PLDM : Multiple vmi certificate exchange
With this story PLDM detects interface added signal on interface
xyz.openbmc_project.Certs.Entry and saves the value of CSR property.
This CSR string is then sent to the host. Once the host responds to it
the response is verified and a client certificate received from host
is updates/saved in a dbus property - ClientCertificate.
For multiple certificate exchange, new dbus objects are
created for signing requests from different clients. Each dbus
object has properties such has CSR and Client certificate that get
updated with the certificate string when a valid CSR request is
sent to host and client certficate is received successfully.
After the dbus property (ClientCertificate) has a valid client
certificate string, status property of the dbus interface
xyz.openbmc_project.Certs.Entry is updated from pending to complete.
Signed-off-by: Varsha Kaverappa <vkaverap@in.ibm.com>
Change-Id: I63afb15190ae9c21eb86421d75f51618b358c074
diff --git a/oem/ibm/libpldmresponder/file_io.hpp b/oem/ibm/libpldmresponder/file_io.hpp
index a79c677..430811e 100644
--- a/oem/ibm/libpldmresponder/file_io.hpp
+++ b/oem/ibm/libpldmresponder/file_io.hpp
@@ -158,6 +158,10 @@
{
static constexpr auto dumpObjPath = "/xyz/openbmc_project/dump/resource/entry/";
static constexpr auto resDumpEntry = "com.ibm.Dump.Entry.Resource";
+
+static constexpr auto certObjPath = "/xyz/openbmc_project/certs/ca/";
+static constexpr auto certAuthority =
+ "xyz.openbmc_project.PLDM.Provider.Certs.Authority.CSR";
class Handler : public CmdHandler
{
public:
@@ -264,6 +268,47 @@
}
}
});
+ vmiCertMatcher = std::make_unique<sdbusplus::bus::match::match>(
+ pldm::utils::DBusHandler::getBus(),
+ sdbusplus::bus::match::rules::interfacesAdded() +
+ sdbusplus::bus::match::rules::argNpath(0, certObjPath),
+ [hostSockFd, hostEid,
+ dbusImplReqester](sdbusplus::message::message& msg) {
+ std::map<
+ std::string,
+ std::map<std::string, std::variant<std::string, uint32_t>>>
+ interfaces;
+ sdbusplus::message::object_path path;
+ msg.read(path, interfaces);
+ std::string csr;
+
+ for (auto& interface : interfaces)
+ {
+ if (interface.first == certAuthority)
+ {
+ for (const auto& property : interface.second)
+ {
+ if (property.first == "CSR")
+ {
+ csr = std::get<std::string>(property.second);
+ auto fileHandle =
+ sdbusplus::message::object_path(path)
+ .filename();
+
+ auto dbusToFileHandler =
+ std::make_unique<pldm::requester::oem_ibm::
+ DbusToFileHandler>(
+ hostSockFd, hostEid, dbusImplReqester,
+ path);
+ dbusToFileHandler->newCsrFileAvailable(
+ csr, fileHandle);
+ break;
+ }
+ }
+ break;
+ }
+ }
+ });
}
/** @brief Handler for readFileIntoMemory command
@@ -374,6 +419,9 @@
std::unique_ptr<sdbusplus::bus::match::match>
resDumpMatcher; //!< Pointer to capture the interface added signal
//!< for new resource dump
+ std::unique_ptr<sdbusplus::bus::match::match>
+ vmiCertMatcher; //!< Pointer to capture the interface added signal
+ //!< for new csr string
};
} // namespace oem_ibm