| Ravi Teja | a49895e | 2020-06-16 03:57:58 -0500 | [diff] [blame] | 1 | #include "config.h" |
| 2 | |
| 3 | #include "ca_certs_manager.hpp" |
| 4 | |
| 5 | #include <filesystem> |
| 6 | #include <fstream> |
| 7 | #include <phosphor-logging/elog-errors.hpp> |
| 8 | #include <phosphor-logging/elog.hpp> |
| 9 | #include <phosphor-logging/log.hpp> |
| 10 | #include <xyz/openbmc_project/Common/error.hpp> |
| 11 | |
| 12 | namespace ca |
| 13 | { |
| 14 | namespace cert |
| 15 | { |
| 16 | static constexpr auto objectEntry = "/xyz/openbmc_project/certs/entry"; |
| 17 | static constexpr auto maxCertSize = 4096; |
| 18 | namespace fs = std::filesystem; |
| 19 | using namespace phosphor::logging; |
| 20 | using InvalidArgument = |
| 21 | sdbusplus::xyz::openbmc_project::Common::Error::InvalidArgument; |
| 22 | using Argument = xyz::openbmc_project::Common::InvalidArgument; |
| 23 | |
| 24 | sdbusplus::message::object_path CACertMgr::signCSR(std::string csr) |
| 25 | { |
| 26 | std::string objPath; |
| 27 | try |
| 28 | { |
| 29 | if (csr.size() > maxCertSize) |
| 30 | { |
| 31 | log<level::ERR>("Invalid CSR size"); |
| 32 | elog<InvalidArgument>(Argument::ARGUMENT_NAME("CSR"), |
| 33 | Argument::ARGUMENT_VALUE(csr.c_str())); |
| 34 | } |
| 35 | auto id = lastEntryId + 1; |
| 36 | objPath = fs::path(objectEntry) / std::to_string(id); |
| 37 | std::string cert; |
| 38 | // Creating the dbus object here with the empty certificate string |
| 39 | // actual signing is being done by the hypervisor, once it signs then |
| 40 | // the certificate string would be updated with actual certificate. |
| 41 | entries.insert(std::make_pair( |
| 42 | id, std::make_unique<Entry>(bus, objPath, id, csr, cert, *this))); |
| 43 | lastEntryId++; |
| 44 | } |
| 45 | catch (const std::invalid_argument& e) |
| 46 | { |
| 47 | log<level::ERR>(e.what()); |
| 48 | elog<InvalidArgument>(Argument::ARGUMENT_NAME("csr"), |
| 49 | Argument::ARGUMENT_VALUE(csr.c_str())); |
| 50 | } |
| 51 | return objPath; |
| 52 | } |
| 53 | |
| 54 | void CACertMgr::erase(uint32_t entryId) |
| 55 | { |
| 56 | entries.erase(entryId); |
| 57 | } |
| 58 | |
| 59 | void CACertMgr::deleteAll() |
| 60 | { |
| 61 | auto iter = entries.begin(); |
| 62 | while (iter != entries.end()) |
| 63 | { |
| 64 | auto& entry = iter->second; |
| 65 | ++iter; |
| 66 | entry->delete_(); |
| 67 | } |
| 68 | } |
| 69 | |
| 70 | } // namespace cert |
| 71 | } // namespace ca |