| Ravi Teja | a49895e | 2020-06-16 03:57:58 -0500 | [diff] [blame] | 1 | #include "config.h" |
| 2 | |
| 3 | #include "ca_certs_manager.hpp" |
| 4 | |
| 5 | #include <filesystem> |
| 6 | #include <fstream> |
| 7 | #include <phosphor-logging/elog-errors.hpp> |
| 8 | #include <phosphor-logging/elog.hpp> |
| 9 | #include <phosphor-logging/log.hpp> |
| 10 | #include <xyz/openbmc_project/Common/error.hpp> |
| 11 | |
| Nan Zhou | e1289ad | 2021-12-28 11:02:56 -0800 | [diff] [blame] | 12 | namespace ca::cert |
| Ravi Teja | a49895e | 2020-06-16 03:57:58 -0500 | [diff] [blame] | 13 | { |
| Ravi Teja | a49895e | 2020-06-16 03:57:58 -0500 | [diff] [blame] | 14 | namespace fs = std::filesystem; |
| Nan Zhou | cf06ccd | 2021-12-28 16:25:45 -0800 | [diff] [blame^] | 15 | using ::phosphor::logging::elog; |
| 16 | using ::phosphor::logging::entry; |
| 17 | using ::phosphor::logging::level; |
| 18 | using ::phosphor::logging::log; |
| 19 | |
| 20 | using ::sdbusplus::xyz::openbmc_project::Common::Error::InvalidArgument; |
| 21 | using Argument = |
| 22 | ::phosphor::logging::xyz::openbmc_project::Common::InvalidArgument; |
| 23 | |
| 24 | static constexpr size_t maxCertSize = 4096; |
| Ravi Teja | a49895e | 2020-06-16 03:57:58 -0500 | [diff] [blame] | 25 | |
| 26 | sdbusplus::message::object_path CACertMgr::signCSR(std::string csr) |
| 27 | { |
| 28 | std::string objPath; |
| 29 | try |
| 30 | { |
| 31 | if (csr.size() > maxCertSize) |
| 32 | { |
| 33 | log<level::ERR>("Invalid CSR size"); |
| 34 | elog<InvalidArgument>(Argument::ARGUMENT_NAME("CSR"), |
| 35 | Argument::ARGUMENT_VALUE(csr.c_str())); |
| 36 | } |
| 37 | auto id = lastEntryId + 1; |
| Nan Zhou | 718eef3 | 2021-12-28 11:03:30 -0800 | [diff] [blame] | 38 | objPath = |
| 39 | fs::path(objectNamePrefix) / "ca" / "entry" / std::to_string(id); |
| Ravi Teja | a49895e | 2020-06-16 03:57:58 -0500 | [diff] [blame] | 40 | std::string cert; |
| 41 | // Creating the dbus object here with the empty certificate string |
| 42 | // actual signing is being done by the hypervisor, once it signs then |
| 43 | // the certificate string would be updated with actual certificate. |
| 44 | entries.insert(std::make_pair( |
| 45 | id, std::make_unique<Entry>(bus, objPath, id, csr, cert, *this))); |
| 46 | lastEntryId++; |
| 47 | } |
| 48 | catch (const std::invalid_argument& e) |
| 49 | { |
| 50 | log<level::ERR>(e.what()); |
| 51 | elog<InvalidArgument>(Argument::ARGUMENT_NAME("csr"), |
| 52 | Argument::ARGUMENT_VALUE(csr.c_str())); |
| 53 | } |
| 54 | return objPath; |
| 55 | } |
| 56 | |
| 57 | void CACertMgr::erase(uint32_t entryId) |
| 58 | { |
| 59 | entries.erase(entryId); |
| 60 | } |
| 61 | |
| 62 | void CACertMgr::deleteAll() |
| 63 | { |
| 64 | auto iter = entries.begin(); |
| 65 | while (iter != entries.end()) |
| 66 | { |
| 67 | auto& entry = iter->second; |
| 68 | ++iter; |
| 69 | entry->delete_(); |
| 70 | } |
| 71 | } |
| 72 | |
| Nan Zhou | e1289ad | 2021-12-28 11:02:56 -0800 | [diff] [blame] | 73 | } // namespace ca::cert |