commit a49895eead7e474af0c122b1724ae1ce615d550a
author Ravi Teja <raviteja28031990@gmail.com> Tue Jun 16 03:57:58 2020 -0500
committer Ravi Teja <raviteja28031990@gmail.com> Sat Oct 03 11:38:11 2020 -0500
tree 2776a996768d11957e684248782e17f3fb2d3923
parent 5c515c21fb8d3c2f983ccdadca859b0f2cb282cf

Implementation of BMC VMI certificate manager

This manager is to create and manage entries
for each host CSR request which needs to shared
with host.

this commits implements dbus interfaces
https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-dbus-interfaces/+/31808

This feature can be enabled by using below feature flag
"--enable-ca-cert-extension"

Testby:
Creating CSR entries
Deleting  entries
Setting properties

Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>
Change-Id: I24829b839feac6264f32053b9be63daef6599379

bmc-vmi-ca/ca_certs_manager.cpp

diff --git a/bmc-vmi-ca/ca_certs_manager.cpp b/bmc-vmi-ca/ca_certs_manager.cpp
new file mode 100644
index 0000000..f6622ff
--- /dev/null
+++ b/bmc-vmi-ca/ca_certs_manager.cpp
@@ -0,0 +1,71 @@
+#include "config.h"
+
+#include "ca_certs_manager.hpp"
+
+#include <filesystem>
+#include <fstream>
+#include <phosphor-logging/elog-errors.hpp>
+#include <phosphor-logging/elog.hpp>
+#include <phosphor-logging/log.hpp>
+#include <xyz/openbmc_project/Common/error.hpp>
+
+namespace ca
+{
+namespace cert
+{
+static constexpr auto objectEntry = "/xyz/openbmc_project/certs/entry";
+static constexpr auto maxCertSize = 4096;
+namespace fs = std::filesystem;
+using namespace phosphor::logging;
+using InvalidArgument =
+    sdbusplus::xyz::openbmc_project::Common::Error::InvalidArgument;
+using Argument = xyz::openbmc_project::Common::InvalidArgument;
+
+sdbusplus::message::object_path CACertMgr::signCSR(std::string csr)
+{
+    std::string objPath;
+    try
+    {
+        if (csr.size() > maxCertSize)
+        {
+            log<level::ERR>("Invalid CSR size");
+            elog<InvalidArgument>(Argument::ARGUMENT_NAME("CSR"),
+                                  Argument::ARGUMENT_VALUE(csr.c_str()));
+        }
+        auto id = lastEntryId + 1;
+        objPath = fs::path(objectEntry) / std::to_string(id);
+        std::string cert;
+        // Creating the dbus object here with the empty certificate string
+        // actual signing is being done by the hypervisor, once it signs then
+        // the certificate string would be updated with actual certificate.
+        entries.insert(std::make_pair(
+            id, std::make_unique<Entry>(bus, objPath, id, csr, cert, *this)));
+        lastEntryId++;
+    }
+    catch (const std::invalid_argument& e)
+    {
+        log<level::ERR>(e.what());
+        elog<InvalidArgument>(Argument::ARGUMENT_NAME("csr"),
+                              Argument::ARGUMENT_VALUE(csr.c_str()));
+    }
+    return objPath;
+}
+
+void CACertMgr::erase(uint32_t entryId)
+{
+    entries.erase(entryId);
+}
+
+void CACertMgr::deleteAll()
+{
+    auto iter = entries.begin();
+    while (iter != entries.end())
+    {
+        auto& entry = iter->second;
+        ++iter;
+        entry->delete_();
+    }
+}
+
+} // namespace cert
+} // namespace ca