Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-certificate-manager / f46827128c0b53aac50e08db772ffe48c9987c65
commitf46827128c0b53aac50e08db772ffe48c9987c65[log] [tgz]
authorMarri Devender Rao <devenrao@in.ibm.com>Tue Mar 19 05:00:28 2019 -0500
committerMarri Devender Rao <devenrao@in.ibm.com>Mon Jun 03 08:41:43 2019 -0500
tree2587e043ae0a8e1d95203a163c2b3e049483db1e
parentf4d63488b572a15a77d288425c3f198b1ee2d2a1 [diff]
Add Generate Key and Certificate Signing Request (CSR)

Generates Private key and CSR file, at present supporing
only RSA algorithm type.

-The generateCSR method defined in Create interface is implemented
by manager class to Create CSR and PrivateKey files.

-The cSR method defined in View interface is implemented by CSR
class to view CSR file.

- Generate CSR is time consuming operation and it might time-out
the D-Bus call. Forking process and performing CSR generation in
the child process, adding the process ID of the child process to the
SD Event loop so that callback is received when the chid process
is done with the CSR generation.

- As the GenerateCSR method returns immediately, caller need
to wait on InterfacesAdded signal that is generated after completion
of the CSR request. The caller then invokes cSR method of
CSR interface to read the CSR.

- For any failure in Generate CSR CSR object is created with error
status.

- CSR object raises exception if error is set else CSR data is
returned to the caller.

- To cater for failure cases caller need to start a timer, which
will be terminated after getting InterfaceAdded signal or upon timeout.

-Added Unit tests.
Tested:
1) Added unit tests to verify CSR generation
2) Tested with Redfish to generate and view CSR
curl -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token" -X POST
https://${bmc}/redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR/
-d @generate.jon

{
  "CSRString": "-----BEGIN CERTIFICATE REQUEST---7E=\n-----END CERTIFICATE
REQUEST-----\n",
  "CertificateCollection": {
    "@odata.id": "/redfish/v1/AccountService/LDAP/Certificates/"
  }
}
Change-Id: I1e3ae8df45f87bfd8903f552d93c4df1af7c569f
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
7 files changed
tree: 2587e043ae0a8e1d95203a163c2b3e049483db1e
  1. test/
  2. .clang-format
  3. .gitignore
  4. argument.cpp
  5. argument.hpp
  6. bootstrap.sh
  7. certificate.cpp
  8. certificate.hpp
  9. certs_manager.cpp
  10. certs_manager.hpp
  11. configure.ac
  12. csr.cpp
  13. csr.hpp
  14. LICENSE
  15. mainapp.cpp
  16. MAINTAINERS
  17. Makefile.am
  18. README.md
README.md

phosphor-certificate-manager

Certificate management allows to replace the existing certificate and private key file with another (possibly CA signed) Certificate key file. Certificate management allows the user to install both the server and client certificates.

To Build

To build this package, do the following steps:

    1. ./bootstrap.sh
    2. ./configure ${CONFIGURE_FLAGS}
    3. make

To clean the repository run `./bootstrap.sh clean`.