1cfbc8dc8SJayanth Othayoth #include "certs_manager.hpp" 2cfbc8dc8SJayanth Othayoth 3dd74bd20SJayanth Othayoth #include <openssl/bio.h> 4dd74bd20SJayanth Othayoth #include <openssl/crypto.h> 5dd74bd20SJayanth Othayoth #include <openssl/err.h> 6dd74bd20SJayanth Othayoth #include <openssl/evp.h> 7dd74bd20SJayanth Othayoth #include <openssl/pem.h> 8dd74bd20SJayanth Othayoth #include <openssl/x509v3.h> 9dd74bd20SJayanth Othayoth 10cfbc8dc8SJayanth Othayoth #include <experimental/filesystem> 11cfbc8dc8SJayanth Othayoth #include <phosphor-logging/elog-errors.hpp> 12cfbc8dc8SJayanth Othayoth #include <phosphor-logging/elog.hpp> 13cfbc8dc8SJayanth Othayoth #include <phosphor-logging/log.hpp> 14cfbc8dc8SJayanth Othayoth #include <sdbusplus/bus.hpp> 15dd74bd20SJayanth Othayoth #include <xyz/openbmc_project/Certs/Install/error.hpp> 16cfbc8dc8SJayanth Othayoth #include <xyz/openbmc_project/Common/error.hpp> 17cfbc8dc8SJayanth Othayoth 18cfbc8dc8SJayanth Othayoth namespace phosphor 19cfbc8dc8SJayanth Othayoth { 20cfbc8dc8SJayanth Othayoth namespace certs 21cfbc8dc8SJayanth Othayoth { 22dd74bd20SJayanth Othayoth // RAII support for openSSL functions. 23dd74bd20SJayanth Othayoth using BIO_MEM_Ptr = std::unique_ptr<BIO, decltype(&::BIO_free)>; 24dd74bd20SJayanth Othayoth using X509_STORE_CTX_Ptr = 25dd74bd20SJayanth Othayoth std::unique_ptr<X509_STORE_CTX, decltype(&::X509_STORE_CTX_free)>; 26dd74bd20SJayanth Othayoth using X509_LOOKUP_Ptr = 27dd74bd20SJayanth Othayoth std::unique_ptr<X509_LOOKUP, decltype(&::X509_LOOKUP_free)>; 28589159f2SJayanth Othayoth using EVP_PKEY_Ptr = std::unique_ptr<EVP_PKEY, decltype(&::EVP_PKEY_free)>; 29cfbc8dc8SJayanth Othayoth 30dd74bd20SJayanth Othayoth namespace fs = std::experimental::filesystem; 31cfbc8dc8SJayanth Othayoth using namespace phosphor::logging; 32cfbc8dc8SJayanth Othayoth using InternalFailure = 33cfbc8dc8SJayanth Othayoth sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure; 34dd74bd20SJayanth Othayoth using InvalidCertificate = 35dd74bd20SJayanth Othayoth sdbusplus::xyz::openbmc_project::Certs::Install::Error::InvalidCertificate; 36dd74bd20SJayanth Othayoth using Reason = xyz::openbmc_project::Certs::Install::InvalidCertificate::REASON; 37cfbc8dc8SJayanth Othayoth 38cfbc8dc8SJayanth Othayoth void Manager::install(const std::string path) 39cfbc8dc8SJayanth Othayoth { 40dd74bd20SJayanth Othayoth // Verify the certificate file 41dd74bd20SJayanth Othayoth auto rc = verifyCert(path); 42dd74bd20SJayanth Othayoth if (rc != X509_V_OK) 43dd74bd20SJayanth Othayoth { 44dd74bd20SJayanth Othayoth if (rc == X509_V_ERR_CERT_HAS_EXPIRED) 45dd74bd20SJayanth Othayoth { 46dd74bd20SJayanth Othayoth elog<InvalidCertificate>(Reason("Expired Certificate")); 47dd74bd20SJayanth Othayoth } 48dd74bd20SJayanth Othayoth // Loging general error here. 49dd74bd20SJayanth Othayoth elog<InvalidCertificate>(Reason("Certificate validation failed")); 50dd74bd20SJayanth Othayoth } 51589159f2SJayanth Othayoth 52589159f2SJayanth Othayoth // Compare the Keys 53589159f2SJayanth Othayoth if (!compareKeys(path)) 54589159f2SJayanth Othayoth { 55589159f2SJayanth Othayoth elog<InvalidCertificate>( 56589159f2SJayanth Othayoth Reason("Private key is not matching with Certificate")); 57589159f2SJayanth Othayoth } 58589159f2SJayanth Othayoth 59cfbc8dc8SJayanth Othayoth // Copy the certificate file 60cfbc8dc8SJayanth Othayoth copy(path, certPath); 61cfbc8dc8SJayanth Othayoth 62cfbc8dc8SJayanth Othayoth // Invoke type specific install function. 63cfbc8dc8SJayanth Othayoth auto iter = typeFuncMap.find(type); 64cfbc8dc8SJayanth Othayoth if (iter == typeFuncMap.end()) 65cfbc8dc8SJayanth Othayoth { 66cfbc8dc8SJayanth Othayoth log<level::ERR>("Unsupported Type", entry("TYPE=%s", type.c_str())); 67cfbc8dc8SJayanth Othayoth elog<InternalFailure>(); 68cfbc8dc8SJayanth Othayoth } 69cfbc8dc8SJayanth Othayoth iter->second(); 70cfbc8dc8SJayanth Othayoth } 71cfbc8dc8SJayanth Othayoth 72cfbc8dc8SJayanth Othayoth void Manager::serverInstall() 73cfbc8dc8SJayanth Othayoth { 74cfbc8dc8SJayanth Othayoth if (!unit.empty()) 75cfbc8dc8SJayanth Othayoth { 76e8199a86SJayanth Othayoth reloadOrReset(unit); 77cfbc8dc8SJayanth Othayoth } 78cfbc8dc8SJayanth Othayoth } 79cfbc8dc8SJayanth Othayoth 80cfbc8dc8SJayanth Othayoth void Manager::clientInstall() 81cfbc8dc8SJayanth Othayoth { 82e8199a86SJayanth Othayoth if (!unit.empty()) 83e8199a86SJayanth Othayoth { 84e8199a86SJayanth Othayoth reloadOrReset(unit); 85e8199a86SJayanth Othayoth } 86cfbc8dc8SJayanth Othayoth } 87cfbc8dc8SJayanth Othayoth 88e8199a86SJayanth Othayoth void Manager::reloadOrReset(const std::string& unit) 89cfbc8dc8SJayanth Othayoth { 90cfbc8dc8SJayanth Othayoth constexpr auto SYSTEMD_SERVICE = "org.freedesktop.systemd1"; 91cfbc8dc8SJayanth Othayoth constexpr auto SYSTEMD_OBJ_PATH = "/org/freedesktop/systemd1"; 92cfbc8dc8SJayanth Othayoth constexpr auto SYSTEMD_INTERFACE = "org.freedesktop.systemd1.Manager"; 93cfbc8dc8SJayanth Othayoth 94cfbc8dc8SJayanth Othayoth try 95cfbc8dc8SJayanth Othayoth { 96e8199a86SJayanth Othayoth auto method = 97e8199a86SJayanth Othayoth bus.new_method_call(SYSTEMD_SERVICE, SYSTEMD_OBJ_PATH, 98e8199a86SJayanth Othayoth SYSTEMD_INTERFACE, "ReloadOrRestartUnit"); 99cfbc8dc8SJayanth Othayoth 100cfbc8dc8SJayanth Othayoth method.append(unit, "replace"); 101cfbc8dc8SJayanth Othayoth 102cfbc8dc8SJayanth Othayoth bus.call_noreply(method); 103cfbc8dc8SJayanth Othayoth } 104cfbc8dc8SJayanth Othayoth catch (const sdbusplus::exception::SdBusError& e) 105cfbc8dc8SJayanth Othayoth { 106e8199a86SJayanth Othayoth log<level::ERR>("Failed to reload or restart service", 107e8199a86SJayanth Othayoth entry("ERR=%s", e.what()), 108cfbc8dc8SJayanth Othayoth entry("UNIT=%s", unit.c_str())); 109cfbc8dc8SJayanth Othayoth elog<InternalFailure>(); 110cfbc8dc8SJayanth Othayoth } 111cfbc8dc8SJayanth Othayoth } 112cfbc8dc8SJayanth Othayoth 113cfbc8dc8SJayanth Othayoth void Manager::copy(const std::string& src, const std::string& dst) 114cfbc8dc8SJayanth Othayoth { 115cfbc8dc8SJayanth Othayoth try 116cfbc8dc8SJayanth Othayoth { 117cfbc8dc8SJayanth Othayoth auto path = fs::path(dst).parent_path(); 118cfbc8dc8SJayanth Othayoth // create dst path folder by default 119cfbc8dc8SJayanth Othayoth fs::create_directories(path); 120cfbc8dc8SJayanth Othayoth fs::copy_file(src, dst, fs::copy_options::overwrite_existing); 121cfbc8dc8SJayanth Othayoth } 122cfbc8dc8SJayanth Othayoth catch (fs::filesystem_error& e) 123cfbc8dc8SJayanth Othayoth { 124cfbc8dc8SJayanth Othayoth log<level::ERR>("Failed to copy certificate", entry("ERR=%s", e.what()), 125cfbc8dc8SJayanth Othayoth entry("SRC=%s", src.c_str()), 126cfbc8dc8SJayanth Othayoth entry("DST=%s", dst.c_str())); 127cfbc8dc8SJayanth Othayoth elog<InternalFailure>(); 128cfbc8dc8SJayanth Othayoth } 129cfbc8dc8SJayanth Othayoth } 130cfbc8dc8SJayanth Othayoth 131dd74bd20SJayanth Othayoth X509_Ptr Manager::loadCert(const std::string& filePath) 132dd74bd20SJayanth Othayoth { 133dd74bd20SJayanth Othayoth // Read Certificate file 134dd74bd20SJayanth Othayoth X509_Ptr cert(X509_new(), ::X509_free); 135dd74bd20SJayanth Othayoth if (!cert) 136dd74bd20SJayanth Othayoth { 137dd74bd20SJayanth Othayoth log<level::ERR>("Error occured during X509_new call", 138dd74bd20SJayanth Othayoth entry("FILE=%s", filePath.c_str()), 139dd74bd20SJayanth Othayoth entry("ERRCODE=%lu", ERR_get_error())); 140dd74bd20SJayanth Othayoth elog<InternalFailure>(); 141dd74bd20SJayanth Othayoth } 142dd74bd20SJayanth Othayoth 143dd74bd20SJayanth Othayoth BIO_MEM_Ptr bioCert(BIO_new_file(filePath.c_str(), "rb"), ::BIO_free); 144dd74bd20SJayanth Othayoth if (!bioCert) 145dd74bd20SJayanth Othayoth { 146dd74bd20SJayanth Othayoth log<level::ERR>("Error occured during BIO_new_file call", 147dd74bd20SJayanth Othayoth entry("FILE=%s", filePath.c_str())); 148dd74bd20SJayanth Othayoth elog<InternalFailure>(); 149dd74bd20SJayanth Othayoth } 150dd74bd20SJayanth Othayoth 151dd74bd20SJayanth Othayoth X509* x509 = cert.get(); 152dd74bd20SJayanth Othayoth if (!PEM_read_bio_X509(bioCert.get(), &x509, nullptr, nullptr)) 153dd74bd20SJayanth Othayoth { 154dd74bd20SJayanth Othayoth log<level::ERR>("Error occured during PEM_read_bio_X509 call", 155dd74bd20SJayanth Othayoth entry("FILE=%s", filePath.c_str())); 156dd74bd20SJayanth Othayoth elog<InternalFailure>(); 157dd74bd20SJayanth Othayoth } 158dd74bd20SJayanth Othayoth return cert; 159dd74bd20SJayanth Othayoth } 160dd74bd20SJayanth Othayoth 161dd74bd20SJayanth Othayoth int32_t Manager::verifyCert(const std::string& filePath) 162dd74bd20SJayanth Othayoth { 163dd74bd20SJayanth Othayoth auto errCode = X509_V_OK; 164dd74bd20SJayanth Othayoth 165dd74bd20SJayanth Othayoth fs::path file(filePath); 166dd74bd20SJayanth Othayoth if (!fs::exists(file)) 167dd74bd20SJayanth Othayoth { 168dd74bd20SJayanth Othayoth log<level::ERR>("File is Missing", entry("FILE=%s", filePath.c_str())); 169dd74bd20SJayanth Othayoth elog<InternalFailure>(); 170dd74bd20SJayanth Othayoth } 171dd74bd20SJayanth Othayoth 172dd74bd20SJayanth Othayoth try 173dd74bd20SJayanth Othayoth { 174dd74bd20SJayanth Othayoth if (fs::file_size(filePath) == 0) 175dd74bd20SJayanth Othayoth { 176dd74bd20SJayanth Othayoth // file is empty 177dd74bd20SJayanth Othayoth log<level::ERR>("File is empty", 178dd74bd20SJayanth Othayoth entry("FILE=%s", filePath.c_str())); 179dd74bd20SJayanth Othayoth elog<InvalidCertificate>(Reason("File is empty")); 180dd74bd20SJayanth Othayoth } 181dd74bd20SJayanth Othayoth } 182dd74bd20SJayanth Othayoth catch (const fs::filesystem_error& e) 183dd74bd20SJayanth Othayoth { 184dd74bd20SJayanth Othayoth // Log Error message 185dd74bd20SJayanth Othayoth log<level::ERR>(e.what(), entry("FILE=%s", filePath.c_str())); 186dd74bd20SJayanth Othayoth elog<InternalFailure>(); 187dd74bd20SJayanth Othayoth } 188dd74bd20SJayanth Othayoth 189dd74bd20SJayanth Othayoth // Defining store object as RAW to avoid double free. 190dd74bd20SJayanth Othayoth // X509_LOOKUP_free free up store object. 191dd74bd20SJayanth Othayoth // Create an empty X509_STORE structure for certificate validation. 192dd74bd20SJayanth Othayoth auto x509Store = X509_STORE_new(); 193dd74bd20SJayanth Othayoth if (!x509Store) 194dd74bd20SJayanth Othayoth { 195dd74bd20SJayanth Othayoth log<level::ERR>("Error occured during X509_STORE_new call"); 196dd74bd20SJayanth Othayoth elog<InternalFailure>(); 197dd74bd20SJayanth Othayoth } 198dd74bd20SJayanth Othayoth 199dd74bd20SJayanth Othayoth OpenSSL_add_all_algorithms(); 200dd74bd20SJayanth Othayoth 201dd74bd20SJayanth Othayoth // ADD Certificate Lookup method. 202dd74bd20SJayanth Othayoth X509_LOOKUP_Ptr lookup(X509_STORE_add_lookup(x509Store, X509_LOOKUP_file()), 203dd74bd20SJayanth Othayoth ::X509_LOOKUP_free); 204dd74bd20SJayanth Othayoth if (!lookup) 205dd74bd20SJayanth Othayoth { 206dd74bd20SJayanth Othayoth // Normally lookup cleanup function interanlly does X509Store cleanup 207dd74bd20SJayanth Othayoth // Free up the X509Store. 208dd74bd20SJayanth Othayoth X509_STORE_free(x509Store); 209dd74bd20SJayanth Othayoth log<level::ERR>("Error occured during X509_STORE_add_lookup call"); 210dd74bd20SJayanth Othayoth elog<InternalFailure>(); 211dd74bd20SJayanth Othayoth } 212dd74bd20SJayanth Othayoth // Load Certificate file. 213dd74bd20SJayanth Othayoth int32_t rc = X509_LOOKUP_load_file(lookup.get(), filePath.c_str(), 214dd74bd20SJayanth Othayoth X509_FILETYPE_PEM); 215dd74bd20SJayanth Othayoth if (rc != 1) 216dd74bd20SJayanth Othayoth { 217dd74bd20SJayanth Othayoth log<level::ERR>("Error occured during X509_LOOKUP_load_file call", 218dd74bd20SJayanth Othayoth entry("FILE=%s", filePath.c_str())); 219dd74bd20SJayanth Othayoth elog<InvalidCertificate>(Reason("Invalid certificate file format")); 220dd74bd20SJayanth Othayoth } 221dd74bd20SJayanth Othayoth 222dd74bd20SJayanth Othayoth // Load Certificate file into the X509 structre. 223dd74bd20SJayanth Othayoth X509_Ptr cert = std::move(loadCert(filePath)); 224dd74bd20SJayanth Othayoth X509_STORE_CTX_Ptr storeCtx(X509_STORE_CTX_new(), ::X509_STORE_CTX_free); 225dd74bd20SJayanth Othayoth if (!storeCtx) 226dd74bd20SJayanth Othayoth { 227dd74bd20SJayanth Othayoth log<level::ERR>("Error occured during X509_STORE_CTX_new call", 228dd74bd20SJayanth Othayoth entry("FILE=%s", filePath.c_str())); 229dd74bd20SJayanth Othayoth elog<InternalFailure>(); 230dd74bd20SJayanth Othayoth } 231dd74bd20SJayanth Othayoth 232dd74bd20SJayanth Othayoth rc = X509_STORE_CTX_init(storeCtx.get(), x509Store, cert.get(), NULL); 233dd74bd20SJayanth Othayoth if (rc != 1) 234dd74bd20SJayanth Othayoth { 235dd74bd20SJayanth Othayoth log<level::ERR>("Error occured during X509_STORE_CTX_init call", 236dd74bd20SJayanth Othayoth entry("FILE=%s", filePath.c_str())); 237dd74bd20SJayanth Othayoth elog<InternalFailure>(); 238dd74bd20SJayanth Othayoth } 239dd74bd20SJayanth Othayoth 240dd74bd20SJayanth Othayoth // Set time to current time. 241dd74bd20SJayanth Othayoth auto locTime = time(nullptr); 242dd74bd20SJayanth Othayoth 243dd74bd20SJayanth Othayoth X509_STORE_CTX_set_time(storeCtx.get(), X509_V_FLAG_USE_CHECK_TIME, 244dd74bd20SJayanth Othayoth locTime); 245dd74bd20SJayanth Othayoth 246dd74bd20SJayanth Othayoth rc = X509_verify_cert(storeCtx.get()); 247dd74bd20SJayanth Othayoth if (rc == 1) 248dd74bd20SJayanth Othayoth { 249dd74bd20SJayanth Othayoth errCode = X509_V_OK; 250dd74bd20SJayanth Othayoth } 251dd74bd20SJayanth Othayoth else if (rc == 0) 252dd74bd20SJayanth Othayoth { 253dd74bd20SJayanth Othayoth errCode = X509_STORE_CTX_get_error(storeCtx.get()); 254dd74bd20SJayanth Othayoth log<level::ERR>("Certificate verification failed", 255dd74bd20SJayanth Othayoth entry("FILE=%s", filePath.c_str()), 256dd74bd20SJayanth Othayoth entry("ERRCODE=%d", errCode)); 257dd74bd20SJayanth Othayoth } 258dd74bd20SJayanth Othayoth else 259dd74bd20SJayanth Othayoth { 260dd74bd20SJayanth Othayoth log<level::ERR>("Error occured during X509_verify_cert call", 261dd74bd20SJayanth Othayoth entry("FILE=%s", filePath.c_str())); 262dd74bd20SJayanth Othayoth elog<InternalFailure>(); 263dd74bd20SJayanth Othayoth } 264dd74bd20SJayanth Othayoth return errCode; 265dd74bd20SJayanth Othayoth } 266dd74bd20SJayanth Othayoth 267589159f2SJayanth Othayoth bool Manager::compareKeys(const std::string& filePath) 268589159f2SJayanth Othayoth { 269589159f2SJayanth Othayoth X509_Ptr cert(X509_new(), ::X509_free); 270589159f2SJayanth Othayoth if (!cert) 271589159f2SJayanth Othayoth { 272589159f2SJayanth Othayoth log<level::ERR>("Error occured during X509_new call", 273589159f2SJayanth Othayoth entry("FILE=%s", filePath.c_str()), 274589159f2SJayanth Othayoth entry("ERRCODE=%lu", ERR_get_error())); 275589159f2SJayanth Othayoth elog<InternalFailure>(); 276589159f2SJayanth Othayoth } 277589159f2SJayanth Othayoth 278589159f2SJayanth Othayoth BIO_MEM_Ptr bioCert(BIO_new_file(filePath.c_str(), "rb"), ::BIO_free); 279589159f2SJayanth Othayoth if (!bioCert) 280589159f2SJayanth Othayoth { 281589159f2SJayanth Othayoth log<level::ERR>("Error occured during BIO_new_file call", 282589159f2SJayanth Othayoth entry("FILE=%s", filePath.c_str())); 283589159f2SJayanth Othayoth elog<InternalFailure>(); 284589159f2SJayanth Othayoth } 285589159f2SJayanth Othayoth 286589159f2SJayanth Othayoth X509* x509 = cert.get(); 287589159f2SJayanth Othayoth PEM_read_bio_X509(bioCert.get(), &x509, nullptr, nullptr); 288589159f2SJayanth Othayoth 289589159f2SJayanth Othayoth EVP_PKEY_Ptr pubKey(X509_get_pubkey(cert.get()), ::EVP_PKEY_free); 290589159f2SJayanth Othayoth if (!pubKey) 291589159f2SJayanth Othayoth { 292589159f2SJayanth Othayoth log<level::ERR>("Error occurred during X509_get_pubkey", 293589159f2SJayanth Othayoth entry("FILE=%s", filePath.c_str()), 294589159f2SJayanth Othayoth entry("ERRCODE=%lu", ERR_get_error())); 295589159f2SJayanth Othayoth elog<InvalidCertificate>(Reason("Failed to get public key info")); 296589159f2SJayanth Othayoth } 297589159f2SJayanth Othayoth 298589159f2SJayanth Othayoth BIO_MEM_Ptr keyBio(BIO_new(BIO_s_file()), ::BIO_free); 299589159f2SJayanth Othayoth if (!keyBio) 300589159f2SJayanth Othayoth { 301589159f2SJayanth Othayoth log<level::ERR>("Error occured during BIO_s_file call", 302589159f2SJayanth Othayoth entry("FILE=%s", filePath.c_str())); 303589159f2SJayanth Othayoth elog<InternalFailure>(); 304589159f2SJayanth Othayoth } 305589159f2SJayanth Othayoth BIO_read_filename(keyBio.get(), filePath.c_str()); 306589159f2SJayanth Othayoth 307589159f2SJayanth Othayoth EVP_PKEY_Ptr priKey( 308589159f2SJayanth Othayoth PEM_read_bio_PrivateKey(keyBio.get(), nullptr, nullptr, nullptr), 309589159f2SJayanth Othayoth ::EVP_PKEY_free); 310589159f2SJayanth Othayoth 311589159f2SJayanth Othayoth if (!priKey) 312589159f2SJayanth Othayoth { 313589159f2SJayanth Othayoth log<level::ERR>("Error occurred during PEM_read_bio_PrivateKey", 314589159f2SJayanth Othayoth entry("FILE=%s", filePath.c_str()), 315589159f2SJayanth Othayoth entry("ERRCODE=%lu", ERR_get_error())); 316589159f2SJayanth Othayoth elog<InvalidCertificate>(Reason("Failed to get private key info")); 317589159f2SJayanth Othayoth } 318589159f2SJayanth Othayoth 319589159f2SJayanth Othayoth int32_t rc = EVP_PKEY_cmp(priKey.get(), pubKey.get()); 320589159f2SJayanth Othayoth if (rc != 1) 321589159f2SJayanth Othayoth { 322589159f2SJayanth Othayoth log<level::ERR>("Private key is not matching with Certificate", 323589159f2SJayanth Othayoth entry("FILE=%s", filePath.c_str()), 324589159f2SJayanth Othayoth entry("ERRCODE=%d", rc)); 325589159f2SJayanth Othayoth return false; 326589159f2SJayanth Othayoth } 327589159f2SJayanth Othayoth 328589159f2SJayanth Othayoth return true; 329589159f2SJayanth Othayoth } 330*ae70b3daSDeepak Kodihalli 331*ae70b3daSDeepak Kodihalli void Manager::delete_() 332*ae70b3daSDeepak Kodihalli { 333*ae70b3daSDeepak Kodihalli try 334*ae70b3daSDeepak Kodihalli { 335*ae70b3daSDeepak Kodihalli if (!fs::remove(certPath)) 336*ae70b3daSDeepak Kodihalli { 337*ae70b3daSDeepak Kodihalli log<level::INFO>("Certificate file not found!", 338*ae70b3daSDeepak Kodihalli entry("PATH=%s", certPath.c_str())); 339*ae70b3daSDeepak Kodihalli } 340*ae70b3daSDeepak Kodihalli else 341*ae70b3daSDeepak Kodihalli { 342*ae70b3daSDeepak Kodihalli reloadOrReset(unit); 343*ae70b3daSDeepak Kodihalli } 344*ae70b3daSDeepak Kodihalli } 345*ae70b3daSDeepak Kodihalli catch (const InternalFailure& e) 346*ae70b3daSDeepak Kodihalli { 347*ae70b3daSDeepak Kodihalli throw; 348*ae70b3daSDeepak Kodihalli } 349*ae70b3daSDeepak Kodihalli catch (const std::exception& e) 350*ae70b3daSDeepak Kodihalli { 351*ae70b3daSDeepak Kodihalli log<level::ERR>( 352*ae70b3daSDeepak Kodihalli "Failed to delete certificate", entry("UNIT=%s", unit.c_str()), 353*ae70b3daSDeepak Kodihalli entry("ERR=%s", e.what()), entry("PATH=%s", certPath.c_str())); 354*ae70b3daSDeepak Kodihalli elog<InternalFailure>(); 355*ae70b3daSDeepak Kodihalli } 356*ae70b3daSDeepak Kodihalli } 357*ae70b3daSDeepak Kodihalli 358cfbc8dc8SJayanth Othayoth } // namespace certs 359cfbc8dc8SJayanth Othayoth } // namespace phosphor 360