1a49895eeSRavi Teja #include "config.h" 2a49895eeSRavi Teja 3a49895eeSRavi Teja #include "ca_certs_manager.hpp" 4a49895eeSRavi Teja 5a49895eeSRavi Teja #include <phosphor-logging/elog-errors.hpp> 6a49895eeSRavi Teja #include <phosphor-logging/elog.hpp> 7*f2646271SRavi Teja #include <phosphor-logging/lg2.hpp> 8a49895eeSRavi Teja #include <xyz/openbmc_project/Common/error.hpp> 9a49895eeSRavi Teja 10223e4604SPatrick Williams #include <filesystem> 11223e4604SPatrick Williams #include <fstream> 12223e4604SPatrick Williams 13e1289adfSNan Zhou namespace ca::cert 14a49895eeSRavi Teja { 15a49895eeSRavi Teja namespace fs = std::filesystem; 16cf06ccdcSNan Zhou using ::phosphor::logging::elog; 17cf06ccdcSNan Zhou 18cf06ccdcSNan Zhou using ::sdbusplus::xyz::openbmc_project::Common::Error::InvalidArgument; 19cf06ccdcSNan Zhou using Argument = 20cf06ccdcSNan Zhou ::phosphor::logging::xyz::openbmc_project::Common::InvalidArgument; 21cf06ccdcSNan Zhou 22cf06ccdcSNan Zhou static constexpr size_t maxCertSize = 4096; 23a49895eeSRavi Teja signCSR(std::string csr)24a49895eeSRavi Tejasdbusplus::message::object_path CACertMgr::signCSR(std::string csr) 25a49895eeSRavi Teja { 26a49895eeSRavi Teja std::string objPath; 27a49895eeSRavi Teja try 28a49895eeSRavi Teja { 29a49895eeSRavi Teja if (csr.size() > maxCertSize) 30a49895eeSRavi Teja { 31*f2646271SRavi Teja lg2::error("Invalid CSR size"); 32a49895eeSRavi Teja elog<InvalidArgument>(Argument::ARGUMENT_NAME("CSR"), 33a49895eeSRavi Teja Argument::ARGUMENT_VALUE(csr.c_str())); 34a49895eeSRavi Teja } 35a49895eeSRavi Teja auto id = lastEntryId + 1; 36223e4604SPatrick Williams objPath = fs::path(objectNamePrefix) / "ca" / "entry" / 37223e4604SPatrick Williams std::to_string(id); 38a49895eeSRavi Teja std::string cert; 39a49895eeSRavi Teja // Creating the dbus object here with the empty certificate string 40a49895eeSRavi Teja // actual signing is being done by the hypervisor, once it signs then 41a49895eeSRavi Teja // the certificate string would be updated with actual certificate. 42a49895eeSRavi Teja entries.insert(std::make_pair( 43a49895eeSRavi Teja id, std::make_unique<Entry>(bus, objPath, id, csr, cert, *this))); 44a49895eeSRavi Teja lastEntryId++; 45a49895eeSRavi Teja } 46a49895eeSRavi Teja catch (const std::invalid_argument& e) 47a49895eeSRavi Teja { 48*f2646271SRavi Teja lg2::error(e.what()); 49a49895eeSRavi Teja elog<InvalidArgument>(Argument::ARGUMENT_NAME("csr"), 50a49895eeSRavi Teja Argument::ARGUMENT_VALUE(csr.c_str())); 51a49895eeSRavi Teja } 52a49895eeSRavi Teja return objPath; 53a49895eeSRavi Teja } 54a49895eeSRavi Teja erase(uint32_t entryId)55a49895eeSRavi Tejavoid CACertMgr::erase(uint32_t entryId) 56a49895eeSRavi Teja { 57a49895eeSRavi Teja entries.erase(entryId); 58a49895eeSRavi Teja } 59a49895eeSRavi Teja deleteAll()60a49895eeSRavi Tejavoid CACertMgr::deleteAll() 61a49895eeSRavi Teja { 62a49895eeSRavi Teja auto iter = entries.begin(); 63a49895eeSRavi Teja while (iter != entries.end()) 64a49895eeSRavi Teja { 65a49895eeSRavi Teja auto& entry = iter->second; 66a49895eeSRavi Teja ++iter; 67a49895eeSRavi Teja entry->delete_(); 68a49895eeSRavi Teja } 69a49895eeSRavi Teja } 70a49895eeSRavi Teja 71e1289adfSNan Zhou } // namespace ca::cert 72