Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-certificate-manager / 3b07b77a58820b27c32981e36b0ce500dffaa94c^! / . / certs_manager.cpp
commit3b07b77a58820b27c32981e36b0ce500dffaa94c[log] [tgz]
authorZbigniew Lukwinski <zbigniew.lukwinski@linux.intel.com>Wed Oct 09 11:43:34 2019 +0200
committerZbigniew Kurzynski <zbigniew.kurzynski@intel.com>Wed Nov 06 10:08:54 2019 +0100
tree73117e0de774e2216d2ab42c7f67e8d702ba5ca6
parentdb029c9521a394b65f5ae18be4735213ef51a269 [diff] [blame]
Enable limiting authority certificates amount.

This patch enables check about authority certificates amount limit
and disallows to install new certificate in case limit violation.

Tested: Tests were performed manually by trying to install dozen
authority certificates over RedFish.

Signed-off-by: Zbigniew Lukwinski <zbigniew.lukwinski@linux.intel.com>
Change-Id: Iea83f05e7b6b0ad3e32bc3f2aba710de863b6d34

diff --git a/certs_manager.cpp b/certs_manager.cpp
index 76ce09f..e1774b6 100644
--- a/certs_manager.cpp
+++ b/certs_manager.cpp

@@ -118,6 +118,11 @@
     {
         elog<NotAllowed>(Reason("Certificate already exist"));
     }
+    else if (certType == phosphor::certs::AUTHORITY &&
+             installedCerts.size() >= AUTHORITY_CERTIFICATES_LIMIT)
+    {
+        elog<NotAllowed>(Reason("Certificates limit reached"));
+    }
 
     auto certObjectPath = objectPath + '/' + std::to_string(certIdCounter++);