empty())
1204 {
1205 BMCWEB_LOG_ERROR << "Cannot get certificate from request body.";
1206 messages::unrecognizedRequestBody(asyncResp->res);
1207 return;
1208 }
Marri Devender Raocfcd5f62019-05-17 08:34:37 -0500[diff] [blame]1209
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]1210 std::shared_ptr<CertificateFile> certFile =
1211 std::make_shared<CertificateFile>(certFileBody);
1212 crow::connections::systemBus->async_method_call(
1213 [asyncResp, certFile](const boost::system::error_code ec,
1214 const std::string& objectPath) {
1215 if (ec)
1216 {
1217 BMCWEB_LOG_ERROR << "DBUS response error: " << ec;
1218 messages::internalError(asyncResp->res);
1219 return;
1220 }
1221 long certId = getIDFromURL(objectPath);
1222 if (certId < 0)
1223 {
1224 BMCWEB_LOG_ERROR << "Invalid objectPath value"
1225 << objectPath;
1226 messages::internalError(asyncResp->res);
1227 return;
1228 }
1229 std::string certURL =
1230 "/redfish/v1/Managers/bmc/Truststore/Certificates/" +
1231 std::to_string(certId);
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]1232
George Liu0fda0f12021-11-16 10:06:17 +0800[diff] [blame]1233 getCertificateProperties(
1234 asyncResp, objectPath, certs::authorityServiceName,
1235 certId, certURL, "TrustStore Certificate");
1236 BMCWEB_LOG_DEBUG << "TrustStore certificate install file="
1237 << certFile->getCertFilePath();
1238 },
1239 certs::authorityServiceName, certs::authorityObjectPath,
1240 certs::certInstallIntf, "Install", certFile->getCertFilePath());
1241 });
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]1242} // requestRoutesTrustStoreCertificateCollection
Marri Devender Raocfcd5f62019-05-17 08:34:37 -0500[diff] [blame]1243
1244/**
1245 * Certificate resource describes a certificate used to prove the identity
1246 * of a component, account or service.
1247 */
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]1248inline void requestRoutesTrustStoreCertificate(App& app)
Marri Devender Raocfcd5f62019-05-17 08:34:37 -0500[diff] [blame]1249{
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]1250 BMCWEB_ROUTE(app, "/redfish/v1/Managers/bmc/Truststore/Certificates/<str>/")
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]1251 .privileges(redfish::privileges::getCertificate)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]1252 .methods(boost::beast::http::verb::get)(
1253 [](const crow::Request& req,
1254 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
1255 const std::string&) {
1256 long id = getIDFromURL(req.url);
1257 if (id < 0)
Zbigniew Kurzynski07a60292019-09-17 15:56:16 +0200[diff] [blame]1258 {
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]1259 BMCWEB_LOG_ERROR << "Invalid url value" << req.url;
1260 messages::internalError(asyncResp->res);
Zbigniew Kurzynski07a60292019-09-17 15:56:16 +0200[diff] [blame]1261 return;
1262 }
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]1263 BMCWEB_LOG_DEBUG << "TrustStoreCertificate::doGet ID="
1264 << std::to_string(id);
1265 std::string certURL =
1266 "/redfish/v1/Managers/bmc/Truststore/Certificates/" +
1267 std::to_string(id);
1268 std::string objectPath = certs::authorityObjectPath;
1269 objectPath += "/";
1270 objectPath += std::to_string(id);
1271 getCertificateProperties(asyncResp, objectPath,
1272 certs::authorityServiceName, id,
1273 certURL, "TrustStore Certificate");
1274 });
1275
1276 BMCWEB_ROUTE(app, "/redfish/v1/Managers/bmc/Truststore/Certificates/<str>/")
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]1277 .privileges(redfish::privileges::deleteCertificate)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]1278 .methods(boost::beast::http::verb::delete_)(
1279 [](const crow::Request& req,
1280 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
1281 const std::string& param) {
1282 if (param.empty())
1283 {
1284 messages::internalError(asyncResp->res);
1285 return;
1286 }
1287
1288 long id = getIDFromURL(req.url);
1289 if (id < 0)
1290 {
1291 BMCWEB_LOG_ERROR << "Invalid url value: " << req.url;
1292 messages::resourceNotFound(asyncResp->res,
1293 "TrustStore Certificate",
1294 std::string(req.url));
1295 return;
1296 }
1297 BMCWEB_LOG_DEBUG << "TrustStoreCertificate::doDelete ID="
1298 << std::to_string(id);
1299 std::string certPath = certs::authorityObjectPath;
1300 certPath += "/";
1301 certPath += std::to_string(id);
1302
1303 crow::connections::systemBus->async_method_call(
1304 [asyncResp, id](const boost::system::error_code ec) {
1305 if (ec)
1306 {
1307 messages::resourceNotFound(asyncResp->res,
1308 "TrustStore Certificate",
1309 std::to_string(id));
1310 return;
1311 }
1312 BMCWEB_LOG_INFO << "Certificate deleted";
1313 asyncResp->res.result(
1314 boost::beast::http::status::no_content);
1315 },
1316 certs::authorityServiceName, certPath, certs::objDeleteIntf,
1317 "Delete");
1318 });
1319} // requestRoutesTrustStoreCertificate
Marri Devender Rao5968cae2019-01-21 10:27:12 -0600[diff] [blame]1320} // namespace redfish