Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-certificate-manager / db029c9521a394b65f5ae18be4735213ef51a269^! / . / certs_manager.hpp
commitdb029c9521a394b65f5ae18be4735213ef51a269[log] [tgz]
authorKowalski, Kamil <kamil.kowalski@intel.com>Mon Jul 08 17:09:39 2019 +0200
committerZbigniew Kurzynski <zbigniew.kurzynski@intel.com>Mon Nov 04 08:33:06 2019 +0000
treef6e67d89dce15ee6a0bcf3afb5eff5048453e007
parent06a69d7b0674857ebe708025c17ce2fca93e1bf0 [diff] [blame]
Support uploading multiple certificates per authority service.

This request is a proposition of extending current mode=authority
with support for multiple certificates instead of single one.

This review addresses also this issue:
   https://github.com/openbmc/phosphor-certificate-manager/issues/3
but with a restriction to mode=authority. Other modes still operates
on a single certification file.

New mode requires that user provides directory path instead of certificate path
as --path argument if using --type=authority.

Tested:
- Manually tested Install, Remove and Replace paths for existing modes
to confirm no change of behavior occurs (authority, client, server)
- Manually tested Install, Remove and Replace paths for authority mode
to confirm that it behaves as expected i.e. filename is changed on certificate
replacement that mirrors change in certificate hash
- Confirmed no regression in unit tests

Change-Id: Icd33723c1fc2580679aaaf54b3e99dfb09342402
Signed-off-by: Kowalski, Kamil <kamil.kowalski@intel.com>
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>

diff --git a/certs_manager.hpp b/certs_manager.hpp
index 91c5e43..9dd128d 100644
--- a/certs_manager.hpp
+++ b/certs_manager.hpp

@@ -151,11 +151,11 @@
         std::string organizationalUnit, std::string state, std::string surname,
         std::string unstructuredName) override;
 
-    /** @brief Get reference to certificate
+    /** @brief Get reference to certificates' collection
      *
-     *  @return Reference to certificate
+     *  @return Reference to certificates' collection
      */
-    CertificatePtr& getCertificate();
+    std::vector<std::unique_ptr<Certificate>>& getCertificates();
 
   private:
     void generateCSRHelper(std::vector<std::string> alternativeNames,
@@ -219,7 +219,7 @@
     /** @brief Load certifiate
      *  Load certificate and create certificate object
      */
-    void createCertificate();
+    void createCertificates();
 
     /** @brief Create RSA private key file
      *  Create RSA private key file by generating rsa key if not created
@@ -251,8 +251,8 @@
     /** @brief Certificate file installation path **/
     CertInstallPath certInstallPath;
 
-    /** @brief pointer to certificate */
-    CertificatePtr certificatePtr = nullptr;
+    /** @brief Collection of pointers to certificate */
+    std::vector<std::unique_ptr<Certificate>> installedCerts;
 
     /** @brief pointer to CSR */
     std::unique_ptr<CSR> csrPtr = nullptr;
@@ -265,6 +265,9 @@
 
     /** @brif Parent path i.e certificate directory path */
     fs::path certParentInstallPath;
+
+    /** @brief Certificate ID pool */
+    uint64_t certIdCounter = 1;
 };
 } // namespace certs
 } // namespace phosphor