Update README with Redfish certificate support
Change-Id: I385b60559b04da3bff66f9cff37f6b4a034a0399
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
diff --git a/xyz/openbmc_project/Certs/README.md b/xyz/openbmc_project/Certs/README.md
index d438faa..953ee34 100644
--- a/xyz/openbmc_project/Certs/README.md
+++ b/xyz/openbmc_project/Certs/README.md
@@ -92,3 +92,63 @@
### Repository:
phosphor-certificate-manager
+### Redfish Certificate Support
+#### Certificate Upload
+- Certificate Manager implements "xyz.openbmc_project.Certs.Install" interface
+ for installing certificates in the system.
+- Redfish initiates certificate upload by issuing a POST request on the Redfish
+ CertificateCollection with the certificate file.
+ Fo example: For HTTPS certificate upload POST request is issued on URI
+ "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates"
+- Bmcweb receives the POST request and it maps the Redfish URI to the
+ corresponding Certificate Manager D-Bus URI.
+ e.g: HTTPS certificate collection URI
+ /redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates mapped to
+ /xyz/openbmc_project/certs/server/https.
+- Bmcweb initiates an asynchronous call which invokes the "Install" method of
+ the Certificate Manager.
+- Certificate Manager "Install" method validates, installs the certificate file
+ and creates a Certificate object.
+- Certificate Manager initiates Reload of the Bmcweb service to trigger
+ configuration reload.
+- BMCweb service raises SIGHUP signal as part of Reload.
+- Bmcweb application handles the SIGHUP signal and reloads the SSL context with
+ the installed certificate.
+- Bmcweb invokes the Callback method with the status of the "Install" method
+ received from the Certificate Manager.
+- Callback method set the response message with error details for failure, sets
+ the response message with newly created certificate details for success.
+- Certificate object D-Bus path mapped to corresponding Redfish certificate URI.
+ e.g: /xyz/openbmc_project/certs/server/https/1 is mapped to
+ /redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1
+ ID of the certificate is appended to the collection URI.
+
+#### Certificate Replace
+- Certificate Object implements "xyz.openbmc_project.Certs.Replace" interface to
+ for replacing existing certificate.
+- Redfish issues Replace certificate request by invoking the ReplaceCertificate
+ action of the CertificateService.
+- Redfish Certificate Collection URI is mapped to corresponding Certificate
+ D-Bus object URI
+ e.g: HTTPS certificate object 1 URI
+ /redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1 is mapped to
+ /xyz/openbmc_project/certs/server/https/1.
+- Bmcweb receives POST request for Replace Certificate, invokes the Replace
+ D-Bus method of the Certificate object asynchronously.
+- Callback method will be passed to the bmcweb asynchronous method which will
+ called after completion of the D-Bus Replace method.
+- Callback method checks the response received, if failure response message is
+ set with error details, if success response message is set with the replaced
+ certificate details.
+
+#### Bootup
+- During bootup certificate objects created for the existing certificates.
+### Errors thrown by Certificate Manager
+- NotAllowed exception thrown if Install method invoked with a certificate
+ already existing. At present only one certificate per certificate type is
+ allowed.
+- InvalidCertificate excption thrown for validation errors.
+
+#### Certificate Deletion
+- Certificate deletion is not allowed as per Redfish specification.
+