config: Change authority D-Bus names
Initially CA certificate management service was intended to support only
LDAP usecases. However since some time this has become outdated, as
certificates stored there might serve more purposes, such as SSL
handshakes or mTLS connections. Therefore, I'm proposing to change
service endpoint name from 'ldap' to something more generic, in order to
avoid any confusion, that could come up when developing applications
would like to utilize this feature.
Tested:
Service present on DBus under new name, along with proper object paths.
root@bmc-maca4bf018cd442:~# busctl list | grep phosphor-cert
...
xyz.openbmc_project.Certs.Manager.Authority.Truststore 256 phosphor-certif root :1.15 phosphor-certificate-manager@authority.service - -
...
root@bmc-maca4bf018cd442:~# busctl tree xyz.openbmc_project.Certs.Manager.Authority.Truststore
`-/xyz
`-/xyz/openbmc_project
`-/xyz/openbmc_project/certs
`-/xyz/openbmc_project/certs/authority
`-/xyz/openbmc_project/certs/authority/truststore
Change-Id: I1d2c4ef9e7b4846951ce4dd52f869d7c64f3902d
Signed-off-by: Michal Orzel <michalx.orzel@intel.com>
diff --git a/README.md b/README.md
index 5f54515..e306173 100644
--- a/README.md
+++ b/README.md
@@ -39,7 +39,7 @@
**Purpose:** Client certificate validation
```bash
-./phosphor-certificate-manager --type=authority --endpoint=ldap \
+./phosphor-certificate-manager --type=authority --endpoint=truststore \
--path=/etc/ssl/certs/authority --unit=bmcweb.service
```
diff --git a/dist/busconfig/phosphor-nslcd-authority-cert-config.conf b/dist/busconfig/phosphor-authority-cert-config.conf
similarity index 73%
rename from dist/busconfig/phosphor-nslcd-authority-cert-config.conf
rename to dist/busconfig/phosphor-authority-cert-config.conf
index 7737ffc..ab7286a 100644
--- a/dist/busconfig/phosphor-nslcd-authority-cert-config.conf
+++ b/dist/busconfig/phosphor-authority-cert-config.conf
@@ -2,7 +2,7 @@
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<policy user="root">
- <allow own="xyz.openbmc_project.Certs.Manager.Authority.Ldap"/>
- <allow send_destination="xyz.openbmc_project.Certs.Manager.Authority.Ldap"/>
+ <allow own="xyz.openbmc_project.Certs.Manager.Authority.Truststore"/>
+ <allow send_destination="xyz.openbmc_project.Certs.Manager.Authority.Truststore"/>
</policy>
</busconfig>
diff --git a/dist/env/authority b/dist/env/authority
index d2e8814..c8e27d5 100644
--- a/dist/env/authority
+++ b/dist/env/authority
@@ -1,6 +1,6 @@
#REST URI endpoint
-#example: /xyz/openbmc_project/certs/authority/ldap
-ENDPOINT=ldap
+#example: /xyz/openbmc_project/certs/authority/truststore
+ENDPOINT=truststore
#Path for the certificate file
CERTPATH=/etc/ssl/certs/authority
diff --git a/dist/meson.build b/dist/meson.build
index 6b29445..b6dda42 100644
--- a/dist/meson.build
+++ b/dist/meson.build
@@ -23,8 +23,8 @@
]]
endif
-if not get_option('config-nslcd').disabled()
- busconfig += 'busconfig/phosphor-nslcd-authority-cert-config.conf'
+if not get_option('config-authority').disabled()
+ busconfig += 'busconfig/phosphor-authority-cert-config.conf'
certs += 'env/authority'
systemd_alias += [[
'../phosphor-certificate-manager@.service',
diff --git a/meson.options b/meson.options
index d29c2f9..9cf15e4 100644
--- a/meson.options
+++ b/meson.options
@@ -16,9 +16,9 @@
description: 'Install bmcweb cert configs',
)
-option('config-nslcd',
+option('config-authority',
type: 'feature',
- description: 'Install nslcd authority cert configs',
+ description: 'Install authority cert configs',
)
option('authorities-list-name',
diff --git a/test/certs_manager_test.cpp b/test/certs_manager_test.cpp
index f30abad..6d5149e 100644
--- a/test/certs_manager_test.cpp
+++ b/test/certs_manager_test.cpp
@@ -313,7 +313,7 @@
*/
TEST_F(TestCertificates, InvokeAuthorityInstall)
{
- std::string endpoint("ldap");
+ std::string endpoint("truststore");
CertificateType type = CertificateType::authority;
std::string verifyDir(certDir);
std::string verifyUnit(ManagerInTest::unitToRestartInTest);
@@ -356,7 +356,7 @@
*/
TEST_F(TestCertificates, InvokeAuthorityInstallNeverExpiredRootCert)
{
- std::string endpoint("ldap");
+ std::string endpoint("truststore");
CertificateType type = CertificateType::authority;
std::string verifyDir(certDir);
std::string verifyUnit(ManagerInTest::unitToRestartInTest);
@@ -397,7 +397,7 @@
*/
TEST_F(TestCertificates, InvokeInstallSameCertTwice)
{
- std::string endpoint("ldap");
+ std::string endpoint("truststore");
CertificateType type = CertificateType::authority;
std::string verifyDir(certDir);
std::string verifyUnit(ManagerInTest::unitToRestartInTest);
@@ -453,7 +453,7 @@
*/
TEST_F(TestCertificates, InvokeInstallSameSubjectTwice)
{
- std::string endpoint("ldap");
+ std::string endpoint("truststore");
CertificateType type = CertificateType::authority;
std::string verifyDir(certDir);
std::string verifyUnit(ManagerInTest::unitToRestartInTest);
@@ -511,7 +511,7 @@
*/
TEST_F(TestCertificates, InvokeInstallAuthCertLimit)
{
- std::string endpoint("ldap");
+ std::string endpoint("truststore");
CertificateType type = CertificateType::authority;
std::string verifyDir(certDir);
std::string verifyUnit(ManagerInTest::unitToRestartInTest);
@@ -674,7 +674,7 @@
*/
TEST_F(TestCertificates, TestAuthorityReplaceCertificate)
{
- std::string endpoint("ldap");
+ std::string endpoint("truststore");
CertificateType type = CertificateType::authority;
std::string verifyDir(certDir);
std::string verifyUnit(ManagerInTest::unitToRestartInTest);
@@ -724,7 +724,7 @@
*/
TEST_F(TestCertificates, TestStorageDeleteCertificate)
{
- std::string endpoint("ldap");
+ std::string endpoint("truststore");
CertificateType type = CertificateType::authority;
std::string verifyDir(certDir);
std::string verifyUnit((ManagerInTest::unitToRestartInTest));
@@ -1599,7 +1599,7 @@
// authorities list
TEST_F(AuthoritiesListTest, InstallAll)
{
- std::string endpoint("ldap");
+ std::string endpoint("truststore");
std::string verifyUnit(ManagerInTest::unitToRestartInTest);
CertificateType type = CertificateType::authority;
@@ -1627,7 +1627,7 @@
// in the installation path at boot up
TEST_F(AuthoritiesListTest, RecoverAtBootUp)
{
- std::string endpoint("ldap");
+ std::string endpoint("truststore");
std::string verifyUnit(ManagerInTest::unitToRestartInTest);
CertificateType type = CertificateType::authority;
@@ -1679,7 +1679,7 @@
TEST_F(AuthoritiesListTest, InstallAndDelete)
{
- std::string endpoint("ldap");
+ std::string endpoint("truststore");
std::string verifyUnit(ManagerInTest::unitToRestartInTest);
CertificateType type = CertificateType::authority;
@@ -1733,7 +1733,7 @@
TEST_F(AuthoritiesListTest, InstallAllTwice)
{
- std::string endpoint("ldap");
+ std::string endpoint("truststore");
std::string verifyUnit(ManagerInTest::unitToRestartInTest);
CertificateType type = CertificateType::authority;
@@ -1757,7 +1757,7 @@
TEST_F(AuthoritiesListTest, InstallAllMissSourceFile)
{
- std::string endpoint("ldap");
+ std::string endpoint("truststore");
std::string verifyUnit(ManagerInTest::unitToRestartInTest);
CertificateType type = CertificateType::authority;
@@ -1776,7 +1776,7 @@
TEST_F(AuthoritiesListTest, TooManyRootCertificates)
{
- std::string endpoint("ldap");
+ std::string endpoint("truststore");
std::string verifyUnit(ManagerInTest::unitToRestartInTest);
CertificateType type = CertificateType::authority;
@@ -1795,7 +1795,7 @@
TEST_F(AuthoritiesListTest, CertInWrongFormat)
{
- std::string endpoint("ldap");
+ std::string endpoint("truststore");
std::string verifyUnit(ManagerInTest::unitToRestartInTest);
CertificateType type = CertificateType::authority;
@@ -1821,7 +1821,7 @@
TEST_F(AuthoritiesListTest, ReplaceAll)
{
- std::string endpoint("ldap");
+ std::string endpoint("truststore");
std::string verifyUnit(ManagerInTest::unitToRestartInTest);
CertificateType type = CertificateType::authority;