fix: add account checking inside verifyMtls

Currently if we don't have account in bmcweb but have valid format
certificate, we will have 500 internal server error when we send request
to bmcweb. But

fix: add account checking inside verifyMtls

Currently if we don't have account in bmcweb but have valid format
certificate, we will have 500 internal server error when we send request
to bmcweb. But, if we don't have valid format certificate, we will get
401 unauthorized. This is not ideal as the http code is not appropriate.
Also, this might introduce some security risk as the user can deduce
whether their certificate format is valid or not based on the http code.

This patch is intended to solve this issue by checking whether the
username exists in the system. If not, we will return nullptr inside
verifyMtls function, which result in 401 unauthorized response if the
user have valid format of certificate, but there is no related username
inside the system

Change-Id: I479a10ed2bcce2c9969e19fa3aab9686ba4c71be
Signed-off-by: Malik Akbar Hashemi Rafsanjani <malikrafsan@meta.com>
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...