Manage certificates created by applications
Added watch on certificate path to watch on certificates
created/updated by apps.
As part of watch notification, create new D-Bus new certificate
and for existing D-Bus object update the properties.
Tested:
Test case 1
1) Ensure no certificate is present
2) Restart certificate service
3) Restart bmcweb service
4) Verified that certificate object is created for the
self-signed certificate created by bmcweb.
Test case 2
1) After a certificate is present
2) Modify the bmcweb certificate by replacing it
with a valid certificate manually.
3) Verified that certificate manager is notified
and certificate objects properties are updated.
Test case 3
1) Upload CSR based certificate file
2) Verified that private key is appended to the file
Test case 4
1) Create a dummy file in certificate folder
2) Verified that notification is received and file is ignored
Test case 5
1) Verified install, replace, generate csr.
Change-Id: I7d1e3624958e4b68e5ba7bc6150c19b11fca501a
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
diff --git a/certificate.hpp b/certificate.hpp
index 46371bb..70ee522 100644
--- a/certificate.hpp
+++ b/certificate.hpp
@@ -1,5 +1,7 @@
#pragma once
+#include "watch.hpp"
+
#include <openssl/x509.h>
#include <filesystem>
@@ -23,7 +25,7 @@
using CertUploadPath = std::string;
using InputType = std::string;
using InstallFunc = std::function<void(const std::string&)>;
-
+using CertWatchPtr = std::unique_ptr<Watch>;
using namespace phosphor::logging;
// for placeholders
@@ -62,17 +64,24 @@
* @param[in] installPath - Path of the certificate to install
* @param[in] uploadPath - Path of the certificate file to upload
* @param[in] isSkipUnitReload - If true do not restart units
+ * @param[in] watchPtr - watch on self signed certificate pointer
*/
Certificate(sdbusplus::bus::bus& bus, const std::string& objPath,
const CertificateType& type, const UnitsToRestart& unit,
const CertInstallPath& installPath,
- const CertUploadPath& uploadPath, bool isSkipUnitReload);
+ const CertUploadPath& uploadPath, bool isSkipUnitReload,
+ const CertWatchPtr& watchPtr);
/** @brief Validate certificate and replace the existing certificate
* @param[in] filePath - Certificate file path.
*/
void replace(const std::string filePath) override;
+ /** @brief Populate certificate properties by parsing certificate file
+ * @return void
+ */
+ void populateProperties();
+
private:
/** @brief Validate and Replace/Install the certificate file
* Install/Replace the existing certificate file with another
@@ -88,11 +97,6 @@
*/
X509_Ptr loadCert(const std::string& filePath);
- /** @brief Populate certificate properties by parsing certificate file
- * @return void
- */
- void populateProperties();
-
/** @brief Public/Private key compare function.
* Comparing private key against certificate public key
* from input .pem file.
@@ -124,6 +128,9 @@
/** @brief Certificate file installation path **/
CertInstallPath certInstallPath;
+
+ /** @brief Certificate file create/update watch */
+ const CertWatchPtr& certWatchPtr;
};
} // namespace certs