1 #include "config.h" 2 3 #include "ca_certs_manager.hpp" 4 5 #include <filesystem> 6 #include <fstream> 7 #include <phosphor-logging/elog-errors.hpp> 8 #include <phosphor-logging/elog.hpp> 9 #include <phosphor-logging/log.hpp> 10 #include <xyz/openbmc_project/Common/error.hpp> 11 12 namespace ca 13 { 14 namespace cert 15 { 16 static constexpr auto objectEntry = "/xyz/openbmc_project/certs/entry"; 17 static constexpr auto maxCertSize = 4096; 18 namespace fs = std::filesystem; 19 using namespace phosphor::logging; 20 using InvalidArgument = 21 sdbusplus::xyz::openbmc_project::Common::Error::InvalidArgument; 22 using Argument = xyz::openbmc_project::Common::InvalidArgument; 23 24 sdbusplus::message::object_path CACertMgr::signCSR(std::string csr) 25 { 26 std::string objPath; 27 try 28 { 29 if (csr.size() > maxCertSize) 30 { 31 log<level::ERR>("Invalid CSR size"); 32 elog<InvalidArgument>(Argument::ARGUMENT_NAME("CSR"), 33 Argument::ARGUMENT_VALUE(csr.c_str())); 34 } 35 auto id = lastEntryId + 1; 36 objPath = fs::path(objectEntry) / std::to_string(id); 37 std::string cert; 38 // Creating the dbus object here with the empty certificate string 39 // actual signing is being done by the hypervisor, once it signs then 40 // the certificate string would be updated with actual certificate. 41 entries.insert(std::make_pair( 42 id, std::make_unique<Entry>(bus, objPath, id, csr, cert, *this))); 43 lastEntryId++; 44 } 45 catch (const std::invalid_argument& e) 46 { 47 log<level::ERR>(e.what()); 48 elog<InvalidArgument>(Argument::ARGUMENT_NAME("csr"), 49 Argument::ARGUMENT_VALUE(csr.c_str())); 50 } 51 return objPath; 52 } 53 54 void CACertMgr::erase(uint32_t entryId) 55 { 56 entries.erase(entryId); 57 } 58 59 void CACertMgr::deleteAll() 60 { 61 auto iter = entries.begin(); 62 while (iter != entries.end()) 63 { 64 auto& entry = iter->second; 65 ++iter; 66 entry->delete_(); 67 } 68 } 69 70 } // namespace cert 71 } // namespace ca 72