Generate RSA Private Key file during application startup
Generating RSA private key file during application startup if rsa key
file is not found. Here, the rsa private key file is a hidden file
(.rsaprivkey.pem) and placed in certificate file install path which is
given during application startup.
This generated rsa private key file will be used to create private key
and csr files if certificate manager received the generateCSR request
with key pair algorithm as RSA. So, the every time rsa key generation
is avoided, because rsa key is generated with keybitlength as 2048
during application startup.
From this change, certificate manager will support only 2048 as key
bit length to generated rsa key pair. If user given other than 2048,
application will throw error.
Tested By:
- Added below unit test case
* To check rsa private key file is generated during application
startup.
* To validate unsupported key bit length.
* To check rsa private key file is present or not.
* To check rsa private key is picked from rsa private key file
while receive the generateCSR request.
- Manual test case
* Restarted certificate manager application to check rsa private
key file is generated.
systemctl restart phosphor-certificate-manager@bmcweb.service
* Invoked genearteCSR request by using curl command to check
generated rsa private key file is used to create private key
and csr file.
curl -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token" -X POST
https://${bmc}/redfish/v1/CertificateService/Actions/
CertificateService.GenerateCSR/ -d @generate_https.json
Change-Id: I876779f1ab36f52774c52041d68304a610ea261b
Signed-off-by: Ramesh Iyyar <rameshi1@in.ibm.com>
diff --git a/certs_manager.hpp b/certs_manager.hpp
index 1e6ca81..355840d 100644
--- a/certs_manager.hpp
+++ b/certs_manager.hpp
@@ -185,8 +185,10 @@
/** @brief Write private key data to file
*
* @param[in] pKey - pointer to private key
+ * @param[in] privKeyFileName - private key filename
*/
- void writePrivateKey(const EVP_PKEY_Ptr& pKey);
+ void writePrivateKey(const EVP_PKEY_Ptr& pKey,
+ const std::string& privKeyFileName);
/** @brief Add the specified CSR field with the data
* @param[in] x509Name - Structure used in setting certificate properties
@@ -213,6 +215,18 @@
*/
void createCertificate();
+ /** @brief Create RSA private key file
+ * Create RSA private key file by generating rsa key if not created
+ */
+ void createRSAPrivateKeyFile();
+
+ /** @brief Getting RSA private key
+ * Gettting RSA private key from generated file
+ * @param[in] keyBitLength - Key bit length
+ * @return Pointer to RSA key
+ */
+ EVP_PKEY_Ptr getRSAKeyPair(const int64_t keyBitLength);
+
/** @brief sdbusplus handler */
sdbusplus::bus::bus& bus;
@@ -242,6 +256,9 @@
/** @brief Watch on self signed certificates */
std::unique_ptr<Watch> certWatchPtr = nullptr;
+
+ /** @brif Parent path i.e certificate directory path */
+ fs::path certParentInstallPath;
};
} // namespace certs
} // namespace phosphor