clean up using directives and type alias
Most C++ style guides try to avoid using directives in headers and also
suggest using type alias carefully, according to which, this change does
the following clean up:
1. used Enum class to represent Certificate type
2. removed all using directives: e.g. the phosphor logging namespace;
instead, this change uses using declarations
3. removed unnecessary type alias; in existing codes, we only support
strings as types of UnitToRestart, InstallPath, UploadPath, etc; this
change uses std::string directly
4. moved all alias outside any class scope into source files or an
internal namespace
5. renamed types, constants, classes as per OpenBMC style guide
6. fixed all compilation errors and some warnings after the refactoring;
built with both Clang & GCC
Reference:
https://docs.microsoft.com/en-us/cpp/cpp/header-files-cpp?view=msvc-170#what-to-put-in-a-header-file
https://google.github.io/styleguide/cppguide.html#Namespaces
Tested:
Unit tests
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I58e026934a4e969f4d8877801c8f3c671990468a
diff --git a/bmc-vmi-ca/ca_cert_entry.hpp b/bmc-vmi-ca/ca_cert_entry.hpp
index 174daba..1b75fa4 100644
--- a/bmc-vmi-ca/ca_cert_entry.hpp
+++ b/bmc-vmi-ca/ca_cert_entry.hpp
@@ -12,12 +12,14 @@
namespace cert
{
-using Delete = sdbusplus::xyz::openbmc_project::Object::server::Delete;
-
-using CertEntry = sdbusplus::xyz::openbmc_project::Certs::server::Entry;
-using CSREntry = sdbusplus::xyz::openbmc_project::PLDM::Provider::Certs::
- Authority::server::CSR;
-using Ifaces = sdbusplus::server::object::object<CSREntry, CertEntry, Delete>;
+namespace internal
+{
+using EntryInterface = sdbusplus::server::object_t<
+ sdbusplus::xyz::openbmc_project::PLDM::Provider::Certs::Authority::server::
+ CSR,
+ sdbusplus::xyz::openbmc_project::Certs::server::Entry,
+ sdbusplus::xyz::openbmc_project::Object::server::Delete>;
+}
class CACertMgr;
@@ -26,7 +28,7 @@
* @details A concrete implementation for the
* xyz.openbmc_project.Certs.Entry DBus API
*/
-class Entry : public Ifaces
+class Entry : public internal::EntryInterface
{
public:
Entry() = delete;
@@ -46,7 +48,7 @@
Entry(sdbusplus::bus::bus& bus, const std::string& objPath,
uint32_t entryId, std::string& csr, std::string& cert,
CACertMgr& manager) :
- Ifaces(bus, objPath.c_str(), true),
+ internal::EntryInterface(bus, objPath.c_str(), true),
bus(bus), id(entryId), manager(manager)
{
diff --git a/bmc-vmi-ca/ca_certs_manager.cpp b/bmc-vmi-ca/ca_certs_manager.cpp
index bbb8025..f08c1e7 100644
--- a/bmc-vmi-ca/ca_certs_manager.cpp
+++ b/bmc-vmi-ca/ca_certs_manager.cpp
@@ -11,12 +11,17 @@
namespace ca::cert
{
-static constexpr auto maxCertSize = 4096;
namespace fs = std::filesystem;
-using namespace phosphor::logging;
-using InvalidArgument =
- sdbusplus::xyz::openbmc_project::Common::Error::InvalidArgument;
-using Argument = xyz::openbmc_project::Common::InvalidArgument;
+using ::phosphor::logging::elog;
+using ::phosphor::logging::entry;
+using ::phosphor::logging::level;
+using ::phosphor::logging::log;
+
+using ::sdbusplus::xyz::openbmc_project::Common::Error::InvalidArgument;
+using Argument =
+ ::phosphor::logging::xyz::openbmc_project::Common::InvalidArgument;
+
+static constexpr size_t maxCertSize = 4096;
sdbusplus::message::object_path CACertMgr::signCSR(std::string csr)
{
diff --git a/bmc-vmi-ca/ca_certs_manager.hpp b/bmc-vmi-ca/ca_certs_manager.hpp
index 21088b6..951c0cf 100644
--- a/bmc-vmi-ca/ca_certs_manager.hpp
+++ b/bmc-vmi-ca/ca_certs_manager.hpp
@@ -11,18 +11,20 @@
namespace ca::cert
{
-class CACertMgr;
-
-using CreateIface = sdbusplus::server::object::object<
+namespace internal
+{
+using ManagerInterface = sdbusplus::server::object_t<
sdbusplus::xyz::openbmc_project::Certs::server::Authority,
sdbusplus::xyz::openbmc_project::Collection::server::DeleteAll>;
-using Mgr = ca::cert::CACertMgr;
+}
+
+class CACertMgr;
/** @class Manager
* @brief Implementation for the
* xyz.openbmc_project.Certs.ca.authority.Manager DBus API.
*/
-class CACertMgr : public CreateIface
+class CACertMgr : public internal::ManagerInterface
{
public:
CACertMgr() = delete;
@@ -36,10 +38,9 @@
* @param[in] bus - Bus to attach to.
* @param[in] path - Path to attach at.
*/
- CACertMgr(sdbusplus::bus::bus& bus, sdeventplus::Event& event,
- const char* path) :
- CreateIface(bus, path),
- bus(bus), event(event), objectPath(path), lastEntryId(0){};
+ CACertMgr(sdbusplus::bus::bus& bus, const char* path) :
+ internal::ManagerInterface(bus, path), bus(bus), objectPath(path),
+ lastEntryId(0){};
/** @brief This method provides signing authority functionality.
It signs the certificate and creates the CSR request entry Dbus
@@ -64,8 +65,6 @@
private:
/** @brief sdbusplus DBus bus connection. */
sdbusplus::bus::bus& bus;
- // sdevent Event handle
- sdeventplus::Event& event;
/** @brief object path */
std::string objectPath;
/** @brief Id of the last certificate entry */
diff --git a/bmc-vmi-ca/mainapp.cpp b/bmc-vmi-ca/mainapp.cpp
index 4c6ef1e..c33a69d 100644
--- a/bmc-vmi-ca/mainapp.cpp
+++ b/bmc-vmi-ca/mainapp.cpp
@@ -19,7 +19,7 @@
// Attach the bus to sd_event to service user requests
bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
- ca::cert::CACertMgr manager(bus, event, objPath);
+ ca::cert::CACertMgr manager(bus, objPath);
std::string busName = "xyz.openbmc_project.Certs.ca.authority.Manager";
bus.request_name(busName.c_str());
diff --git a/certificate.cpp b/certificate.cpp
index f367267..6dfed96 100644
--- a/certificate.cpp
+++ b/certificate.cpp
@@ -19,20 +19,28 @@
namespace phosphor::certs
{
+
+namespace
+{
+namespace fs = std::filesystem;
+using ::phosphor::logging::elog;
+using ::phosphor::logging::entry;
+using ::phosphor::logging::level;
+using ::phosphor::logging::log;
+using ::phosphor::logging::report;
+using InvalidCertificateError =
+ ::sdbusplus::xyz::openbmc_project::Certs::Error::InvalidCertificate;
+using ::phosphor::logging::xyz::openbmc_project::Certs::InvalidCertificate;
+using ::sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure;
+
// RAII support for openSSL functions.
-using BIO_MEM_Ptr = std::unique_ptr<BIO, decltype(&::BIO_free)>;
-using X509_STORE_Ptr =
- std::unique_ptr<X509_STORE, decltype(&::X509_STORE_free)>;
-using X509_STORE_CTX_Ptr =
+using BIOMemPtr = std::unique_ptr<BIO, decltype(&::BIO_free)>;
+using X509StorePtr = std::unique_ptr<X509_STORE, decltype(&::X509_STORE_free)>;
+using X509StoreCtxPtr =
std::unique_ptr<X509_STORE_CTX, decltype(&::X509_STORE_CTX_free)>;
-using ASN1_TIME_ptr = std::unique_ptr<ASN1_TIME, decltype(&ASN1_STRING_free)>;
-using EVP_PKEY_Ptr = std::unique_ptr<EVP_PKEY, decltype(&::EVP_PKEY_free)>;
-using BUF_MEM_Ptr = std::unique_ptr<BUF_MEM, decltype(&::BUF_MEM_free)>;
-using InternalFailure =
- sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure;
-using InvalidCertificate =
- sdbusplus::xyz::openbmc_project::Certs::Error::InvalidCertificate;
-using Reason = xyz::openbmc_project::Certs::InvalidCertificate::REASON;
+using ASN1TimePtr = std::unique_ptr<ASN1_TIME, decltype(&ASN1_STRING_free)>;
+using EVPPkeyPtr = std::unique_ptr<EVP_PKEY, decltype(&::EVP_PKEY_free)>;
+using BufMemPtr = std::unique_ptr<BUF_MEM, decltype(&::BUF_MEM_free)>;
// Trust chain related errors.`
#define TRUST_CHAIN_ERR(errnum) \
@@ -70,10 +78,11 @@
{NID_OCSP_sign, "OCSPSigning"},
{NID_ad_timeStamping, "Timestamping"},
{NID_code_sign, "CodeSigning"}};
+} // namespace
std::string Certificate::generateCertId(const std::string& certPath)
{
- const X509_Ptr cert = loadCert(certPath);
+ const internal::X509Ptr cert = loadCert(certPath);
unsigned long subjectNameHash = X509_subject_name_hash(cert.get());
unsigned long issuerSerialHash = X509_issuer_and_serial_hash(cert.get());
static constexpr auto CERT_ID_LENGTH = 17;
@@ -104,7 +113,7 @@
std::string Certificate::generateAuthCertFileX509Path(
const std::string& certSrcFilePath, const std::string& certDstDirPath)
{
- const X509_Ptr cert = loadCert(certSrcFilePath);
+ const internal::X509Ptr cert = loadCert(certSrcFilePath);
unsigned long hash = X509_subject_name_hash(cert.get());
static constexpr auto CERT_HASH_LENGTH = 9;
char hashBuf[CERT_HASH_LENGTH];
@@ -153,7 +162,7 @@
std::string
Certificate::generateCertFilePath(const std::string& certSrcFilePath)
{
- if (certType == phosphor::certs::AUTHORITY)
+ if (certType == CertificateType::Authority)
{
return generateAuthCertFilePath(certSrcFilePath);
}
@@ -164,32 +173,31 @@
}
Certificate::Certificate(sdbusplus::bus::bus& bus, const std::string& objPath,
- const CertificateType& type,
- const CertInstallPath& installPath,
- const CertUploadPath& uploadPath,
- const CertWatchPtr& certWatchPtr, Manager& parent) :
- CertIfaces(bus, objPath.c_str(), true),
- bus(bus), objectPath(objPath), certType(type), certInstallPath(installPath),
- certWatchPtr(certWatchPtr), manager(parent)
+ CertificateType type, const std::string& installPath,
+ const std::string& uploadPath, Watch* watch,
+ Manager& parent) :
+ internal::CertificateInterface(bus, objPath.c_str(), true),
+ objectPath(objPath), certType(type), certInstallPath(installPath),
+ certWatch(watch), manager(parent)
{
auto installHelper = [this](const auto& filePath) {
if (!compareKeys(filePath))
{
- elog<InvalidCertificate>(
- Reason("Private key does not match the Certificate"));
+ elog<InvalidCertificateError>(InvalidCertificate::REASON(
+ "Private key does not match the Certificate"));
};
};
- typeFuncMap[SERVER] = installHelper;
- typeFuncMap[CLIENT] = installHelper;
- typeFuncMap[AUTHORITY] = [](const std::string&) {};
+ typeFuncMap[CertificateType::Server] = installHelper;
+ typeFuncMap[CertificateType::Client] = installHelper;
+ typeFuncMap[CertificateType::Authority] = [](const std::string&) {};
auto appendPrivateKey = [this](const std::string& filePath) {
checkAndAppendPrivateKey(filePath);
};
- appendKeyMap[SERVER] = appendPrivateKey;
- appendKeyMap[CLIENT] = appendPrivateKey;
- appendKeyMap[AUTHORITY] = [](const std::string&) {};
+ appendKeyMap[CertificateType::Server] = appendPrivateKey;
+ appendKeyMap[CertificateType::Client] = appendPrivateKey;
+ appendKeyMap[CertificateType::Authority] = [](const std::string&) {};
// Generate certificate file path
certFilePath = generateCertFilePath(uploadPath);
@@ -221,9 +229,9 @@
auto errCode = X509_V_OK;
// stop watch for user initiated certificate install
- if (certWatchPtr)
+ if (certWatch != nullptr)
{
- certWatchPtr->stopWatch();
+ certWatch->stopWatch();
}
// Verify the certificate file
@@ -242,7 +250,8 @@
// file is empty
log<level::ERR>("File is empty",
entry("FILE=%s", certSrcFilePath.c_str()));
- elog<InvalidCertificate>(Reason("File is empty"));
+ elog<InvalidCertificateError>(
+ InvalidCertificate::REASON("File is empty"));
}
}
catch (const fs::filesystem_error& e)
@@ -253,7 +262,7 @@
}
// Create an empty X509_STORE structure for certificate validation.
- X509_STORE_Ptr x509Store(X509_STORE_new(), &X509_STORE_free);
+ X509StorePtr x509Store(X509_STORE_new(), &X509_STORE_free);
if (!x509Store)
{
log<level::ERR>("Error occurred during X509_STORE_new call");
@@ -278,12 +287,13 @@
{
log<level::ERR>("Error occurred during X509_LOOKUP_load_file call",
entry("FILE=%s", certSrcFilePath.c_str()));
- elog<InvalidCertificate>(Reason("Invalid certificate file format"));
+ elog<InvalidCertificateError>(
+ InvalidCertificate::REASON("Invalid certificate file format"));
}
// Load Certificate file into the X509 structure.
- X509_Ptr cert = loadCert(certSrcFilePath);
- X509_STORE_CTX_Ptr storeCtx(X509_STORE_CTX_new(), ::X509_STORE_CTX_free);
+ internal::X509Ptr cert = loadCert(certSrcFilePath);
+ X509StoreCtxPtr storeCtx(X509_STORE_CTX_new(), ::X509_STORE_CTX_free);
if (!storeCtx)
{
log<level::ERR>("Error occurred during X509_STORE_CTX_new call",
@@ -337,16 +347,18 @@
if (errCode == X509_V_ERR_CERT_HAS_EXPIRED)
{
log<level::ERR>("Expired certificate ");
- elog<InvalidCertificate>(Reason("Expired Certificate"));
+ elog<InvalidCertificateError>(
+ InvalidCertificate::REASON("Expired Certificate"));
}
// Logging general error here.
log<level::ERR>(
"Certificate validation failed", entry("ERRCODE=%d", errCode),
entry("ERROR_STR=%s", X509_verify_cert_error_string(errCode)));
- elog<InvalidCertificate>(Reason("Certificate validation failed"));
+ elog<InvalidCertificateError>(
+ InvalidCertificate::REASON("Certificate validation failed"));
}
- validateCertificateStartDate(cert);
+ validateCertificateStartDate(*cert);
// Verify that the certificate can be used in a TLS context
const SSL_METHOD* method = TLS_method();
@@ -356,14 +368,16 @@
{
log<level::ERR>("Certificate is not usable",
entry("ERRCODE=%x", ERR_get_error()));
- elog<InvalidCertificate>(Reason("Certificate is not usable"));
+ elog<InvalidCertificateError>(
+ InvalidCertificate::REASON("Certificate is not usable"));
}
// Invoke type specific append private key function.
auto appendIter = appendKeyMap.find(certType);
if (appendIter == appendKeyMap.end())
{
- log<level::ERR>("Unsupported Type", entry("TYPE=%s", certType.c_str()));
+ log<level::ERR>("Unsupported Type",
+ entry("TYPE=%s", certificateTypeToString(certType)));
elog<InternalFailure>();
}
appendIter->second(certSrcFilePath);
@@ -372,7 +386,8 @@
auto compIter = typeFuncMap.find(certType);
if (compIter == typeFuncMap.end())
{
- log<level::ERR>("Unsupported Type", entry("TYPE=%s", certType.c_str()));
+ log<level::ERR>("Unsupported Type",
+ entry("TYPE=%s", certificateTypeToString(certType)));
elog<InternalFailure>();
}
compIter->second(certSrcFilePath);
@@ -418,31 +433,31 @@
populateProperties(certFilePath);
// restart watch
- if (certWatchPtr)
+ if (certWatch != nullptr)
{
- certWatchPtr->startWatch();
+ certWatch->startWatch();
}
}
// Checks that notBefore is not earlier than the unix epoch given that
// the corresponding DBus interface is uint64_t.
-void Certificate::validateCertificateStartDate(const X509_Ptr& cert)
+void Certificate::validateCertificateStartDate(X509& cert)
{
int days = 0;
int secs = 0;
- ASN1_TIME_ptr epoch(ASN1_TIME_new(), ASN1_STRING_free);
+ ASN1TimePtr epoch(ASN1_TIME_new(), ASN1_STRING_free);
// Set time to 00:00am GMT, Jan 1 1970; format: YYYYMMDDHHMMSSZ
ASN1_TIME_set_string(epoch.get(), "19700101000000Z");
- ASN1_TIME* notBefore = X509_get_notBefore(cert.get());
+ ASN1_TIME* notBefore = X509_get_notBefore(&cert);
ASN1_TIME_diff(&days, &secs, epoch.get(), notBefore);
if (days < 0 || secs < 0)
{
log<level::ERR>("Certificate valid date starts before the Unix Epoch");
- elog<InvalidCertificate>(
- Reason("NotBefore should after 19700101000000Z"));
+ elog<InvalidCertificateError>(InvalidCertificate::REASON(
+ "NotBefore should after 19700101000000Z"));
}
}
@@ -463,7 +478,7 @@
void Certificate::storageUpdate()
{
- if (certType == phosphor::certs::AUTHORITY)
+ if (certType == CertificateType::Authority)
{
// Create symbolic link in the certificate directory
std::string certFileX509Path;
@@ -491,32 +506,32 @@
void Certificate::populateProperties(const std::string& certPath)
{
- X509_Ptr cert = loadCert(certPath);
+ internal::X509Ptr cert = loadCert(certPath);
// Update properties if no error thrown
- BIO_MEM_Ptr certBio(BIO_new(BIO_s_mem()), BIO_free);
+ BIOMemPtr certBio(BIO_new(BIO_s_mem()), BIO_free);
PEM_write_bio_X509(certBio.get(), cert.get());
- BUF_MEM_Ptr certBuf(BUF_MEM_new(), BUF_MEM_free);
+ BufMemPtr certBuf(BUF_MEM_new(), BUF_MEM_free);
BUF_MEM* buf = certBuf.get();
BIO_get_mem_ptr(certBio.get(), &buf);
std::string certStr(buf->data, buf->length);
- CertificateIface::certificateString(certStr);
+ certificateString(certStr);
static const int maxKeySize = 4096;
char subBuffer[maxKeySize] = {0};
- BIO_MEM_Ptr subBio(BIO_new(BIO_s_mem()), BIO_free);
+ BIOMemPtr subBio(BIO_new(BIO_s_mem()), BIO_free);
// This pointer cannot be freed independently.
X509_NAME* sub = X509_get_subject_name(cert.get());
X509_NAME_print_ex(subBio.get(), sub, 0, XN_FLAG_SEP_COMMA_PLUS);
BIO_read(subBio.get(), subBuffer, maxKeySize);
- CertificateIface::subject(subBuffer);
+ subject(subBuffer);
char issuerBuffer[maxKeySize] = {0};
- BIO_MEM_Ptr issuerBio(BIO_new(BIO_s_mem()), BIO_free);
+ BIOMemPtr issuerBio(BIO_new(BIO_s_mem()), BIO_free);
// This pointer cannot be freed independently.
X509_NAME* issuer_name = X509_get_issuer_name(cert.get());
X509_NAME_print_ex(issuerBio.get(), issuer_name, 0, XN_FLAG_SEP_COMMA_PLUS);
BIO_read(issuerBio.get(), issuerBuffer, maxKeySize);
- CertificateIface::issuer(issuerBuffer);
+ issuer(issuerBuffer);
std::vector<std::string> keyUsageList;
ASN1_BIT_STRING* usage;
@@ -549,29 +564,29 @@
sk_ASN1_OBJECT_value(extUsage, i))]);
}
}
- CertificateIface::keyUsage(keyUsageList);
+ keyUsage(keyUsageList);
int days = 0;
int secs = 0;
- ASN1_TIME_ptr epoch(ASN1_TIME_new(), ASN1_STRING_free);
+ ASN1TimePtr epoch(ASN1_TIME_new(), ASN1_STRING_free);
// Set time to 00:00am GMT, Jan 1 1970; format: YYYYMMDDHHMMSSZ
ASN1_TIME_set_string(epoch.get(), "19700101000000Z");
static const uint64_t dayToSeconds = 24 * 60 * 60;
ASN1_TIME* notAfter = X509_get_notAfter(cert.get());
ASN1_TIME_diff(&days, &secs, epoch.get(), notAfter);
- CertificateIface::validNotAfter((days * dayToSeconds) + secs);
+ validNotAfter((days * dayToSeconds) + secs);
ASN1_TIME* notBefore = X509_get_notBefore(cert.get());
ASN1_TIME_diff(&days, &secs, epoch.get(), notBefore);
- CertificateIface::validNotBefore((days * dayToSeconds) + secs);
+ validNotBefore((days * dayToSeconds) + secs);
}
-X509_Ptr Certificate::loadCert(const std::string& filePath)
+internal::X509Ptr Certificate::loadCert(const std::string& filePath)
{
// Read Certificate file
- X509_Ptr cert(X509_new(), ::X509_free);
+ internal::X509Ptr cert(X509_new(), ::X509_free);
if (!cert)
{
log<level::ERR>("Error occurred during X509_new call",
@@ -580,7 +595,7 @@
elog<InternalFailure>();
}
- BIO_MEM_Ptr bioCert(BIO_new_file(filePath.c_str(), "rb"), ::BIO_free);
+ BIOMemPtr bioCert(BIO_new_file(filePath.c_str(), "rb"), ::BIO_free);
if (!bioCert)
{
log<level::ERR>("Error occurred during BIO_new_file call",
@@ -600,7 +615,7 @@
void Certificate::checkAndAppendPrivateKey(const std::string& filePath)
{
- BIO_MEM_Ptr keyBio(BIO_new(BIO_s_file()), ::BIO_free);
+ BIOMemPtr keyBio(BIO_new(BIO_s_file()), ::BIO_free);
if (!keyBio)
{
log<level::ERR>("Error occurred during BIO_s_file call",
@@ -609,7 +624,7 @@
}
BIO_read_filename(keyBio.get(), filePath.c_str());
- EVP_PKEY_Ptr priKey(
+ EVPPkeyPtr priKey(
PEM_read_bio_PrivateKey(keyBio.get(), nullptr, nullptr, nullptr),
::EVP_PKEY_free);
if (!priKey)
@@ -657,7 +672,7 @@
{
log<level::INFO>("Certificate compareKeys",
entry("FILEPATH=%s", filePath.c_str()));
- X509_Ptr cert(X509_new(), ::X509_free);
+ internal::X509Ptr cert(X509_new(), ::X509_free);
if (!cert)
{
log<level::ERR>("Error occurred during X509_new call",
@@ -666,7 +681,7 @@
elog<InternalFailure>();
}
- BIO_MEM_Ptr bioCert(BIO_new_file(filePath.c_str(), "rb"), ::BIO_free);
+ BIOMemPtr bioCert(BIO_new_file(filePath.c_str(), "rb"), ::BIO_free);
if (!bioCert)
{
log<level::ERR>("Error occurred during BIO_new_file call",
@@ -677,16 +692,17 @@
X509* x509 = cert.get();
PEM_read_bio_X509(bioCert.get(), &x509, nullptr, nullptr);
- EVP_PKEY_Ptr pubKey(X509_get_pubkey(cert.get()), ::EVP_PKEY_free);
+ EVPPkeyPtr pubKey(X509_get_pubkey(cert.get()), ::EVP_PKEY_free);
if (!pubKey)
{
log<level::ERR>("Error occurred during X509_get_pubkey",
entry("FILE=%s", filePath.c_str()),
entry("ERRCODE=%lu", ERR_get_error()));
- elog<InvalidCertificate>(Reason("Failed to get public key info"));
+ elog<InvalidCertificateError>(
+ InvalidCertificate::REASON("Failed to get public key info"));
}
- BIO_MEM_Ptr keyBio(BIO_new(BIO_s_file()), ::BIO_free);
+ BIOMemPtr keyBio(BIO_new(BIO_s_file()), ::BIO_free);
if (!keyBio)
{
log<level::ERR>("Error occurred during BIO_s_file call",
@@ -695,7 +711,7 @@
}
BIO_read_filename(keyBio.get(), filePath.c_str());
- EVP_PKEY_Ptr priKey(
+ EVPPkeyPtr priKey(
PEM_read_bio_PrivateKey(keyBio.get(), nullptr, nullptr, nullptr),
::EVP_PKEY_free);
if (!priKey)
@@ -703,7 +719,8 @@
log<level::ERR>("Error occurred during PEM_read_bio_PrivateKey",
entry("FILE=%s", filePath.c_str()),
entry("ERRCODE=%lu", ERR_get_error()));
- elog<InvalidCertificate>(Reason("Failed to get private key info"));
+ elog<InvalidCertificateError>(
+ InvalidCertificate::REASON("Failed to get private key info"));
}
#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
diff --git a/certificate.hpp b/certificate.hpp
index ce2a737..46479e4 100644
--- a/certificate.hpp
+++ b/certificate.hpp
@@ -5,6 +5,9 @@
#include <openssl/x509.h>
#include <filesystem>
+#include <functional>
+#include <memory>
+#include <optional>
#include <phosphor-logging/elog.hpp>
#include <xyz/openbmc_project/Certs/Certificate/server.hpp>
#include <xyz/openbmc_project/Certs/Replace/server.hpp>
@@ -12,45 +15,68 @@
namespace phosphor::certs
{
-using DeleteIface = sdbusplus::xyz::openbmc_project::Object::server::Delete;
-using CertificateIface =
- sdbusplus::xyz::openbmc_project::Certs::server::Certificate;
-using ReplaceIface = sdbusplus::xyz::openbmc_project::Certs::server::Replace;
-using CertIfaces = sdbusplus::server::object::object<CertificateIface,
- ReplaceIface, DeleteIface>;
-using CertificateType = std::string;
-using CertInstallPath = std::string;
-using CertUploadPath = std::string;
-using InputType = std::string;
+// Certificate types
+enum class CertificateType
+{
+ Authority,
+ Server,
+ Client,
+ Unsupported,
+};
+
+inline constexpr const char* certificateTypeToString(CertificateType type)
+{
+ switch (type)
+ {
+ case CertificateType::Authority:
+ return "authority";
+ case CertificateType::Server:
+ return "server";
+ case CertificateType::Client:
+ return "client";
+ default:
+ return "unsupported";
+ }
+}
+
+inline constexpr CertificateType stringToCertificateType(std::string_view type)
+{
+ if (type == "authority")
+ {
+ return CertificateType::Authority;
+ }
+ if (type == "server")
+ {
+ return CertificateType::Server;
+ }
+ if (type == "client")
+ {
+ return CertificateType::Client;
+ }
+ return CertificateType::Unsupported;
+}
+
+namespace internal
+{
+using CertificateInterface = sdbusplus::server::object_t<
+ sdbusplus::xyz::openbmc_project::Certs::server::Certificate,
+ sdbusplus::xyz::openbmc_project::Certs::server::Replace,
+ sdbusplus::xyz::openbmc_project::Object::server::Delete>;
using InstallFunc = std::function<void(const std::string&)>;
using AppendPrivKeyFunc = std::function<void(const std::string&)>;
-using CertWatchPtr = std::unique_ptr<Watch>;
-using namespace phosphor::logging;
-
-// for placeholders
-using namespace std::placeholders;
-namespace fs = std::filesystem;
+using X509Ptr = std::unique_ptr<X509, decltype(&::X509_free)>;
+} // namespace internal
class Manager; // Forward declaration for Certificate Manager.
-// Supported Types.
-static constexpr auto SERVER = "server";
-static constexpr auto CLIENT = "client";
-static constexpr auto AUTHORITY = "authority";
-
-// RAII support for openSSL functions.
-using X509_Ptr = std::unique_ptr<X509, decltype(&::X509_free)>;
-using X509_STORE_CTX_Ptr =
- std::unique_ptr<X509_STORE_CTX, decltype(&::X509_STORE_CTX_free)>;
-
/** @class Certificate
* @brief OpenBMC Certificate entry implementation.
* @details A concrete implementation for the
* xyz.openbmc_project.Certs.Certificate DBus API
* xyz.openbmc_project.Certs.Install DBus API
*/
-class Certificate : public CertIfaces
+class Certificate : public internal::CertificateInterface
{
public:
Certificate() = delete;
@@ -66,12 +92,12 @@
* @param[in] type - Type of the certificate
* @param[in] installPath - Path of the certificate to install
* @param[in] uploadPath - Path of the certificate file to upload
- * @param[in] watchPtr - watch on self signed certificate pointer
+ * @param[in] watchPtr - watch on self signed certificate
+ * @param[in] parent - the manager that owns the certificate
*/
Certificate(sdbusplus::bus::bus& bus, const std::string& objPath,
- const CertificateType& type, const CertInstallPath& installPath,
- const CertUploadPath& uploadPath, const CertWatchPtr& watchPtr,
- Manager& parent);
+ CertificateType type, const std::string& installPath,
+ const std::string& uploadPath, Watch* watch, Manager& parent);
/** @brief Validate and Replace/Install the certificate file
* Install/Replace the existing certificate file with another
@@ -127,7 +153,7 @@
*
* @return void
*/
- void validateCertificateStartDate(const X509_Ptr& cert);
+ void validateCertificateStartDate(X509& cert);
/**
* @brief Populate certificate properties by parsing given certificate file
@@ -142,7 +168,7 @@
* @param[in] filePath - Certificate and key full file path.
* @return pointer to the X509 structure.
*/
- X509_Ptr loadCert(const std::string& filePath);
+ internal::X509Ptr loadCert(const std::string& filePath);
/** @brief Check and append private key to the certificate file
* If private key is not present in the certificate file append the
@@ -222,10 +248,7 @@
std::string generateCertFilePath(const std::string& certSrcFilePath);
/** @brief Type specific function pointer map */
- std::unordered_map<InputType, InstallFunc> typeFuncMap;
-
- /** @brief sdbusplus handler */
- sdbusplus::bus::bus& bus;
+ std::unordered_map<CertificateType, internal::InstallFunc> typeFuncMap;
/** @brief object path */
std::string objectPath;
@@ -240,13 +263,16 @@
std::string certFilePath;
/** @brief Certificate file installation path */
- CertInstallPath certInstallPath;
+ std::string certInstallPath;
/** @brief Type specific function pointer map for appending private key */
- std::unordered_map<InputType, AppendPrivKeyFunc> appendKeyMap;
+ std::unordered_map<CertificateType, internal::AppendPrivKeyFunc>
+ appendKeyMap;
- /** @brief Certificate file create/update watch */
- const CertWatchPtr& certWatchPtr;
+ /** @brief Certificate file create/update watch
+ * Note that Certificate object doesn't own the pointer
+ */
+ Watch* certWatch;
/** @brief Reference to Certificate Manager */
Manager& manager;
diff --git a/certs_manager.cpp b/certs_manager.cpp
index 9a81991..6bfc37a 100644
--- a/certs_manager.cpp
+++ b/certs_manager.cpp
@@ -11,24 +11,42 @@
namespace phosphor::certs
{
-using InternalFailure =
- sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure;
-using InvalidCertificate =
- sdbusplus::xyz::openbmc_project::Certs::Error::InvalidCertificate;
-using Reason = xyz::openbmc_project::Certs::InvalidCertificate::REASON;
+namespace
+{
+namespace fs = std::filesystem;
+using ::phosphor::logging::commit;
+using ::phosphor::logging::elog;
+using ::phosphor::logging::entry;
+using ::phosphor::logging::level;
+using ::phosphor::logging::log;
+using ::phosphor::logging::report;
-using X509_REQ_Ptr = std::unique_ptr<X509_REQ, decltype(&::X509_REQ_free)>;
-using BIGNUM_Ptr = std::unique_ptr<BIGNUM, decltype(&::BN_free)>;
-using InvalidArgument =
- sdbusplus::xyz::openbmc_project::Common::Error::InvalidArgument;
-using Argument = xyz::openbmc_project::Common::InvalidArgument;
+using ::sdbusplus::xyz::openbmc_project::Certs::Error::InvalidCertificate;
+using ::sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure;
+using ::sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed;
+using NotAllowedReason =
+ ::phosphor::logging::xyz::openbmc_project::Common::NotAllowed::REASON;
+using InvalidCertificateReason = ::phosphor::logging::xyz::openbmc_project::
+ Certs::InvalidCertificate::REASON;
+using ::sdbusplus::xyz::openbmc_project::Common::Error::InvalidArgument;
+using Argument =
+ ::phosphor::logging::xyz::openbmc_project::Common::InvalidArgument;
-constexpr auto SUPPORTED_KEYBITLENGTH = 2048;
+// RAII support for openSSL functions.
+using X509ReqPtr = std::unique_ptr<X509_REQ, decltype(&::X509_REQ_free)>;
+using EVPPkeyPtr = std::unique_ptr<EVP_PKEY, decltype(&::EVP_PKEY_free)>;
+using BignumPtr = std::unique_ptr<BIGNUM, decltype(&::BN_free)>;
+
+constexpr int supportedKeyBitLength = 2048;
+constexpr int defaultKeyBitLength = 2048;
+// secp224r1 is equal to RSA 2048 KeyBitLength. Refer RFC 5349
+constexpr auto defaultKeyCurveID = "secp224r1";
+} // namespace
Manager::Manager(sdbusplus::bus::bus& bus, sdeventplus::Event& event,
- const char* path, const CertificateType& type,
- UnitsToRestart&& unit, CertInstallPath&& installPath) :
- Ifaces(bus, path),
+ const char* path, CertificateType type,
+ const std::string& unit, const std::string& installPath) :
+ internal::ManagerInterface(bus, path),
bus(bus), event(event), objectPath(path), certType(type),
unitToRestart(std::move(unit)), certInstallPath(std::move(installPath)),
certParentInstallPath(fs::path(certInstallPath).parent_path())
@@ -40,7 +58,7 @@
fs::path certDirectory;
try
{
- if (certType == AUTHORITY)
+ if (certType == CertificateType::Authority)
{
certDirectory = certInstallPath;
}
@@ -69,7 +87,7 @@
}
// Generating RSA private key file if certificate type is server/client
- if (certType != AUTHORITY)
+ if (certType != CertificateType::Authority)
{
createRSAPrivateKeyFile();
}
@@ -78,7 +96,7 @@
createCertificates();
// watch is not required for authority certificates
- if (certType != AUTHORITY)
+ if (certType != CertificateType::Authority)
{
// watch for certificate file create/replace
certWatchPtr = std::make_unique<
@@ -146,18 +164,14 @@
std::string Manager::install(const std::string filePath)
{
- using NotAllowed =
- sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed;
- using Reason = xyz::openbmc_project::Common::NotAllowed::REASON;
-
- if (certType != phosphor::certs::AUTHORITY && !installedCerts.empty())
+ if (certType != CertificateType::Authority && !installedCerts.empty())
{
- elog<NotAllowed>(Reason("Certificate already exist"));
+ elog<NotAllowed>(NotAllowedReason("Certificate already exist"));
}
- else if (certType == phosphor::certs::AUTHORITY &&
+ else if (certType == CertificateType::Authority &&
installedCerts.size() >= maxNumAuthorityCertificates)
{
- elog<NotAllowed>(Reason("Certificates limit reached"));
+ elog<NotAllowed>(NotAllowedReason("Certificates limit reached"));
}
std::string certObjectPath;
@@ -166,13 +180,13 @@
certObjectPath = objectPath + '/' + std::to_string(certIdCounter);
installedCerts.emplace_back(std::make_unique<Certificate>(
bus, certObjectPath, certType, certInstallPath, filePath,
- certWatchPtr, *this));
+ certWatchPtr.get(), *this));
reloadOrReset(unitToRestart);
certIdCounter++;
}
else
{
- elog<NotAllowed>(Reason("Certificate already exist"));
+ elog<NotAllowed>(NotAllowedReason("Certificate already exist"));
}
return certObjectPath;
@@ -222,11 +236,7 @@
}
else
{
- using NotAllowed =
- sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed;
- using Reason = xyz::openbmc_project::Common::NotAllowed::REASON;
-
- elog<NotAllowed>(Reason("Certificate already exist"));
+ elog<NotAllowed>(NotAllowedReason("Certificate already exist"));
}
}
@@ -344,7 +354,7 @@
// set version of x509 req
int nVersion = 1;
// TODO: Issue#6 need to make version number configurable
- X509_REQ_Ptr x509Req(X509_REQ_new(), ::X509_REQ_free);
+ X509ReqPtr x509Req(X509_REQ_new(), ::X509_REQ_free);
ret = X509_REQ_set_version(x509Req.get(), nVersion);
if (ret == 0)
{
@@ -391,7 +401,7 @@
addEntry(x509Name, "SN", surname);
addEntry(x509Name, "unstructuredName", unstructuredName);
- EVP_PKEY_Ptr pKey(nullptr, ::EVP_PKEY_free);
+ EVPPkeyPtr pKey(nullptr, ::EVP_PKEY_free);
log<level::INFO>("Given Key pair algorithm",
entry("KEYPAIRALGORITHM=%s", keyPairAlgorithm.c_str()));
@@ -443,23 +453,22 @@
[&usage](const char* s) { return (strcmp(s, usage.c_str()) == 0); });
return it != usageList.end();
}
-EVP_PKEY_Ptr Manager::generateRSAKeyPair(const int64_t keyBitLength)
+EVPPkeyPtr Manager::generateRSAKeyPair(const int64_t keyBitLength)
{
int64_t keyBitLen = keyBitLength;
// set keybit length to default value if not set
if (keyBitLen <= 0)
{
- constexpr auto DEFAULT_KEYBITLENGTH = 2048;
log<level::INFO>(
"KeyBitLength is not given.Hence, using default KeyBitLength",
- entry("DEFAULTKEYBITLENGTH=%d", DEFAULT_KEYBITLENGTH));
- keyBitLen = DEFAULT_KEYBITLENGTH;
+ entry("DEFAULTKEYBITLENGTH=%d", defaultKeyBitLength));
+ keyBitLen = defaultKeyBitLength;
}
#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
// generate rsa key
- BIGNUM_Ptr bne(BN_new(), ::BN_free);
+ BignumPtr bne(BN_new(), ::BN_free);
auto ret = BN_set_word(bne.get(), RSA_F4);
if (ret == 0)
{
@@ -477,7 +486,7 @@
}
// set public key of x509 req
- EVP_PKEY_Ptr pKey(EVP_PKEY_new(), ::EVP_PKEY_free);
+ EVPPkeyPtr pKey(EVP_PKEY_new(), ::EVP_PKEY_free);
ret = EVP_PKEY_assign_RSA(pKey.get(), rsa.get());
if (ret == 0)
{
@@ -516,18 +525,16 @@
#endif
}
-EVP_PKEY_Ptr Manager::generateECKeyPair(const std::string& curveId)
+EVPPkeyPtr Manager::generateECKeyPair(const std::string& curveId)
{
std::string curId(curveId);
if (curId.empty())
{
- // secp224r1 is equal to RSA 2048 KeyBitLength. Refer RFC 5349
- constexpr auto DEFAULT_KEYCURVEID = "secp224r1";
log<level::INFO>(
"KeyCurveId is not given. Hence using default curve id",
- entry("DEFAULTKEYCURVEID=%s", DEFAULT_KEYCURVEID));
- curId = DEFAULT_KEYCURVEID;
+ entry("DEFAULTKEYCURVEID=%s", defaultKeyCurveID));
+ curId = defaultKeyCurveID;
}
int ecGrp = OBJ_txt2nid(curId.c_str());
@@ -565,7 +572,7 @@
elog<InternalFailure>();
}
- EVP_PKEY_Ptr pKey(EVP_PKEY_new(), ::EVP_PKEY_free);
+ EVPPkeyPtr pKey(EVP_PKEY_new(), ::EVP_PKEY_free);
ret = EVP_PKEY_assign_EC_KEY(pKey.get(), ecKey);
if (ret == 0)
{
@@ -627,7 +634,7 @@
#endif
}
-void Manager::writePrivateKey(const EVP_PKEY_Ptr& pKey,
+void Manager::writePrivateKey(const EVPPkeyPtr& pKey,
const std::string& privKeyFileName)
{
log<level::INFO>("Writing private key to file");
@@ -679,7 +686,7 @@
certInstallPath.c_str(), status);
}
-void Manager::writeCSR(const std::string& filePath, const X509_REQ_Ptr& x509Req)
+void Manager::writeCSR(const std::string& filePath, const X509ReqPtr& x509Req)
{
if (fs::exists(filePath))
{
@@ -717,7 +724,7 @@
{
auto certObjectPath = objectPath + '/';
- if (certType == phosphor::certs::AUTHORITY)
+ if (certType == CertificateType::Authority)
{
// Check whether install path is a directory.
if (!fs::is_directory(certInstallPath))
@@ -739,8 +746,8 @@
{
installedCerts.emplace_back(std::make_unique<Certificate>(
bus, certObjectPath + std::to_string(certIdCounter++),
- certType, certInstallPath, path.path(), certWatchPtr,
- *this));
+ certType, certInstallPath, path.path(),
+ certWatchPtr.get(), *this));
}
}
catch (const InternalFailure& e)
@@ -749,8 +756,8 @@
}
catch (const InvalidCertificate& e)
{
- report<InvalidCertificate>(
- Reason("Existing certificate file is corrupted"));
+ report<InvalidCertificate>(InvalidCertificateReason(
+ "Existing certificate file is corrupted"));
}
}
}
@@ -760,7 +767,7 @@
{
installedCerts.emplace_back(std::make_unique<Certificate>(
bus, certObjectPath + '1', certType, certInstallPath,
- certInstallPath, certWatchPtr, *this));
+ certInstallPath, certWatchPtr.get(), *this));
}
catch (const InternalFailure& e)
{
@@ -768,8 +775,8 @@
}
catch (const InvalidCertificate& e)
{
- report<InvalidCertificate>(
- Reason("Existing certificate file is corrupted"));
+ report<InvalidCertificate>(InvalidCertificateReason(
+ "Existing certificate file is corrupted"));
}
}
}
@@ -783,7 +790,7 @@
{
if (!fs::exists(rsaPrivateKeyFileName))
{
- writePrivateKey(generateRSAKeyPair(SUPPORTED_KEYBITLENGTH),
+ writePrivateKey(generateRSAKeyPair(supportedKeyBitLength),
defaultRSAPrivateKeyFileName);
}
}
@@ -793,14 +800,14 @@
}
}
-EVP_PKEY_Ptr Manager::getRSAKeyPair(const int64_t keyBitLength)
+EVPPkeyPtr Manager::getRSAKeyPair(const int64_t keyBitLength)
{
- if (keyBitLength != SUPPORTED_KEYBITLENGTH)
+ if (keyBitLength != supportedKeyBitLength)
{
log<level::ERR>(
"Given Key bit length is not supported",
entry("GIVENKEYBITLENGTH=%d", keyBitLength),
- entry("SUPPORTEDKEYBITLENGTH=%d", SUPPORTED_KEYBITLENGTH));
+ entry("SUPPORTEDKEYBITLENGTH=%d", supportedKeyBitLength));
elog<InvalidArgument>(
Argument::ARGUMENT_NAME("KEYBITLENGTH"),
Argument::ARGUMENT_VALUE(std::to_string(keyBitLength).c_str()));
@@ -817,7 +824,7 @@
elog<InternalFailure>();
}
- EVP_PKEY_Ptr privateKey(
+ EVPPkeyPtr privateKey(
PEM_read_PrivateKey(privateKeyFile, nullptr, nullptr, nullptr),
::EVP_PKEY_free);
std::fclose(privateKeyFile);
@@ -832,7 +839,7 @@
void Manager::storageUpdate()
{
- if (certType == phosphor::certs::AUTHORITY)
+ if (certType == CertificateType::Authority)
{
// Remove symbolic links in the certificate directory
for (auto& certPath : fs::directory_iterator(certInstallPath))
@@ -861,20 +868,20 @@
}
}
-void Manager::reloadOrReset(const UnitsToRestart& unit)
+void Manager::reloadOrReset(const std::string& unit)
{
if (!unit.empty())
{
try
{
- constexpr auto SYSTEMD_SERVICE = "org.freedesktop.systemd1";
- constexpr auto SYSTEMD_OBJ_PATH = "/org/freedesktop/systemd1";
- constexpr auto SYSTEMD_INTERFACE =
+ constexpr auto defaultSystemdService = "org.freedesktop.systemd1";
+ constexpr auto defaultSystemdObjectPath =
+ "/org/freedesktop/systemd1";
+ constexpr auto defaultSystemdInterface =
"org.freedesktop.systemd1.Manager";
-
- auto method =
- bus.new_method_call(SYSTEMD_SERVICE, SYSTEMD_OBJ_PATH,
- SYSTEMD_INTERFACE, "ReloadOrRestartUnit");
+ auto method = bus.new_method_call(
+ defaultSystemdService, defaultSystemdObjectPath,
+ defaultSystemdInterface, "ReloadOrRestartUnit");
method.append(unit, "replace");
bus.call_noreply(method);
}
diff --git a/certs_manager.hpp b/certs_manager.hpp
index 2be0759..44908d7 100644
--- a/certs_manager.hpp
+++ b/certs_manager.hpp
@@ -5,6 +5,7 @@
#include "csr.hpp"
#include "watch.hpp"
+#include <filesystem>
#include <sdeventplus/source/child.hpp>
#include <sdeventplus/source/event.hpp>
#include <xyz/openbmc_project/Certs/CSR/Create/server.hpp>
@@ -13,19 +14,16 @@
namespace phosphor::certs
{
-using Install = sdbusplus::xyz::openbmc_project::Certs::server::Install;
-using DeleteAll =
- sdbusplus::xyz::openbmc_project::Collection::server::DeleteAll;
-using CSRCreate = sdbusplus::xyz::openbmc_project::Certs::CSR::server::Create;
-using Ifaces = sdbusplus::server::object::object<Install, CSRCreate, DeleteAll>;
-using X509_REQ_Ptr = std::unique_ptr<X509_REQ, decltype(&::X509_REQ_free)>;
-using EVP_PKEY_Ptr = std::unique_ptr<EVP_PKEY, decltype(&::EVP_PKEY_free)>;
-using CertificatePtr = std::unique_ptr<Certificate>;
+namespace internal
+{
+using ManagerInterface = sdbusplus::server::object_t<
+ sdbusplus::xyz::openbmc_project::Certs::server::Install,
+ sdbusplus::xyz::openbmc_project::Certs::CSR::server::Create,
+ sdbusplus::xyz::openbmc_project::Collection::server::DeleteAll>;
+}
-using UnitsToRestart = std::string;
-
-class Manager : public Ifaces
+class Manager : public internal::ManagerInterface
{
public:
/* Define all of the basic class operations:
@@ -39,7 +37,7 @@
* - Destructor.
*/
Manager() = delete;
- Manager(const Manager&) = default;
+ Manager(const Manager&) = delete;
Manager& operator=(const Manager&) = delete;
Manager(Manager&&) = delete;
Manager& operator=(Manager&&) = delete;
@@ -54,8 +52,8 @@
* @param[in] installPath - Certificate installation path.
*/
Manager(sdbusplus::bus::bus& bus, sdeventplus::Event& event,
- const char* path, const CertificateType& type,
- UnitsToRestart&& unit, CertInstallPath&& installPath);
+ const char* path, CertificateType type, const std::string& unit,
+ const std::string& installPath);
/** @brief Implementation for Install
* Replace the existing certificate key file with another
@@ -186,21 +184,24 @@
* @param[in] keyBitLength - KeyBit length.
* @return Pointer to RSA private key
*/
- EVP_PKEY_Ptr generateRSAKeyPair(const int64_t keyBitLength);
+ std::unique_ptr<EVP_PKEY, decltype(&::EVP_PKEY_free)>
+ generateRSAKeyPair(const int64_t keyBitLength);
/** @brief Generate EC Key pair and get private key from key pair
* @param[in] p_KeyCurveId - Curve ID
* @return Pointer to EC private key
*/
- EVP_PKEY_Ptr generateECKeyPair(const std::string& p_KeyCurveId);
+ std::unique_ptr<EVP_PKEY, decltype(&::EVP_PKEY_free)>
+ generateECKeyPair(const std::string& p_KeyCurveId);
/** @brief Write private key data to file
*
* @param[in] pKey - pointer to private key
* @param[in] privKeyFileName - private key filename
*/
- void writePrivateKey(const EVP_PKEY_Ptr& pKey,
- const std::string& privKeyFileName);
+ void writePrivateKey(
+ const std::unique_ptr<EVP_PKEY, decltype(&::EVP_PKEY_free)>& pKey,
+ const std::string& privKeyFileName);
/** @brief Add the specified CSR field with the data
* @param[in] x509Name - Structure used in setting certificate properties
@@ -226,7 +227,9 @@
* @param[in] filePath - CSR file path.
* @param[in] x509Req - OpenSSL Request Pointer.
*/
- void writeCSR(const std::string& filePath, const X509_REQ_Ptr& x509Req);
+ void writeCSR(
+ const std::string& filePath,
+ const std::unique_ptr<X509_REQ, decltype(&::X509_REQ_free)>& x509Req);
/** @brief Load certificate
* Load certificate and create certificate object
@@ -243,7 +246,8 @@
* @param[in] keyBitLength - Key bit length
* @return Pointer to RSA key
*/
- EVP_PKEY_Ptr getRSAKeyPair(const int64_t keyBitLength);
+ std::unique_ptr<EVP_PKEY, decltype(&::EVP_PKEY_free)>
+ getRSAKeyPair(const int64_t keyBitLength);
/** @brief Update certificate storage (remove outdated files, recreate
* symbolic links, etc.).
@@ -254,7 +258,7 @@
* Reload if the unit supports it and use a restart otherwise.
* @param[in] unit - service need to reload.
*/
- void reloadOrReset(const UnitsToRestart& unit);
+ void reloadOrReset(const std::string& unit);
/** @brief Check if provided certificate is unique across all certificates
* on the internal list.
@@ -281,10 +285,10 @@
CertificateType certType;
/** @brief Unit name associated to the service **/
- UnitsToRestart unitToRestart;
+ std::string unitToRestart;
/** @brief Certificate file installation path **/
- CertInstallPath certInstallPath;
+ std::string certInstallPath;
/** @brief Collection of pointers to certificate */
std::vector<std::unique_ptr<Certificate>> installedCerts;
@@ -299,7 +303,7 @@
std::unique_ptr<Watch> certWatchPtr = nullptr;
/** @brief Parent path i.e certificate directory path */
- fs::path certParentInstallPath;
+ std::filesystem::path certParentInstallPath;
/** @brief Certificate ID pool */
uint64_t certIdCounter = 1;
diff --git a/csr.cpp b/csr.cpp
index 677b48b..81c6f98 100644
--- a/csr.cpp
+++ b/csr.cpp
@@ -12,18 +12,21 @@
namespace phosphor::certs
{
-using X509_REQ_Ptr = std::unique_ptr<X509_REQ, decltype(&::X509_REQ_free)>;
-using BIO_Ptr = std::unique_ptr<BIO, decltype(&::BIO_free_all)>;
-using InternalFailure =
- sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure;
-using namespace phosphor::logging;
+
+using ::phosphor::logging::elog;
+using ::phosphor::logging::entry;
+using ::phosphor::logging::level;
+using ::phosphor::logging::log;
+using ::sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure;
namespace fs = std::filesystem;
-CSR::CSR(sdbusplus::bus::bus& bus, const char* path,
- CertInstallPath&& installPath, const Status& status) :
- CSRIface(bus, path, true),
- bus(bus), objectPath(path), certInstallPath(std::move(installPath)),
- csrStatus(status)
+using X509ReqPtr = std::unique_ptr<X509_REQ, decltype(&::X509_REQ_free)>;
+using BIOPtr = std::unique_ptr<BIO, decltype(&::BIO_free_all)>;
+
+CSR::CSR(sdbusplus::bus::bus& bus, const char* path, std::string&& installPath,
+ const Status& status) :
+ internal::CSRInterface(bus, path, true),
+ objectPath(path), certInstallPath(std::move(installPath)), csrStatus(status)
{
// Emit deferred signal.
this->emit_object_added();
@@ -46,8 +49,8 @@
}
FILE* fp = std::fopen(csrFilePath.c_str(), "r");
- X509_REQ_Ptr x509Req(PEM_read_X509_REQ(fp, nullptr, nullptr, nullptr),
- ::X509_REQ_free);
+ X509ReqPtr x509Req(PEM_read_X509_REQ(fp, nullptr, nullptr, nullptr),
+ ::X509_REQ_free);
if (x509Req == nullptr || fp == nullptr)
{
if (fp != nullptr)
@@ -60,7 +63,7 @@
}
std::fclose(fp);
- BIO_Ptr bio(BIO_new(BIO_s_mem()), ::BIO_free_all);
+ BIOPtr bio(BIO_new(BIO_s_mem()), ::BIO_free_all);
int ret = PEM_write_bio_X509_REQ(bio.get(), x509Req.get());
if (ret <= 0)
{
diff --git a/csr.hpp b/csr.hpp
index 2d82739..aa47cf6 100644
--- a/csr.hpp
+++ b/csr.hpp
@@ -1,10 +1,9 @@
#pragma once
+#include <string>
#include <xyz/openbmc_project/Certs/CSR/server.hpp>
namespace phosphor::certs
{
-using CSRRead = sdbusplus::xyz::openbmc_project::Certs::server::CSR;
-using CSRIface = sdbusplus::server::object::object<CSRRead>;
enum class Status
{
@@ -12,20 +11,24 @@
FAILURE,
};
-using CertInstallPath = std::string;
+namespace internal
+{
+using CSRInterface = sdbusplus::server::object_t<
+ sdbusplus::xyz::openbmc_project::Certs::server::CSR>;
+}
/** @class CSR
* @brief To read CSR certificate
*/
-class CSR : public CSRIface
+class CSR : public internal::CSRInterface
{
public:
CSR() = delete;
~CSR() = default;
CSR(const CSR&) = delete;
CSR& operator=(const CSR&) = delete;
- CSR(CSR&&) = default;
- CSR& operator=(CSR&&) = default;
+ CSR(CSR&&) = delete;
+ CSR& operator=(CSR&&) = delete;
/** @brief Constructor to put object onto bus at a D-Bus path.
* @param[in] bus - Bus to attach to.
@@ -33,21 +36,18 @@
* @param[in] installPath - Certificate installation path.
* @param[in] status - Status of Generate CSR request
*/
- CSR(sdbusplus::bus::bus& bus, const char* path,
- CertInstallPath&& installPath, const Status& status);
+ CSR(sdbusplus::bus::bus& bus, const char* path, std::string&& installPath,
+ const Status& status);
/** @brief Return CSR
*/
std::string csr() override;
private:
- /** @brief sdbusplus handler */
- sdbusplus::bus::bus& bus;
-
/** @brief object path */
std::string objectPath;
/** @brief Certificate file installation path **/
- CertInstallPath certInstallPath;
+ std::string certInstallPath;
/** @brief Status of GenerateCSR request */
Status csrStatus;
diff --git a/mainapp.cpp b/mainapp.cpp
index 98a560b..d1a7568 100644
--- a/mainapp.cpp
+++ b/mainapp.cpp
@@ -17,6 +17,7 @@
#include "config.h"
#include "argument.hpp"
+#include "certificate.hpp"
#include "certs_manager.hpp"
#include <iostream>
@@ -24,7 +25,7 @@
#include <sdeventplus/event.hpp>
#include <string>
-static void ExitWithError(const char* err, char** argv)
+static void exitWithError(const char* err, char** argv)
{
phosphor::certs::util::ArgumentParser::usage(argv);
std::cerr << std::endl;
@@ -32,9 +33,14 @@
exit(EXIT_FAILURE);
}
-inline void capitalize(std::string& s)
+inline std::string capitalize(const std::string& s)
{
- s[0] = std::toupper(s[0]);
+ std::string res = s;
+ if (!res.empty())
+ {
+ res[0] = std::toupper(res[0]);
+ }
+ return res;
}
int main(int argc, char** argv)
@@ -43,31 +49,31 @@
auto options = phosphor::certs::util::ArgumentParser(argc, argv);
// Parse arguments
- auto type = std::move((options)["type"]);
- if ((type == phosphor::certs::util::ArgumentParser::empty_string) ||
- !((type == phosphor::certs::SERVER) ||
- (type == phosphor::certs::CLIENT) ||
- (type == phosphor::certs::AUTHORITY)))
+ const std::string& typeStr = (options)["typeStr"];
+ phosphor::certs::CertificateType type =
+ phosphor::certs::stringToCertificateType(typeStr);
+ if (type == phosphor::certs::CertificateType::Unsupported)
{
- ExitWithError("type not specified or invalid.", argv);
+ exitWithError("type not specified or invalid.", argv);
}
- auto endpoint = std::move((options)["endpoint"]);
+ const std::string& endpoint = (options)["endpoint"];
if (endpoint == phosphor::certs::util::ArgumentParser::empty_string)
{
- ExitWithError("endpoint not specified.", argv);
+ exitWithError("endpoint not specified.", argv);
}
- auto path = std::move((options)["path"]);
+ const std::string& path = (options)["path"];
if (path == phosphor::certs::util::ArgumentParser::empty_string)
{
- ExitWithError("path not specified.", argv);
+ exitWithError("path not specified.", argv);
}
// unit is an optional parameter
- auto unit = std::move((options)["unit"]);
+ const std::string& unit = (options)["unit"];
auto bus = sdbusplus::bus::new_default();
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ auto objPath =
+ std::string(objectNamePrefix) + '/' + typeStr + '/' + endpoint;
// Add sdbusplus ObjectManager
sdbusplus::server::manager::manager objManager(bus, objPath.c_str());
@@ -78,13 +84,12 @@
// Attach the bus to sd_event to service user requests
bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
- phosphor::certs::Manager manager(bus, event, objPath.c_str(), type,
- std::move(unit), std::move(path));
+ phosphor::certs::Manager manager(bus, event, objPath.c_str(), type, unit,
+ path);
// Adjusting Interface name as per std convention
- capitalize(type);
- capitalize(endpoint);
- auto busName = std::string(busNamePrefix) + '.' + type + '.' + endpoint;
+ auto busName = std::string(busNamePrefix) + '.' + capitalize(typeStr) +
+ '.' + capitalize(endpoint);
bus.request_name(busName.c_str());
event.loop();
return 0;
diff --git a/test/ca_certs_manager_test.cpp b/test/ca_certs_manager_test.cpp
index 5bdad56..fab3c54 100644
--- a/test/ca_certs_manager_test.cpp
+++ b/test/ca_certs_manager_test.cpp
@@ -20,9 +20,8 @@
class MockCACertMgr : public CACertMgr
{
public:
- MockCACertMgr(sdbusplus::bus::bus& bus, sdeventplus::Event& event,
- const char* path) :
- CACertMgr(bus, event, path)
+ MockCACertMgr(sdbusplus::bus::bus& bus, const char* path) :
+ CACertMgr(bus, path)
{
}
@@ -67,7 +66,7 @@
std::string objPath = "/xyz/openbmc_project/certs/ca";
auto event = sdeventplus::Event::get_default();
bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
- MockCACertMgr manager(bus, event, objPath.c_str());
+ MockCACertMgr manager(bus, objPath.c_str());
std::string csrString = "csr string";
EXPECT_NO_THROW(objPath = manager.createCSRObject(csrString));
@@ -80,7 +79,7 @@
std::string objPath = "/xyz/openbmc_project/certs/ca";
auto event = sdeventplus::Event::get_default();
bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
- MockCACertMgr manager(bus, event, objPath.c_str());
+ MockCACertMgr manager(bus, objPath.c_str());
std::string csrString(4097, 'C');
@@ -93,7 +92,7 @@
auto event = sdeventplus::Event::get_default();
bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
- MockCACertMgr manager(bus, event, objPath.c_str());
+ MockCACertMgr manager(bus, objPath.c_str());
std::string csrString = "csr string";
@@ -111,7 +110,7 @@
std::string objPath = "/xyz/openbmc_project/certs/ca";
auto event = sdeventplus::Event::get_default();
bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
- MockCACertMgr manager(bus, event, objPath.c_str());
+ MockCACertMgr manager(bus, objPath.c_str());
std::string csrString = "csr string";
std::string entryPath = manager.createCSRObject(csrString);
diff --git a/test/certs_manager_test.cpp b/test/certs_manager_test.cpp
index b807b1e..91712d2 100644
--- a/test/certs_manager_test.cpp
+++ b/test/certs_manager_test.cpp
@@ -26,10 +26,8 @@
namespace
{
namespace fs = std::filesystem;
-using InternalFailure =
- sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure;
-using InvalidCertificate =
- sdbusplus::xyz::openbmc_project::Certs::Error::InvalidCertificate;
+using ::sdbusplus::xyz::openbmc_project::Certs::Error::InvalidCertificate;
+using ::sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure;
/**
* Class to generate certificate file and test verification of certificate file
@@ -226,12 +224,13 @@
TEST_F(TestCertificates, InvokeServerInstall)
{
std::string endpoint("https");
- std::string unit("");
- std::string type("server");
+ std::string unit;
+ CertificateType type = CertificateType::Server;
std::string installPath(certDir + "/" + certificateFile);
std::string verifyPath(installPath);
- UnitsToRestart verifyUnit(unit);
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ std::string verifyUnit(unit);
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
auto event = sdeventplus::Event::get_default();
// Attach the bus to sd_event to service user requests
bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
@@ -247,12 +246,13 @@
TEST_F(TestCertificates, InvokeClientInstall)
{
std::string endpoint("ldap");
- std::string unit("");
- std::string type("server");
+ std::string unit;
+ CertificateType type = CertificateType::Server;
std::string installPath(certDir + "/" + certificateFile);
std::string verifyPath(installPath);
- UnitsToRestart verifyUnit(unit);
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ std::string verifyUnit(unit);
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
auto event = sdeventplus::Event::get_default();
// Attach the bus to sd_event to service user requests
bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
@@ -268,11 +268,12 @@
TEST_F(TestCertificates, InvokeAuthorityInstall)
{
std::string endpoint("ldap");
- std::string unit("");
- std::string type("authority");
+ std::string unit;
+ CertificateType type = CertificateType::Authority;
std::string verifyDir(certDir);
- UnitsToRestart verifyUnit(unit);
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ std::string verifyUnit(unit);
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
auto event = sdeventplus::Event::get_default();
// Attach the bus to sd_event to service user requests
bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
@@ -309,11 +310,12 @@
TEST_F(TestCertificates, InvokeAuthorityInstallNeverExpiredRootCert)
{
std::string endpoint("ldap");
- std::string unit("");
- std::string type("authority");
+ std::string unit;
+ CertificateType type = CertificateType::Authority;
std::string verifyDir(certDir);
- UnitsToRestart verifyUnit(unit);
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ std::string verifyUnit(unit);
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
auto event = sdeventplus::Event::get_default();
// Attach the bus to sd_event to service user requests
bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
@@ -348,11 +350,12 @@
TEST_F(TestCertificates, InvokeInstallSameCertTwice)
{
std::string endpoint("ldap");
- std::string unit("");
- std::string type("authority");
+ std::string unit;
+ CertificateType type = CertificateType::Authority;
std::string verifyDir(certDir);
- UnitsToRestart verifyUnit(unit);
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ std::string verifyUnit(unit);
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
auto event = sdeventplus::Event::get_default();
// Attach the bus to sd_event to service user requests
bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
@@ -402,11 +405,12 @@
TEST_F(TestCertificates, InvokeInstallSameSubjectTwice)
{
std::string endpoint("ldap");
- std::string unit("");
- std::string type("authority");
+ std::string unit;
+ CertificateType type = CertificateType::Authority;
std::string verifyDir(certDir);
- UnitsToRestart verifyUnit(unit);
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ std::string verifyUnit(unit);
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
auto event = sdeventplus::Event::get_default();
// Attach the bus to sd_event to service user requests
bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
@@ -457,11 +461,12 @@
TEST_F(TestCertificates, InvokeInstallAuthCertLimit)
{
std::string endpoint("ldap");
- std::string unit("");
- std::string type("authority");
+ std::string unit;
+ CertificateType type = CertificateType::Authority;
std::string verifyDir(certDir);
- UnitsToRestart verifyUnit(unit);
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ std::string verifyUnit(unit);
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
auto event = sdeventplus::Event::get_default();
// Attach the bus to sd_event to service user requests
bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
@@ -531,12 +536,14 @@
TEST_F(TestCertificates, CompareInstalledCertificate)
{
std::string endpoint("ldap");
- std::string unit("");
- std::string type("client");
+ std::string unit;
+ CertificateType type = CertificateType::Client;
+ ;
std::string installPath(certDir + "/" + certificateFile);
std::string verifyPath(installPath);
- UnitsToRestart verifyUnit(unit);
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ std::string verifyUnit(unit);
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
auto event = sdeventplus::Event::get_default();
// Attach the bus to sd_event to service user requests
bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
@@ -553,12 +560,14 @@
TEST_F(TestCertificates, TestNoCertificateFile)
{
std::string endpoint("ldap");
- std::string unit("");
- std::string type("client");
+ std::string unit;
+ CertificateType type = CertificateType::Client;
+ ;
std::string installPath(certDir + "/" + certificateFile);
std::string verifyPath(installPath);
std::string verifyUnit(unit);
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
std::string uploadFile = "nofile.pem";
EXPECT_THROW(
{
@@ -586,11 +595,12 @@
TEST_F(TestCertificates, TestReplaceCertificate)
{
std::string endpoint("ldap");
- std::string unit("");
- std::string type("server");
+ std::string unit;
+ CertificateType type = CertificateType::Server;
std::string installPath(certDir + "/" + certificateFile);
std::string verifyPath(installPath);
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
auto event = sdeventplus::Event::get_default();
// Attach the bus to sd_event to service user requests
bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
@@ -612,11 +622,12 @@
TEST_F(TestCertificates, TestAuthorityReplaceCertificate)
{
std::string endpoint("ldap");
- std::string unit("");
- std::string type("authority");
+ std::string unit;
+ CertificateType type = CertificateType::Authority;
std::string verifyDir(certDir);
- UnitsToRestart verifyUnit(unit);
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ std::string verifyUnit(unit);
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
auto event = sdeventplus::Event::get_default();
// Attach the bus to sd_event to service user requests
bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
@@ -659,11 +670,12 @@
TEST_F(TestCertificates, TestStorageDeleteCertificate)
{
std::string endpoint("ldap");
- std::string unit("");
- std::string type("authority");
+ std::string unit;
+ CertificateType type = CertificateType::Authority;
std::string verifyDir(certDir);
- UnitsToRestart verifyUnit(unit);
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ std::string verifyUnit(unit);
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
auto event = sdeventplus::Event::get_default();
// Attach the bus to sd_event to service user requests
bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
@@ -710,12 +722,14 @@
TEST_F(TestCertificates, TestEmptyCertificateFile)
{
std::string endpoint("ldap");
- std::string unit("");
- std::string type("client");
+ std::string unit;
+ CertificateType type = CertificateType::Client;
+ ;
std::string installPath(certDir + "/" + certificateFile);
std::string verifyPath(installPath);
std::string verifyUnit(unit);
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
std::string emptyFile("emptycert.pem");
std::ofstream ofs;
ofs.open(emptyFile, std::ofstream::out);
@@ -747,8 +761,9 @@
TEST_F(TestCertificates, TestInvalidCertificateFile)
{
std::string endpoint("ldap");
- std::string unit("");
- std::string type("client");
+ std::string unit;
+ CertificateType type = CertificateType::Client;
+ ;
std::ofstream ofs;
ofs.open(certificateFile, std::ofstream::out);
@@ -760,7 +775,8 @@
std::string installPath(certDir + "/" + certificateFile);
std::string verifyPath(installPath);
std::string verifyUnit(unit);
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
EXPECT_THROW(
{
try
@@ -834,12 +850,14 @@
TEST_F(TestInvalidCertificate, TestMissingPrivateKey)
{
std::string endpoint("ldap");
- std::string unit("");
- std::string type("client");
+ std::string unit;
+ CertificateType type = CertificateType::Client;
+ ;
std::string installPath(certDir + "/" + certificateFile);
std::string verifyPath(installPath);
std::string verifyUnit(unit);
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
EXPECT_THROW(
{
try
@@ -866,12 +884,14 @@
TEST_F(TestInvalidCertificate, TestMissingCeritificate)
{
std::string endpoint("ldap");
- std::string unit("");
- std::string type("client");
+ std::string unit;
+ CertificateType type = CertificateType::Client;
+ ;
std::string installPath(certDir + "/" + keyFile);
std::string verifyPath(installPath);
std::string verifyUnit(unit);
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
EXPECT_THROW(
{
try
@@ -901,11 +921,13 @@
using NotAllowed =
sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed;
std::string endpoint("ldap");
- std::string unit("");
- std::string type("client");
+ std::string unit;
+ CertificateType type = CertificateType::Client;
+ ;
std::string installPath(certDir + "/" + certificateFile);
std::string verifyPath(installPath);
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
auto event = sdeventplus::Event::get_default();
// Attach the bus to sd_event to service user requests
bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
@@ -932,8 +954,8 @@
TEST_F(TestCertificates, TestGenerateCSR)
{
std::string endpoint("https");
- std::string unit("");
- std::string type("Server");
+ std::string unit;
+ CertificateType type = CertificateType::Server;
std::string installPath(certDir + "/" + certificateFile);
std::string verifyPath(installPath);
std::string CSRPath(certDir + "/" + CSRFile);
@@ -956,7 +978,8 @@
std::string state("TS");
std::string surname("surname");
std::string unstructuredName("unstructuredName");
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
auto event = sdeventplus::Event::get_default();
// Attach the bus to sd_event to service user requests
bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
@@ -1000,8 +1023,8 @@
TEST_F(TestCertificates, TestGenerateCSRwithEmptyKeyPairAlgorithm)
{
std::string endpoint("https");
- std::string unit("");
- std::string type("Server");
+ std::string unit;
+ CertificateType type = CertificateType::Server;
std::string installPath(certDir + "/" + certificateFile);
std::string verifyPath(installPath);
std::string CSRPath(certDir + "/" + CSRFile);
@@ -1024,7 +1047,8 @@
std::string state("TS");
std::string surname("surname");
std::string unstructuredName("unstructuredName");
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
auto event = sdeventplus::Event::get_default();
Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
std::move(installPath));
@@ -1047,8 +1071,8 @@
TEST_F(TestCertificates, TestGenerateCSRwithUnsupportedKeyPairAlgorithm)
{
std::string endpoint("https");
- std::string unit("");
- std::string type("Server");
+ std::string unit;
+ CertificateType type = CertificateType::Server;
std::string installPath(certDir + "/" + certificateFile);
std::string verifyPath(installPath);
std::string CSRPath(certDir + "/" + CSRFile);
@@ -1071,7 +1095,8 @@
std::string state("TS");
std::string surname("surname");
std::string unstructuredName("unstructuredName");
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
auto event = sdeventplus::Event::get_default();
Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
std::move(installPath));
@@ -1093,8 +1118,8 @@
TEST_F(TestCertificates, TestECKeyGenerationwithNIDundefCase)
{
std::string endpoint("https");
- std::string unit("");
- std::string type("Server");
+ std::string unit;
+ CertificateType type = CertificateType::Server;
std::string installPath(certDir + "/" + certificateFile);
std::string verifyPath(installPath);
std::string CSRPath(certDir + "/" + CSRFile);
@@ -1117,7 +1142,8 @@
std::string state("TS");
std::string surname("surname");
std::string unstructuredName("unstructuredName");
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
auto event = sdeventplus::Event::get_default();
Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
std::move(installPath));
@@ -1138,8 +1164,8 @@
TEST_F(TestCertificates, TestECKeyGenerationwithDefaultKeyCurveId)
{
std::string endpoint("https");
- std::string unit("");
- std::string type("Server");
+ std::string unit;
+ CertificateType type = CertificateType::Server;
std::string installPath(certDir + "/" + certificateFile);
std::string verifyPath(installPath);
std::string CSRPath(certDir + "/" + CSRFile);
@@ -1162,7 +1188,8 @@
std::string state("TS");
std::string surname("surname");
std::string unstructuredName("unstructuredName");
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
auto event = sdeventplus::Event::get_default();
Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
std::move(installPath));
@@ -1184,8 +1211,8 @@
TEST_F(TestCertificates, TestECKeyGeneration)
{
std::string endpoint("https");
- std::string unit("");
- std::string type("Server");
+ std::string unit;
+ CertificateType type = CertificateType::Server;
std::string installPath(certDir + "/" + certificateFile);
std::string verifyPath(installPath);
std::string CSRPath(certDir + "/" + CSRFile);
@@ -1208,7 +1235,8 @@
std::string state("TS");
std::string surname("surname");
std::string unstructuredName("unstructuredName");
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
auto event = sdeventplus::Event::get_default();
Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
std::move(installPath));
@@ -1233,8 +1261,8 @@
TEST_F(TestCertificates, TestRSAKeyWithUnsupportedKeyBitLength)
{
std::string endpoint("https");
- std::string unit("");
- std::string type("Server");
+ std::string unit;
+ CertificateType type = CertificateType::Server;
std::string installPath(certDir + "/" + certificateFile);
std::string verifyPath(installPath);
std::string CSRPath(certDir + "/" + CSRFile);
@@ -1257,7 +1285,8 @@
std::string state("TS");
std::string surname("surname");
std::string unstructuredName("unstructuredName");
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
auto event = sdeventplus::Event::get_default();
Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
std::move(installPath));
@@ -1278,8 +1307,8 @@
TEST_F(TestCertificates, TestRSAKeyFileNotPresentCase)
{
std::string endpoint("https");
- std::string unit("");
- std::string type("Server");
+ std::string unit;
+ CertificateType type = CertificateType::Server;
std::string installPath(certDir + "/" + certificateFile);
std::string verifyPath(installPath);
std::string CSRPath(certDir + "/" + CSRFile);
@@ -1302,7 +1331,8 @@
std::string state("TS");
std::string surname("surname");
std::string unstructuredName("unstructuredName");
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
auto event = sdeventplus::Event::get_default();
Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
std::move(installPath));
@@ -1328,8 +1358,8 @@
TEST_F(TestCertificates, TestRSAKeyFromRSAKeyFileIsWrittenIntoPrivateKeyFile)
{
std::string endpoint("https");
- std::string unit("");
- std::string type("Server");
+ std::string unit;
+ CertificateType type = CertificateType::Server;
std::string installPath(certDir + "/" + certificateFile);
std::string verifyPath(installPath);
std::string CSRPath(certDir + "/" + CSRFile);
@@ -1352,7 +1382,8 @@
std::string state("TS");
std::string surname("surname");
std::string unstructuredName("unstructuredName");
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
auto event = sdeventplus::Event::get_default();
Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
std::move(installPath));
@@ -1373,10 +1404,11 @@
TEST_F(TestCertificates, TestGenerateRSAPrivateKeyFile)
{
std::string endpoint("https");
- std::string unit("");
- std::string type("Server");
+ std::string unit;
+ CertificateType type = CertificateType::Server;
std::string installPath(certDir + "/" + certificateFile);
- auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
+ auto objPath = std::string(objectNamePrefix) + '/' +
+ certificateTypeToString(type) + '/' + endpoint;
auto event = sdeventplus::Event::get_default();
EXPECT_FALSE(fs::exists(rsaPrivateKeyFilePath));
diff --git a/watch.cpp b/watch.cpp
index 71acb15..caf8ce5 100644
--- a/watch.cpp
+++ b/watch.cpp
@@ -11,16 +11,19 @@
namespace phosphor::certs
{
-using namespace phosphor::logging;
+
+using ::phosphor::logging::elog;
+using ::phosphor::logging::entry;
+using ::phosphor::logging::level;
+using ::phosphor::logging::log;
+using ::sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure;
namespace fs = std::filesystem;
-using InternalFailure =
- sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure;
Watch::Watch(sdeventplus::Event& event, std::string& certFile, Callback cb) :
event(event), callback(cb)
{
// get parent directory of certificate file to watch
- fs::path path = std::move(fs::path(certFile).parent_path());
+ fs::path path = fs::path(certFile).parent_path();
try
{
if (!fs::exists(path))