| commit | 8a09b52a767bebdc510914d3b4bb63313dae2196 | [log] [tgz] |
|---|---|---|
| author | Ramesh Iyyar <rameshi1@in.ibm.com> | Fri Jun 07 05:23:29 2019 -0500 |
| committer | Ramesh Iyyar <rameshi1@in.ibm.com> | Fri Jun 21 01:22:41 2019 -0500 |
| tree | e24340cd8e655180c627480692034e6f65463fbb | |
| parent | dec5877c7e1219299042671cdf82589a081d583f [diff] |
Added support to generate CSR based on ECC approach
In existing, phosphor-certificate-manager is supported RSA approach to
generate CSR. As per Redfish certificate schema, CSR can generate either
RSA or ECC by passing KeyPairAlgorithm. So, In this commit ECC based CSR
generation is added.
Openssl API are used for generating ECC key pair.
User Input Validation:
- ECC approach is used as default if user does not give algorithm type.
- Default KeyBitLength and CurveId used as "2048" and "secp224r1"
respectively if user does not give.
- Error will be thrown if algorithm given other than RSA and ECC.
In this commit refactor also done by splitting RSA key generation from
writePrivateKey().
Tested by:
- Added unit test cases to verify unsupported KeyPairAlgorithm and
KeyPairCurveID, ECC Key generation.
- Tested by BMC-web(Redfish) to generate CSR based on ECC.
curl -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token" -X POST
https://${bmc}/redfish/v1/CertificateService/Actions/
CertificateService.GenerateCSR/ -d @generate_https.json
Change-Id: I523293ee2ff6da2964e8c3d4380eefc96bf1f36b
Signed-off-by: Ramesh Iyyar <rameshi1@in.ibm.com>
Certificate management allows to replace the existing certificate and private key file with another (possibly CA signed) Certificate key file. Certificate management allows the user to install both the server and client certificates.
To build this package, do the following steps:
1. ./bootstrap.sh
2. ./configure ${CONFIGURE_FLAGS}
3. make
To clean the repository run `./bootstrap.sh clean`.