blob: f6622ff0a35a78c444fea83af59320ff426ce787 [file] [log] [blame]
#include "config.h"
#include "ca_certs_manager.hpp"
#include <filesystem>
#include <fstream>
#include <phosphor-logging/elog-errors.hpp>
#include <phosphor-logging/elog.hpp>
#include <phosphor-logging/log.hpp>
#include <xyz/openbmc_project/Common/error.hpp>
namespace ca
{
namespace cert
{
static constexpr auto objectEntry = "/xyz/openbmc_project/certs/entry";
static constexpr auto maxCertSize = 4096;
namespace fs = std::filesystem;
using namespace phosphor::logging;
using InvalidArgument =
sdbusplus::xyz::openbmc_project::Common::Error::InvalidArgument;
using Argument = xyz::openbmc_project::Common::InvalidArgument;
sdbusplus::message::object_path CACertMgr::signCSR(std::string csr)
{
std::string objPath;
try
{
if (csr.size() > maxCertSize)
{
log<level::ERR>("Invalid CSR size");
elog<InvalidArgument>(Argument::ARGUMENT_NAME("CSR"),
Argument::ARGUMENT_VALUE(csr.c_str()));
}
auto id = lastEntryId + 1;
objPath = fs::path(objectEntry) / std::to_string(id);
std::string cert;
// Creating the dbus object here with the empty certificate string
// actual signing is being done by the hypervisor, once it signs then
// the certificate string would be updated with actual certificate.
entries.insert(std::make_pair(
id, std::make_unique<Entry>(bus, objPath, id, csr, cert, *this)));
lastEntryId++;
}
catch (const std::invalid_argument& e)
{
log<level::ERR>(e.what());
elog<InvalidArgument>(Argument::ARGUMENT_NAME("csr"),
Argument::ARGUMENT_VALUE(csr.c_str()));
}
return objPath;
}
void CACertMgr::erase(uint32_t entryId)
{
entries.erase(entryId);
}
void CACertMgr::deleteAll()
{
auto iter = entries.begin();
while (iter != entries.end())
{
auto& entry = iter->second;
++iter;
entry->delete_();
}
}
} // namespace cert
} // namespace ca