Certificate delete API – backend.
Till now the Certificate Manager has one-to-one relation with a
Certificate class. And the DELETE API provided by the
Certificate Manager was enough to delete managed by it certificate.
With introducing Mutual-TLS the relation is changing to one-to-many
and current delete API is not sufficient. This commit adds DELETE
interface to Certificate class, so each of them can be removed
individually. This implementation was done on base of current user
account management implementation. The Certificate class exposes the
delete interface on DBus. When the API is called the Certificate
instance calls proper operation on Certificate Manager which
removes it from its internal collection. The rest of the removing
certificate process, including service reset remains as it was.
Tested with uploaded multiple TLS certificates.
Each Certificate exposes Delete interface on dbus and user is able
to delete each of them. The delete API on Certificate Manager object
was replaced with DeleteAll interface and results in deleting all
loaded certificates.
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: I9dd6fa998e8bd8081fbd13549831bc94a4a7aa54
diff --git a/certificate.hpp b/certificate.hpp
index 56256ac..9fa2cdd 100644
--- a/certificate.hpp
+++ b/certificate.hpp
@@ -8,16 +8,18 @@
#include <phosphor-logging/elog.hpp>
#include <xyz/openbmc_project/Certs/Certificate/server.hpp>
#include <xyz/openbmc_project/Certs/Replace/server.hpp>
+#include <xyz/openbmc_project/Object/Delete/server.hpp>
namespace phosphor
{
namespace certs
{
+using DeleteIface = sdbusplus::xyz::openbmc_project::Object::server::Delete;
using CertificateIface = sdbusplus::server::object::object<
sdbusplus::xyz::openbmc_project::Certs::server::Certificate>;
using ReplaceIface = sdbusplus::xyz::openbmc_project::Certs::server::Replace;
-using CertIfaces =
- sdbusplus::server::object::object<CertificateIface, ReplaceIface>;
+using CertIfaces = sdbusplus::server::object::object<CertificateIface,
+ ReplaceIface, DeleteIface>;
using CertificateType = std::string;
using UnitsToRestart = std::string;
@@ -33,6 +35,8 @@
using namespace std::placeholders;
namespace fs = std::filesystem;
+class Manager; // Forward declaration for Certificate Manager.
+
// Supported Types.
static constexpr auto SERVER = "server";
static constexpr auto CLIENT = "client";
@@ -73,7 +77,7 @@
const CertificateType& type, const UnitsToRestart& unit,
const CertInstallPath& installPath,
const CertUploadPath& uploadPath, bool isSkipUnitReload,
- const CertWatchPtr& watchPtr);
+ const CertWatchPtr& watchPtr, Manager& parent);
/** @brief Validate certificate and replace the existing certificate
* @param[in] filePath - Certificate file path.
@@ -92,6 +96,11 @@
*/
const std::string& getHash() const;
+ /**
+ * @brief Delete the certificate
+ */
+ void delete_() override;
+
private:
/**
* @brief Populate certificate properties by parsing given certificate file
@@ -175,6 +184,9 @@
/** @brief Stores certificate subject hash */
std::string certHash;
+
+ /** @brief Reference to Certificate Manager */
+ Manager& manager;
};
} // namespace certs