commit ffad1ef1c244b4a85da7c79dd550cfbb3d1ebeb8
author Marri Devender Rao <devenrao@in.ibm.com> Mon Jun 03 04:54:12 2019 -0500
committer Marri Devender Rao <devenrao@in.ibm.com> Fri Jul 05 03:17:00 2019 -0500
tree 50501bd856ac580767484555a273c3dbeaad5e59
parent 8a09b52a767bebdc510914d3b4bb63313dae2196

Manage certificates created by applications

Added watch on certificate path to watch on certificates
created/updated by apps.

As part of watch notification, create new D-Bus new certificate
and for existing D-Bus object update the properties.

Tested:
Test case 1
1) Ensure no certificate is present
2) Restart certificate service
3) Restart bmcweb service
4) Verified that certificate object is created for the
   self-signed certificate created by bmcweb.

Test case 2
1) After a certificate is present
2) Modify the bmcweb certificate by replacing it
   with a valid certificate manually.
3) Verified that certificate manager is notified
and certificate objects properties are updated.

Test case 3
1) Upload CSR based certificate file
2) Verified that private key is appended to the file

Test case 4
1) Create a dummy file in certificate folder
2) Verified that notification is received and file is ignored

Test case 5
1) Verified install, replace, generate csr.

Change-Id: I7d1e3624958e4b68e5ba7bc6150c19b11fca501a
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>

certificate.hpp

diff --git a/certificate.hpp b/certificate.hpp
index 46371bb..70ee522 100644
--- a/certificate.hpp
+++ b/certificate.hpp
@@ -1,5 +1,7 @@
 #pragma once
 
+#include "watch.hpp"
+
 #include <openssl/x509.h>
 
 #include <filesystem>
@@ -23,7 +25,7 @@
 using CertUploadPath = std::string;
 using InputType = std::string;
 using InstallFunc = std::function<void(const std::string&)>;
-
+using CertWatchPtr = std::unique_ptr<Watch>;
 using namespace phosphor::logging;
 
 // for placeholders
@@ -62,17 +64,24 @@
      *  @param[in] installPath - Path of the certificate to install
      *  @param[in] uploadPath - Path of the certificate file to upload
      *  @param[in] isSkipUnitReload - If true do not restart units
+     *  @param[in] watchPtr - watch on self signed certificate pointer
      */
     Certificate(sdbusplus::bus::bus& bus, const std::string& objPath,
                 const CertificateType& type, const UnitsToRestart& unit,
                 const CertInstallPath& installPath,
-                const CertUploadPath& uploadPath, bool isSkipUnitReload);
+                const CertUploadPath& uploadPath, bool isSkipUnitReload,
+                const CertWatchPtr& watchPtr);
 
     /** @brief Validate certificate and replace the existing certificate
      *  @param[in] filePath - Certificate file path.
      */
     void replace(const std::string filePath) override;
 
+    /** @brief Populate certificate properties by parsing certificate file
+     *  @return void
+     */
+    void populateProperties();
+
   private:
     /** @brief Validate and Replace/Install the certificate file
      *  Install/Replace the existing certificate file with another
@@ -88,11 +97,6 @@
      */
     X509_Ptr loadCert(const std::string& filePath);
 
-    /** @brief Populate certificate properties by parsing certificate file
-     *  @return void
-     */
-    void populateProperties();
-
     /** @brief Public/Private key compare function.
      *         Comparing private key against certificate public key
      *         from input .pem file.
@@ -124,6 +128,9 @@
 
     /** @brief Certificate file installation path **/
     CertInstallPath certInstallPath;
+
+    /** @brief Certificate file create/update watch */
+    const CertWatchPtr& certWatchPtr;
 };
 
 } // namespace certs