sdbusplus: use shorter type aliases

The sdbusplus headers provide shortened aliases for many types.
Switch to using them to provide better code clarity and shorter
lines. Possible replacements are

sdbusplus: use shorter type aliases

The sdbusplus headers provide shortened aliases for many types.
Switch to using them to provide better code clarity and shorter
lines. Possible replacements are for:
* bus_t
* exception_t
* manager_t
* match_t
* message_t
* object_t
* slot_t

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I9bb7b9a430d029ddaf2a08ea26acb775b9b2b152

show more ...

OWNERS: switch 'matches' to 'matchers'

The original OWNERS template had a mistake which used 'matches' instead
of the field supported by the Gerrit plugin 'matchers'. Update the
OWNERS file to have

OWNERS: switch 'matches' to 'matchers'

The original OWNERS template had a mistake which used 'matches' instead
of the field supported by the Gerrit plugin 'matchers'. Update the
OWNERS file to have the correct field.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I20c38d95d05517cafef573cb735ff8a0ab37e1d0

show more ...

InstallAll: add logs before and after installation

We have some issues internally about authority list installation. We
found these logs could help debug in the future.

Signed-off-by: Nan Zhou <nan

InstallAll: add logs before and after installation

We have some issues internally about authority list installation. We
found these logs could help debug in the future.

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I99cb0c1bcd73d65207fb72c597e32a0ec4f8cd92

show more ...

systemd: drop SyslogIdentifier

This is the default behavior, so specifing it is unnecessary.

Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Change-Id: I3d89bca11b4ad0dab3bf7ae2e06504db096

systemd: drop SyslogIdentifier

This is the default behavior, so specifing it is unnecessary.

Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Change-Id: I3d89bca11b4ad0dab3bf7ae2e06504db0964b212

show more ...

systemd: use qualified path

Inspired by
https://gerrit.openbmc.org/c/openbmc/phosphor-certificate-manager/+/54051

Tested: on real hardware, these binaries are in /usr/bin

Signed-off-by: Nan Zhou <

systemd: use qualified path

Inspired by
https://gerrit.openbmc.org/c/openbmc/phosphor-certificate-manager/+/54051

Tested: on real hardware, these binaries are in /usr/bin

Signed-off-by: Nan Zhou <nanzhou@google.com>
Change-Id: I7892cc0d416ca66bcda9ea6d58485dd66fb806a9

show more ...

systemd: use qualified path

Fix a documented anti-pattern:
https://github.com/openbmc/docs/blob/master/anti-patterns.md#use-of-usrbinenv-in-systemd-service-files

Signed-off-by: Brad Bishop <bradley

systemd: use qualified path

Fix a documented anti-pattern:
https://github.com/openbmc/docs/blob/master/anti-patterns.md#use-of-usrbinenv-in-systemd-service-files

Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Change-Id: Ief24dc4a695bc2330243406a7457c518664964be

show more ...

sdbusplus: object: don't use 'bool' argument constructor

`sdbusplus::server::object_t` has long had an enum-based parameter for
signal action, but maintained a backwards compatible boolean mapping.

sdbusplus: object: don't use 'bool' argument constructor

`sdbusplus::server::object_t` has long had an enum-based parameter for
signal action, but maintained a backwards compatible boolean mapping.
It is time to remove this boolean to make it more observable which
actions are being used in applications. Map all `true` occurrences to
`action::defer_emit`.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I4137ab812650afc09073d7b110254de87d5e5710

show more ...

argument parser: use CLI11 and add unit tests

CLI11 is one of the most commonly use argument parser in OpenBMC. It can
save ~150 lines of codes in this project.

We are hitting argument related bugs

argument parser: use CLI11 and add unit tests

CLI11 is one of the most commonly use argument parser in OpenBMC. It can
save ~150 lines of codes in this project.

We are hitting argument related bugs that not covered in unit tests.
This test adds a test for argument parsing.

Tested: QEMU IPMI/Redfish worked.

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: Ib409c7e6a82ad31049f2da3e32727ebdf185f0fc

show more ...

meson: simplify dependencies

Leverage wrapfile `[provide]` directives to simplify the dependency
searching in the meson.build.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I396505

meson: simplify dependencies

Leverage wrapfile `[provide]` directives to simplify the dependency
searching in the meson.build.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I396505086aa3416684f8952dd8ecd0fab5ae95cf

show more ...

Authorities list: implement InstallAll & ReplaceAll

This change implements the design in
https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/49317.

InstallAll: enumerate all certs in the input file

Authorities list: implement InstallAll & ReplaceAll

This change implements the design in
https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/49317.

InstallAll: enumerate all certs in the input file and install all of
them;
ReplaceAll: replace all certs with the new authorities list
Atomic: implemented via creating temporary folder and issuing swap.

Added ability to unit test service reload as well.

Tested:
1. Unit tests
2. Tested loading/deleting authorities list in QEMU.

```
root@xxx:~# busctl call xyz.openbmc_project.Certs.Manager.Authority.Ldap \
> /xyz/openbmc_project/certs/authority/ldap \
> xyz.openbmc_project.Certs.InstallAll \
> InstallAll s /tmp/trust_bundle.pem
as 3 "/xyz/openbmc_project/certs/authority/ldap/1"
"/xyz/openbmc_project/certs/authority/ldap/2"
"/xyz/openbmc_project/certs/authority/ldap/3"
root@xxx:~# ls /etc/ssl/certs/authority/
10a5d8b0.0 5b49ceaa.0 f3ddaa86.0 file0qmgPV fileDbjTzW fileR4TtjO
trust_bundle
root@xxx:~# busctl call
xyz.openbmc_project.Certs.Manager.Authority.Ldap
/xyz/openbmc_project/certs/authority/ldap
xyz.openbmc_project.Certs.ReplaceAll ReplaceAll s /tmp/trust_bundle.pem
root@xxx:~# ls /etc/ssl/certs/authority/
10a5d8b0.0 5b49ceaa.0 f3ddaa86.0 file1obsEZ fileOqVoaC filerUBZCj
trust_bundle

root@xxx:~# wget -qO- http://localhost/redfish/v1/Managers/bmc/Truststore/Certificates/
{
"@odata.id": "/redfish/v1/Managers/bmc/Truststore/Certificates/",
"@odata.type": "#CertificateCollection.CertificateCollection",
"Description": "A Collection of TrustStore certificate instances",
"Members": [
{
"@odata.id": "/redfish/v1/Managers/bmc/Truststore/Certificates/1"
},
{
"@odata.id": "/redfish/v1/Managers/bmc/Truststore/Certificates/2"
},
{
"@odata.id": "/redfish/v1/Managers/bmc/Truststore/Certificates/3"
}
],
"Members@odata.count": 3,
"Name": "TrustStore Certificates Collection"
}
root@xxx:~# wget -qO- http://localhost/redfish/v1/Managers/bmc/Truststore/Certificates/1
{
"@odata.id": "/redfish/v1/Managers/bmc/Truststore/Certificates/1",
"@odata.type": "#Certificate.v1_0_0.Certificate",
"CertificateString": "-----BEGIN CERTIFICATE-----\nMIICZTCCAgugAwIBAgIUANIf0jvaRNq1MdwxrXPnk25VrmYwCgYIKoZIzj0EAwIw\nVTETMBEGA1UEChMKY2FtcHVzLWFzaDENMAsGA1UECxMEcm9vdDEvMC0GA1UEAwwm\ne2QyZWQ1MGJkLTczMTQtNDgxZC04OWE0LTVkMjkxMmYyMGQ5NH0wIBcNNzAwMTAx\nMDAwMDAwWhgPOTk5OTEyMzEyMzU5NTlaMFUxEzARBgNVBAoTCmNhbXB1cy1hc2gx\nDTALBgNVBAsTBHJvb3QxLzAtBgNVBAMMJntkMmVkNTBiZC03MzE0LTQ4MWQtODlh\nNC01ZDI5MTJmMjBkOTR9MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7lp/J3Gj\nc4TKubuYtzpxu2D3STlwTwEjgFbTaLZnQ0KXt7pBrcYc3yY1t74WBluvzM9iok6Q\nDcEFX5aIYcoaAKOBtjCBszAOBgNVHQ8BAf8EBAMCAQYwKQYDVR0lBCIwIAYIKwYB\nBQUHAwEGCCsGAQUFBwMCBgorBgEEAdZ5AgcBMA8GA1UdEwEB/wQFMAMBAf8wHQYD\nVR0OBBYEFIPrX7lbeJhvHHcQ7iYOry50aYKYMBcGA1UdIAQQMA4wDAYKKwYBBAHW\neQIFBDAtBgNVHR4BAf8EIzAhoB8wHYYbLmNhbXB1cy1hc2gucHJvZC5nb29nbGUu\nY29tMAoGCCqGSM49BAMCA0gAMEUCIAS/ZrMPBj992vVVplwzH9DWDCSMu1rCgvqw\nam3byOT1AiEAyrr3FAP+7js7z+h8d94hTyy1kTn+4NOvUWrVzHUmJI8=\n-----END CERTIFICATE-----\n",
"Description": "TrustStore Certificate",
"Id": "1",
"Issuer": {
"CommonName": "{d2ed50bd-7314-481d-89a4-5d2912f20d94}",
"Organization": "campus-ash",
"OrganizationalUnit": "root"
},
"KeyUsage": [
"CRLSigning",
"ServerAuthentication",
"ClientAuthentication",
""
],
"Name": "TrustStore Certificate",
"Subject": {
"CommonName": "{d2ed50bd-7314-481d-89a4-5d2912f20d94}",
"Organization": "campus-ash",
"OrganizationalUnit": "root"
},
"ValidNotAfter": "9999-12-31T23:59:59+00:00",
"ValidNotBefore": "1970-01-01T00:00:00+00:00"
}
```

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I495f5c1c1c4a2ac880dd3233be31b84a78d79a43

show more ...

Add x509 utils

This change moves some existing static functions in the Certificate
class and x509 related routines into a separate library. These functions
will be used in future Authorities List re

Add x509 utils

This change moves some existing static functions in the Certificate
class and x509 related routines into a separate library. These functions
will be used in future Authorities List related functions.

This change also reduces the number of times Certificate class reads PEM
files by passing cert via X509 pointers rather than Certificate paths.

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: Ieb268ee051c3597f2add732902eb0461375a4c3f

show more ...

Remove Ed from PCM maintainers

This was leftover from lots of input I gave way back when on the overall
design for phosphor-certificate-manager. I've never been a primary
reviewer, nor do I general

Remove Ed from PCM maintainers

This was leftover from lots of input I gave way back when on the overall
design for phosphor-certificate-manager. I've never been a primary
reviewer, nor do I generally understand the code enough to make good
CLs. Feel free to CC me on changes that I need to be aware of, like
ones that make changes to Redfish.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Id046c9957dbc7ffa29f009d1f9314d78eddadd43

show more ...

OWNERS: add Nan Zhou as an owner

I have done a serials of refactoring in this repo to improve readability
and codes health, and solve bugs, for example, a non-trivial one,
https://gerrit.openbmc-pro

OWNERS: add Nan Zhou as an owner

I have done a serials of refactoring in this repo to improve readability
and codes health, and solve bugs, for example, a non-trivial one,
https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-certificate-manager/+/50010

I also did a design review in the certificate management topic, and
implemented the design,
https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/49317.

Thus, I apply to be a maintainer of this repo. Hope I can contribute
more and help the OpenBMC community.

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I29c76d336e6d0a19516dfc01f018f3b9ca07e915

show more ...

MAINTAINERS: Remove in favour of OWNERS

We use Gerrit's 'owners' plugin now, so drop the org-specific
MAINTAINERS file.

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I9f1f231154f67c8c

MAINTAINERS: Remove in favour of OWNERS

We use Gerrit's 'owners' plugin now, so drop the org-specific
MAINTAINERS file.

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I9f1f231154f67c8ca1ed56366a70aa1e21e4b7ee

show more ...

mainapp: fix typo in the "type" string key

The SRCREV bump change failed.
https://gerrit.openbmc-project.xyz/c/openbmc/openbmc/+/50836

Tested:
The QEMU Robot test worked.

Signed-off-by: Nan Zhou <

mainapp: fix typo in the "type" string key

The SRCREV bump change failed.
https://gerrit.openbmc-project.xyz/c/openbmc/openbmc/+/50836

Tested:
The QEMU Robot test worked.

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: Ic378ebf87c0cbaf220e413f9245d6d4c0fb7a926

show more ...

iwyu

This changes uses its best effort to clean up headers according to iwyu.

Reference:
https://include-what-you-use.org/

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: Ibd8bd8735238

iwyu

This changes uses its best effort to clean up headers according to iwyu.

Reference:
https://include-what-you-use.org/

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: Ibd8bd8735238d6ec101a2428241bb1727e3ac9a9

show more ...

clean up using directives and type alias

Most C++ style guides try to avoid using directives in headers and also
suggest using type alias carefully, according to which, this change does
the followin

clean up using directives and type alias

Most C++ style guides try to avoid using directives in headers and also
suggest using type alias carefully, according to which, this change does
the following clean up:

1. used Enum class to represent Certificate type
2. removed all using directives: e.g. the phosphor logging namespace;
instead, this change uses using declarations
3. removed unnecessary type alias; in existing codes, we only support
strings as types of UnitToRestart, InstallPath, UploadPath, etc; this
change uses std::string directly
4. moved all alias outside any class scope into source files or an
internal namespace
5. renamed types, constants, classes as per OpenBMC style guide
6. fixed all compilation errors and some warnings after the refactoring;
built with both Clang & GCC

Reference:
https://docs.microsoft.com/en-us/cpp/cpp/header-files-cpp?view=msvc-170#what-to-put-in-a-header-file
https://google.github.io/styleguide/cppguide.html#Namespaces

Tested:
Unit tests

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I58e026934a4e969f4d8877801c8f3c671990468a

show more ...

use RAII to manager RSA pointers

Tested:
unit tests.

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I8888f01e0f64836ca36f03c79307c1044d0dae44

gitignore: explicitly set unignored subprojects

Additional wrap files will be added during builds by suprojects like
PDI, etc. Thus, we'd better explicitly set the wraps we want to keep.

Signed-off

gitignore: explicitly set unignored subprojects

Additional wrap files will be added during builds by suprojects like
PDI, etc. Thus, we'd better explicitly set the wraps we want to keep.

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I18fa6d975f5215495141656e41f5608974b236c8

show more ...

config.h.in: use const variables instead of macros

Most style guides try to avoid preprocessor macros, especially the use
case here: const objects. This change replaced them with const
variables. Th

config.h.in: use const variables instead of macros

Most style guides try to avoid preprocessor macros, especially the use
case here: const objects. This change replaced them with const
variables. Their names are also changed according to the OpenBMC style
guide.

Reference:
https://google.github.io/styleguide/cppguide.html#Preprocessor_Macros

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I0786c7c83f3a0d892c14f1cb813d0aa16d627b3e

show more ...

Use nested namespace

Nested namespace is introduced in C++ 17. This saves nearly 50 lines.
This change also puts tests into a nested namespace, which saves
unnecessary using directives.

Signed-off-

Use nested namespace

Nested namespace is introduced in C++ 17. This saves nearly 50 lines.
This change also puts tests into a nested namespace, which saves
unnecessary using directives.

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I7c3e38588fd5c2cbd83ac13ee24327318e8c06a4

show more ...

Modernize use nullptr

NULL => nullptr as per modernize-use-nullptr.

After this change:
```
grep "NULL" -r */*.*pp *.*pp
None
```

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: Iecddab

Modernize use nullptr

NULL => nullptr as per modernize-use-nullptr.

After this change:
```
grep "NULL" -r */*.*pp *.*pp
None
```

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: Iecddab6fba06f959866048eff4496310453d0fde

show more ...

Fix typos

After this change:
```
codespell --builtin clear,rare,en-GB_to_en-US -d --count --skip
"./subprojects/*,./.git" .
0
```

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I7bc4c9

Fix typos

After this change:
```
codespell --builtin clear,rare,en-GB_to_en-US -d --count --skip
"./subprojects/*,./.git" .
0
```

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I7bc4c94facdd366dea91e456e7ef8a0b05532b99

show more ...

remove year 2038 check

https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/49188 resolves
the year 2038 problem in BMCWeb. There's no need to check it in
cert-manager anymore. However, the current

remove year 2038 check

https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/49188 resolves
the year 2038 problem in BMCWeb. There's no need to check it in
cert-manager anymore. However, the current Cert interface can't take
certificate whose NotBefore is before the Unix Epoch given the
timestamp is uint64_t. So this change adds the check to return
errors in this case.

This change also fixed the existing issue of setting unix epoch.

TESTED: unit tests + QEMU
1. added a cert that's valid from 1970/01/01 to 9999/12/31 into
unit tests
2. tested the dbus properties in QEMU after installing the above
cert;

```
.ValidNotAfter property t 253402300799 emits-change writable
.ValidNotBefore property t 0 emits-change writable
```
This is expected.

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: Idc6b7721fc84b6b9022467e6b0c9e1984f682912

show more ...

build: rename config.h source

The meson-generated config.h template was previously named as
'config.h.meson' to avoid collisions with the autotools-generated
'config.h.in'. Switch the source templa

build: rename config.h source

The meson-generated config.h template was previously named as
'config.h.meson' to avoid collisions with the autotools-generated
'config.h.in'. Switch the source template to '.in' to follow typical
file naming patterns now that autotools is removed.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ie59d429732ab704ff7670a5ab5d2f5d4c6f09d21

show more ...