mtls: implement UPN parse mode

This commit is intended to implement the UserPrincipalName (UPN) parse
mode on mutual TLS (MTLS). By implementing this we can use the X509
certificate extension Subjec

mtls: implement UPN parse mode

This commit is intended to implement the UserPrincipalName (UPN) parse
mode on mutual TLS (MTLS). By implementing this we can use the X509
certificate extension Subject Alternative Name (SAN), specifically UPN
to be used as the username

In our case, this feature is needed because we have a specific format
on our Subject CN of X509 certificate. This format cannot directly
mapped to the username of bmcweb because it contains special
characters (`/` and `:`), which cannot exist in the username.
Changing the format of our Subject CN is very risky. By enabling
this feature we can use other field, which is the SAN extension to
be used as the username and do not change our Subject CN on the
X509 certificate

In general, by implementing this feature, we can enable multiple
options for the system. There might be other cases where we want to
have the username of the bmcweb is not equal to the Subject CN of the
certificate, instead the username is added as the UserPrincipalName
field in the certificate

The format of the UPN is `<username>@<domain>` [1][2]. The format
is similar to email format. The domain name identifies the domain
in which the user is located [3] and it should match the device name's
domain (domain forest).

Tested
- Test using `generate_auth_certificate.py` (extended on patch [4])
- Manual testing (please see the script mentioned above for more detail)
- Setup certificate with UPN inside SAN extension
- Change the CertificateMappingAttribute to use UPN
- Get request to `/SessionService/Sessions`
- Run unit tests

[1] UPN Format: https://learn.microsoft.com/en-us/windows/win32/secauthn/user-name-formats#user-principal-name
[2] UPN Properties: https://learn.microsoft.com/en-us/windows/win32/ad/naming-properties#userprincipalname
[3] UPN Glossary: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wcce/719b890d-62e6-4322-b9b1-1f34d11535b4#gt_9d606f55-b798-4def-bf96-97b878bb92c6
[4] Patch Testing Script: https://gerrit.openbmc.org/c/openbmc/bmcweb/+/78837

Change-Id: I490da8b95aee9579546971e58ab2c4afd64c5997
Signed-off-by: Malik Akbar Hashemi Rafsanjani <malikrafsan@meta.com>

show more ...

clang-format: update latest spec and reformat

Copy the latest format file from the docs repository and apply.

Change-Id: I2f0b9d0fb6e01ed36a2f34c750ba52de3b6d15d1
Signed-off-by: Patrick Williams <p

clang-format: update latest spec and reformat

Copy the latest format file from the docs repository and apply.

Change-Id: I2f0b9d0fb6e01ed36a2f34c750ba52de3b6d15d1
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

Use SPDX identifiers

SPDX identifiers are simpler, and reduce the amount of cruft we have in
code files. They are recommended by linux foundation, and therefore we
should do as they allow.

This pa

Use SPDX identifiers

SPDX identifiers are simpler, and reduce the amount of cruft we have in
code files. They are recommended by linux foundation, and therefore we
should do as they allow.

This patchset does not intend to modify any intent on any existing
copyrights or licenses, only to standardize their inclusion.

[1] https://www.linuxfoundation.org/blog/blog/copyright-notices-in-open-source-software-projects

Change-Id: I935c7c0156caa78fc368c929cebd0f068031e830
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Fix includes

This commit is automatically generated by enabling clang-include-fixer.

Tested: Code compiles.

Change-Id: I475d7b9d43e95bbdeeaadf11905d3b2a60aa8ef3
Signed-off-by: Ed Tanous <etanous@n

Fix includes

This commit is automatically generated by enabling clang-include-fixer.

Tested: Code compiles.

Change-Id: I475d7b9d43e95bbdeeaadf11905d3b2a60aa8ef3
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda forma

clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda formatting also changed, so we have made changes to the
organization default style format to better handle lambda formatting.

See I5e08687e696dd240402a2780158664b7113def0e for updated style.
See Iea0776aaa7edd483fa395e23de25ebf5a6288f71 for clang-18 enablement.

Change-Id: Iceec1dc95b6c908ec6c21fb40093de9dd18bf11a
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

Add case default

Clang-18 notes that this doesn't have a case default. Rearrange.

Tested: unit test pass.

Change-Id: I0e1c9e5aa576ef48466a1ff98d12a3e0cbab3978
Signed-off-by: Ed Tanous <etanous@nv

Add case default

Clang-18 notes that this doesn't have a case default. Rearrange.

Tested: unit test pass.

Change-Id: I0e1c9e5aa576ef48466a1ff98d12a3e0cbab3978
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Break out SSL key handler into a compile unit

This commit allows for no code to have to pull in openssl headers
directly. All openssl code is now included in compile units, or
transitively from boo

Break out SSL key handler into a compile unit

This commit allows for no code to have to pull in openssl headers
directly. All openssl code is now included in compile units, or
transitively from boost.

Because http2 is optional, no-unneeded-internal-declaration is needed to
prevent clang from marking the functions as unused. Chromium has
disabled this as well[1]

Tested:
Redfish service validator passes.

[1] https://issues.chromium.org/issues/40340369

Change-Id: I327e8ffa45941c2282db804d0be56cf64155e67d
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...