Manage certificates created by applications
Added watch on certificate path to watch on certificates
created/updated by apps.
As part of watch notification, create new D-Bus new certificate
and for existing D-Bus object update the properties.
Tested:
Test case 1
1) Ensure no certificate is present
2) Restart certificate service
3) Restart bmcweb service
4) Verified that certificate object is created for the
self-signed certificate created by bmcweb.
Test case 2
1) After a certificate is present
2) Modify the bmcweb certificate by replacing it
with a valid certificate manually.
3) Verified that certificate manager is notified
and certificate objects properties are updated.
Test case 3
1) Upload CSR based certificate file
2) Verified that private key is appended to the file
Test case 4
1) Create a dummy file in certificate folder
2) Verified that notification is received and file is ignored
Test case 5
1) Verified install, replace, generate csr.
Change-Id: I7d1e3624958e4b68e5ba7bc6150c19b11fca501a
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
diff --git a/certs_manager.hpp b/certs_manager.hpp
index 236f6f1..1e6ca81 100644
--- a/certs_manager.hpp
+++ b/certs_manager.hpp
@@ -3,6 +3,7 @@
#include "certificate.hpp"
#include "csr.hpp"
+#include "watch.hpp"
#include <sdeventplus/source/child.hpp>
#include <sdeventplus/source/event.hpp>
@@ -21,6 +22,7 @@
using X509_REQ_Ptr = std::unique_ptr<X509_REQ, decltype(&::X509_REQ_free)>;
using EVP_PKEY_Ptr = std::unique_ptr<EVP_PKEY, decltype(&::EVP_PKEY_free)>;
+using CertificatePtr = std::unique_ptr<Certificate>;
class Manager : public Ifaces
{
@@ -149,6 +151,12 @@
std::string organizationalUnit, std::string state, std::string surname,
std::string unstructuredName) override;
+ /** @brief Get reference to certificate
+ *
+ * @return Reference to certificate
+ */
+ CertificatePtr& getCertificate();
+
private:
void generateCSRHelper(std::vector<std::string> alternativeNames,
std::string challengePassword, std::string city,
@@ -200,6 +208,11 @@
*/
void writeCSR(const std::string& filePath, const X509_REQ_Ptr& x509Req);
+ /** @brief Load certifiate
+ * Load certificate and create certificate object
+ */
+ void createCertificate();
+
/** @brief sdbusplus handler */
sdbusplus::bus::bus& bus;
@@ -219,13 +232,16 @@
CertInstallPath certInstallPath;
/** @brief pointer to certificate */
- std::unique_ptr<Certificate> certificatePtr = nullptr;
+ CertificatePtr certificatePtr = nullptr;
/** @brief pointer to CSR */
std::unique_ptr<CSR> csrPtr = nullptr;
/** @brief SDEventPlus child pointer added to event loop */
- std::unique_ptr<sdeventplus::source::Child> childPtr;
+ std::unique_ptr<sdeventplus::source::Child> childPtr = nullptr;
+
+ /** @brief Watch on self signed certificates */
+ std::unique_ptr<Watch> certWatchPtr = nullptr;
};
} // namespace certs
} // namespace phosphor