| Ravi Teja | a49895e | 2020-06-16 03:57:58 -0500 | [diff] [blame] | 1 | #include "config.h" |
| 2 | |
| 3 | #include "ca_certs_manager.hpp" |
| 4 | |
| Ravi Teja | a49895e | 2020-06-16 03:57:58 -0500 | [diff] [blame] | 5 | #include <phosphor-logging/elog-errors.hpp> |
| 6 | #include <phosphor-logging/elog.hpp> |
| 7 | #include <phosphor-logging/log.hpp> |
| 8 | #include <xyz/openbmc_project/Common/error.hpp> |
| 9 | |
| Patrick Williams | 223e460 | 2023-05-10 07:51:11 -0500 | [diff] [blame] | 10 | #include <filesystem> |
| 11 | #include <fstream> |
| 12 | |
| Nan Zhou | e1289ad | 2021-12-28 11:02:56 -0800 | [diff] [blame] | 13 | namespace ca::cert |
| Ravi Teja | a49895e | 2020-06-16 03:57:58 -0500 | [diff] [blame] | 14 | { |
| Ravi Teja | a49895e | 2020-06-16 03:57:58 -0500 | [diff] [blame] | 15 | namespace fs = std::filesystem; |
| Nan Zhou | cf06ccd | 2021-12-28 16:25:45 -0800 | [diff] [blame] | 16 | using ::phosphor::logging::elog; |
| 17 | using ::phosphor::logging::entry; |
| 18 | using ::phosphor::logging::level; |
| 19 | using ::phosphor::logging::log; |
| 20 | |
| 21 | using ::sdbusplus::xyz::openbmc_project::Common::Error::InvalidArgument; |
| 22 | using Argument = |
| 23 | ::phosphor::logging::xyz::openbmc_project::Common::InvalidArgument; |
| 24 | |
| 25 | static constexpr size_t maxCertSize = 4096; |
| Ravi Teja | a49895e | 2020-06-16 03:57:58 -0500 | [diff] [blame] | 26 | |
| 27 | sdbusplus::message::object_path CACertMgr::signCSR(std::string csr) |
| 28 | { |
| 29 | std::string objPath; |
| 30 | try |
| 31 | { |
| 32 | if (csr.size() > maxCertSize) |
| 33 | { |
| 34 | log<level::ERR>("Invalid CSR size"); |
| 35 | elog<InvalidArgument>(Argument::ARGUMENT_NAME("CSR"), |
| 36 | Argument::ARGUMENT_VALUE(csr.c_str())); |
| 37 | } |
| 38 | auto id = lastEntryId + 1; |
| Patrick Williams | 223e460 | 2023-05-10 07:51:11 -0500 | [diff] [blame] | 39 | objPath = fs::path(objectNamePrefix) / "ca" / "entry" / |
| 40 | std::to_string(id); |
| Ravi Teja | a49895e | 2020-06-16 03:57:58 -0500 | [diff] [blame] | 41 | std::string cert; |
| 42 | // Creating the dbus object here with the empty certificate string |
| 43 | // actual signing is being done by the hypervisor, once it signs then |
| 44 | // the certificate string would be updated with actual certificate. |
| 45 | entries.insert(std::make_pair( |
| 46 | id, std::make_unique<Entry>(bus, objPath, id, csr, cert, *this))); |
| 47 | lastEntryId++; |
| 48 | } |
| 49 | catch (const std::invalid_argument& e) |
| 50 | { |
| 51 | log<level::ERR>(e.what()); |
| 52 | elog<InvalidArgument>(Argument::ARGUMENT_NAME("csr"), |
| 53 | Argument::ARGUMENT_VALUE(csr.c_str())); |
| 54 | } |
| 55 | return objPath; |
| 56 | } |
| 57 | |
| 58 | void CACertMgr::erase(uint32_t entryId) |
| 59 | { |
| 60 | entries.erase(entryId); |
| 61 | } |
| 62 | |
| 63 | void CACertMgr::deleteAll() |
| 64 | { |
| 65 | auto iter = entries.begin(); |
| 66 | while (iter != entries.end()) |
| 67 | { |
| 68 | auto& entry = iter->second; |
| 69 | ++iter; |
| 70 | entry->delete_(); |
| 71 | } |
| 72 | } |
| 73 | |
| Nan Zhou | e1289ad | 2021-12-28 11:02:56 -0800 | [diff] [blame] | 74 | } // namespace ca::cert |