| certificate.cpp (223e460421eebb1c598d9285b0cb01f1150fa50d) | certificate.cpp (f2646271e5fc66e4c5f3f8bfd6eeb68b6be3f103) |
|---|---|
| 1#include "config.h" 2 3#include "certificate.hpp" 4 5#include "certs_manager.hpp" 6#include "x509_utils.hpp" 7 8#include <openssl/asn1.h> --- 4 unchanged lines hidden (view full) --- 13#include <openssl/obj_mac.h> 14#include <openssl/objects.h> 15#include <openssl/opensslv.h> 16#include <openssl/pem.h> 17#include <openssl/x509v3.h> 18 19#include <phosphor-logging/elog-errors.hpp> 20#include <phosphor-logging/elog.hpp> | 1#include "config.h" 2 3#include "certificate.hpp" 4 5#include "certs_manager.hpp" 6#include "x509_utils.hpp" 7 8#include <openssl/asn1.h> --- 4 unchanged lines hidden (view full) --- 13#include <openssl/obj_mac.h> 14#include <openssl/objects.h> 15#include <openssl/opensslv.h> 16#include <openssl/pem.h> 17#include <openssl/x509v3.h> 18 19#include <phosphor-logging/elog-errors.hpp> 20#include <phosphor-logging/elog.hpp> |
| 21#include <phosphor-logging/log.hpp> | 21#include <phosphor-logging/lg2.hpp> |
| 22#include <watch.hpp> 23#include <xyz/openbmc_project/Certs/error.hpp> 24#include <xyz/openbmc_project/Common/error.hpp> 25 26#include <cstdint> 27#include <cstdio> 28#include <cstdlib> 29#include <exception> --- 5 unchanged lines hidden (view full) --- 35 36namespace phosphor::certs 37{ 38 39namespace 40{ 41namespace fs = std::filesystem; 42using ::phosphor::logging::elog; | 22#include <watch.hpp> 23#include <xyz/openbmc_project/Certs/error.hpp> 24#include <xyz/openbmc_project/Common/error.hpp> 25 26#include <cstdint> 27#include <cstdio> 28#include <cstdlib> 29#include <exception> --- 5 unchanged lines hidden (view full) --- 35 36namespace phosphor::certs 37{ 38 39namespace 40{ 41namespace fs = std::filesystem; 42using ::phosphor::logging::elog; |
| 43using ::phosphor::logging::entry; 44using ::phosphor::logging::level; 45using ::phosphor::logging::log; 46using ::phosphor::logging::report; | |
| 47using InvalidCertificateError = 48 ::sdbusplus::xyz::openbmc_project::Certs::Error::InvalidCertificate; 49using ::phosphor::logging::xyz::openbmc_project::Certs::InvalidCertificate; 50using ::sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure; 51 52// RAII support for openSSL functions. 53using BIOMemPtr = std::unique_ptr<BIO, decltype(&::BIO_free)>; 54using X509StorePtr = std::unique_ptr<X509_STORE, decltype(&::X509_STORE_free)>; --- 48 unchanged lines hidden (view full) --- 103 try 104 { 105 outputCertFileStream.open(certFilePath, std::ios::out); 106 outputCertFileStream << pem << "\n" << std::flush; 107 outputCertFileStream.close(); 108 } 109 catch (const std::exception& e) 110 { | 43using InvalidCertificateError = 44 ::sdbusplus::xyz::openbmc_project::Certs::Error::InvalidCertificate; 45using ::phosphor::logging::xyz::openbmc_project::Certs::InvalidCertificate; 46using ::sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure; 47 48// RAII support for openSSL functions. 49using BIOMemPtr = std::unique_ptr<BIO, decltype(&::BIO_free)>; 50using X509StorePtr = std::unique_ptr<X509_STORE, decltype(&::X509_STORE_free)>; --- 48 unchanged lines hidden (view full) --- 99 try 100 { 101 outputCertFileStream.open(certFilePath, std::ios::out); 102 outputCertFileStream << pem << "\n" << std::flush; 103 outputCertFileStream.close(); 104 } 105 catch (const std::exception& e) 106 { |
| 111 log<level::ERR>("Failed to dump certificate", entry("ERR=%s", e.what()), 112 entry("SRC_PEM=%s", pem.c_str()), 113 entry("DST=%s", certFilePath.c_str())); | 107 lg2::error( 108 "Failed to dump certificate, ERR:{ERR}, SRC_PEM:{SRC_PEM}, DST:{DST}", 109 "ERR", e, "SRC_PEM", pem, "DST", certFilePath); |
| 114 elog<InternalFailure>(); 115 } 116} 117} // namespace 118 119void Certificate::copyCertificate(const std::string& certSrcFilePath, 120 const std::string& certFilePath) 121{ --- 15 unchanged lines hidden (view full) --- 137 inputCertFileStream.open(certSrcFilePath); 138 outputCertFileStream.open(certFilePath, std::ios::out); 139 outputCertFileStream << inputCertFileStream.rdbuf() << std::flush; 140 inputCertFileStream.close(); 141 outputCertFileStream.close(); 142 } 143 catch (const std::exception& e) 144 { | 110 elog<InternalFailure>(); 111 } 112} 113} // namespace 114 115void Certificate::copyCertificate(const std::string& certSrcFilePath, 116 const std::string& certFilePath) 117{ --- 15 unchanged lines hidden (view full) --- 133 inputCertFileStream.open(certSrcFilePath); 134 outputCertFileStream.open(certFilePath, std::ios::out); 135 outputCertFileStream << inputCertFileStream.rdbuf() << std::flush; 136 inputCertFileStream.close(); 137 outputCertFileStream.close(); 138 } 139 catch (const std::exception& e) 140 { |
| 145 log<level::ERR>("Failed to copy certificate", 146 entry("ERR=%s", e.what()), 147 entry("SRC=%s", certSrcFilePath.c_str()), 148 entry("DST=%s", certFilePath.c_str())); | 141 lg2::error( 142 "Failed to copy certificate, ERR:{ERR}, SRC:{SRC}, DST:{DST}", 143 "ERR", e, "SRC", certSrcFilePath, "DST", certFilePath); |
| 149 elog<InternalFailure>(); 150 } 151 } 152} 153 154std::string 155 Certificate::generateUniqueFilePath(const std::string& directoryPath) 156{ 157 char* filePath = tempnam(directoryPath.c_str(), nullptr); 158 if (filePath == nullptr) 159 { | 144 elog<InternalFailure>(); 145 } 146 } 147} 148 149std::string 150 Certificate::generateUniqueFilePath(const std::string& directoryPath) 151{ 152 char* filePath = tempnam(directoryPath.c_str(), nullptr); 153 if (filePath == nullptr) 154 { |
| 160 log<level::ERR>( 161 "Error occurred while creating random certificate file path", 162 entry("DIR=%s", directoryPath.c_str())); | 155 lg2::error( 156 "Error occurred while creating random certificate file path, DIR:{DIR}", 157 "DIR", directoryPath); |
| 163 elog<InternalFailure>(); 164 } 165 std::string filePathStr(filePath); 166 free(filePath); 167 return filePathStr; 168} 169 170std::string Certificate::generateAuthCertFileX509Path( --- 12 unchanged lines hidden (view full) --- 183 const std::string certDstFileX509Path = 184 certDstDirPath + "/" + certHash + "." + std::to_string(i); 185 if (!fs::exists(certDstFileX509Path)) 186 { 187 return certDstFileX509Path; 188 } 189 } 190 | 158 elog<InternalFailure>(); 159 } 160 std::string filePathStr(filePath); 161 free(filePath); 162 return filePathStr; 163} 164 165std::string Certificate::generateAuthCertFileX509Path( --- 12 unchanged lines hidden (view full) --- 178 const std::string certDstFileX509Path = 179 certDstDirPath + "/" + certHash + "." + std::to_string(i); 180 if (!fs::exists(certDstFileX509Path)) 181 { 182 return certDstFileX509Path; 183 } 184 } 185 |
| 191 log<level::ERR>("Authority certificate x509 file path already used", 192 entry("DIR=%s", certDstDirPath.c_str())); | 186 lg2::error("Authority certificate x509 file path already used, DIR:{DIR}", 187 "DIR", certDstDirPath); |
| 193 elog<InternalFailure>(); 194} 195 196std::string 197 Certificate::generateAuthCertFilePath(const std::string& certSrcFilePath) 198{ 199 // If there is a certificate file path (which means certificate replacement 200 // is doing) use it (do not create new one) --- 85 unchanged lines hidden (view full) --- 286 287 this->emit_object_added(); 288} 289 290Certificate::~Certificate() 291{ 292 if (!fs::remove(certFilePath)) 293 { | 188 elog<InternalFailure>(); 189} 190 191std::string 192 Certificate::generateAuthCertFilePath(const std::string& certSrcFilePath) 193{ 194 // If there is a certificate file path (which means certificate replacement 195 // is doing) use it (do not create new one) --- 85 unchanged lines hidden (view full) --- 281 282 this->emit_object_added(); 283} 284 285Certificate::~Certificate() 286{ 287 if (!fs::remove(certFilePath)) 288 { |
| 294 log<level::INFO>("Certificate file not found!", 295 entry("PATH=%s", certFilePath.c_str())); | 289 lg2::info("Certificate file not found! PATH:{PATH}", "PATH", 290 certFilePath); |
| 296 } 297} 298 299void Certificate::replace(const std::string filePath) 300{ 301 manager.replaceCertificate(this, filePath); 302} 303 304void Certificate::install(const std::string& certSrcFilePath, bool restore) 305{ 306 if (restore) 307 { | 291 } 292} 293 294void Certificate::replace(const std::string filePath) 295{ 296 manager.replaceCertificate(this, filePath); 297} 298 299void Certificate::install(const std::string& certSrcFilePath, bool restore) 300{ 301 if (restore) 302 { |
| 308 log<level::DEBUG>("Certificate install ", 309 entry("FILEPATH=%s", certSrcFilePath.c_str())); | 303 lg2::debug("Certificate install, FILEPATH:{FILEPATH}", "FILEPATH", 304 certSrcFilePath); |
| 310 } 311 else 312 { | 305 } 306 else 307 { |
| 313 log<level::INFO>("Certificate install ", 314 entry("FILEPATH=%s", certSrcFilePath.c_str())); | 308 lg2::info("Certificate install, FILEPATH:{FILEPATH}", "FILEPATH", 309 certSrcFilePath); |
| 315 } 316 317 // stop watch for user initiated certificate install 318 if (certWatch != nullptr) 319 { 320 certWatch->stopWatch(); 321 } 322 323 // Verify the certificate file 324 fs::path file(certSrcFilePath); 325 if (!fs::exists(file)) 326 { | 310 } 311 312 // stop watch for user initiated certificate install 313 if (certWatch != nullptr) 314 { 315 certWatch->stopWatch(); 316 } 317 318 // Verify the certificate file 319 fs::path file(certSrcFilePath); 320 if (!fs::exists(file)) 321 { |
| 327 log<level::ERR>("File is Missing", 328 entry("FILE=%s", certSrcFilePath.c_str())); | 322 lg2::error("File is Missing, FILE:{FILE}", "FILE", certSrcFilePath); |
| 329 elog<InternalFailure>(); 330 } 331 332 try 333 { 334 if (fs::file_size(certSrcFilePath) == 0) 335 { 336 // file is empty | 323 elog<InternalFailure>(); 324 } 325 326 try 327 { 328 if (fs::file_size(certSrcFilePath) == 0) 329 { 330 // file is empty |
| 337 log<level::ERR>("File is empty", 338 entry("FILE=%s", certSrcFilePath.c_str())); | 331 lg2::error("File is empty, FILE:{FILE}", "FILE", certSrcFilePath); |
| 339 elog<InvalidCertificateError>( 340 InvalidCertificate::REASON("File is empty")); 341 } 342 } 343 catch (const fs::filesystem_error& e) 344 { 345 // Log Error message | 332 elog<InvalidCertificateError>( 333 InvalidCertificate::REASON("File is empty")); 334 } 335 } 336 catch (const fs::filesystem_error& e) 337 { 338 // Log Error message |
| 346 log<level::ERR>(e.what(), entry("FILE=%s", certSrcFilePath.c_str())); | 339 lg2::error("File is empty, FILE:{FILE}, ERR:{ERR}", "FILE", 340 certSrcFilePath, "ERR", e); |
| 347 elog<InternalFailure>(); 348 } 349 350 X509StorePtr x509Store = getX509Store(certSrcFilePath); 351 352 // Load Certificate file into the X509 structure. 353 internal::X509Ptr cert = loadCert(certSrcFilePath); 354 355 // Perform validation 356 validateCertificateAgainstStore(*x509Store, *cert); 357 validateCertificateStartDate(*cert); 358 validateCertificateInSSLContext(*cert); 359 360 // Invoke type specific append private key function. 361 if (auto it = appendKeyMap.find(certType); it == appendKeyMap.end()) 362 { | 341 elog<InternalFailure>(); 342 } 343 344 X509StorePtr x509Store = getX509Store(certSrcFilePath); 345 346 // Load Certificate file into the X509 structure. 347 internal::X509Ptr cert = loadCert(certSrcFilePath); 348 349 // Perform validation 350 validateCertificateAgainstStore(*x509Store, *cert); 351 validateCertificateStartDate(*cert); 352 validateCertificateInSSLContext(*cert); 353 354 // Invoke type specific append private key function. 355 if (auto it = appendKeyMap.find(certType); it == appendKeyMap.end()) 356 { |
| 363 log<level::ERR>("Unsupported Type", 364 entry("TYPE=%s", certificateTypeToString(certType))); | 357 lg2::error("Unsupported Type, TYPE:{TYPE}", "TYPE", 358 certificateTypeToString(certType)); |
| 365 elog<InternalFailure>(); 366 } 367 else 368 { 369 it->second(certSrcFilePath); 370 } 371 372 // Invoke type specific compare keys function. 373 if (auto it = typeFuncMap.find(certType); it == typeFuncMap.end()) 374 { | 359 elog<InternalFailure>(); 360 } 361 else 362 { 363 it->second(certSrcFilePath); 364 } 365 366 // Invoke type specific compare keys function. 367 if (auto it = typeFuncMap.find(certType); it == typeFuncMap.end()) 368 { |
| 375 log<level::ERR>("Unsupported Type", 376 entry("TYPE=%s", certificateTypeToString(certType))); | 369 lg2::error("Unsupported Type, TYPE:{TYPE}", "TYPE", 370 certificateTypeToString(certType)); |
| 377 elog<InternalFailure>(); 378 } 379 else 380 { 381 it->second(certSrcFilePath); 382 } 383 384 copyCertificate(certSrcFilePath, certFilePath); --- 12 unchanged lines hidden (view full) --- 397 } 398} 399 400void Certificate::install(X509_STORE& x509Store, const std::string& pem, 401 bool restore) 402{ 403 if (restore) 404 { | 371 elog<InternalFailure>(); 372 } 373 else 374 { 375 it->second(certSrcFilePath); 376 } 377 378 copyCertificate(certSrcFilePath, certFilePath); --- 12 unchanged lines hidden (view full) --- 391 } 392} 393 394void Certificate::install(X509_STORE& x509Store, const std::string& pem, 395 bool restore) 396{ 397 if (restore) 398 { |
| 405 log<level::DEBUG>("Certificate install ", 406 entry("PEM_STR=%s", pem.data())); | 399 lg2::debug("Certificate install, PEM_STR:{PEM_STR}", "PEM_STR", pem); |
| 407 } 408 else 409 { | 400 } 401 else 402 { |
| 410 log<level::INFO>("Certificate install ", 411 entry("PEM_STR=%s", pem.data())); | 403 lg2::info("Certificate install, PEM_STR:{PEM_STR} ", "PEM_STR", pem); |
| 412 } 413 414 if (certType != CertificateType::authority) 415 { | 404 } 405 406 if (certType != CertificateType::authority) 407 { |
| 416 log<level::ERR>("Bulk install error: Unsupported Type; only authority " 417 "supports bulk install", 418 entry("TYPE=%s", certificateTypeToString(certType))); | 408 lg2::error("Bulk install error: Unsupported Type; only authority " 409 "supports bulk install, TYPE:{TYPE}", 410 "TYPE", certificateTypeToString(certType)); |
| 419 elog<InternalFailure>(); 420 } 421 422 // stop watch for user initiated certificate install 423 if (certWatch) 424 { 425 certWatch->stopWatch(); 426 } --- 50 unchanged lines hidden (view full) --- 477 certFileX509Path = 478 generateAuthCertFileX509Path(certFilePath, certInstallPath); 479 fs::create_symlink(fs::path(certFilePath), 480 fs::path(certFileX509Path)); 481 } 482 } 483 catch (const std::exception& e) 484 { | 411 elog<InternalFailure>(); 412 } 413 414 // stop watch for user initiated certificate install 415 if (certWatch) 416 { 417 certWatch->stopWatch(); 418 } --- 50 unchanged lines hidden (view full) --- 469 certFileX509Path = 470 generateAuthCertFileX509Path(certFilePath, certInstallPath); 471 fs::create_symlink(fs::path(certFilePath), 472 fs::path(certFileX509Path)); 473 } 474 } 475 catch (const std::exception& e) 476 { |
| 485 log<level::ERR>("Failed to create symlink for certificate", 486 entry("ERR=%s", e.what()), 487 entry("FILE=%s", certFilePath.c_str()), 488 entry("SYMLINK=%s", certFileX509Path.c_str())); | 477 lg2::error("Failed to create symlink for certificate, ERR:{ERR}," 478 "FILE:{FILE}, SYMLINK:{SYMLINK}", 479 "ERR", e, "FILE", certFilePath, "SYMLINK", 480 certFileX509Path); |
| 489 elog<InternalFailure>(); 490 } 491 } 492} 493 494void Certificate::populateProperties(X509& cert) 495{ 496 // Update properties if no error thrown --- 72 unchanged lines hidden (view full) --- 569 validNotBefore((days * dayToSeconds) + secs); 570} 571 572void Certificate::checkAndAppendPrivateKey(const std::string& filePath) 573{ 574 BIOMemPtr keyBio(BIO_new(BIO_s_file()), ::BIO_free); 575 if (!keyBio) 576 { | 481 elog<InternalFailure>(); 482 } 483 } 484} 485 486void Certificate::populateProperties(X509& cert) 487{ 488 // Update properties if no error thrown --- 72 unchanged lines hidden (view full) --- 561 validNotBefore((days * dayToSeconds) + secs); 562} 563 564void Certificate::checkAndAppendPrivateKey(const std::string& filePath) 565{ 566 BIOMemPtr keyBio(BIO_new(BIO_s_file()), ::BIO_free); 567 if (!keyBio) 568 { |
| 577 log<level::ERR>("Error occurred during BIO_s_file call", 578 entry("FILE=%s", filePath.c_str())); | 569 lg2::error("Error occurred during BIO_s_file call, FILE:{FILE}", "FILE", 570 filePath); |
| 579 elog<InternalFailure>(); 580 } 581 BIO_read_filename(keyBio.get(), filePath.c_str()); 582 583 EVPPkeyPtr priKey( 584 PEM_read_bio_PrivateKey(keyBio.get(), nullptr, nullptr, nullptr), 585 ::EVP_PKEY_free); 586 if (!priKey) 587 { | 571 elog<InternalFailure>(); 572 } 573 BIO_read_filename(keyBio.get(), filePath.c_str()); 574 575 EVPPkeyPtr priKey( 576 PEM_read_bio_PrivateKey(keyBio.get(), nullptr, nullptr, nullptr), 577 ::EVP_PKEY_free); 578 if (!priKey) 579 { |
| 588 log<level::INFO>("Private key not present in file", 589 entry("FILE=%s", filePath.c_str())); | 580 lg2::info("Private key not present in file, FILE:{FILE}", "FILE", 581 filePath); |
| 590 fs::path privateKeyFile = fs::path(certInstallPath).parent_path(); 591 privateKeyFile = privateKeyFile / defaultPrivateKeyFileName; 592 if (!fs::exists(privateKeyFile)) 593 { | 582 fs::path privateKeyFile = fs::path(certInstallPath).parent_path(); 583 privateKeyFile = privateKeyFile / defaultPrivateKeyFileName; 584 if (!fs::exists(privateKeyFile)) 585 { |
| 594 log<level::ERR>("Private key file is not found", 595 entry("FILE=%s", privateKeyFile.c_str())); | 586 lg2::error("Private key file is not found, FILE:{FILE}", "FILE", 587 privateKeyFile); |
| 596 elog<InternalFailure>(); 597 } 598 599 std::ifstream privKeyFileStream; 600 std::ofstream certFileStream; 601 privKeyFileStream.exceptions(std::ifstream::failbit | 602 std::ifstream::badbit | 603 std::ifstream::eofbit); --- 6 unchanged lines hidden (view full) --- 610 certFileStream.open(filePath, std::ios::app); 611 certFileStream << std::endl; // insert line break 612 certFileStream << privKeyFileStream.rdbuf() << std::flush; 613 privKeyFileStream.close(); 614 certFileStream.close(); 615 } 616 catch (const std::exception& e) 617 { | 588 elog<InternalFailure>(); 589 } 590 591 std::ifstream privKeyFileStream; 592 std::ofstream certFileStream; 593 privKeyFileStream.exceptions(std::ifstream::failbit | 594 std::ifstream::badbit | 595 std::ifstream::eofbit); --- 6 unchanged lines hidden (view full) --- 602 certFileStream.open(filePath, std::ios::app); 603 certFileStream << std::endl; // insert line break 604 certFileStream << privKeyFileStream.rdbuf() << std::flush; 605 privKeyFileStream.close(); 606 certFileStream.close(); 607 } 608 catch (const std::exception& e) 609 { |
| 618 log<level::ERR>("Failed to append private key", 619 entry("ERR=%s", e.what()), 620 entry("SRC=%s", privateKeyFile.c_str()), 621 entry("DST=%s", filePath.c_str())); | 610 lg2::error( 611 "Failed to append private key, ERR:{ERR}, SRC:{SRC}, DST:{DST}", 612 "ERR", e, "SRC", privateKeyFile, "DST", filePath); |
| 622 elog<InternalFailure>(); 623 } 624 } 625} 626 627bool Certificate::compareKeys(const std::string& filePath) 628{ | 613 elog<InternalFailure>(); 614 } 615 } 616} 617 618bool Certificate::compareKeys(const std::string& filePath) 619{ |
| 629 log<level::INFO>("Certificate compareKeys", 630 entry("FILEPATH=%s", filePath.c_str())); | 620 lg2::info("Certificate compareKeys, FILEPATH:{FILEPATH}", "FILEPATH", 621 filePath); |
| 631 internal::X509Ptr cert(X509_new(), ::X509_free); 632 if (!cert) 633 { | 622 internal::X509Ptr cert(X509_new(), ::X509_free); 623 if (!cert) 624 { |
| 634 log<level::ERR>("Error occurred during X509_new call", 635 entry("FILE=%s", filePath.c_str()), 636 entry("ERRCODE=%lu", ERR_get_error())); | 625 lg2::error( 626 "Error occurred during X509_new call, FILE:{FILE}, ERRCODE:{ERRCODE}", 627 "FILE", filePath, "ERRCODE", ERR_get_error()); |
| 637 elog<InternalFailure>(); 638 } 639 640 BIOMemPtr bioCert(BIO_new_file(filePath.c_str(), "rb"), ::BIO_free); 641 if (!bioCert) 642 { | 628 elog<InternalFailure>(); 629 } 630 631 BIOMemPtr bioCert(BIO_new_file(filePath.c_str(), "rb"), ::BIO_free); 632 if (!bioCert) 633 { |
| 643 log<level::ERR>("Error occurred during BIO_new_file call", 644 entry("FILE=%s", filePath.c_str())); | 634 lg2::error("Error occurred during BIO_new_file call, FILE:{FILE}", 635 "FILE", filePath); |
| 645 elog<InternalFailure>(); 646 } 647 648 X509* x509 = cert.get(); 649 PEM_read_bio_X509(bioCert.get(), &x509, nullptr, nullptr); 650 651 EVPPkeyPtr pubKey(X509_get_pubkey(cert.get()), ::EVP_PKEY_free); 652 if (!pubKey) 653 { | 636 elog<InternalFailure>(); 637 } 638 639 X509* x509 = cert.get(); 640 PEM_read_bio_X509(bioCert.get(), &x509, nullptr, nullptr); 641 642 EVPPkeyPtr pubKey(X509_get_pubkey(cert.get()), ::EVP_PKEY_free); 643 if (!pubKey) 644 { |
| 654 log<level::ERR>("Error occurred during X509_get_pubkey", 655 entry("FILE=%s", filePath.c_str()), 656 entry("ERRCODE=%lu", ERR_get_error())); | 645 lg2::error( 646 "Error occurred during X509_get_pubkey, FILE:{FILE}, ERRCODE:{ERRCODE}", 647 "FILE", filePath, "ERRCODE", ERR_get_error()); |
| 657 elog<InvalidCertificateError>( 658 InvalidCertificate::REASON("Failed to get public key info")); 659 } 660 661 BIOMemPtr keyBio(BIO_new(BIO_s_file()), ::BIO_free); 662 if (!keyBio) 663 { | 648 elog<InvalidCertificateError>( 649 InvalidCertificate::REASON("Failed to get public key info")); 650 } 651 652 BIOMemPtr keyBio(BIO_new(BIO_s_file()), ::BIO_free); 653 if (!keyBio) 654 { |
| 664 log<level::ERR>("Error occurred during BIO_s_file call", 665 entry("FILE=%s", filePath.c_str())); | 655 lg2::error("Error occurred during BIO_s_file call, FILE:{FILE}", "FILE", 656 filePath); |
| 666 elog<InternalFailure>(); 667 } 668 BIO_read_filename(keyBio.get(), filePath.c_str()); 669 670 EVPPkeyPtr priKey( 671 PEM_read_bio_PrivateKey(keyBio.get(), nullptr, nullptr, nullptr), 672 ::EVP_PKEY_free); 673 if (!priKey) 674 { | 657 elog<InternalFailure>(); 658 } 659 BIO_read_filename(keyBio.get(), filePath.c_str()); 660 661 EVPPkeyPtr priKey( 662 PEM_read_bio_PrivateKey(keyBio.get(), nullptr, nullptr, nullptr), 663 ::EVP_PKEY_free); 664 if (!priKey) 665 { |
| 675 log<level::ERR>("Error occurred during PEM_read_bio_PrivateKey", 676 entry("FILE=%s", filePath.c_str()), 677 entry("ERRCODE=%lu", ERR_get_error())); | 666 lg2::error( 667 "Error occurred during PEM_read_bio_PrivateKey, FILE:{FILE}, ERRCODE:{ERRCODE}", 668 "FILE", filePath, "ERRCODE", ERR_get_error()); |
| 678 elog<InvalidCertificateError>( 679 InvalidCertificate::REASON("Failed to get private key info")); 680 } 681 682#if (OPENSSL_VERSION_NUMBER < 0x30000000L) 683 int32_t rc = EVP_PKEY_cmp(priKey.get(), pubKey.get()); 684#else 685 int32_t rc = EVP_PKEY_eq(priKey.get(), pubKey.get()); 686#endif 687 if (rc != 1) 688 { | 669 elog<InvalidCertificateError>( 670 InvalidCertificate::REASON("Failed to get private key info")); 671 } 672 673#if (OPENSSL_VERSION_NUMBER < 0x30000000L) 674 int32_t rc = EVP_PKEY_cmp(priKey.get(), pubKey.get()); 675#else 676 int32_t rc = EVP_PKEY_eq(priKey.get(), pubKey.get()); 677#endif 678 if (rc != 1) 679 { |
| 689 log<level::ERR>("Private key is not matching with Certificate", 690 entry("FILE=%s", filePath.c_str()), 691 entry("ERRCODE=%d", rc)); | 680 lg2::error( 681 "Private key is not matching with Certificate, FILE:{FILE}, ERRCODE:{ERRCODE}", 682 "FILE", filePath, "ERRCODE", rc); |
| 692 return false; 693 } 694 return true; 695} 696 697void Certificate::delete_() 698{ 699 manager.deleteCertificate(this); --- 23 unchanged lines hidden --- | 683 return false; 684 } 685 return true; 686} 687 688void Certificate::delete_() 689{ 690 manager.deleteCertificate(this); --- 23 unchanged lines hidden --- |