blob: 46371bbfa1b397cd47043252e32902352cdb5771 [file] [log] [blame]
#pragma once
#include <openssl/x509.h>
#include <filesystem>
#include <phosphor-logging/elog.hpp>
#include <xyz/openbmc_project/Certs/Certificate/server.hpp>
#include <xyz/openbmc_project/Certs/Replace/server.hpp>
namespace phosphor
{
namespace certs
{
using CertificateIface = sdbusplus::server::object::object<
sdbusplus::xyz::openbmc_project::Certs::server::Certificate>;
using ReplaceIface = sdbusplus::xyz::openbmc_project::Certs::server::Replace;
using CertIfaces =
sdbusplus::server::object::object<CertificateIface, ReplaceIface>;
using CertificateType = std::string;
using UnitsToRestart = std::string;
using CertInstallPath = std::string;
using CertUploadPath = std::string;
using InputType = std::string;
using InstallFunc = std::function<void(const std::string&)>;
using namespace phosphor::logging;
// for placeholders
using namespace std::placeholders;
namespace fs = std::filesystem;
// Supported Types.
static constexpr auto SERVER = "server";
static constexpr auto CLIENT = "client";
static constexpr auto AUTHORITY = "authority";
// RAII support for openSSL functions.
using X509_Ptr = std::unique_ptr<X509, decltype(&::X509_free)>;
/** @class Certificate
* @brief OpenBMC Certificate entry implementation.
* @details A concrete implementation for the
* xyz.openbmc_project.Certs.Certificate DBus API
* xyz.openbmc_project.Certs.Instal DBus API
*/
class Certificate : public CertIfaces
{
public:
Certificate() = delete;
Certificate(const Certificate&) = delete;
Certificate& operator=(const Certificate&) = delete;
Certificate(Certificate&&) = delete;
Certificate& operator=(Certificate&&) = delete;
virtual ~Certificate();
/** @brief Constructor for the Certificate Object
* @param[in] bus - Bus to attach to.
* @param[in] objPath - Object path to attach to
* @param[in] type - Type of the certificate
* @param[in] unit - Units to restart after a certificate is installed
* @param[in] installPath - Path of the certificate to install
* @param[in] uploadPath - Path of the certificate file to upload
* @param[in] isSkipUnitReload - If true do not restart units
*/
Certificate(sdbusplus::bus::bus& bus, const std::string& objPath,
const CertificateType& type, const UnitsToRestart& unit,
const CertInstallPath& installPath,
const CertUploadPath& uploadPath, bool isSkipUnitReload);
/** @brief Validate certificate and replace the existing certificate
* @param[in] filePath - Certificate file path.
*/
void replace(const std::string filePath) override;
private:
/** @brief Validate and Replace/Install the certificate file
* Install/Replace the existing certificate file with another
* (possibly CA signed) Certificate file.
* @param[in] filePath - Certificate file path.
* @param[in] isSkipUnitReload - If true do not restart units
*/
void install(const std::string& filePath, bool isSkipUnitReload);
/** @brief Load Certificate file into the X509 structre.
* @param[in] fileName - Certificate and key full file path.
* @return pointer to the X509 structure.
*/
X509_Ptr loadCert(const std::string& filePath);
/** @brief Populate certificate properties by parsing certificate file
* @return void
*/
void populateProperties();
/** @brief Public/Private key compare function.
* Comparing private key against certificate public key
* from input .pem file.
* @param[in] fileName - Certificate and key full file path.
* @return Return true if Key compare is successful,
* false if not
*/
bool compareKeys(const std::string& filePath);
/** @brief systemd unit reload or reset helper function
* Reload if the unit supports it and use a restart otherwise.
* @param[in] unit - service need to reload.
*/
void reloadOrReset(const UnitsToRestart& unit);
/** @brief Type specific function pointer map **/
std::unordered_map<InputType, InstallFunc> typeFuncMap;
/** @brief sdbusplus handler */
sdbusplus::bus::bus& bus;
/** @brief object path */
std::string objectPath;
/** @brief Type of the certificate **/
CertificateType certType;
/** @brief Unit name associated to the service **/
UnitsToRestart unitToRestart;
/** @brief Certificate file installation path **/
CertInstallPath certInstallPath;
};
} // namespace certs
} // namespace phosphor