Add support to upload CA certificate
Added support to upload CA certificates in
/etc/ssl/certs path. Curently scope is limited to one
certificate and any new upload is going to override the
existing CA certificate.
Change-Id: I9cc60accf6aae4d8123e5f86d618effe33d68d53
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
diff --git a/certs_manager.cpp b/certs_manager.cpp
index d8c6263..8f36782 100644
--- a/certs_manager.cpp
+++ b/certs_manager.cpp
@@ -59,16 +59,6 @@
elog<InvalidCertificate>(Reason("Certificate validation failed"));
}
- // Compare the Keys
- if (!compareKeys(path))
- {
- elog<InvalidCertificate>(
- Reason("Private key is not matching with Certificate"));
- }
-
- // Copy the certificate file
- copy(path, certPath);
-
// Invoke type specific install function.
auto iter = typeFuncMap.find(type);
if (iter == typeFuncMap.end())
@@ -76,25 +66,40 @@
log<level::ERR>("Unsupported Type", entry("TYPE=%s", type.c_str()));
elog<InternalFailure>();
}
- iter->second();
-}
+ iter->second(path);
-void Manager::serverInstall()
-{
+ // Copy the certificate file
+ copy(path, certPath);
+
if (!unit.empty())
{
reloadOrReset(unit);
}
}
-void Manager::clientInstall()
+void Manager::serverInstallHelper(const std::string& filePath)
{
- if (!unit.empty())
+ if (!compareKeys(filePath))
{
- reloadOrReset(unit);
+ elog<InvalidCertificate>(
+ Reason("Private key does not match the Certificate"));
}
}
+void Manager::clientInstallHelper(const std::string& filePath)
+{
+ if (!compareKeys(filePath))
+ {
+ elog<InvalidCertificate>(
+ Reason("Private key does not match the Certificate"));
+ }
+}
+
+void Manager::authorityInstallHelper(const std::string& filePath)
+{
+ // No additional steps required now.
+}
+
void Manager::reloadOrReset(const std::string& unit)
{
constexpr auto SYSTEMD_SERVICE = "org.freedesktop.systemd1";