1 #include "config.h" 2 3 #include "ca_certs_manager.hpp" 4 5 #include <phosphor-logging/elog-errors.hpp> 6 #include <phosphor-logging/elog.hpp> 7 #include <phosphor-logging/lg2.hpp> 8 #include <xyz/openbmc_project/Common/error.hpp> 9 10 #include <filesystem> 11 #include <fstream> 12 13 namespace ca::cert 14 { 15 namespace fs = std::filesystem; 16 using ::phosphor::logging::elog; 17 18 using ::sdbusplus::xyz::openbmc_project::Common::Error::InvalidArgument; 19 using Argument = 20 ::phosphor::logging::xyz::openbmc_project::Common::InvalidArgument; 21 22 static constexpr size_t maxCertSize = 4096; 23 signCSR(std::string csr)24sdbusplus::message::object_path CACertMgr::signCSR(std::string csr) 25 { 26 std::string objPath; 27 try 28 { 29 if (csr.size() > maxCertSize) 30 { 31 lg2::error("Invalid CSR size"); 32 elog<InvalidArgument>(Argument::ARGUMENT_NAME("CSR"), 33 Argument::ARGUMENT_VALUE(csr.c_str())); 34 } 35 auto id = lastEntryId + 1; 36 objPath = fs::path(objectNamePrefix) / "ca" / "entry" / 37 std::to_string(id); 38 std::string cert; 39 // Creating the dbus object here with the empty certificate string 40 // actual signing is being done by the hypervisor, once it signs then 41 // the certificate string would be updated with actual certificate. 42 entries.insert(std::make_pair( 43 id, std::make_unique<Entry>(bus, objPath, id, csr, cert, *this))); 44 lastEntryId++; 45 } 46 catch (const std::invalid_argument& e) 47 { 48 lg2::error(e.what()); 49 elog<InvalidArgument>(Argument::ARGUMENT_NAME("csr"), 50 Argument::ARGUMENT_VALUE(csr.c_str())); 51 } 52 return objPath; 53 } 54 erase(uint32_t entryId)55void CACertMgr::erase(uint32_t entryId) 56 { 57 entries.erase(entryId); 58 } 59 deleteAll()60void CACertMgr::deleteAll() 61 { 62 auto iter = entries.begin(); 63 while (iter != entries.end()) 64 { 65 auto& entry = iter->second; 66 ++iter; 67 entry->delete_(); 68 } 69 } 70 71 } // namespace ca::cert 72