catch exceptions as const

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I5dd93e951abc51abb78d3798d7ca2b32d333ee76

exception: switch to public sdbus exception

SdBusError was intended to be a private error type inside sdbusplus.
Switch all catch locations to use the general sdbusplus::exception type.

Signed-off-

exception: switch to public sdbus exception

SdBusError was intended to be a private error type inside sdbusplus.
Switch all catch locations to use the general sdbusplus::exception type.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I48d2dfbed5d63be184aa573ad2e12c653992baa6

show more ...

Add fix for Missing "OU" OrganizationalUnit CSR

generateCSR function missed to include the "OU" field
information during CSR generation. Fix is to add this
missing field in the CSR.

Details availab

Add fix for Missing "OU" OrganizationalUnit CSR

generateCSR function missed to include the "OU" field
information during CSR generation. Fix is to add this
missing field in the CSR.

Details available in issue #phosphor-certificate-manager/18

Tested:
Created CSR string and verified "OU" field is present.

Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
Change-Id: I70a7d53f85b01241b91e40e666539c194e217973

show more ...

genCSR: Fix to catch InvalidArgument exception

Currently unit test cases (TestGenerateCSRwithUnsupportedKeyPairAlgorithm and
TestRSAKeyWithUnsupportedKeyBitLength) are failed with below mentioned er

genCSR: Fix to catch InvalidArgument exception

Currently unit test cases (TestGenerateCSRwithUnsupportedKeyPairAlgorithm and
TestRSAKeyWithUnsupportedKeyBitLength) are failed with below mentioned error when
using unsupported values to generate CSR. The problem is, did not catch the thrown
exception for handling unsupported values. So, In this patch added catch block to
capture the thrown exception.

Error:
C++ exception with description "xyz.openbmc_project.Common.Error.InvalidArgument:
Invalid argument was given." thrown in the test body.

TestedBy:
- Ran Unit Test cases.

Signed-off-by: Ramesh Iyyar <rameshi1@in.ibm.com>
Change-Id: I4ec0b8a926dacd4c3fb6751e48502776d5cc436b

show more ...

Fix application crash issue with uncaught exception

This change is to not to let the certificate manager crash
with uncaught exception in the constructor.

Due to uncaught exception during code upda

Fix application crash issue with uncaught exception

This change is to not to let the certificate manager crash
with uncaught exception in the constructor.

Due to uncaught exception during code update application was crashing
as shown in below traces
phosphor-certificate-manager[804]: Legacy certificate detected, will be
installed from:
phosphor-certificate-manager[804]: The operation is not allowed
hosphor-certificate-manager[804]: terminate called after throwing an instance of
'sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed'

Also caters to fix
https://github.com/openbmc/phosphor-certificate-manager/issues/12

could not reproduce issue12 but this fix should help

Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
Change-Id: If0156c35dcc8b44659c4846215b6f45a81685c3e

show more ...

Change InternalFailure to NotAllowed for replace

This patch is about using NotAllowed instead of InternalFailure for
certificate replacement routine. Currently there is a check to prevent
replacing

Change InternalFailure to NotAllowed for replace

This patch is about using NotAllowed instead of InternalFailure for
certificate replacement routine. Currently there is a check to prevent
replacing current certificate with certificate with subject/issuer
already existing on the certificate list (currently replacing
certificate is not taken into account). And for that case it makes
sense to use NotAllowed error instead of InternalFailure.

Tested by replacing one of the currently available certificates with
new one with subject/issuer the same as one of the currently available
certificate.

Signed-off-by: Zbigniew Lukwinski <zbigniew.lukwinski@linux.intel.com>
Change-Id: Ia480e8fe9b70ba7f0291541f47e78680f48a3646

show more ...

Refactoring of certificates managing and storing

This commit is about third stage code refactoring proposed by Zbigniew
Kurzynski (zbigniew.kurzynski@intel.com) on the mailing list
("phosphor-certif

Refactoring of certificates managing and storing

This commit is about third stage code refactoring proposed by Zbigniew
Kurzynski (zbigniew.kurzynski@intel.com) on the mailing list
("phosphor-certificate-manager refactoring"): "Changing the way of
managing and storing TrustStore certificates".

Following changes are being implemented:
- each certificate has its own and unique ID,
- authority certificates are kept in files with random names under
/etc/ssl/certs/authority and symlinks (based on subject name hash) are
created to satisfy OpenSSL library,
- restarting bmcweb was moved from certificate class to certs_manager
class
- certificate uniqueness is based on certificate ID and checked while
installing and replacing operation in certs_manager class.

Tested by doing installing/replacing/removing operations on certificate
storage using RedFish API.

Signed-off-by: Zbigniew Lukwinski <zbigniew.lukwinski@linux.intel.com>
Change-Id: I0b02a10b940279c46ad9ee07925794262133b1b0

show more ...

Limit access permissions for authority cert directory.

This patch is about limit access permissions for authority certificates
directory. Additionally this patch fixes UTs issues catched here:
https

Limit access permissions for authority cert directory.

This patch is about limit access permissions for authority certificates
directory. Additionally this patch fixes UTs issues catched here:
https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-certificate-manager/+/26835
and disscussed here:
https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-certificate-manager/+/27810

Tested:
1) All UTs passed.
2) Manually checked access permissions:
root@intel-obmc:~# ls -al /etc/ssl/certs
drwx------ 4 root root 80 Dec 10 12:31 .
drwxr-xr-x 3 root root 80 Dec 10 12:31 ..
drwx------ 2 root root 40 Dec 10 12:31 authority
drwx------ 2 root root 60 Dec 10 12:31 https

Signed-off-by: Zbigniew Lukwinski <zbigniew.lukwinski@linux.intel.com>
Change-Id: I63c698fa776aec01eed44e91ebbae956e707d52d
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>

show more ...

Allow only root user to access certificates

This change is to cater allowing only root user to read/write
certificates.

Users with ReadOnly and Callback privilege will not be allowed to
access the

Allow only root user to access certificates

This change is to cater allowing only root user to read/write
certificates.

Users with ReadOnly and Callback privilege will not be allowed to
access the certificate folder

At present setting 700 permission for the certificate folder.

Tested:
1) Verified ldap certificate at /etc/nslcd/certs is not accessible
to read only users.
2) Verified https certificate at /etc/ssl/certs/https is not
accessible to read only users
3) verfied authority certificate at /etc/ssl/certs/ is not accessible
to read only users.

Change-Id: I20acb1bf449f64282c6b692bd7063dcdedbd311d
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>

show more ...

Certificate delete API – backend.

Till now the Certificate Manager has one-to-one relation with a
Certificate class. And the DELETE API provided by the
Certificate Manager was enough to delete manag

Certificate delete API – backend.

Till now the Certificate Manager has one-to-one relation with a
Certificate class. And the DELETE API provided by the
Certificate Manager was enough to delete managed by it certificate.

With introducing Mutual-TLS the relation is changing to one-to-many
and current delete API is not sufficient. This commit adds DELETE
interface to Certificate class, so each of them can be removed
individually. This implementation was done on base of current user
account management implementation. The Certificate class exposes the
delete interface on DBus. When the API is called the Certificate
instance calls proper operation on Certificate Manager which
removes it from its internal collection. The rest of the removing
certificate process, including service reset remains as it was.

Tested with uploaded multiple TLS certificates.
Each Certificate exposes Delete interface on dbus and user is able
to delete each of them. The delete API on Certificate Manager object
was replaced with DeleteAll interface and results in deleting all
loaded certificates.

Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: I9dd6fa998e8bd8081fbd13549831bc94a4a7aa54

show more ...

Enable limiting authority certificates amount.

This patch enables check about authority certificates amount limit
and disallows to install new certificate in case limit violation.

Tested: Tests wer

Enable limiting authority certificates amount.

This patch enables check about authority certificates amount limit
and disallows to install new certificate in case limit violation.

Tested: Tests were performed manually by trying to install dozen
authority certificates over RedFish.

Signed-off-by: Zbigniew Lukwinski <zbigniew.lukwinski@linux.intel.com>
Change-Id: Iea83f05e7b6b0ad3e32bc3f2aba710de863b6d34

show more ...

Support uploading multiple certificates per authority service.

This request is a proposition of extending current mode=authority
with support for multiple certificates instead of single one.

This r

Support uploading multiple certificates per authority service.

This request is a proposition of extending current mode=authority
with support for multiple certificates instead of single one.

This review addresses also this issue:
https://github.com/openbmc/phosphor-certificate-manager/issues/3
but with a restriction to mode=authority. Other modes still operates
on a single certification file.

New mode requires that user provides directory path instead of certificate path
as --path argument if using --type=authority.

Tested:
- Manually tested Install, Remove and Replace paths for existing modes
to confirm no change of behavior occurs (authority, client, server)
- Manually tested Install, Remove and Replace paths for authority mode
to confirm that it behaves as expected i.e. filename is changed on certificate
replacement that mirrors change in certificate hash
- Confirmed no regression in unit tests

Change-Id: Icd33723c1fc2580679aaaf54b3e99dfb09342402
Signed-off-by: Kowalski, Kamil <kamil.kowalski@intel.com>
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>

show more ...

Support uploading multiple certificates [install-backend]

To enable multiple certificates support in certificate manager,
and resolve following issues :

openbmc/phosphor-certificate-manager#3,
op

Support uploading multiple certificates [install-backend]

To enable multiple certificates support in certificate manager,
and resolve following issues :

openbmc/phosphor-certificate-manager#3,
openbmc/bmcweb#84

the Install method should return a string with dbus path to just
created certificate. It will allow to recognize a new certificate
and return proper values in redfish response to certificate POST
method.

This change depends on interface change available under this review:
https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-dbus-interfaces/+/25632

Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Depends-On: I58bfb8a86f56923e7f7aca0d10ed7838537d7c14
Change-Id: Ic8ab545c931d89a022acdabd5a755e3bf39e5a79

show more ...

Fix extended key usage value while generating CSR

At present extended key usage values are added as
key usage values while generating CSR fixed the same.

Tested:
Verified that key usage and extende

Fix extended key usage value while generating CSR

At present extended key usage values are added as
key usage values while generating CSR fixed the same.

Tested:
Verified that key usage and extended key usage values are
displayed properly

[devenrao]$ openssl req -text -in n1.csr
Certificate Request:
Data:
Version: 1 (0x1)
Subject: subjectAltName=an.com/subjectAltName=bm.com, L=NJ,
CN=w3.ibm.com/name=cp, C=US/emailAddress=abc.com,
GN=gn/initials=in/algorithm=EC/extendedKeyUsage=ServerAuthentication/keyUsage=KeyCertSign/keyUsage=DigitalSignature,
O=IBM, ST=NY, SN=sn/unstructuredName=un
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey

Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
Change-Id: I80e2f82696a695ea551cbb01f6a0fd5a2a416663

show more ...

Fix certificate manager failure after factory reset

Private key file is pre-generated during startup of service
for CSR generation as it is time consuming operation.

Noticed after factory reset whe

Fix certificate manager failure after factory reset

Private key file is pre-generated during startup of service
for CSR generation as it is time consuming operation.

Noticed after factory reset when writing private key it is
trying to create file to non existing directory.

Modified to create parent directory structure before creating
private key file

Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
Change-Id: Ida296a0ed139aee0d594870b7d71e376f5b5f7c8

show more ...

Generate RSA Private Key file during application startup

Generating RSA private key file during application startup if rsa key
file is not found. Here, the rsa private key file is a hidden file
(.rs

Generate RSA Private Key file during application startup

Generating RSA private key file during application startup if rsa key
file is not found. Here, the rsa private key file is a hidden file
(.rsaprivkey.pem) and placed in certificate file install path which is
given during application startup.

This generated rsa private key file will be used to create private key
and csr files if certificate manager received the generateCSR request
with key pair algorithm as RSA. So, the every time rsa key generation
is avoided, because rsa key is generated with keybitlength as 2048
during application startup.

From this change, certificate manager will support only 2048 as key
bit length to generated rsa key pair. If user given other than 2048,
application will throw error.

Tested By:
- Added below unit test case
* To check rsa private key file is generated during application
startup.
* To validate unsupported key bit length.
* To check rsa private key file is present or not.
* To check rsa private key is picked from rsa private key file
while receive the generateCSR request.
- Manual test case
* Restarted certificate manager application to check rsa private
key file is generated.
systemctl restart phosphor-certificate-manager@bmcweb.service

* Invoked genearteCSR request by using curl command to check
generated rsa private key file is used to create private key
and csr file.
curl -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token" -X POST
https://${bmc}/redfish/v1/CertificateService/Actions/
CertificateService.GenerateCSR/ -d @generate_https.json

Change-Id: I876779f1ab36f52774c52041d68304a610ea261b
Signed-off-by: Ramesh Iyyar <rameshi1@in.ibm.com>

show more ...

Manage certificates created by applications

Added watch on certificate path to watch on certificates
created/updated by apps.

As part of watch notification, create new D-Bus new certificate
and for

Manage certificates created by applications

Added watch on certificate path to watch on certificates
created/updated by apps.

As part of watch notification, create new D-Bus new certificate
and for existing D-Bus object update the properties.

Tested:
Test case 1
1) Ensure no certificate is present
2) Restart certificate service
3) Restart bmcweb service
4) Verified that certificate object is created for the
self-signed certificate created by bmcweb.

Test case 2
1) After a certificate is present
2) Modify the bmcweb certificate by replacing it
with a valid certificate manually.
3) Verified that certificate manager is notified
and certificate objects properties are updated.

Test case 3
1) Upload CSR based certificate file
2) Verified that private key is appended to the file

Test case 4
1) Create a dummy file in certificate folder
2) Verified that notification is received and file is ignored

Test case 5
1) Verified install, replace, generate csr.

Change-Id: I7d1e3624958e4b68e5ba7bc6150c19b11fca501a
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>

show more ...

Added support to generate CSR based on ECC approach

In existing, phosphor-certificate-manager is supported RSA approach to
generate CSR. As per Redfish certificate schema, CSR can generate either
RS

Added support to generate CSR based on ECC approach

In existing, phosphor-certificate-manager is supported RSA approach to
generate CSR. As per Redfish certificate schema, CSR can generate either
RSA or ECC by passing KeyPairAlgorithm. So, In this commit ECC based CSR
generation is added.

Openssl API are used for generating ECC key pair.

User Input Validation:
- ECC approach is used as default if user does not give algorithm type.
- Default KeyBitLength and CurveId used as "2048" and "secp224r1"
respectively if user does not give.
- Error will be thrown if algorithm given other than RSA and ECC.

In this commit refactor also done by splitting RSA key generation from
writePrivateKey().

Tested by:
- Added unit test cases to verify unsupported KeyPairAlgorithm and
KeyPairCurveID, ECC Key generation.

- Tested by BMC-web(Redfish) to generate CSR based on ECC.
curl -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token" -X POST
https://${bmc}/redfish/v1/CertificateService/Actions/
CertificateService.GenerateCSR/ -d @generate_https.json

Change-Id: I523293ee2ff6da2964e8c3d4380eefc96bf1f36b
Signed-off-by: Ramesh Iyyar <rameshi1@in.ibm.com>

show more ...

Add Generate Key and Certificate Signing Request (CSR)

Generates Private key and CSR file, at present supporing
only RSA algorithm type.

-The generateCSR method defined in Create interface is imple

Add Generate Key and Certificate Signing Request (CSR)

Generates Private key and CSR file, at present supporing
only RSA algorithm type.

-The generateCSR method defined in Create interface is implemented
by manager class to Create CSR and PrivateKey files.

-The cSR method defined in View interface is implemented by CSR
class to view CSR file.

- Generate CSR is time consuming operation and it might time-out
the D-Bus call. Forking process and performing CSR generation in
the child process, adding the process ID of the child process to the
SD Event loop so that callback is received when the chid process
is done with the CSR generation.

- As the GenerateCSR method returns immediately, caller need
to wait on InterfacesAdded signal that is generated after completion
of the CSR request. The caller then invokes cSR method of
CSR interface to read the CSR.

- For any failure in Generate CSR CSR object is created with error
status.

- CSR object raises exception if error is set else CSR data is
returned to the caller.

- To cater for failure cases caller need to start a timer, which
will be terminated after getting InterfaceAdded signal or upon timeout.

-Added Unit tests.
Tested:
1) Added unit tests to verify CSR generation
2) Tested with Redfish to generate and view CSR
curl -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token" -X POST
https://${bmc}/redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR/
-d @generate.jon

{
"CSRString": "-----BEGIN CERTIFICATE REQUEST---7E=\n-----END CERTIFICATE
REQUEST-----\n",
"CertificateCollection": {
"@odata.id": "/redfish/v1/AccountService/LDAP/Certificates/"
}
}
Change-Id: I1e3ae8df45f87bfd8903f552d93c4df1af7c569f
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>

show more ...

Pass flag to skip restart of units for certificate object

During bootup Certificate objects are created by
loading the existing certificates in the system.

At present system is restarting/reloading

Pass flag to skip restart of units for certificate object

During bootup Certificate objects are created by
loading the existing certificates in the system.

At present system is restarting/reloading units
after a certificate object is created, but the
units to restart/reload might not be up yet
causing failure.

Reloading of services is required only when a new
certificate is installed/replaced onto the system.

Modified to not to reload the specified units for
the certificate objects created for existing
certificates in the system.

Change-Id: I211a8386de1a5aa0a42d11cb89945bafa6792ba4
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>

show more ...

Implement Replace interface for Certificate objects

Replace interface is used to replace an existing certificate.

Change-Id: Ibf4bbc9a96fd68b25e447c1b11a24be42c547a26
Signed-off-by: Marri Devender

Implement Replace interface for Certificate objects

Replace interface is used to replace an existing certificate.

Change-Id: Ibf4bbc9a96fd68b25e447c1b11a24be42c547a26
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>

show more ...

Support creation/deletion of D-Bus certificate object

During certificate upload through REST or through POST on
CertificateCollection create certificate object, validate
certificate and copy certfic

Support creation/deletion of D-Bus certificate object

During certificate upload through REST or through POST on
CertificateCollection create certificate object, validate
certificate and copy certficate to the system.

Supported deletion of certificate object, thought it is
available only for REST based systems

Tested:
1. Verified certificate object is created if certificate exists
2. Verified certificate object is created during install
3. Verified certificate properties
Change-Id: If31aa939c9cb75b5d683a7614ddc55ad38297874
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>

show more ...

Create cerificate object during startup for existing certificate

During service start check if certificate file already exist if so
load the certificate file, validate and create certificate object

Create cerificate object during startup for existing certificate

During service start check if certificate file already exist if so
load the certificate file, validate and create certificate object

Change-Id: If0d62cc52fa34b8992b63fc49ed8014280b3e469
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>

show more ...

Refactor code for uploading different types of certificates

Introduced new Certificate class that caters for a certificate
upload and certificate replace.

As part of refactoring moved the validatio

Refactor code for uploading different types of certificates

Introduced new Certificate class that caters for a certificate
upload and certificate replace.

As part of refactoring moved the validation of certificate
from Manager class to Certificate class so that the logic
can be used both for replacing of an existing certificate
and also for certificate upload.

Disabling test cases as complete functionality is not
available in the patches due to refactoring

Change-Id: Ia51db8cc81881a1c3c63dd2ca1c6f16a8d52a13f
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>

show more ...

Replace std::bind with lambda expressions

This will help to reduce runtime overhead.

Change-Id: Iccdf249e78535423d9e5b360d081d2c4b2e42ffc
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>