Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-certificate-manager / 3b07b77a58820b27c32981e36b0ce500dffaa94c / . / certificate.hpp
blob: 56256ac1c2fab88de68bcde5ee3b37af94526721 [file] [log] [blame]
Marri Devender Rao6ceec402019-02-01 03:15:19 -0600[diff] [blame]1#pragma once
2
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]3#include "watch.hpp"
4
Marri Devender Rao6ceec402019-02-01 03:15:19 -0600[diff] [blame]5#include <openssl/x509.h>
6
7#include <filesystem>
8#include <phosphor-logging/elog.hpp>
Marri Devender Raoedd11312019-02-27 08:45:10 -0600[diff] [blame]9#include <xyz/openbmc_project/Certs/Certificate/server.hpp>
Marri Devender Rao13bf74e2019-03-26 01:52:17 -0500[diff] [blame]10#include <xyz/openbmc_project/Certs/Replace/server.hpp>
Marri Devender Rao6ceec402019-02-01 03:15:19 -0600[diff] [blame]11
12namespace phosphor
13{
14namespace certs
15{
Marri Devender Raoedd11312019-02-27 08:45:10 -0600[diff] [blame]16using CertificateIface = sdbusplus::server::object::object<
17 sdbusplus::xyz::openbmc_project::Certs::server::Certificate>;
Marri Devender Rao13bf74e2019-03-26 01:52:17 -0500[diff] [blame]18using ReplaceIface = sdbusplus::xyz::openbmc_project::Certs::server::Replace;
Marri Devender Raoedd11312019-02-27 08:45:10 -0600[diff] [blame]19using CertIfaces =
Marri Devender Rao13bf74e2019-03-26 01:52:17 -0500[diff] [blame]20 sdbusplus::server::object::object<CertificateIface, ReplaceIface>;
Marri Devender Raoedd11312019-02-27 08:45:10 -0600[diff] [blame]21
Marri Devender Rao6ceec402019-02-01 03:15:19 -0600[diff] [blame]22using CertificateType = std::string;
23using UnitsToRestart = std::string;
24using CertInstallPath = std::string;
25using CertUploadPath = std::string;
26using InputType = std::string;
27using InstallFunc = std::function<void(const std::string&)>;
Marri Devender Raocd30c492019-06-12 01:40:17 -0500[diff] [blame]28using AppendPrivKeyFunc = std::function<void(const std::string&)>;
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]29using CertWatchPtr = std::unique_ptr<Watch>;
Marri Devender Rao6ceec402019-02-01 03:15:19 -0600[diff] [blame]30using namespace phosphor::logging;
31
32// for placeholders
33using namespace std::placeholders;
34namespace fs = std::filesystem;
35
36// Supported Types.
37static constexpr auto SERVER = "server";
38static constexpr auto CLIENT = "client";
39static constexpr auto AUTHORITY = "authority";
40
41// RAII support for openSSL functions.
42using X509_Ptr = std::unique_ptr<X509, decltype(&::X509_free)>;
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]43using X509_STORE_CTX_Ptr =
44 std::unique_ptr<X509_STORE_CTX, decltype(&::X509_STORE_CTX_free)>;
Marri Devender Rao6ceec402019-02-01 03:15:19 -0600[diff] [blame]45
46/** @class Certificate
47 * @brief OpenBMC Certificate entry implementation.
48 * @details A concrete implementation for the
49 * xyz.openbmc_project.Certs.Certificate DBus API
50 * xyz.openbmc_project.Certs.Instal DBus API
51 */
Marri Devender Raoedd11312019-02-27 08:45:10 -0600[diff] [blame]52class Certificate : public CertIfaces
Marri Devender Rao6ceec402019-02-01 03:15:19 -0600[diff] [blame]53{
54 public:
55 Certificate() = delete;
56 Certificate(const Certificate&) = delete;
57 Certificate& operator=(const Certificate&) = delete;
58 Certificate(Certificate&&) = delete;
59 Certificate& operator=(Certificate&&) = delete;
60 virtual ~Certificate();
61
62 /** @brief Constructor for the Certificate Object
63 * @param[in] bus - Bus to attach to.
64 * @param[in] objPath - Object path to attach to
65 * @param[in] type - Type of the certificate
66 * @param[in] unit - Units to restart after a certificate is installed
67 * @param[in] installPath - Path of the certificate to install
68 * @param[in] uploadPath - Path of the certificate file to upload
Marri Devender Rao8f80c352019-05-13 00:53:01 -0500[diff] [blame]69 * @param[in] isSkipUnitReload - If true do not restart units
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]70 * @param[in] watchPtr - watch on self signed certificate pointer
Marri Devender Rao6ceec402019-02-01 03:15:19 -0600[diff] [blame]71 */
72 Certificate(sdbusplus::bus::bus& bus, const std::string& objPath,
73 const CertificateType& type, const UnitsToRestart& unit,
74 const CertInstallPath& installPath,
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]75 const CertUploadPath& uploadPath, bool isSkipUnitReload,
76 const CertWatchPtr& watchPtr);
Marri Devender Rao6ceec402019-02-01 03:15:19 -0600[diff] [blame]77
Marri Devender Rao13bf74e2019-03-26 01:52:17 -0500[diff] [blame]78 /** @brief Validate certificate and replace the existing certificate
79 * @param[in] filePath - Certificate file path.
80 */
81 void replace(const std::string filePath) override;
82
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]83 /** @brief Populate certificate properties by parsing certificate file
84 * @return void
85 */
86 void populateProperties();
87
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]88 /**
89 * @brief Obtain certificate's subject hash
90 *
91 * @return certificate's subject hash
92 */
93 const std::string& getHash() const;
94
Marri Devender Rao13bf74e2019-03-26 01:52:17 -0500[diff] [blame]95 private:
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]96 /**
97 * @brief Populate certificate properties by parsing given certificate file
98 *
99 * @param[in] certPath Path to certificate that should be parsed
100 *
101 * @return void
102 */
103 void populateProperties(const std::string& certPath);
104
Marri Devender Rao13bf74e2019-03-26 01:52:17 -0500[diff] [blame]105 /** @brief Validate and Replace/Install the certificate file
106 * Install/Replace the existing certificate file with another
Marri Devender Rao6ceec402019-02-01 03:15:19 -0600[diff] [blame]107 * (possibly CA signed) Certificate file.
108 * @param[in] filePath - Certificate file path.
Marri Devender Rao8f80c352019-05-13 00:53:01 -0500[diff] [blame]109 * @param[in] isSkipUnitReload - If true do not restart units
Marri Devender Rao6ceec402019-02-01 03:15:19 -0600[diff] [blame]110 */
Marri Devender Rao8f80c352019-05-13 00:53:01 -0500[diff] [blame]111 void install(const std::string& filePath, bool isSkipUnitReload);
Marri Devender Rao6ceec402019-02-01 03:15:19 -0600[diff] [blame]112
Marri Devender Rao6ceec402019-02-01 03:15:19 -0600[diff] [blame]113 /** @brief Load Certificate file into the X509 structre.
Marri Devender Raocd30c492019-06-12 01:40:17 -0500[diff] [blame]114 * @param[in] filePath - Certificate and key full file path.
Marri Devender Rao6ceec402019-02-01 03:15:19 -0600[diff] [blame]115 * @return pointer to the X509 structure.
116 */
117 X509_Ptr loadCert(const std::string& filePath);
118
Marri Devender Raocd30c492019-06-12 01:40:17 -0500[diff] [blame]119 /** @brief Check and append private key to the certificate file
120 * If private key is not present in the certificate file append the
121 * certificate file with private key existing in the system.
122 * @param[in] filePath - Certificate and key full file path.
123 * @return void.
124 */
125 void checkAndAppendPrivateKey(const std::string& filePath);
126
Marri Devender Rao6ceec402019-02-01 03:15:19 -0600[diff] [blame]127 /** @brief Public/Private key compare function.
128 * Comparing private key against certificate public key
129 * from input .pem file.
Marri Devender Raocd30c492019-06-12 01:40:17 -0500[diff] [blame]130 * @param[in] filePath - Certificate and key full file path.
Marri Devender Rao6ceec402019-02-01 03:15:19 -0600[diff] [blame]131 * @return Return true if Key compare is successful,
132 * false if not
133 */
134 bool compareKeys(const std::string& filePath);
Marri Devender Raocd30c492019-06-12 01:40:17 -0500[diff] [blame]135
Marri Devender Rao6ceec402019-02-01 03:15:19 -0600[diff] [blame]136 /** @brief systemd unit reload or reset helper function
137 * Reload if the unit supports it and use a restart otherwise.
138 * @param[in] unit - service need to reload.
139 */
140 void reloadOrReset(const UnitsToRestart& unit);
141
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]142 /**
143 * @brief Extracts subject hash
144 *
145 * @param[in] storeCtx Pointer to X509_STORE_CTX containing certificate
146 *
147 * @return Subject hash as formatted string
148 */
149 static inline std::string
150 getSubjectHash(const X509_STORE_CTX_Ptr& storeCtx);
151
Marri Devender Rao6ceec402019-02-01 03:15:19 -0600[diff] [blame]152 /** @brief Type specific function pointer map **/
153 std::unordered_map<InputType, InstallFunc> typeFuncMap;
154
155 /** @brief sdbusplus handler */
156 sdbusplus::bus::bus& bus;
157
158 /** @brief object path */
159 std::string objectPath;
160
161 /** @brief Type of the certificate **/
162 CertificateType certType;
163
164 /** @brief Unit name associated to the service **/
165 UnitsToRestart unitToRestart;
166
167 /** @brief Certificate file installation path **/
168 CertInstallPath certInstallPath;
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]169
Marri Devender Raocd30c492019-06-12 01:40:17 -0500[diff] [blame]170 /** @brief Type specific function pointer map for appending private key */
171 std::unordered_map<InputType, AppendPrivKeyFunc> appendKeyMap;
172
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]173 /** @brief Certificate file create/update watch */
174 const CertWatchPtr& certWatchPtr;
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]175
176 /** @brief Stores certificate subject hash */
177 std::string certHash;
Marri Devender Rao6ceec402019-02-01 03:15:19 -0600[diff] [blame]178};
179
180} // namespace certs
181} // namespace phosphor