Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-certificate-manager / cd30c496c8e4c9aec66e65ba16430dd2e0f86395^! / . / certificate.hpp
commitcd30c496c8e4c9aec66e65ba16430dd2e0f86395[log] [tgz]
authorMarri Devender Rao <devenrao@in.ibm.com>Wed Jun 12 01:40:17 2019 -0500
committerMarri Devender Rao <devenrao@in.ibm.com>Fri Jul 05 04:04:37 2019 -0500
tree57e9eb8885b160737e106452e7eb72c15d557ee3
parentffad1ef1c244b4a85da7c79dd550cfbb3d1ebeb8 [diff] [blame]
Append private key from the system to CA signed certificate

A CSR request is intiated which creates a private key file
and CSR file in the system.

CSR file is passed onto the CA to sign the certificate.

If the CA signed certificate file does not have private key
use the private key generated as part of the CSR request
from the system.

After sucessfull validation append the private key with the
CA signed file and store in the system.

Tested:
1) Verifid when uploading a certificate file without private
key system is using the private key file from the system.

Change-Id: I9a5313af64f87fdb1d9189558c95ab75ce317a73
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>

diff --git a/certificate.hpp b/certificate.hpp
index 70ee522..aea3ce6 100644
--- a/certificate.hpp
+++ b/certificate.hpp

@@ -25,6 +25,7 @@
 using CertUploadPath = std::string;
 using InputType = std::string;
 using InstallFunc = std::function<void(const std::string&)>;
+using AppendPrivKeyFunc = std::function<void(const std::string&)>;
 using CertWatchPtr = std::unique_ptr<Watch>;
 using namespace phosphor::logging;
 
@@ -92,19 +93,28 @@
     void install(const std::string& filePath, bool isSkipUnitReload);
 
     /** @brief Load Certificate file into the X509 structre.
-     *  @param[in] fileName - Certificate and key full file path.
+     *  @param[in] filePath - Certificate and key full file path.
      *  @return pointer to the X509 structure.
      */
     X509_Ptr loadCert(const std::string& filePath);
 
+    /** @brief Check and append private key to the certificate file
+     *         If private key is not present in the certificate file append the
+     *         certificate file with private key existing in the system.
+     *  @param[in] filePath - Certificate and key full file path.
+     *  @return void.
+     */
+    void checkAndAppendPrivateKey(const std::string& filePath);
+
     /** @brief Public/Private key compare function.
      *         Comparing private key against certificate public key
      *         from input .pem file.
-     *  @param[in] fileName - Certificate and key full file path.
+     *  @param[in] filePath - Certificate and key full file path.
      *  @return Return true if Key compare is successful,
      *          false if not
      */
     bool compareKeys(const std::string& filePath);
+
     /** @brief systemd unit reload or reset helper function
      *  Reload if the unit supports it and use a restart otherwise.
      *  @param[in] unit - service need to reload.
@@ -129,6 +139,9 @@
     /** @brief Certificate file installation path **/
     CertInstallPath certInstallPath;
 
+    /** @brief Type specific function pointer map for appending private key */
+    std::unordered_map<InputType, AppendPrivKeyFunc> appendKeyMap;
+
     /** @brief Certificate file create/update watch */
     const CertWatchPtr& certWatchPtr;
 };