x509_utils.hpp - OpenGrok history log for /openbmc/phosphor-certificate-manager/x509

Revision	Date	Author	Comments
# 1eb04fc3	01-Feb-2025	Patrick Williams <patrick@stwcx.xyz>	clang-format: update latest spec and reformat Copy the latest format file from the docs repository and apply. Change-Id: Ia2e47cf46f7481581dc8360553c10a096cafcdce Signed-off-by: Patrick Williams <p clang-format: update latest spec and reformat Copy the latest format file from the docs repository and apply. Change-Id: Ia2e47cf46f7481581dc8360553c10a096cafcdce Signed-off-by: Patrick Williams <patrick@stwcx.xyz> show more ...
# 6ec13c8f	30-Dec-2021	Nan Zhou <nanzhoumails@gmail.com>	Authorities list: implement InstallAll & ReplaceAll This change implements the design in https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/49317. InstallAll: enumerate all certs in the input file Authorities list: implement InstallAll & ReplaceAll This change implements the design in https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/49317. InstallAll: enumerate all certs in the input file and install all of them; ReplaceAll: replace all certs with the new authorities list Atomic: implemented via creating temporary folder and issuing swap. Added ability to unit test service reload as well. Tested: 1. Unit tests 2. Tested loading/deleting authorities list in QEMU. ``` root@xxx:~# busctl call xyz.openbmc_project.Certs.Manager.Authority.Ldap \ > /xyz/openbmc_project/certs/authority/ldap \ > xyz.openbmc_project.Certs.InstallAll \ > InstallAll s /tmp/trust_bundle.pem as 3 "/xyz/openbmc_project/certs/authority/ldap/1" "/xyz/openbmc_project/certs/authority/ldap/2" "/xyz/openbmc_project/certs/authority/ldap/3" root@xxx:~# ls /etc/ssl/certs/authority/ 10a5d8b0.0 5b49ceaa.0 f3ddaa86.0 file0qmgPV fileDbjTzW fileR4TtjO trust_bundle root@xxx:~# busctl call xyz.openbmc_project.Certs.Manager.Authority.Ldap /xyz/openbmc_project/certs/authority/ldap xyz.openbmc_project.Certs.ReplaceAll ReplaceAll s /tmp/trust_bundle.pem root@xxx:~# ls /etc/ssl/certs/authority/ 10a5d8b0.0 5b49ceaa.0 f3ddaa86.0 file1obsEZ fileOqVoaC filerUBZCj trust_bundle root@xxx:~# wget -qO- http://localhost/redfish/v1/Managers/bmc/Truststore/Certificates/ { "@odata.id": "/redfish/v1/Managers/bmc/Truststore/Certificates/", "@odata.type": "#CertificateCollection.CertificateCollection", "Description": "A Collection of TrustStore certificate instances", "Members": [ { "@odata.id": "/redfish/v1/Managers/bmc/Truststore/Certificates/1" }, { "@odata.id": "/redfish/v1/Managers/bmc/Truststore/Certificates/2" }, { "@odata.id": "/redfish/v1/Managers/bmc/Truststore/Certificates/3" } ], "Members@odata.count": 3, "Name": "TrustStore Certificates Collection" } root@xxx:~# wget -qO- http://localhost/redfish/v1/Managers/bmc/Truststore/Certificates/1 { "@odata.id": "/redfish/v1/Managers/bmc/Truststore/Certificates/1", "@odata.type": "#Certificate.v1_0_0.Certificate", "CertificateString": "-----BEGIN CERTIFICATE-----\nMIICZTCCAgugAwIBAgIUANIf0jvaRNq1MdwxrXPnk25VrmYwCgYIKoZIzj0EAwIw\nVTETMBEGA1UEChMKY2FtcHVzLWFzaDENMAsGA1UECxMEcm9vdDEvMC0GA1UEAwwm\ne2QyZWQ1MGJkLTczMTQtNDgxZC04OWE0LTVkMjkxMmYyMGQ5NH0wIBcNNzAwMTAx\nMDAwMDAwWhgPOTk5OTEyMzEyMzU5NTlaMFUxEzARBgNVBAoTCmNhbXB1cy1hc2gx\nDTALBgNVBAsTBHJvb3QxLzAtBgNVBAMMJntkMmVkNTBiZC03MzE0LTQ4MWQtODlh\nNC01ZDI5MTJmMjBkOTR9MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7lp/J3Gj\nc4TKubuYtzpxu2D3STlwTwEjgFbTaLZnQ0KXt7pBrcYc3yY1t74WBluvzM9iok6Q\nDcEFX5aIYcoaAKOBtjCBszAOBgNVHQ8BAf8EBAMCAQYwKQYDVR0lBCIwIAYIKwYB\nBQUHAwEGCCsGAQUFBwMCBgorBgEEAdZ5AgcBMA8GA1UdEwEB/wQFMAMBAf8wHQYD\nVR0OBBYEFIPrX7lbeJhvHHcQ7iYOry50aYKYMBcGA1UdIAQQMA4wDAYKKwYBBAHW\neQIFBDAtBgNVHR4BAf8EIzAhoB8wHYYbLmNhbXB1cy1hc2gucHJvZC5nb29nbGUu\nY29tMAoGCCqGSM49BAMCA0gAMEUCIAS/ZrMPBj992vVVplwzH9DWDCSMu1rCgvqw\nam3byOT1AiEAyrr3FAP+7js7z+h8d94hTyy1kTn+4NOvUWrVzHUmJI8=\n-----END CERTIFICATE-----\n", "Description": "TrustStore Certificate", "Id": "1", "Issuer": { "CommonName": "{d2ed50bd-7314-481d-89a4-5d2912f20d94}", "Organization": "campus-ash", "OrganizationalUnit": "root" }, "KeyUsage": [ "CRLSigning", "ServerAuthentication", "ClientAuthentication", "" ], "Name": "TrustStore Certificate", "Subject": { "CommonName": "{d2ed50bd-7314-481d-89a4-5d2912f20d94}", "Organization": "campus-ash", "OrganizationalUnit": "root" }, "ValidNotAfter": "9999-12-31T23:59:59+00:00", "ValidNotBefore": "1970-01-01T00:00:00+00:00" } ``` Signed-off-by: Nan Zhou <nanzhoumails@gmail.com> Change-Id: I495f5c1c1c4a2ac880dd3233be31b84a78d79a43 show more ...
# e869bb63	30-Dec-2021	Nan Zhou <nanzhoumails@gmail.com>	Add x509 utils This change moves some existing static functions in the Certificate class and x509 related routines into a separate library. These functions will be used in future Authorities List re Add x509 utils This change moves some existing static functions in the Certificate class and x509 related routines into a separate library. These functions will be used in future Authorities List related functions. This change also reduces the number of times Certificate class reads PEM files by passing cert via X509 pointers rather than Certificate paths. Signed-off-by: Nan Zhou <nanzhoumails@gmail.com> Change-Id: Ieb268ee051c3597f2add732902eb0461375a4c3f show more ...