1cfbc8dc8SJayanth Othayoth #pragma once 2dd74bd20SJayanth Othayoth 3f4682712SMarri Devender Rao #include "certificate.hpp" 4f4682712SMarri Devender Rao #include "csr.hpp" 5ffad1ef1SMarri Devender Rao #include "watch.hpp" 6f4682712SMarri Devender Rao 7014be0bfSNan Zhou #include <openssl/evp.h> 8014be0bfSNan Zhou #include <openssl/ossl_typ.h> 9014be0bfSNan Zhou #include <openssl/x509.h> 10014be0bfSNan Zhou 11014be0bfSNan Zhou #include <sdbusplus/server/object.hpp> 12f4682712SMarri Devender Rao #include <sdeventplus/source/child.hpp> 13f4682712SMarri Devender Rao #include <sdeventplus/source/event.hpp> 14f4682712SMarri Devender Rao #include <xyz/openbmc_project/Certs/CSR/Create/server.hpp> 15cfbc8dc8SJayanth Othayoth #include <xyz/openbmc_project/Certs/Install/server.hpp> 166ec13c8fSNan Zhou #include <xyz/openbmc_project/Certs/InstallAll/server.hpp> 176ec13c8fSNan Zhou #include <xyz/openbmc_project/Certs/ReplaceAll/server.hpp> 18a3bb38fbSZbigniew Kurzynski #include <xyz/openbmc_project/Collection/DeleteAll/server.hpp> 19cfbc8dc8SJayanth Othayoth 20223e4604SPatrick Williams #include <cstdint> 21223e4604SPatrick Williams #include <filesystem> 22223e4604SPatrick Williams #include <memory> 23223e4604SPatrick Williams #include <string> 24223e4604SPatrick Williams #include <vector> 25223e4604SPatrick Williams 26e1289adfSNan Zhou namespace phosphor::certs 27cfbc8dc8SJayanth Othayoth { 28f4682712SMarri Devender Rao 29cf06ccdcSNan Zhou namespace internal 30cf06ccdcSNan Zhou { 31cf06ccdcSNan Zhou using ManagerInterface = sdbusplus::server::object_t< 32cf06ccdcSNan Zhou sdbusplus::xyz::openbmc_project::Certs::server::Install, 33cf06ccdcSNan Zhou sdbusplus::xyz::openbmc_project::Certs::CSR::server::Create, 346ec13c8fSNan Zhou sdbusplus::xyz::openbmc_project::Collection::server::DeleteAll, 356ec13c8fSNan Zhou sdbusplus::xyz::openbmc_project::Certs::server::InstallAll, 366ec13c8fSNan Zhou sdbusplus::xyz::openbmc_project::Certs::server::ReplaceAll>; 37cf06ccdcSNan Zhou } 38b50789ceSJayanth Othayoth 39cf06ccdcSNan Zhou class Manager : public internal::ManagerInterface 40cfbc8dc8SJayanth Othayoth { 41cfbc8dc8SJayanth Othayoth public: 42cfbc8dc8SJayanth Othayoth /* Define all of the basic class operations: 43cfbc8dc8SJayanth Othayoth * Not allowed: 44cfbc8dc8SJayanth Othayoth * - Default constructor is not possible due to member 45cfbc8dc8SJayanth Othayoth * reference 46cfbc8dc8SJayanth Othayoth * - Move operations due to 'this' being registered as the 47cfbc8dc8SJayanth Othayoth * 'context' with sdbus. 48cfbc8dc8SJayanth Othayoth * Allowed: 49cfbc8dc8SJayanth Othayoth * - copy 50cfbc8dc8SJayanth Othayoth * - Destructor. 51cfbc8dc8SJayanth Othayoth */ 52cfbc8dc8SJayanth Othayoth Manager() = delete; 53cf06ccdcSNan Zhou Manager(const Manager&) = delete; 54cfbc8dc8SJayanth Othayoth Manager& operator=(const Manager&) = delete; 55cfbc8dc8SJayanth Othayoth Manager(Manager&&) = delete; 56cfbc8dc8SJayanth Othayoth Manager& operator=(Manager&&) = delete; 57cfbc8dc8SJayanth Othayoth virtual ~Manager() = default; 58cfbc8dc8SJayanth Othayoth 59cfbc8dc8SJayanth Othayoth /** @brief Constructor to put object onto bus at a dbus path. 60cfbc8dc8SJayanth Othayoth * @param[in] bus - Bus to attach to. 61f4682712SMarri Devender Rao * @param[in] event - sd event handler. 62cfbc8dc8SJayanth Othayoth * @param[in] path - Path to attach at. 63cfbc8dc8SJayanth Othayoth * @param[in] type - Type of the certificate. 64cfbc8dc8SJayanth Othayoth * @param[in] unit - Unit consumed by this certificate. 656ceec40bSMarri Devender Rao * @param[in] installPath - Certificate installation path. 66cfbc8dc8SJayanth Othayoth */ 67b3dbfb37SPatrick Williams Manager(sdbusplus::bus_t& bus, sdeventplus::Event& event, const char* path, 68b3dbfb37SPatrick Williams CertificateType type, const std::string& unit, 69cf06ccdcSNan Zhou const std::string& installPath); 70cfbc8dc8SJayanth Othayoth 71cfbc8dc8SJayanth Othayoth /** @brief Implementation for Install 72cfbc8dc8SJayanth Othayoth * Replace the existing certificate key file with another 73cfbc8dc8SJayanth Othayoth * (possibly CA signed) Certificate key file. 74cfbc8dc8SJayanth Othayoth * 756ceec40bSMarri Devender Rao * @param[in] filePath - Certificate key file path. 762f3563ccSZbigniew Lukwinski * 772f3563ccSZbigniew Lukwinski * @return Certificate object path. 78cfbc8dc8SJayanth Othayoth */ 7906a69d7bSZbigniew Kurzynski std::string install(const std::string filePath) override; 80cfbc8dc8SJayanth Othayoth 816ec13c8fSNan Zhou /** @brief Implementation for InstallAll 826ec13c8fSNan Zhou * Install the authority list and restart the associated services. 836ec13c8fSNan Zhou * 846ec13c8fSNan Zhou * @param[in] path - Path of the file that contains a list of root 856ec13c8fSNan Zhou * certificates. 866ec13c8fSNan Zhou * 876ec13c8fSNan Zhou * @return D-Bus object path to created objects. 886ec13c8fSNan Zhou */ 896ec13c8fSNan Zhou std::vector<sdbusplus::message::object_path> 906ec13c8fSNan Zhou installAll(std::string path) override; 916ec13c8fSNan Zhou 926ec13c8fSNan Zhou /** @brief Implementation for ReplaceAll 936ec13c8fSNan Zhou * Replace the current authority lists and restart the associated services. 946ec13c8fSNan Zhou * 956ec13c8fSNan Zhou * @param[in] path - Path of file that contains multiple root certificates. 966ec13c8fSNan Zhou * 976ec13c8fSNan Zhou * @return D-Bus object path to created objects. 986ec13c8fSNan Zhou */ 996ec13c8fSNan Zhou std::vector<sdbusplus::message::object_path> 1006ec13c8fSNan Zhou replaceAll(std::string filePath) override; 1016ec13c8fSNan Zhou 102a3bb38fbSZbigniew Kurzynski /** @brief Implementation for DeleteAll 103a3bb38fbSZbigniew Kurzynski * Delete all objects in the collection. 104ae70b3daSDeepak Kodihalli */ 105a3bb38fbSZbigniew Kurzynski void deleteAll() override; 106a3bb38fbSZbigniew Kurzynski 1072f3563ccSZbigniew Lukwinski /** @brief Delete the certificate. 108a3bb38fbSZbigniew Kurzynski */ 1092f3563ccSZbigniew Lukwinski void deleteCertificate(const Certificate* const certificate); 1102f3563ccSZbigniew Lukwinski 1112f3563ccSZbigniew Lukwinski /** @brief Replace the certificate. 1122f3563ccSZbigniew Lukwinski */ 1132f3563ccSZbigniew Lukwinski void replaceCertificate(Certificate* const certificate, 1142f3563ccSZbigniew Lukwinski const std::string& filePath); 115ae70b3daSDeepak Kodihalli 116f4682712SMarri Devender Rao /** @brief Generate Private key and CSR file 117f4682712SMarri Devender Rao * Generates the Private key file and CSR file based on the input 118f4682712SMarri Devender Rao * parameters. Validation of the parameters is callers responsibility. 119f4682712SMarri Devender Rao * At present supports only RSA algorithm type 120f4682712SMarri Devender Rao * 121f4682712SMarri Devender Rao * @param[in] alternativeNames - Additional hostnames of the component that 122f4682712SMarri Devender Rao * is being secured. 123f4682712SMarri Devender Rao * @param[in] challengePassword - The challenge password to be applied to 124f4682712SMarri Devender Rao * the certificate for revocation requests. 125f4682712SMarri Devender Rao * @param[in] city - The city or locality of the organization making the 126f4682712SMarri Devender Rao * request. For Example Austin 127f4682712SMarri Devender Rao * @param[in] commonName - The fully qualified domain name of the component 128f4682712SMarri Devender Rao * that is being secured. 129f4682712SMarri Devender Rao * @param[in] contactPerson - The name of the user making the request. 130f4682712SMarri Devender Rao * @param[in] country - The country of the organization making the request. 131f4682712SMarri Devender Rao * @param[in] email - The email address of the contact within the 132f4682712SMarri Devender Rao * organization making the request. 133f4682712SMarri Devender Rao * @param[in] givenName - The given name of the user making the request. 134f4682712SMarri Devender Rao * @param[in] initials - The initials of the user making the request. 135f4682712SMarri Devender Rao * @param[in] keyBitLength - The length of the key in bits, if needed based 136f4682712SMarri Devender Rao * on the value of the KeyPairAlgorithm parameter. 137f4682712SMarri Devender Rao * @param[in] keyCurveId - The curve ID to be used with the key, if needed 138f4682712SMarri Devender Rao * based on the value of the KeyPairAlgorithm parameter. 139f4682712SMarri Devender Rao * @param[in] keyPairAlgorithm - The type of key pair for use with signing 140f4682712SMarri Devender Rao * algorithms. Valid built-in algorithm names for private key 141f4682712SMarri Devender Rao * generation are: RSA, DSA, DH and EC. 142f4682712SMarri Devender Rao * @param[in] keyUsage - Key usage extensions define the purpose of the 143f4682712SMarri Devender Rao * public key contained in a certificate. Valid Key usage extensions 144f4682712SMarri Devender Rao * and its usage description. 145f4682712SMarri Devender Rao * - ClientAuthentication: The public key is used for TLS WWW client 146f4682712SMarri Devender Rao * authentication. 147f4682712SMarri Devender Rao * - CodeSigning: The public key is used for the signing of executable 148f4682712SMarri Devender Rao * code 149f4682712SMarri Devender Rao * - CRLSigning: The public key is used for verifying signatures on 150f4682712SMarri Devender Rao * certificate revocation lists (CLRs). 151f4682712SMarri Devender Rao * - DataEncipherment: The public key is used for directly enciphering 152f4682712SMarri Devender Rao * raw user data without the use of an intermediate symmetric 153f4682712SMarri Devender Rao * cipher. 154f4682712SMarri Devender Rao * - DecipherOnly: The public key could be used for deciphering data 155f4682712SMarri Devender Rao * while performing key agreement. 156f4682712SMarri Devender Rao * - DigitalSignature: The public key is used for verifying digital 157f4682712SMarri Devender Rao * signatures, other than signatures on certificatesand CRLs. 158f4682712SMarri Devender Rao * - EmailProtection: The public key is used for email protection. 159f4682712SMarri Devender Rao * - EncipherOnly: Thepublic key could be used for enciphering data 160f4682712SMarri Devender Rao * while performing key agreement. 161f4682712SMarri Devender Rao * - KeyCertSign: The public key is used for verifying signatures on 162f4682712SMarri Devender Rao * public key certificates. 163f4682712SMarri Devender Rao * - KeyEncipherment: The public key is used for enciphering private or 164f4682712SMarri Devender Rao * secret keys. 165f4682712SMarri Devender Rao * - NonRepudiation: The public key is used to verify digital 166f4682712SMarri Devender Rao * signatures, other than signatures on certificates and CRLs, and 167f4682712SMarri Devender Rao * used to provide a non-repudiation service that protects against 168f4682712SMarri Devender Rao * the signing entity falsely denying some action. 169f4682712SMarri Devender Rao * - OCSPSigning: The public key is used for signing OCSP responses. 170f4682712SMarri Devender Rao * - ServerAuthentication: The public key is used for TLS WWW server 171f4682712SMarri Devender Rao * authentication. 172f4682712SMarri Devender Rao * - Timestamping: The public key is used for binding the hash of an 173f4682712SMarri Devender Rao * object to a time. 174f4682712SMarri Devender Rao * @param[in] organization - The legal name of the organization. This 175f4682712SMarri Devender Rao * should not be abbreviated and should include suffixes such as Inc, 176f4682712SMarri Devender Rao * Corp, or LLC.For example, IBM Corp. 177f4682712SMarri Devender Rao * @param[in] organizationalUnit - The name of the unit or division of the 178f4682712SMarri Devender Rao * organization making the request. 179f4682712SMarri Devender Rao * @param[in] state - The state or province where the organization is 180f4682712SMarri Devender Rao * located. This should not be abbreviated. For example, Texas. 181f4682712SMarri Devender Rao * @param[in] surname - The surname of the user making the request. 182f4682712SMarri Devender Rao * @param[in] unstructuredName - The unstructured name of the subject. 183f4682712SMarri Devender Rao * 184f4682712SMarri Devender Rao * @return path[std::string] - The object path of the D-Bus object 185f4682712SMarri Devender Rao * representing CSR string. Note: For new CSR request will overwrite 186f4682712SMarri Devender Rao * the existing CSR in the system. 187f4682712SMarri Devender Rao */ 188f4682712SMarri Devender Rao std::string generateCSR( 189f4682712SMarri Devender Rao std::vector<std::string> alternativeNames, 190f4682712SMarri Devender Rao std::string challengePassword, std::string city, std::string commonName, 191f4682712SMarri Devender Rao std::string contactPerson, std::string country, std::string email, 192f4682712SMarri Devender Rao std::string givenName, std::string initials, int64_t keyBitLength, 193f4682712SMarri Devender Rao std::string keyCurveId, std::string keyPairAlgorithm, 194f4682712SMarri Devender Rao std::vector<std::string> keyUsage, std::string organization, 195f4682712SMarri Devender Rao std::string organizationalUnit, std::string state, std::string surname, 196f4682712SMarri Devender Rao std::string unstructuredName) override; 197f4682712SMarri Devender Rao 198db029c95SKowalski, Kamil /** @brief Get reference to certificates' collection 199ffad1ef1SMarri Devender Rao * 200db029c95SKowalski, Kamil * @return Reference to certificates' collection 201ffad1ef1SMarri Devender Rao */ 202db029c95SKowalski, Kamil std::vector<std::unique_ptr<Certificate>>& getCertificates(); 203ffad1ef1SMarri Devender Rao 2046ec13c8fSNan Zhou /** @brief Systemd unit reload or reset helper function 2056ec13c8fSNan Zhou * Reload if the unit supports it and use a restart otherwise. 2066ec13c8fSNan Zhou * @param[in] unit - service need to reload. 2076ec13c8fSNan Zhou */ 2086ec13c8fSNan Zhou virtual void reloadOrReset(const std::string& unit); 2096ec13c8fSNan Zhou 210cfbc8dc8SJayanth Othayoth private: 211*a2f68d8bSPatrick Williams void generateCSRHelper( 212*a2f68d8bSPatrick Williams std::vector<std::string> alternativeNames, 213*a2f68d8bSPatrick Williams std::string challengePassword, std::string city, std::string commonName, 214*a2f68d8bSPatrick Williams std::string contactPerson, std::string country, std::string email, 215*a2f68d8bSPatrick Williams std::string givenName, std::string initials, int64_t keyBitLength, 216*a2f68d8bSPatrick Williams std::string keyCurveId, std::string keyPairAlgorithm, 217*a2f68d8bSPatrick Williams std::vector<std::string> keyUsage, std::string organization, 218*a2f68d8bSPatrick Williams std::string organizationalUnit, std::string state, std::string surname, 219*a2f68d8bSPatrick Williams std::string unstructuredName); 220f4682712SMarri Devender Rao 2218a09b52aSRamesh Iyyar /** @brief Generate RSA Key pair and get private key from key pair 2228a09b52aSRamesh Iyyar * @param[in] keyBitLength - KeyBit length. 2238a09b52aSRamesh Iyyar * @return Pointer to RSA private key 2248a09b52aSRamesh Iyyar */ 225cf06ccdcSNan Zhou std::unique_ptr<EVP_PKEY, decltype(&::EVP_PKEY_free)> 226cf06ccdcSNan Zhou generateRSAKeyPair(const int64_t keyBitLength); 2278a09b52aSRamesh Iyyar 2288a09b52aSRamesh Iyyar /** @brief Generate EC Key pair and get private key from key pair 2298a09b52aSRamesh Iyyar * @param[in] p_KeyCurveId - Curve ID 2308a09b52aSRamesh Iyyar * @return Pointer to EC private key 2318a09b52aSRamesh Iyyar */ 232cf06ccdcSNan Zhou std::unique_ptr<EVP_PKEY, decltype(&::EVP_PKEY_free)> 233e3d47cd4SNan Zhou generateECKeyPair(const std::string& pKeyCurveId); 2348a09b52aSRamesh Iyyar 235f4682712SMarri Devender Rao /** @brief Write private key data to file 236f4682712SMarri Devender Rao * 2378a09b52aSRamesh Iyyar * @param[in] pKey - pointer to private key 238c6e58c7eSRamesh Iyyar * @param[in] privKeyFileName - private key filename 239f4682712SMarri Devender Rao */ 240cf06ccdcSNan Zhou void writePrivateKey( 241cf06ccdcSNan Zhou const std::unique_ptr<EVP_PKEY, decltype(&::EVP_PKEY_free)>& pKey, 242c6e58c7eSRamesh Iyyar const std::string& privKeyFileName); 243f4682712SMarri Devender Rao 244f4682712SMarri Devender Rao /** @brief Add the specified CSR field with the data 245f4682712SMarri Devender Rao * @param[in] x509Name - Structure used in setting certificate properties 246f4682712SMarri Devender Rao * @param[in] field - field name 247f4682712SMarri Devender Rao * @param[in] bytes - field value in bytes 248f4682712SMarri Devender Rao */ 249f4682712SMarri Devender Rao void addEntry(X509_NAME* x509Name, const char* field, 250f4682712SMarri Devender Rao const std::string& bytes); 251f4682712SMarri Devender Rao 2527641105dSMarri Devender Rao /** @brief Check if usage is extended key usage 2537641105dSMarri Devender Rao * @param[in] usage - key usage value 2547641105dSMarri Devender Rao * @return true if part of extended key usage 2557641105dSMarri Devender Rao */ 2567641105dSMarri Devender Rao bool isExtendedKeyUsage(const std::string& usage); 2577641105dSMarri Devender Rao 258f4682712SMarri Devender Rao /** @brief Create CSR D-Bus object by reading the data in the CSR file 259bf3cf751SNan Zhou * @param[in] statis - SUCCESS/FAILURE In CSR generation. 260f4682712SMarri Devender Rao */ 261f4682712SMarri Devender Rao void createCSRObject(const Status& status); 262f4682712SMarri Devender Rao 263f4682712SMarri Devender Rao /** @brief Write generated CSR data to file 264f4682712SMarri Devender Rao * 265f4682712SMarri Devender Rao * @param[in] filePath - CSR file path. 266f4682712SMarri Devender Rao * @param[in] x509Req - OpenSSL Request Pointer. 267f4682712SMarri Devender Rao */ 268cf06ccdcSNan Zhou void writeCSR( 269cf06ccdcSNan Zhou const std::string& filePath, 270cf06ccdcSNan Zhou const std::unique_ptr<X509_REQ, decltype(&::X509_REQ_free)>& x509Req); 271f4682712SMarri Devender Rao 272bf3cf751SNan Zhou /** @brief Load certificate 273ffad1ef1SMarri Devender Rao * Load certificate and create certificate object 274ffad1ef1SMarri Devender Rao */ 275db029c95SKowalski, Kamil void createCertificates(); 276ffad1ef1SMarri Devender Rao 277c6e58c7eSRamesh Iyyar /** @brief Create RSA private key file 278c6e58c7eSRamesh Iyyar * Create RSA private key file by generating rsa key if not created 279c6e58c7eSRamesh Iyyar */ 280c6e58c7eSRamesh Iyyar void createRSAPrivateKeyFile(); 281c6e58c7eSRamesh Iyyar 282c6e58c7eSRamesh Iyyar /** @brief Getting RSA private key 2832f3563ccSZbigniew Lukwinski * Getting RSA private key from generated file 284c6e58c7eSRamesh Iyyar * @param[in] keyBitLength - Key bit length 285c6e58c7eSRamesh Iyyar * @return Pointer to RSA key 286c6e58c7eSRamesh Iyyar */ 287cf06ccdcSNan Zhou std::unique_ptr<EVP_PKEY, decltype(&::EVP_PKEY_free)> 288cf06ccdcSNan Zhou getRSAKeyPair(const int64_t keyBitLength); 289c6e58c7eSRamesh Iyyar 2902f3563ccSZbigniew Lukwinski /** @brief Update certificate storage (remove outdated files, recreate 2912f3563ccSZbigniew Lukwinski * symbolic links, etc.). 2922f3563ccSZbigniew Lukwinski */ 2932f3563ccSZbigniew Lukwinski void storageUpdate(); 2942f3563ccSZbigniew Lukwinski 2952f3563ccSZbigniew Lukwinski /** @brief Check if provided certificate is unique across all certificates 2962f3563ccSZbigniew Lukwinski * on the internal list. 2972f3563ccSZbigniew Lukwinski * @param[in] certFilePath - Path to the file with certificate for 2982f3563ccSZbigniew Lukwinski * uniqueness check. 2992f3563ccSZbigniew Lukwinski * @param[in] certToDrop - Pointer to the certificate from the internal 3002f3563ccSZbigniew Lukwinski * list which should be not taken into account while uniqueness check. 3012f3563ccSZbigniew Lukwinski * @return Checking result. True if certificate is unique, false if 3022f3563ccSZbigniew Lukwinski * not. 3032f3563ccSZbigniew Lukwinski */ 3042f3563ccSZbigniew Lukwinski bool isCertificateUnique(const std::string& certFilePath, 3052f3563ccSZbigniew Lukwinski const Certificate* const certToDrop = nullptr); 3062f3563ccSZbigniew Lukwinski 307cfbc8dc8SJayanth Othayoth /** @brief sdbusplus handler */ 308b3dbfb37SPatrick Williams sdbusplus::bus_t& bus; 309cfbc8dc8SJayanth Othayoth 310f4682712SMarri Devender Rao // sdevent Event handle 311f4682712SMarri Devender Rao sdeventplus::Event& event; 312f4682712SMarri Devender Rao 313cfbc8dc8SJayanth Othayoth /** @brief object path */ 3146ceec40bSMarri Devender Rao std::string objectPath; 315cfbc8dc8SJayanth Othayoth 316cfbc8dc8SJayanth Othayoth /** @brief Type of the certificate **/ 3176ceec40bSMarri Devender Rao CertificateType certType; 318cfbc8dc8SJayanth Othayoth 319cfbc8dc8SJayanth Othayoth /** @brief Unit name associated to the service **/ 320cf06ccdcSNan Zhou std::string unitToRestart; 321cfbc8dc8SJayanth Othayoth 322cfbc8dc8SJayanth Othayoth /** @brief Certificate file installation path **/ 323cf06ccdcSNan Zhou std::string certInstallPath; 324cfbc8dc8SJayanth Othayoth 325db029c95SKowalski, Kamil /** @brief Collection of pointers to certificate */ 326db029c95SKowalski, Kamil std::vector<std::unique_ptr<Certificate>> installedCerts; 327cfbc8dc8SJayanth Othayoth 328f4682712SMarri Devender Rao /** @brief pointer to CSR */ 329f4682712SMarri Devender Rao std::unique_ptr<CSR> csrPtr = nullptr; 330f4682712SMarri Devender Rao 331f4682712SMarri Devender Rao /** @brief SDEventPlus child pointer added to event loop */ 332ffad1ef1SMarri Devender Rao std::unique_ptr<sdeventplus::source::Child> childPtr = nullptr; 333ffad1ef1SMarri Devender Rao 334ffad1ef1SMarri Devender Rao /** @brief Watch on self signed certificates */ 335ffad1ef1SMarri Devender Rao std::unique_ptr<Watch> certWatchPtr = nullptr; 336c6e58c7eSRamesh Iyyar 3372f3563ccSZbigniew Lukwinski /** @brief Parent path i.e certificate directory path */ 338cf06ccdcSNan Zhou std::filesystem::path certParentInstallPath; 339db029c95SKowalski, Kamil 340db029c95SKowalski, Kamil /** @brief Certificate ID pool */ 341db029c95SKowalski, Kamil uint64_t certIdCounter = 1; 342f4682712SMarri Devender Rao }; 343e1289adfSNan Zhou } // namespace phosphor::certs 344