Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-certificate-manager / bf7c588ccfe74a37f6a3ec2ca756f62e28c82963 / . / certificate.hpp
blob: 8227b0589f6376bcffe63e90c823c99572cad508 [file] [log] [blame]
Marri Devender Rao6ceec402019-02-01 03:15:19 -0600[diff] [blame]1#pragma once
2
3#include <openssl/x509.h>
4
5#include <filesystem>
6#include <phosphor-logging/elog.hpp>
7
8namespace phosphor
9{
10namespace certs
11{
12using CertificateType = std::string;
13using UnitsToRestart = std::string;
14using CertInstallPath = std::string;
15using CertUploadPath = std::string;
16using InputType = std::string;
17using InstallFunc = std::function<void(const std::string&)>;
18
19using namespace phosphor::logging;
20
21// for placeholders
22using namespace std::placeholders;
23namespace fs = std::filesystem;
24
25// Supported Types.
26static constexpr auto SERVER = "server";
27static constexpr auto CLIENT = "client";
28static constexpr auto AUTHORITY = "authority";
29
30// RAII support for openSSL functions.
31using X509_Ptr = std::unique_ptr<X509, decltype(&::X509_free)>;
32
33/** @class Certificate
34 * @brief OpenBMC Certificate entry implementation.
35 * @details A concrete implementation for the
36 * xyz.openbmc_project.Certs.Certificate DBus API
37 * xyz.openbmc_project.Certs.Instal DBus API
38 */
39class Certificate
40{
41 public:
42 Certificate() = delete;
43 Certificate(const Certificate&) = delete;
44 Certificate& operator=(const Certificate&) = delete;
45 Certificate(Certificate&&) = delete;
46 Certificate& operator=(Certificate&&) = delete;
47 virtual ~Certificate();
48
49 /** @brief Constructor for the Certificate Object
50 * @param[in] bus - Bus to attach to.
51 * @param[in] objPath - Object path to attach to
52 * @param[in] type - Type of the certificate
53 * @param[in] unit - Units to restart after a certificate is installed
54 * @param[in] installPath - Path of the certificate to install
55 * @param[in] uploadPath - Path of the certificate file to upload
56 */
57 Certificate(sdbusplus::bus::bus& bus, const std::string& objPath,
58 const CertificateType& type, const UnitsToRestart& unit,
59 const CertInstallPath& installPath,
60 const CertUploadPath& uploadPath);
61
62 /** @brief Implementation for Install
63 * Replace the existing certificate file with another
64 * (possibly CA signed) Certificate file.
65 * @param[in] filePath - Certificate file path.
66 */
67 void install(const std::string filePath);
68
69 private:
70 /** @brief Load Certificate file into the X509 structre.
71 * @param[in] fileName - Certificate and key full file path.
72 * @return pointer to the X509 structure.
73 */
74 X509_Ptr loadCert(const std::string& filePath);
75
76 /** @brief Public/Private key compare function.
77 * Comparing private key against certificate public key
78 * from input .pem file.
79 * @param[in] fileName - Certificate and key full file path.
80 * @return Return true if Key compare is successful,
81 * false if not
82 */
83 bool compareKeys(const std::string& filePath);
84 /** @brief systemd unit reload or reset helper function
85 * Reload if the unit supports it and use a restart otherwise.
86 * @param[in] unit - service need to reload.
87 */
88 void reloadOrReset(const UnitsToRestart& unit);
89
90 /** @brief Type specific function pointer map **/
91 std::unordered_map<InputType, InstallFunc> typeFuncMap;
92
93 /** @brief sdbusplus handler */
94 sdbusplus::bus::bus& bus;
95
96 /** @brief object path */
97 std::string objectPath;
98
99 /** @brief Type of the certificate **/
100 CertificateType certType;
101
102 /** @brief Unit name associated to the service **/
103 UnitsToRestart unitToRestart;
104
105 /** @brief Certificate file installation path **/
106 CertInstallPath certInstallPath;
107};
108
109} // namespace certs
110} // namespace phosphor