140e9b92eSEd Tanous // SPDX-License-Identifier: Apache-2.0 240e9b92eSEd Tanous // SPDX-FileCopyrightText: Copyright OpenBMC Authors 35968caeeSMarri Devender Rao #pragma once 45968caeeSMarri Devender Rao 5d7857201SEd Tanous #include "bmcweb_config.h" 6d7857201SEd Tanous 73ccb3adbSEd Tanous #include "app.hpp" 83ccb3adbSEd Tanous #include "async_resp.hpp" 9d7857201SEd Tanous #include "dbus_singleton.hpp" 107a1dbc48SGeorge Liu #include "dbus_utility.hpp" 11d7857201SEd Tanous #include "error_messages.hpp" 121aa0c2b8SEd Tanous #include "http/parsing.hpp" 13d7857201SEd Tanous #include "http_request.hpp" 143ccb3adbSEd Tanous #include "http_response.hpp" 15d98a2f93SEd Tanous #include "io_context_singleton.hpp" 16d7857201SEd Tanous #include "logging.hpp" 17d7857201SEd Tanous #include "privileges.hpp" 183ccb3adbSEd Tanous #include "query.hpp" 193ccb3adbSEd Tanous #include "registries/privilege_registry.hpp" 20d7857201SEd Tanous #include "utility.hpp" 219b12d1f9SKrzysztof Grobelny #include "utils/dbus_utils.hpp" 223ccb3adbSEd Tanous #include "utils/json_utils.hpp" 233ccb3adbSEd Tanous #include "utils/time_utils.hpp" 249b12d1f9SKrzysztof Grobelny 25d7857201SEd Tanous #include <systemd/sd-bus.h> 26d7857201SEd Tanous 27d7857201SEd Tanous #include <boost/asio/error.hpp> 28d7857201SEd Tanous #include <boost/asio/steady_timer.hpp> 29d7857201SEd Tanous #include <boost/beast/http/field.hpp> 30d7857201SEd Tanous #include <boost/beast/http/status.hpp> 31d7857201SEd Tanous #include <boost/beast/http/verb.hpp> 32d7857201SEd Tanous #include <boost/system/result.hpp> 33ef4c65b7SEd Tanous #include <boost/url/format.hpp> 34d7857201SEd Tanous #include <boost/url/parse.hpp> 35d7857201SEd Tanous #include <boost/url/url.hpp> 36d7857201SEd Tanous #include <nlohmann/json.hpp> 373ccb3adbSEd Tanous #include <sdbusplus/bus/match.hpp> 38d7857201SEd Tanous #include <sdbusplus/message.hpp> 39d7857201SEd Tanous #include <sdbusplus/message/native_types.hpp> 409b12d1f9SKrzysztof Grobelny #include <sdbusplus/unpack_properties.hpp> 411214b7e7SGunnar Mills 427a1dbc48SGeorge Liu #include <array> 43d7857201SEd Tanous #include <chrono> 44d7857201SEd Tanous #include <cstddef> 45d7857201SEd Tanous #include <cstdint> 46d7857201SEd Tanous #include <cstdlib> 47d7857201SEd Tanous #include <filesystem> 48d7857201SEd Tanous #include <format> 49d7857201SEd Tanous #include <fstream> 50d7857201SEd Tanous #include <functional> 51d7857201SEd Tanous #include <iterator> 523ccb3adbSEd Tanous #include <memory> 53d7857201SEd Tanous #include <optional> 54d7857201SEd Tanous #include <string> 557a1dbc48SGeorge Liu #include <string_view> 56d7857201SEd Tanous #include <system_error> 57d7857201SEd Tanous #include <utility> 58d7857201SEd Tanous #include <vector> 597a1dbc48SGeorge Liu 605968caeeSMarri Devender Rao namespace redfish 615968caeeSMarri Devender Rao { 625968caeeSMarri Devender Rao namespace certs 635968caeeSMarri Devender Rao { 6489492a15SPatrick Williams constexpr const char* certInstallIntf = "xyz.openbmc_project.Certs.Install"; 6589492a15SPatrick Williams constexpr const char* certReplaceIntf = "xyz.openbmc_project.Certs.Replace"; 6689492a15SPatrick Williams constexpr const char* objDeleteIntf = "xyz.openbmc_project.Object.Delete"; 6789492a15SPatrick Williams constexpr const char* certPropIntf = "xyz.openbmc_project.Certs.Certificate"; 6889492a15SPatrick Williams constexpr const char* dbusPropIntf = "org.freedesktop.DBus.Properties"; 6989492a15SPatrick Williams constexpr const char* dbusObjManagerIntf = "org.freedesktop.DBus.ObjectManager"; 7089492a15SPatrick Williams constexpr const char* httpsServiceName = 7137cce918SMarri Devender Rao "xyz.openbmc_project.Certs.Manager.Server.Https"; 7289492a15SPatrick Williams constexpr const char* ldapServiceName = 7337cce918SMarri Devender Rao "xyz.openbmc_project.Certs.Manager.Client.Ldap"; 7489492a15SPatrick Williams constexpr const char* authorityServiceName = 75b2254ccdSMichal Orzel "xyz.openbmc_project.Certs.Manager.Authority.Truststore"; 7689492a15SPatrick Williams constexpr const char* baseObjectPath = "/xyz/openbmc_project/certs"; 7789492a15SPatrick Williams constexpr const char* httpsObjectPath = 78c6a8dfb1SJiaqing Zhao "/xyz/openbmc_project/certs/server/https"; 7989492a15SPatrick Williams constexpr const char* ldapObjectPath = "/xyz/openbmc_project/certs/client/ldap"; 8089492a15SPatrick Williams constexpr const char* authorityObjectPath = 81b2254ccdSMichal Orzel "/xyz/openbmc_project/certs/authority/truststore"; 825968caeeSMarri Devender Rao } // namespace certs 835968caeeSMarri Devender Rao 845968caeeSMarri Devender Rao /** 855968caeeSMarri Devender Rao * The Certificate schema defines a Certificate Service which represents the 865968caeeSMarri Devender Rao * actions available to manage certificates and links to where certificates 875968caeeSMarri Devender Rao * are installed. 885968caeeSMarri Devender Rao */ 897e860f15SJohn Edward Broadbent 908d1b46d7Szhanghch05 inline std::string getCertificateFromReqBody( 918d1b46d7Szhanghch05 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 9258eb238fSKowalski, Kamil const crow::Request& req) 9358eb238fSKowalski, Kamil { 941aa0c2b8SEd Tanous nlohmann::json reqJson; 951aa0c2b8SEd Tanous JsonParseResult ret = parseRequestAsJson(req, reqJson); 961aa0c2b8SEd Tanous if (ret != JsonParseResult::Success) 9758eb238fSKowalski, Kamil { 9858eb238fSKowalski, Kamil // We did not receive JSON request, proceed as it is RAW data 9933c6b580SEd Tanous return req.body(); 10058eb238fSKowalski, Kamil } 10158eb238fSKowalski, Kamil 10258eb238fSKowalski, Kamil std::string certificate; 10358eb238fSKowalski, Kamil std::optional<std::string> certificateType = "PEM"; 10458eb238fSKowalski, Kamil 105afc474aeSMyung Bae if (!json_util::readJsonPatch( // 106afc474aeSMyung Bae req, asyncResp->res, // 107afc474aeSMyung Bae "CertificateString", certificate, // 108afc474aeSMyung Bae "CertificateType", certificateType // 109afc474aeSMyung Bae )) 11058eb238fSKowalski, Kamil { 11162598e31SEd Tanous BMCWEB_LOG_ERROR("Required parameters are missing"); 11258eb238fSKowalski, Kamil messages::internalError(asyncResp->res); 113abb93cddSEd Tanous return {}; 11458eb238fSKowalski, Kamil } 11558eb238fSKowalski, Kamil 11658eb238fSKowalski, Kamil if (*certificateType != "PEM") 11758eb238fSKowalski, Kamil { 11858eb238fSKowalski, Kamil messages::propertyValueNotInList(asyncResp->res, *certificateType, 11958eb238fSKowalski, Kamil "CertificateType"); 120abb93cddSEd Tanous return {}; 12158eb238fSKowalski, Kamil } 12258eb238fSKowalski, Kamil 12358eb238fSKowalski, Kamil return certificate; 12458eb238fSKowalski, Kamil } 12558eb238fSKowalski, Kamil 1265968caeeSMarri Devender Rao /** 1275968caeeSMarri Devender Rao * Class to create a temporary certificate file for uploading to system 1285968caeeSMarri Devender Rao */ 1295968caeeSMarri Devender Rao class CertificateFile 1305968caeeSMarri Devender Rao { 1315968caeeSMarri Devender Rao public: 1325968caeeSMarri Devender Rao CertificateFile() = delete; 1335968caeeSMarri Devender Rao CertificateFile(const CertificateFile&) = delete; 1345968caeeSMarri Devender Rao CertificateFile& operator=(const CertificateFile&) = delete; 1355968caeeSMarri Devender Rao CertificateFile(CertificateFile&&) = delete; 1365968caeeSMarri Devender Rao CertificateFile& operator=(CertificateFile&&) = delete; 1374e23a444SEd Tanous explicit CertificateFile(const std::string& certString) 1385968caeeSMarri Devender Rao { 13972d52d25SEd Tanous std::array<char, 18> dirTemplate = {'/', 't', 'm', 'p', '/', 'C', 1405207438cSEd Tanous 'e', 'r', 't', 's', '.', 'X', 1415207438cSEd Tanous 'X', 'X', 'X', 'X', 'X', '\0'}; 14292e11bf8SMyung Bae // NOLINTNEXTLINE(misc-include-cleaner) 1435207438cSEd Tanous char* tempDirectory = mkdtemp(dirTemplate.data()); 144e662eae8SEd Tanous if (tempDirectory != nullptr) 1455968caeeSMarri Devender Rao { 1465968caeeSMarri Devender Rao certDirectory = tempDirectory; 1475968caeeSMarri Devender Rao certificateFile = certDirectory / "cert.pem"; 148bd79bce8SPatrick Williams std::ofstream out(certificateFile, 149bd79bce8SPatrick Williams std::ofstream::out | std::ofstream::binary | 1505968caeeSMarri Devender Rao std::ofstream::trunc); 1515968caeeSMarri Devender Rao out << certString; 1525968caeeSMarri Devender Rao out.close(); 15362598e31SEd Tanous BMCWEB_LOG_DEBUG("Creating certificate file{}", 15462598e31SEd Tanous certificateFile.string()); 1555968caeeSMarri Devender Rao } 1565968caeeSMarri Devender Rao } 1575968caeeSMarri Devender Rao ~CertificateFile() 1585968caeeSMarri Devender Rao { 1595968caeeSMarri Devender Rao if (std::filesystem::exists(certDirectory)) 1605968caeeSMarri Devender Rao { 16162598e31SEd Tanous BMCWEB_LOG_DEBUG("Removing certificate file{}", 16262598e31SEd Tanous certificateFile.string()); 16323a21a1cSEd Tanous std::error_code ec; 16423a21a1cSEd Tanous std::filesystem::remove_all(certDirectory, ec); 16523a21a1cSEd Tanous if (ec) 1665968caeeSMarri Devender Rao { 16762598e31SEd Tanous BMCWEB_LOG_ERROR("Failed to remove temp directory{}", 16862598e31SEd Tanous certDirectory.string()); 1695968caeeSMarri Devender Rao } 1705968caeeSMarri Devender Rao } 1715968caeeSMarri Devender Rao } 1725968caeeSMarri Devender Rao std::string getCertFilePath() 1735968caeeSMarri Devender Rao { 1745968caeeSMarri Devender Rao return certificateFile; 1755968caeeSMarri Devender Rao } 1765968caeeSMarri Devender Rao 1775968caeeSMarri Devender Rao private: 1785968caeeSMarri Devender Rao std::filesystem::path certificateFile; 1795968caeeSMarri Devender Rao std::filesystem::path certDirectory; 1805968caeeSMarri Devender Rao }; 1815968caeeSMarri Devender Rao 1825968caeeSMarri Devender Rao /** 1834e0453b1SGunnar Mills * @brief Parse and update Certificate Issue/Subject property 1845968caeeSMarri Devender Rao * 1855968caeeSMarri Devender Rao * @param[in] asyncResp Shared pointer to the response message 1865968caeeSMarri Devender Rao * @param[in] str Issuer/Subject value in key=value pairs 1875968caeeSMarri Devender Rao * @param[in] type Issuer/Subject 1885968caeeSMarri Devender Rao * @return None 1895968caeeSMarri Devender Rao */ 1904ff0f1f4SEd Tanous inline void updateCertIssuerOrSubject(nlohmann::json& out, 19126ccae32SEd Tanous std::string_view value) 1925968caeeSMarri Devender Rao { 1935968caeeSMarri Devender Rao // example: O=openbmc-project.xyz,CN=localhost 1945968caeeSMarri Devender Rao std::string_view::iterator i = value.begin(); 1955968caeeSMarri Devender Rao while (i != value.end()) 1965968caeeSMarri Devender Rao { 1975968caeeSMarri Devender Rao std::string_view::iterator tokenBegin = i; 1985968caeeSMarri Devender Rao while (i != value.end() && *i != '=') 1995968caeeSMarri Devender Rao { 2006da47babSPatrick Williams std::advance(i, 1); 2015968caeeSMarri Devender Rao } 2025968caeeSMarri Devender Rao if (i == value.end()) 2035968caeeSMarri Devender Rao { 2045968caeeSMarri Devender Rao break; 2055968caeeSMarri Devender Rao } 20626ccae32SEd Tanous std::string_view key(tokenBegin, static_cast<size_t>(i - tokenBegin)); 2076da47babSPatrick Williams std::advance(i, 1); 2085968caeeSMarri Devender Rao tokenBegin = i; 2095968caeeSMarri Devender Rao while (i != value.end() && *i != ',') 2105968caeeSMarri Devender Rao { 2116da47babSPatrick Williams std::advance(i, 1); 2125968caeeSMarri Devender Rao } 21326ccae32SEd Tanous std::string_view val(tokenBegin, static_cast<size_t>(i - tokenBegin)); 2145968caeeSMarri Devender Rao if (key == "L") 2155968caeeSMarri Devender Rao { 2165968caeeSMarri Devender Rao out["City"] = val; 2175968caeeSMarri Devender Rao } 2185968caeeSMarri Devender Rao else if (key == "CN") 2195968caeeSMarri Devender Rao { 2205968caeeSMarri Devender Rao out["CommonName"] = val; 2215968caeeSMarri Devender Rao } 2225968caeeSMarri Devender Rao else if (key == "C") 2235968caeeSMarri Devender Rao { 2245968caeeSMarri Devender Rao out["Country"] = val; 2255968caeeSMarri Devender Rao } 2265968caeeSMarri Devender Rao else if (key == "O") 2275968caeeSMarri Devender Rao { 2285968caeeSMarri Devender Rao out["Organization"] = val; 2295968caeeSMarri Devender Rao } 2305968caeeSMarri Devender Rao else if (key == "OU") 2315968caeeSMarri Devender Rao { 2325968caeeSMarri Devender Rao out["OrganizationalUnit"] = val; 2335968caeeSMarri Devender Rao } 2345968caeeSMarri Devender Rao else if (key == "ST") 2355968caeeSMarri Devender Rao { 2365968caeeSMarri Devender Rao out["State"] = val; 2375968caeeSMarri Devender Rao } 2385968caeeSMarri Devender Rao // skip comma character 2395968caeeSMarri Devender Rao if (i != value.end()) 2405968caeeSMarri Devender Rao { 2416da47babSPatrick Williams std::advance(i, 1); 2425968caeeSMarri Devender Rao } 2435968caeeSMarri Devender Rao } 2445968caeeSMarri Devender Rao } 2455968caeeSMarri Devender Rao 2465968caeeSMarri Devender Rao /** 247d3f92ce7SJiaqing Zhao * @brief Retrieve the installed certificate list 248d3f92ce7SJiaqing Zhao * 249d3f92ce7SJiaqing Zhao * @param[in] asyncResp Shared pointer to the response message 250d3f92ce7SJiaqing Zhao * @param[in] basePath DBus object path to search 251d3f92ce7SJiaqing Zhao * @param[in] listPtr Json pointer to the list in asyncResp 252d3f92ce7SJiaqing Zhao * @param[in] countPtr Json pointer to the count in asyncResp 253d3f92ce7SJiaqing Zhao * @return None 254d3f92ce7SJiaqing Zhao */ 2554ff0f1f4SEd Tanous inline void getCertificateList( 256bd79bce8SPatrick Williams const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 257bd79bce8SPatrick Williams const std::string& basePath, const nlohmann::json::json_pointer& listPtr, 258d3f92ce7SJiaqing Zhao const nlohmann::json::json_pointer& countPtr) 259d3f92ce7SJiaqing Zhao { 2607a1dbc48SGeorge Liu constexpr std::array<std::string_view, 1> interfaces = { 2617a1dbc48SGeorge Liu certs::certPropIntf}; 2627a1dbc48SGeorge Liu dbus::utility::getSubTreePaths( 2637a1dbc48SGeorge Liu basePath, 0, interfaces, 264d3f92ce7SJiaqing Zhao [asyncResp, listPtr, countPtr]( 2657a1dbc48SGeorge Liu const boost::system::error_code& ec, 266d3f92ce7SJiaqing Zhao const dbus::utility::MapperGetSubTreePathsResponse& certPaths) { 267d3f92ce7SJiaqing Zhao if (ec) 268d3f92ce7SJiaqing Zhao { 26962598e31SEd Tanous BMCWEB_LOG_ERROR("Certificate collection query failed: {}", ec); 270d3f92ce7SJiaqing Zhao messages::internalError(asyncResp->res); 271d3f92ce7SJiaqing Zhao return; 272d3f92ce7SJiaqing Zhao } 273d3f92ce7SJiaqing Zhao 274d3f92ce7SJiaqing Zhao nlohmann::json& links = asyncResp->res.jsonValue[listPtr]; 275d3f92ce7SJiaqing Zhao links = nlohmann::json::array(); 276d3f92ce7SJiaqing Zhao for (const auto& certPath : certPaths) 277d3f92ce7SJiaqing Zhao { 278d3f92ce7SJiaqing Zhao sdbusplus::message::object_path objPath(certPath); 279d3f92ce7SJiaqing Zhao std::string certId = objPath.filename(); 280d3f92ce7SJiaqing Zhao if (certId.empty()) 281d3f92ce7SJiaqing Zhao { 282bd79bce8SPatrick Williams BMCWEB_LOG_ERROR("Invalid certificate objPath {}", 283bd79bce8SPatrick Williams certPath); 284d3f92ce7SJiaqing Zhao continue; 285d3f92ce7SJiaqing Zhao } 286d3f92ce7SJiaqing Zhao 287d3f92ce7SJiaqing Zhao boost::urls::url certURL; 288d3f92ce7SJiaqing Zhao if (objPath.parent_path() == certs::httpsObjectPath) 289d3f92ce7SJiaqing Zhao { 290ef4c65b7SEd Tanous certURL = boost::urls::format( 291253f11b8SEd Tanous "/redfish/v1/Managers/{}/NetworkProtocol/HTTPS/Certificates/{}", 292253f11b8SEd Tanous BMCWEB_REDFISH_MANAGER_URI_NAME, certId); 293d3f92ce7SJiaqing Zhao } 294d3f92ce7SJiaqing Zhao else if (objPath.parent_path() == certs::ldapObjectPath) 295d3f92ce7SJiaqing Zhao { 296ef4c65b7SEd Tanous certURL = boost::urls::format( 297bd79bce8SPatrick Williams "/redfish/v1/AccountService/LDAP/Certificates/{}", 298bd79bce8SPatrick Williams certId); 299d3f92ce7SJiaqing Zhao } 300d3f92ce7SJiaqing Zhao else if (objPath.parent_path() == certs::authorityObjectPath) 301d3f92ce7SJiaqing Zhao { 302ef4c65b7SEd Tanous certURL = boost::urls::format( 303253f11b8SEd Tanous "/redfish/v1/Managers/{}/Truststore/Certificates/{}", 304253f11b8SEd Tanous BMCWEB_REDFISH_MANAGER_URI_NAME, certId); 305d3f92ce7SJiaqing Zhao } 306d3f92ce7SJiaqing Zhao else 307d3f92ce7SJiaqing Zhao { 308d3f92ce7SJiaqing Zhao continue; 309d3f92ce7SJiaqing Zhao } 310d3f92ce7SJiaqing Zhao 311d3f92ce7SJiaqing Zhao nlohmann::json::object_t link; 312d3f92ce7SJiaqing Zhao link["@odata.id"] = certURL; 313d3f92ce7SJiaqing Zhao links.emplace_back(std::move(link)); 314d3f92ce7SJiaqing Zhao } 315d3f92ce7SJiaqing Zhao 316d3f92ce7SJiaqing Zhao asyncResp->res.jsonValue[countPtr] = links.size(); 3177a1dbc48SGeorge Liu }); 318d3f92ce7SJiaqing Zhao } 319d3f92ce7SJiaqing Zhao 320d3f92ce7SJiaqing Zhao /** 3215968caeeSMarri Devender Rao * @brief Retrieve the certificates properties and append to the response 3225968caeeSMarri Devender Rao * message 3235968caeeSMarri Devender Rao * 3245968caeeSMarri Devender Rao * @param[in] asyncResp Shared pointer to the response message 3255968caeeSMarri Devender Rao * @param[in] objectPath Path of the D-Bus service object 3265968caeeSMarri Devender Rao * @param[in] certId Id of the certificate 3275968caeeSMarri Devender Rao * @param[in] certURL URL of the certificate object 3285968caeeSMarri Devender Rao * @param[in] name name of the certificate 3295968caeeSMarri Devender Rao * @return None 3305968caeeSMarri Devender Rao */ 3314ff0f1f4SEd Tanous inline void getCertificateProperties( 3328d1b46d7Szhanghch05 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 333e19e97e2SJiaqing Zhao const std::string& objectPath, const std::string& service, 3341e312598SJiaqing Zhao const std::string& certId, const boost::urls::url& certURL, 335e19e97e2SJiaqing Zhao const std::string& name) 3365968caeeSMarri Devender Rao { 33762598e31SEd Tanous BMCWEB_LOG_DEBUG("getCertificateProperties Path={} certId={} certURl={}", 33862598e31SEd Tanous objectPath, certId, certURL); 339deae6a78SEd Tanous dbus::utility::getAllProperties( 340deae6a78SEd Tanous service, objectPath, certs::certPropIntf, 341b9d36b47SEd Tanous [asyncResp, certURL, certId, 3425e7e2dc5SEd Tanous name](const boost::system::error_code& ec, 343b9d36b47SEd Tanous const dbus::utility::DBusPropertiesMap& properties) { 3445968caeeSMarri Devender Rao if (ec) 3455968caeeSMarri Devender Rao { 34662598e31SEd Tanous BMCWEB_LOG_ERROR("DBUS response error: {}", ec); 347bd79bce8SPatrick Williams messages::resourceNotFound(asyncResp->res, "Certificate", 348bd79bce8SPatrick Williams certId); 3495968caeeSMarri Devender Rao return; 3505968caeeSMarri Devender Rao } 3519b12d1f9SKrzysztof Grobelny 3529b12d1f9SKrzysztof Grobelny const std::string* certificateString = nullptr; 3539b12d1f9SKrzysztof Grobelny const std::vector<std::string>* keyUsage = nullptr; 3549b12d1f9SKrzysztof Grobelny const std::string* issuer = nullptr; 3559b12d1f9SKrzysztof Grobelny const std::string* subject = nullptr; 3569b12d1f9SKrzysztof Grobelny const uint64_t* validNotAfter = nullptr; 3579b12d1f9SKrzysztof Grobelny const uint64_t* validNotBefore = nullptr; 3589b12d1f9SKrzysztof Grobelny 3599b12d1f9SKrzysztof Grobelny const bool success = sdbusplus::unpackPropertiesNoThrow( 360bd79bce8SPatrick Williams dbus_utils::UnpackErrorPrinter(), properties, 361bd79bce8SPatrick Williams "CertificateString", certificateString, "KeyUsage", keyUsage, 362bd79bce8SPatrick Williams "Issuer", issuer, "Subject", subject, "ValidNotAfter", 363bd79bce8SPatrick Williams validNotAfter, "ValidNotBefore", validNotBefore); 3649b12d1f9SKrzysztof Grobelny 3659b12d1f9SKrzysztof Grobelny if (!success) 3669b12d1f9SKrzysztof Grobelny { 3679b12d1f9SKrzysztof Grobelny messages::internalError(asyncResp->res); 3689b12d1f9SKrzysztof Grobelny return; 3699b12d1f9SKrzysztof Grobelny } 3709b12d1f9SKrzysztof Grobelny 3711476687dSEd Tanous asyncResp->res.jsonValue["@odata.id"] = certURL; 3721476687dSEd Tanous asyncResp->res.jsonValue["@odata.type"] = 3731476687dSEd Tanous "#Certificate.v1_0_0.Certificate"; 374e19e97e2SJiaqing Zhao asyncResp->res.jsonValue["Id"] = certId; 3751476687dSEd Tanous asyncResp->res.jsonValue["Name"] = name; 3761476687dSEd Tanous asyncResp->res.jsonValue["Description"] = name; 3775968caeeSMarri Devender Rao asyncResp->res.jsonValue["CertificateString"] = ""; 3789b12d1f9SKrzysztof Grobelny asyncResp->res.jsonValue["KeyUsage"] = nlohmann::json::array(); 3799b12d1f9SKrzysztof Grobelny 3809b12d1f9SKrzysztof Grobelny if (certificateString != nullptr) 3815968caeeSMarri Devender Rao { 382bd79bce8SPatrick Williams asyncResp->res.jsonValue["CertificateString"] = 383bd79bce8SPatrick Williams *certificateString; 3845968caeeSMarri Devender Rao } 3859b12d1f9SKrzysztof Grobelny 3869b12d1f9SKrzysztof Grobelny if (keyUsage != nullptr) 3875968caeeSMarri Devender Rao { 3889b12d1f9SKrzysztof Grobelny asyncResp->res.jsonValue["KeyUsage"] = *keyUsage; 3895968caeeSMarri Devender Rao } 3909b12d1f9SKrzysztof Grobelny 3919b12d1f9SKrzysztof Grobelny if (issuer != nullptr) 3925968caeeSMarri Devender Rao { 3939b12d1f9SKrzysztof Grobelny updateCertIssuerOrSubject(asyncResp->res.jsonValue["Issuer"], 3949b12d1f9SKrzysztof Grobelny *issuer); 3955968caeeSMarri Devender Rao } 3969b12d1f9SKrzysztof Grobelny 3979b12d1f9SKrzysztof Grobelny if (subject != nullptr) 3985968caeeSMarri Devender Rao { 3999b12d1f9SKrzysztof Grobelny updateCertIssuerOrSubject(asyncResp->res.jsonValue["Subject"], 4009b12d1f9SKrzysztof Grobelny *subject); 4015968caeeSMarri Devender Rao } 4029b12d1f9SKrzysztof Grobelny 4039b12d1f9SKrzysztof Grobelny if (validNotAfter != nullptr) 4045968caeeSMarri Devender Rao { 4055968caeeSMarri Devender Rao asyncResp->res.jsonValue["ValidNotAfter"] = 4069b12d1f9SKrzysztof Grobelny redfish::time_utils::getDateTimeUint(*validNotAfter); 4075968caeeSMarri Devender Rao } 4089b12d1f9SKrzysztof Grobelny 4099b12d1f9SKrzysztof Grobelny if (validNotBefore != nullptr) 4105968caeeSMarri Devender Rao { 4115968caeeSMarri Devender Rao asyncResp->res.jsonValue["ValidNotBefore"] = 4129b12d1f9SKrzysztof Grobelny redfish::time_utils::getDateTimeUint(*validNotBefore); 4135968caeeSMarri Devender Rao } 4149b12d1f9SKrzysztof Grobelny 4151e312598SJiaqing Zhao asyncResp->res.addHeader( 416d9f6c621SEd Tanous boost::beast::http::field::location, 417d9f6c621SEd Tanous std::string_view(certURL.data(), certURL.size())); 4189b12d1f9SKrzysztof Grobelny }); 4195968caeeSMarri Devender Rao } 4205968caeeSMarri Devender Rao 421504af5a0SPatrick Williams inline void deleteCertificate( 422504af5a0SPatrick Williams const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 4237a3a8f7aSJiaqing Zhao const std::string& service, 4247a3a8f7aSJiaqing Zhao const sdbusplus::message::object_path& objectPath) 4257a3a8f7aSJiaqing Zhao { 426*177612aaSEd Tanous dbus::utility::async_method_call( 427*177612aaSEd Tanous asyncResp, 4287a3a8f7aSJiaqing Zhao [asyncResp, 4295e7e2dc5SEd Tanous id{objectPath.filename()}](const boost::system::error_code& ec) { 4307a3a8f7aSJiaqing Zhao if (ec) 4317a3a8f7aSJiaqing Zhao { 4327a3a8f7aSJiaqing Zhao messages::resourceNotFound(asyncResp->res, "Certificate", id); 4337a3a8f7aSJiaqing Zhao return; 4347a3a8f7aSJiaqing Zhao } 43562598e31SEd Tanous BMCWEB_LOG_INFO("Certificate deleted"); 4367a3a8f7aSJiaqing Zhao asyncResp->res.result(boost::beast::http::status::no_content); 4377a3a8f7aSJiaqing Zhao }, 4387a3a8f7aSJiaqing Zhao service, objectPath, certs::objDeleteIntf, "Delete"); 4397a3a8f7aSJiaqing Zhao } 4407a3a8f7aSJiaqing Zhao 441828252d5SJiaqing Zhao inline void handleCertificateServiceGet( 442828252d5SJiaqing Zhao App& app, const crow::Request& req, 443828252d5SJiaqing Zhao const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) 4445968caeeSMarri Devender Rao { 445828252d5SJiaqing Zhao if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 446828252d5SJiaqing Zhao { 447828252d5SJiaqing Zhao return; 448828252d5SJiaqing Zhao } 449828252d5SJiaqing Zhao 4503e72c202SNinad Palsule if (req.session == nullptr) 4513e72c202SNinad Palsule { 4523e72c202SNinad Palsule messages::internalError(asyncResp->res); 4533e72c202SNinad Palsule return; 4543e72c202SNinad Palsule } 4553e72c202SNinad Palsule 456828252d5SJiaqing Zhao asyncResp->res.jsonValue["@odata.type"] = 457828252d5SJiaqing Zhao "#CertificateService.v1_0_0.CertificateService"; 458828252d5SJiaqing Zhao asyncResp->res.jsonValue["@odata.id"] = "/redfish/v1/CertificateService"; 459828252d5SJiaqing Zhao asyncResp->res.jsonValue["Id"] = "CertificateService"; 460828252d5SJiaqing Zhao asyncResp->res.jsonValue["Name"] = "Certificate Service"; 461828252d5SJiaqing Zhao asyncResp->res.jsonValue["Description"] = 462828252d5SJiaqing Zhao "Actions available to manage certificates"; 463828252d5SJiaqing Zhao // /redfish/v1/CertificateService/CertificateLocations is something 464828252d5SJiaqing Zhao // only ConfigureManager can access then only display when the user 465828252d5SJiaqing Zhao // has permissions ConfigureManager 466828252d5SJiaqing Zhao Privileges effectiveUserPrivileges = 4673e72c202SNinad Palsule redfish::getUserPrivileges(*req.session); 468828252d5SJiaqing Zhao if (isOperationAllowedWithPrivileges({{"ConfigureManager"}}, 469828252d5SJiaqing Zhao effectiveUserPrivileges)) 470828252d5SJiaqing Zhao { 471828252d5SJiaqing Zhao asyncResp->res.jsonValue["CertificateLocations"]["@odata.id"] = 472828252d5SJiaqing Zhao "/redfish/v1/CertificateService/CertificateLocations"; 473828252d5SJiaqing Zhao } 474828252d5SJiaqing Zhao nlohmann::json& actions = asyncResp->res.jsonValue["Actions"]; 475828252d5SJiaqing Zhao nlohmann::json& replace = actions["#CertificateService.ReplaceCertificate"]; 476828252d5SJiaqing Zhao replace["target"] = 477828252d5SJiaqing Zhao "/redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate"; 478828252d5SJiaqing Zhao nlohmann::json::array_t allowed; 479ad539545SPatrick Williams allowed.emplace_back("PEM"); 480828252d5SJiaqing Zhao replace["CertificateType@Redfish.AllowableValues"] = std::move(allowed); 481828252d5SJiaqing Zhao actions["#CertificateService.GenerateCSR"]["target"] = 482828252d5SJiaqing Zhao "/redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR"; 483828252d5SJiaqing Zhao } 484828252d5SJiaqing Zhao 485828252d5SJiaqing Zhao inline void handleCertificateLocationsGet( 486828252d5SJiaqing Zhao App& app, const crow::Request& req, 487828252d5SJiaqing Zhao const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) 488828252d5SJiaqing Zhao { 489828252d5SJiaqing Zhao if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 490828252d5SJiaqing Zhao { 491828252d5SJiaqing Zhao return; 492828252d5SJiaqing Zhao } 493828252d5SJiaqing Zhao asyncResp->res.jsonValue["@odata.id"] = 494828252d5SJiaqing Zhao "/redfish/v1/CertificateService/CertificateLocations"; 495828252d5SJiaqing Zhao asyncResp->res.jsonValue["@odata.type"] = 496828252d5SJiaqing Zhao "#CertificateLocations.v1_0_0.CertificateLocations"; 497828252d5SJiaqing Zhao asyncResp->res.jsonValue["Name"] = "Certificate Locations"; 498828252d5SJiaqing Zhao asyncResp->res.jsonValue["Id"] = "CertificateLocations"; 499828252d5SJiaqing Zhao asyncResp->res.jsonValue["Description"] = 500828252d5SJiaqing Zhao "Defines a resource that an administrator can use in order to " 501828252d5SJiaqing Zhao "locate all certificates installed on a given service"; 502828252d5SJiaqing Zhao 503828252d5SJiaqing Zhao getCertificateList(asyncResp, certs::baseObjectPath, 504828252d5SJiaqing Zhao "/Links/Certificates"_json_pointer, 505828252d5SJiaqing Zhao "/Links/Certificates@odata.count"_json_pointer); 506828252d5SJiaqing Zhao } 507828252d5SJiaqing Zhao 50826d3b0fbSChandra Harkude inline void handleError(const std::string_view dbusErrorName, 50926d3b0fbSChandra Harkude const std::string& id, const std::string& certificate, 51026d3b0fbSChandra Harkude const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) 51126d3b0fbSChandra Harkude { 51226d3b0fbSChandra Harkude if (dbusErrorName == "org.freedesktop.DBus.Error.UnknownObject") 51326d3b0fbSChandra Harkude { 51426d3b0fbSChandra Harkude messages::resourceNotFound(asyncResp->res, "Certificate", id); 51526d3b0fbSChandra Harkude } 51626d3b0fbSChandra Harkude else if (dbusErrorName == 51726d3b0fbSChandra Harkude "xyz.openbmc_project.Certs.Error.InvalidCertificate") 51826d3b0fbSChandra Harkude { 51926d3b0fbSChandra Harkude messages::propertyValueIncorrect(asyncResp->res, "Certificate", 52026d3b0fbSChandra Harkude certificate); 52126d3b0fbSChandra Harkude } 52226d3b0fbSChandra Harkude else 52326d3b0fbSChandra Harkude { 52426d3b0fbSChandra Harkude messages::internalError(asyncResp->res); 52526d3b0fbSChandra Harkude } 52626d3b0fbSChandra Harkude } 52726d3b0fbSChandra Harkude 528828252d5SJiaqing Zhao inline void handleReplaceCertificateAction( 529828252d5SJiaqing Zhao App& app, const crow::Request& req, 530828252d5SJiaqing Zhao const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) 531828252d5SJiaqing Zhao { 5323ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 53345ca1b86SEd Tanous { 53445ca1b86SEd Tanous return; 53545ca1b86SEd Tanous } 5365968caeeSMarri Devender Rao std::string certificate; 5377a31e336SEd Tanous std::string certURI; 5385968caeeSMarri Devender Rao std::optional<std::string> certificateType = "PEM"; 5398d1b46d7Szhanghch05 540afc474aeSMyung Bae if (!json_util::readJsonAction( // 541afc474aeSMyung Bae req, asyncResp->res, // 542afc474aeSMyung Bae "CertificateString", certificate, // 543afc474aeSMyung Bae "CertificateType", certificateType, // 544afc474aeSMyung Bae "CertificateUri/@odata.id", certURI // 545afc474aeSMyung Bae )) 5465968caeeSMarri Devender Rao { 54762598e31SEd Tanous BMCWEB_LOG_ERROR("Required parameters are missing"); 5485968caeeSMarri Devender Rao return; 5495968caeeSMarri Devender Rao } 5505968caeeSMarri Devender Rao 5515968caeeSMarri Devender Rao if (!certificateType) 5525968caeeSMarri Devender Rao { 5535968caeeSMarri Devender Rao // should never happen, but it never hurts to be paranoid. 5545968caeeSMarri Devender Rao return; 5555968caeeSMarri Devender Rao } 5565968caeeSMarri Devender Rao if (certificateType != "PEM") 5575968caeeSMarri Devender Rao { 558828252d5SJiaqing Zhao messages::actionParameterNotSupported(asyncResp->res, "CertificateType", 559828252d5SJiaqing Zhao "ReplaceCertificate"); 5605968caeeSMarri Devender Rao return; 5615968caeeSMarri Devender Rao } 5625968caeeSMarri Devender Rao 56362598e31SEd Tanous BMCWEB_LOG_INFO("Certificate URI to replace: {}", certURI); 5645968caeeSMarri Devender Rao 5656fd29553SEd Tanous boost::system::result<boost::urls::url> parsedUrl = 56675b63a2cSJiaqing Zhao boost::urls::parse_relative_ref(certURI); 56775b63a2cSJiaqing Zhao if (!parsedUrl) 5685968caeeSMarri Devender Rao { 569828252d5SJiaqing Zhao messages::actionParameterValueFormatError( 570828252d5SJiaqing Zhao asyncResp->res, certURI, "CertificateUri", "ReplaceCertificate"); 5715968caeeSMarri Devender Rao return; 5725968caeeSMarri Devender Rao } 57375b63a2cSJiaqing Zhao 57475b63a2cSJiaqing Zhao std::string id; 57575b63a2cSJiaqing Zhao sdbusplus::message::object_path objectPath; 5765968caeeSMarri Devender Rao std::string name; 57737cce918SMarri Devender Rao std::string service; 578828252d5SJiaqing Zhao if (crow::utility::readUrlSegments(*parsedUrl, "redfish", "v1", "Managers", 579828252d5SJiaqing Zhao "bmc", "NetworkProtocol", "HTTPS", 580828252d5SJiaqing Zhao "Certificates", std::ref(id))) 5815968caeeSMarri Devender Rao { 58289492a15SPatrick Williams objectPath = sdbusplus::message::object_path(certs::httpsObjectPath) / 58389492a15SPatrick Williams id; 5845968caeeSMarri Devender Rao name = "HTTPS certificate"; 58537cce918SMarri Devender Rao service = certs::httpsServiceName; 58637cce918SMarri Devender Rao } 58775b63a2cSJiaqing Zhao else if (crow::utility::readUrlSegments(*parsedUrl, "redfish", "v1", 58875b63a2cSJiaqing Zhao "AccountService", "LDAP", 58975b63a2cSJiaqing Zhao "Certificates", std::ref(id))) 59037cce918SMarri Devender Rao { 59189492a15SPatrick Williams objectPath = sdbusplus::message::object_path(certs::ldapObjectPath) / 59289492a15SPatrick Williams id; 59337cce918SMarri Devender Rao name = "LDAP certificate"; 59437cce918SMarri Devender Rao service = certs::ldapServiceName; 5955968caeeSMarri Devender Rao } 59675b63a2cSJiaqing Zhao else if (crow::utility::readUrlSegments(*parsedUrl, "redfish", "v1", 59775b63a2cSJiaqing Zhao "Managers", "bmc", "Truststore", 59875b63a2cSJiaqing Zhao "Certificates", std::ref(id))) 599cfcd5f6bSMarri Devender Rao { 60075b63a2cSJiaqing Zhao objectPath = 601828252d5SJiaqing Zhao sdbusplus::message::object_path(certs::authorityObjectPath) / id; 602cfcd5f6bSMarri Devender Rao name = "TrustStore certificate"; 603cfcd5f6bSMarri Devender Rao service = certs::authorityServiceName; 604cfcd5f6bSMarri Devender Rao } 6055968caeeSMarri Devender Rao else 6065968caeeSMarri Devender Rao { 607828252d5SJiaqing Zhao messages::actionParameterNotSupported(asyncResp->res, "CertificateUri", 608828252d5SJiaqing Zhao "ReplaceCertificate"); 6095968caeeSMarri Devender Rao return; 6105968caeeSMarri Devender Rao } 6115968caeeSMarri Devender Rao 6125968caeeSMarri Devender Rao std::shared_ptr<CertificateFile> certFile = 6135968caeeSMarri Devender Rao std::make_shared<CertificateFile>(certificate); 614*177612aaSEd Tanous dbus::utility::async_method_call( 615*177612aaSEd Tanous asyncResp, 61626d3b0fbSChandra Harkude [asyncResp, certFile, objectPath, service, url{*parsedUrl}, id, name, 61726d3b0fbSChandra Harkude certificate](const boost::system::error_code& ec, 618d3e0859cSPatrick Williams sdbusplus::message_t& m) { 6195968caeeSMarri Devender Rao if (ec) 6205968caeeSMarri Devender Rao { 62162598e31SEd Tanous BMCWEB_LOG_ERROR("DBUS response error: {}", ec); 62226d3b0fbSChandra Harkude const sd_bus_error* dbusError = m.get_error(); 62326d3b0fbSChandra Harkude if ((dbusError != nullptr) && (dbusError->name != nullptr)) 62490d2d1e8SJiaqing Zhao { 62526d3b0fbSChandra Harkude handleError(dbusError->name, id, certificate, asyncResp); 6265968caeeSMarri Devender Rao } 62726d3b0fbSChandra Harkude else 62826d3b0fbSChandra Harkude { 62990d2d1e8SJiaqing Zhao messages::internalError(asyncResp->res); 63026d3b0fbSChandra Harkude } 63190d2d1e8SJiaqing Zhao return; 63290d2d1e8SJiaqing Zhao } 633bd79bce8SPatrick Williams getCertificateProperties(asyncResp, objectPath, service, id, url, 634bd79bce8SPatrick Williams name); 63562598e31SEd Tanous BMCWEB_LOG_DEBUG("HTTPS certificate install file={}", 63662598e31SEd Tanous certFile->getCertFilePath()); 6375968caeeSMarri Devender Rao }, 6385968caeeSMarri Devender Rao service, objectPath, certs::certReplaceIntf, "Replace", 6395968caeeSMarri Devender Rao certFile->getCertFilePath()); 640828252d5SJiaqing Zhao } 6415968caeeSMarri Devender Rao 642cf9e417dSEd Tanous // NOLINTNEXTLINE(cppcoreguidelines-avoid-non-const-global-variables) 643828252d5SJiaqing Zhao static std::unique_ptr<sdbusplus::bus::match_t> csrMatcher; 6445968caeeSMarri Devender Rao /** 645828252d5SJiaqing Zhao * @brief Read data from CSR D-bus object and set to response 646828252d5SJiaqing Zhao * 647828252d5SJiaqing Zhao * @param[in] asyncResp Shared pointer to the response message 6488ece0e45SEd Tanous * @param[in] certURI Link to certificate collection URI 649828252d5SJiaqing Zhao * @param[in] service D-Bus service name 650828252d5SJiaqing Zhao * @param[in] certObjPath certificate D-Bus object path 651828252d5SJiaqing Zhao * @param[in] csrObjPath CSR D-Bus object path 652828252d5SJiaqing Zhao * @return None 6535968caeeSMarri Devender Rao */ 6544ff0f1f4SEd Tanous inline void getCSR(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 655828252d5SJiaqing Zhao const std::string& certURI, const std::string& service, 656828252d5SJiaqing Zhao const std::string& certObjPath, 657828252d5SJiaqing Zhao const std::string& csrObjPath) 6585968caeeSMarri Devender Rao { 65962598e31SEd Tanous BMCWEB_LOG_DEBUG("getCSR CertObjectPath{} CSRObjectPath={} service={}", 66062598e31SEd Tanous certObjPath, csrObjPath, service); 661*177612aaSEd Tanous dbus::utility::async_method_call( 662*177612aaSEd Tanous asyncResp, 663bd79bce8SPatrick Williams [asyncResp, 664bd79bce8SPatrick Williams certURI](const boost::system::error_code& ec, const std::string& csr) { 665828252d5SJiaqing Zhao if (ec) 666828252d5SJiaqing Zhao { 66762598e31SEd Tanous BMCWEB_LOG_ERROR("DBUS response error: {}", ec); 668828252d5SJiaqing Zhao messages::internalError(asyncResp->res); 669828252d5SJiaqing Zhao return; 670828252d5SJiaqing Zhao } 671828252d5SJiaqing Zhao if (csr.empty()) 672828252d5SJiaqing Zhao { 67362598e31SEd Tanous BMCWEB_LOG_ERROR("CSR read is empty"); 674828252d5SJiaqing Zhao messages::internalError(asyncResp->res); 675828252d5SJiaqing Zhao return; 676828252d5SJiaqing Zhao } 677828252d5SJiaqing Zhao asyncResp->res.jsonValue["CSRString"] = csr; 678828252d5SJiaqing Zhao asyncResp->res.jsonValue["CertificateCollection"]["@odata.id"] = 679828252d5SJiaqing Zhao certURI; 680828252d5SJiaqing Zhao }, 681828252d5SJiaqing Zhao service, csrObjPath, "xyz.openbmc_project.Certs.CSR", "CSR"); 682828252d5SJiaqing Zhao } 683828252d5SJiaqing Zhao 684504af5a0SPatrick Williams inline void handleGenerateCSRAction( 685504af5a0SPatrick Williams App& app, const crow::Request& req, 686828252d5SJiaqing Zhao const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) 687828252d5SJiaqing Zhao { 6883ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 68945ca1b86SEd Tanous { 69045ca1b86SEd Tanous return; 69145ca1b86SEd Tanous } 692828252d5SJiaqing Zhao static const int rsaKeyBitLength = 2048; 6935968caeeSMarri Devender Rao 694828252d5SJiaqing Zhao // Required parameters 695828252d5SJiaqing Zhao std::string city; 696828252d5SJiaqing Zhao std::string commonName; 697828252d5SJiaqing Zhao std::string country; 698828252d5SJiaqing Zhao std::string organization; 699828252d5SJiaqing Zhao std::string organizationalUnit; 700828252d5SJiaqing Zhao std::string state; 7017a31e336SEd Tanous std::string certURI; 702828252d5SJiaqing Zhao 703828252d5SJiaqing Zhao // Optional parameters 704828252d5SJiaqing Zhao std::optional<std::vector<std::string>> optAlternativeNames = 705828252d5SJiaqing Zhao std::vector<std::string>(); 706828252d5SJiaqing Zhao std::optional<std::string> optContactPerson = ""; 707828252d5SJiaqing Zhao std::optional<std::string> optChallengePassword = ""; 708828252d5SJiaqing Zhao std::optional<std::string> optEmail = ""; 709828252d5SJiaqing Zhao std::optional<std::string> optGivenName = ""; 710828252d5SJiaqing Zhao std::optional<std::string> optInitials = ""; 711828252d5SJiaqing Zhao std::optional<int64_t> optKeyBitLength = rsaKeyBitLength; 712828252d5SJiaqing Zhao std::optional<std::string> optKeyCurveId = "secp384r1"; 713828252d5SJiaqing Zhao std::optional<std::string> optKeyPairAlgorithm = "EC"; 714828252d5SJiaqing Zhao std::optional<std::vector<std::string>> optKeyUsage = 715828252d5SJiaqing Zhao std::vector<std::string>(); 716828252d5SJiaqing Zhao std::optional<std::string> optSurname = ""; 717828252d5SJiaqing Zhao std::optional<std::string> optUnstructuredName = ""; 718afc474aeSMyung Bae if (!json_util::readJsonAction( // 719afc474aeSMyung Bae req, asyncResp->res, // 720afc474aeSMyung Bae "AlternativeNames", optAlternativeNames, // 721afc474aeSMyung Bae "CertificateCollection/@odata.id", certURI, // 722afc474aeSMyung Bae "ChallengePassword", optChallengePassword, // 723afc474aeSMyung Bae "City", city, // 724afc474aeSMyung Bae "CommonName", commonName, // 725afc474aeSMyung Bae "ContactPerson", optContactPerson, // 726afc474aeSMyung Bae "Country", country, // 727afc474aeSMyung Bae "Email", optEmail, // 728afc474aeSMyung Bae "GivenName", optGivenName, // 729afc474aeSMyung Bae "Initials", optInitials, // 730afc474aeSMyung Bae "KeyBitLength", optKeyBitLength, // 731afc474aeSMyung Bae "KeyCurveId", optKeyCurveId, // 732afc474aeSMyung Bae "KeyPairAlgorithm", optKeyPairAlgorithm, // 733afc474aeSMyung Bae "KeyUsage", optKeyUsage, // 734afc474aeSMyung Bae "Organization", organization, // 735afc474aeSMyung Bae "OrganizationalUnit", organizationalUnit, // 736afc474aeSMyung Bae "State", state, // 737afc474aeSMyung Bae "Surname", optSurname, // 738afc474aeSMyung Bae "UnstructuredName", optUnstructuredName // 739afc474aeSMyung Bae )) 740828252d5SJiaqing Zhao { 741828252d5SJiaqing Zhao return; 7425968caeeSMarri Devender Rao } 7435968caeeSMarri Devender Rao 744828252d5SJiaqing Zhao // bmcweb has no way to store or decode a private key challenge 745828252d5SJiaqing Zhao // password, which will likely cause bmcweb to crash on startup 746828252d5SJiaqing Zhao // if this is not set on a post so not allowing the user to set 747828252d5SJiaqing Zhao // value 748828252d5SJiaqing Zhao if (!optChallengePassword->empty()) 7495968caeeSMarri Devender Rao { 750828252d5SJiaqing Zhao messages::actionParameterNotSupported(asyncResp->res, "GenerateCSR", 751828252d5SJiaqing Zhao "ChallengePassword"); 752828252d5SJiaqing Zhao return; 753828252d5SJiaqing Zhao } 754828252d5SJiaqing Zhao 755828252d5SJiaqing Zhao std::string objectPath; 756828252d5SJiaqing Zhao std::string service; 757253f11b8SEd Tanous if (certURI.starts_with(std::format( 758253f11b8SEd Tanous "/redfish/v1/Managers/{}/NetworkProtocol/HTTPS/Certificates", 759253f11b8SEd Tanous BMCWEB_REDFISH_MANAGER_URI_NAME))) 760828252d5SJiaqing Zhao { 761828252d5SJiaqing Zhao objectPath = certs::httpsObjectPath; 762828252d5SJiaqing Zhao service = certs::httpsServiceName; 763828252d5SJiaqing Zhao } 764828252d5SJiaqing Zhao else if (certURI.starts_with( 765828252d5SJiaqing Zhao "/redfish/v1/AccountService/LDAP/Certificates")) 766828252d5SJiaqing Zhao { 767828252d5SJiaqing Zhao objectPath = certs::ldapObjectPath; 768828252d5SJiaqing Zhao service = certs::ldapServiceName; 769828252d5SJiaqing Zhao } 770828252d5SJiaqing Zhao else 771828252d5SJiaqing Zhao { 772828252d5SJiaqing Zhao messages::actionParameterNotSupported( 773828252d5SJiaqing Zhao asyncResp->res, "CertificateCollection", "GenerateCSR"); 774828252d5SJiaqing Zhao return; 775828252d5SJiaqing Zhao } 776828252d5SJiaqing Zhao 777828252d5SJiaqing Zhao // supporting only EC and RSA algorithm 778828252d5SJiaqing Zhao if (*optKeyPairAlgorithm != "EC" && *optKeyPairAlgorithm != "RSA") 779828252d5SJiaqing Zhao { 780828252d5SJiaqing Zhao messages::actionParameterNotSupported( 781828252d5SJiaqing Zhao asyncResp->res, "KeyPairAlgorithm", "GenerateCSR"); 782828252d5SJiaqing Zhao return; 783828252d5SJiaqing Zhao } 784828252d5SJiaqing Zhao 785828252d5SJiaqing Zhao // supporting only 2048 key bit length for RSA algorithm due to 786828252d5SJiaqing Zhao // time consumed in generating private key 787828252d5SJiaqing Zhao if (*optKeyPairAlgorithm == "RSA" && *optKeyBitLength != rsaKeyBitLength) 788828252d5SJiaqing Zhao { 789e2616cc5SEd Tanous messages::propertyValueNotInList(asyncResp->res, *optKeyBitLength, 790e2616cc5SEd Tanous "KeyBitLength"); 791828252d5SJiaqing Zhao return; 792828252d5SJiaqing Zhao } 793828252d5SJiaqing Zhao 794828252d5SJiaqing Zhao // validate KeyUsage supporting only 1 type based on URL 795253f11b8SEd Tanous if (certURI.starts_with(std::format( 796253f11b8SEd Tanous "/redfish/v1/Managers/{}/NetworkProtocol/HTTPS/Certificates", 797253f11b8SEd Tanous BMCWEB_REDFISH_MANAGER_URI_NAME))) 798828252d5SJiaqing Zhao { 799828252d5SJiaqing Zhao if (optKeyUsage->empty()) 800828252d5SJiaqing Zhao { 801b2ba3072SPatrick Williams optKeyUsage->emplace_back("ServerAuthentication"); 802828252d5SJiaqing Zhao } 803828252d5SJiaqing Zhao else if (optKeyUsage->size() == 1) 804828252d5SJiaqing Zhao { 805828252d5SJiaqing Zhao if ((*optKeyUsage)[0] != "ServerAuthentication") 806828252d5SJiaqing Zhao { 807828252d5SJiaqing Zhao messages::propertyValueNotInList(asyncResp->res, 808828252d5SJiaqing Zhao (*optKeyUsage)[0], "KeyUsage"); 809828252d5SJiaqing Zhao return; 810828252d5SJiaqing Zhao } 811828252d5SJiaqing Zhao } 812828252d5SJiaqing Zhao else 813828252d5SJiaqing Zhao { 814828252d5SJiaqing Zhao messages::actionParameterNotSupported(asyncResp->res, "KeyUsage", 815828252d5SJiaqing Zhao "GenerateCSR"); 816828252d5SJiaqing Zhao return; 817828252d5SJiaqing Zhao } 818828252d5SJiaqing Zhao } 819828252d5SJiaqing Zhao else if (certURI.starts_with( 820828252d5SJiaqing Zhao "/redfish/v1/AccountService/LDAP/Certificates")) 821828252d5SJiaqing Zhao { 822828252d5SJiaqing Zhao if (optKeyUsage->empty()) 823828252d5SJiaqing Zhao { 824b2ba3072SPatrick Williams optKeyUsage->emplace_back("ClientAuthentication"); 825828252d5SJiaqing Zhao } 826828252d5SJiaqing Zhao else if (optKeyUsage->size() == 1) 827828252d5SJiaqing Zhao { 828828252d5SJiaqing Zhao if ((*optKeyUsage)[0] != "ClientAuthentication") 829828252d5SJiaqing Zhao { 830828252d5SJiaqing Zhao messages::propertyValueNotInList(asyncResp->res, 831828252d5SJiaqing Zhao (*optKeyUsage)[0], "KeyUsage"); 832828252d5SJiaqing Zhao return; 833828252d5SJiaqing Zhao } 834828252d5SJiaqing Zhao } 835828252d5SJiaqing Zhao else 836828252d5SJiaqing Zhao { 837828252d5SJiaqing Zhao messages::actionParameterNotSupported(asyncResp->res, "KeyUsage", 838828252d5SJiaqing Zhao "GenerateCSR"); 839828252d5SJiaqing Zhao return; 840828252d5SJiaqing Zhao } 841828252d5SJiaqing Zhao } 842828252d5SJiaqing Zhao 843828252d5SJiaqing Zhao // Only allow one CSR matcher at a time so setting retry 844828252d5SJiaqing Zhao // time-out and timer expiry to 10 seconds for now. 845828252d5SJiaqing Zhao static const int timeOut = 10; 846828252d5SJiaqing Zhao if (csrMatcher) 847828252d5SJiaqing Zhao { 848828252d5SJiaqing Zhao messages::serviceTemporarilyUnavailable(asyncResp->res, 849828252d5SJiaqing Zhao std::to_string(timeOut)); 850828252d5SJiaqing Zhao return; 851828252d5SJiaqing Zhao } 852828252d5SJiaqing Zhao 853828252d5SJiaqing Zhao // Make this static so it survives outside this method 854d98a2f93SEd Tanous static boost::asio::steady_timer timeout(getIoContext()); 855828252d5SJiaqing Zhao timeout.expires_after(std::chrono::seconds(timeOut)); 856828252d5SJiaqing Zhao timeout.async_wait([asyncResp](const boost::system::error_code& ec) { 857828252d5SJiaqing Zhao csrMatcher = nullptr; 858828252d5SJiaqing Zhao if (ec) 859828252d5SJiaqing Zhao { 860828252d5SJiaqing Zhao // operation_aborted is expected if timer is canceled 861828252d5SJiaqing Zhao // before completion. 862828252d5SJiaqing Zhao if (ec != boost::asio::error::operation_aborted) 863828252d5SJiaqing Zhao { 86462598e31SEd Tanous BMCWEB_LOG_ERROR("Async_wait failed {}", ec); 865828252d5SJiaqing Zhao } 866828252d5SJiaqing Zhao return; 867828252d5SJiaqing Zhao } 86862598e31SEd Tanous BMCWEB_LOG_ERROR("Timed out waiting for Generating CSR"); 869828252d5SJiaqing Zhao messages::internalError(asyncResp->res); 870828252d5SJiaqing Zhao }); 871828252d5SJiaqing Zhao 872828252d5SJiaqing Zhao // create a matcher to wait on CSR object 87362598e31SEd Tanous BMCWEB_LOG_DEBUG("create matcher with path {}", objectPath); 874828252d5SJiaqing Zhao std::string match("type='signal'," 875828252d5SJiaqing Zhao "interface='org.freedesktop.DBus.ObjectManager'," 876828252d5SJiaqing Zhao "path='" + 877828252d5SJiaqing Zhao objectPath + 878828252d5SJiaqing Zhao "'," 879828252d5SJiaqing Zhao "member='InterfacesAdded'"); 880828252d5SJiaqing Zhao csrMatcher = std::make_unique<sdbusplus::bus::match_t>( 881828252d5SJiaqing Zhao *crow::connections::systemBus, match, 882828252d5SJiaqing Zhao [asyncResp, service, objectPath, certURI](sdbusplus::message_t& m) { 883828252d5SJiaqing Zhao timeout.cancel(); 884828252d5SJiaqing Zhao if (m.is_method_error()) 885828252d5SJiaqing Zhao { 88662598e31SEd Tanous BMCWEB_LOG_ERROR("Dbus method error!!!"); 887828252d5SJiaqing Zhao messages::internalError(asyncResp->res); 888828252d5SJiaqing Zhao return; 889828252d5SJiaqing Zhao } 890828252d5SJiaqing Zhao 89180f79a40SMichael Shen dbus::utility::DBusInterfacesMap interfacesProperties; 892828252d5SJiaqing Zhao 893828252d5SJiaqing Zhao sdbusplus::message::object_path csrObjectPath; 894828252d5SJiaqing Zhao m.read(csrObjectPath, interfacesProperties); 89562598e31SEd Tanous BMCWEB_LOG_DEBUG("CSR object added{}", csrObjectPath.str); 896828252d5SJiaqing Zhao for (const auto& interface : interfacesProperties) 897828252d5SJiaqing Zhao { 898828252d5SJiaqing Zhao if (interface.first == "xyz.openbmc_project.Certs.CSR") 899828252d5SJiaqing Zhao { 900828252d5SJiaqing Zhao getCSR(asyncResp, certURI, service, objectPath, 901828252d5SJiaqing Zhao csrObjectPath.str); 902828252d5SJiaqing Zhao break; 903828252d5SJiaqing Zhao } 904828252d5SJiaqing Zhao } 905828252d5SJiaqing Zhao }); 906*177612aaSEd Tanous dbus::utility::async_method_call( 907*177612aaSEd Tanous asyncResp, 9085e7e2dc5SEd Tanous [asyncResp](const boost::system::error_code& ec, const std::string&) { 909828252d5SJiaqing Zhao if (ec) 910828252d5SJiaqing Zhao { 91162598e31SEd Tanous BMCWEB_LOG_ERROR("DBUS response error: {}", ec.message()); 912828252d5SJiaqing Zhao messages::internalError(asyncResp->res); 913828252d5SJiaqing Zhao return; 914828252d5SJiaqing Zhao } 915828252d5SJiaqing Zhao }, 916828252d5SJiaqing Zhao service, objectPath, "xyz.openbmc_project.Certs.CSR.Create", 917828252d5SJiaqing Zhao "GenerateCSR", *optAlternativeNames, *optChallengePassword, city, 918828252d5SJiaqing Zhao commonName, *optContactPerson, country, *optEmail, *optGivenName, 919828252d5SJiaqing Zhao *optInitials, *optKeyBitLength, *optKeyCurveId, *optKeyPairAlgorithm, 920828252d5SJiaqing Zhao *optKeyUsage, organization, organizationalUnit, state, *optSurname, 921828252d5SJiaqing Zhao *optUnstructuredName); 922828252d5SJiaqing Zhao } 923828252d5SJiaqing Zhao 924828252d5SJiaqing Zhao inline void requestRoutesCertificateService(App& app) 925828252d5SJiaqing Zhao { 926828252d5SJiaqing Zhao BMCWEB_ROUTE(app, "/redfish/v1/CertificateService/") 927828252d5SJiaqing Zhao .privileges(redfish::privileges::getCertificateService) 928002d39b4SEd Tanous .methods(boost::beast::http::verb::get)( 929828252d5SJiaqing Zhao std::bind_front(handleCertificateServiceGet, std::ref(app))); 930828252d5SJiaqing Zhao 931828252d5SJiaqing Zhao BMCWEB_ROUTE(app, "/redfish/v1/CertificateService/CertificateLocations/") 932828252d5SJiaqing Zhao .privileges(redfish::privileges::getCertificateLocations) 933828252d5SJiaqing Zhao .methods(boost::beast::http::verb::get)( 934828252d5SJiaqing Zhao std::bind_front(handleCertificateLocationsGet, std::ref(app))); 935828252d5SJiaqing Zhao 936828252d5SJiaqing Zhao BMCWEB_ROUTE( 937828252d5SJiaqing Zhao app, 938828252d5SJiaqing Zhao "/redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate/") 939828252d5SJiaqing Zhao .privileges(redfish::privileges::postCertificateService) 940828252d5SJiaqing Zhao .methods(boost::beast::http::verb::post)( 941828252d5SJiaqing Zhao std::bind_front(handleReplaceCertificateAction, std::ref(app))); 942828252d5SJiaqing Zhao 943828252d5SJiaqing Zhao BMCWEB_ROUTE( 944828252d5SJiaqing Zhao app, 945828252d5SJiaqing Zhao "/redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR/") 946828252d5SJiaqing Zhao .privileges(redfish::privileges::postCertificateService) 947828252d5SJiaqing Zhao .methods(boost::beast::http::verb::post)( 948828252d5SJiaqing Zhao std::bind_front(handleGenerateCSRAction, std::ref(app))); 949828252d5SJiaqing Zhao } // requestRoutesCertificateService 950828252d5SJiaqing Zhao 951828252d5SJiaqing Zhao inline void handleHTTPSCertificateCollectionGet( 952828252d5SJiaqing Zhao App& app, const crow::Request& req, 953253f11b8SEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 954253f11b8SEd Tanous const std::string& managerId) 955828252d5SJiaqing Zhao { 9563ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 95745ca1b86SEd Tanous { 95845ca1b86SEd Tanous return; 95945ca1b86SEd Tanous } 9601476687dSEd Tanous 961253f11b8SEd Tanous if (managerId != BMCWEB_REDFISH_MANAGER_URI_NAME) 962253f11b8SEd Tanous { 963253f11b8SEd Tanous messages::resourceNotFound(asyncResp->res, "Manager", managerId); 964253f11b8SEd Tanous return; 965253f11b8SEd Tanous } 966253f11b8SEd Tanous 967253f11b8SEd Tanous asyncResp->res.jsonValue["@odata.id"] = boost::urls::format( 968253f11b8SEd Tanous "/redfish/v1/Managers/{}/NetworkProtocol/HTTPS/Certificates", 969253f11b8SEd Tanous BMCWEB_REDFISH_MANAGER_URI_NAME); 9701476687dSEd Tanous asyncResp->res.jsonValue["@odata.type"] = 9711476687dSEd Tanous "#CertificateCollection.CertificateCollection"; 9721476687dSEd Tanous asyncResp->res.jsonValue["Name"] = "HTTPS Certificates Collection"; 9731476687dSEd Tanous asyncResp->res.jsonValue["Description"] = 9741476687dSEd Tanous "A Collection of HTTPS certificate instances"; 9758d1b46d7Szhanghch05 976d3f92ce7SJiaqing Zhao getCertificateList(asyncResp, certs::httpsObjectPath, 977d3f92ce7SJiaqing Zhao "/Members"_json_pointer, 978d3f92ce7SJiaqing Zhao "/Members@odata.count"_json_pointer); 979828252d5SJiaqing Zhao } 9805968caeeSMarri Devender Rao 981828252d5SJiaqing Zhao inline void handleHTTPSCertificateCollectionPost( 982828252d5SJiaqing Zhao App& app, const crow::Request& req, 983253f11b8SEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 984253f11b8SEd Tanous const std::string& managerId) 985828252d5SJiaqing Zhao { 9863ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 98745ca1b86SEd Tanous { 98845ca1b86SEd Tanous return; 98945ca1b86SEd Tanous } 990253f11b8SEd Tanous 991253f11b8SEd Tanous if (managerId != BMCWEB_REDFISH_MANAGER_URI_NAME) 992253f11b8SEd Tanous { 993253f11b8SEd Tanous messages::resourceNotFound(asyncResp->res, "Manager", managerId); 994253f11b8SEd Tanous return; 995253f11b8SEd Tanous } 996253f11b8SEd Tanous 99762598e31SEd Tanous BMCWEB_LOG_DEBUG("HTTPSCertificateCollection::doPost"); 9988d1b46d7Szhanghch05 9991476687dSEd Tanous asyncResp->res.jsonValue["Name"] = "HTTPS Certificate"; 10001476687dSEd Tanous asyncResp->res.jsonValue["Description"] = "HTTPS Certificate"; 10015968caeeSMarri Devender Rao 1002b2896149SEd Tanous std::string certHttpBody = getCertificateFromReqBody(asyncResp, req); 100358eb238fSKowalski, Kamil 1004b2896149SEd Tanous if (certHttpBody.empty()) 100558eb238fSKowalski, Kamil { 100662598e31SEd Tanous BMCWEB_LOG_ERROR("Cannot get certificate from request body."); 1007a08752f5SZbigniew Kurzynski messages::unrecognizedRequestBody(asyncResp->res); 100858eb238fSKowalski, Kamil return; 100958eb238fSKowalski, Kamil } 101058eb238fSKowalski, Kamil 10115968caeeSMarri Devender Rao std::shared_ptr<CertificateFile> certFile = 1012b2896149SEd Tanous std::make_shared<CertificateFile>(certHttpBody); 10135968caeeSMarri Devender Rao 1014*177612aaSEd Tanous dbus::utility::async_method_call( 1015*177612aaSEd Tanous asyncResp, 10165e7e2dc5SEd Tanous [asyncResp, certFile](const boost::system::error_code& ec, 1017656ec7e3SZbigniew Kurzynski const std::string& objectPath) { 10185968caeeSMarri Devender Rao if (ec) 10195968caeeSMarri Devender Rao { 102062598e31SEd Tanous BMCWEB_LOG_ERROR("DBUS response error: {}", ec); 10215968caeeSMarri Devender Rao messages::internalError(asyncResp->res); 10225968caeeSMarri Devender Rao return; 10235968caeeSMarri Devender Rao } 1024717b9802SJiaqing Zhao 1025717b9802SJiaqing Zhao sdbusplus::message::object_path path(objectPath); 1026717b9802SJiaqing Zhao std::string certId = path.filename(); 1027ef4c65b7SEd Tanous const boost::urls::url certURL = boost::urls::format( 1028253f11b8SEd Tanous "/redfish/v1/Managers/{}/NetworkProtocol/HTTPS/Certificates/{}", 1029253f11b8SEd Tanous BMCWEB_REDFISH_MANAGER_URI_NAME, certId); 1030bd79bce8SPatrick Williams getCertificateProperties(asyncResp, objectPath, 1031bd79bce8SPatrick Williams certs::httpsServiceName, certId, certURL, 1032bd79bce8SPatrick Williams "HTTPS Certificate"); 103362598e31SEd Tanous BMCWEB_LOG_DEBUG("HTTPS certificate install file={}", 103462598e31SEd Tanous certFile->getCertFilePath()); 10355968caeeSMarri Devender Rao }, 1036828252d5SJiaqing Zhao certs::httpsServiceName, certs::httpsObjectPath, certs::certInstallIntf, 1037828252d5SJiaqing Zhao "Install", certFile->getCertFilePath()); 1038828252d5SJiaqing Zhao } 10395968caeeSMarri Devender Rao 1040828252d5SJiaqing Zhao inline void handleHTTPSCertificateGet( 1041828252d5SJiaqing Zhao App& app, const crow::Request& req, 1042253f11b8SEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 1043253f11b8SEd Tanous const std::string& managerId, const std::string& certId) 10447e860f15SJohn Edward Broadbent { 10453ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 104645ca1b86SEd Tanous { 104745ca1b86SEd Tanous return; 104845ca1b86SEd Tanous } 10497e860f15SJohn Edward Broadbent 1050253f11b8SEd Tanous if (managerId != BMCWEB_REDFISH_MANAGER_URI_NAME) 1051253f11b8SEd Tanous { 1052253f11b8SEd Tanous messages::resourceNotFound(asyncResp->res, "Manager", managerId); 1053253f11b8SEd Tanous return; 1054253f11b8SEd Tanous } 1055253f11b8SEd Tanous 1056253f11b8SEd Tanous BMCWEB_LOG_DEBUG("HTTPS Certificate ID={}", certId); 1057ef4c65b7SEd Tanous const boost::urls::url certURL = boost::urls::format( 1058253f11b8SEd Tanous "/redfish/v1/Managers/{}/NetworkProtocol/HTTPS/Certificates/{}", 1059253f11b8SEd Tanous BMCWEB_REDFISH_MANAGER_URI_NAME, certId); 1060828252d5SJiaqing Zhao std::string objPath = 1061253f11b8SEd Tanous sdbusplus::message::object_path(certs::httpsObjectPath) / certId; 1062253f11b8SEd Tanous getCertificateProperties(asyncResp, objPath, certs::httpsServiceName, 1063253f11b8SEd Tanous certId, certURL, "HTTPS Certificate"); 10647e860f15SJohn Edward Broadbent } 106537cce918SMarri Devender Rao 1066828252d5SJiaqing Zhao inline void requestRoutesHTTPSCertificate(App& app) 106737cce918SMarri Devender Rao { 1068253f11b8SEd Tanous BMCWEB_ROUTE( 1069253f11b8SEd Tanous app, "/redfish/v1/Managers/<str>/NetworkProtocol/HTTPS/Certificates/") 1070ed398213SEd Tanous .privileges(redfish::privileges::getCertificateCollection) 1071828252d5SJiaqing Zhao .methods(boost::beast::http::verb::get)(std::bind_front( 1072828252d5SJiaqing Zhao handleHTTPSCertificateCollectionGet, std::ref(app))); 1073828252d5SJiaqing Zhao 1074253f11b8SEd Tanous BMCWEB_ROUTE( 1075253f11b8SEd Tanous app, "/redfish/v1/Managers/<str>/NetworkProtocol/HTTPS/Certificates/") 1076828252d5SJiaqing Zhao .privileges(redfish::privileges::postCertificateCollection) 1077828252d5SJiaqing Zhao .methods(boost::beast::http::verb::post)(std::bind_front( 1078828252d5SJiaqing Zhao handleHTTPSCertificateCollectionPost, std::ref(app))); 1079828252d5SJiaqing Zhao 1080828252d5SJiaqing Zhao BMCWEB_ROUTE( 1081828252d5SJiaqing Zhao app, 1082253f11b8SEd Tanous "/redfish/v1/Managers/<str>/NetworkProtocol/HTTPS/Certificates/<str>/") 1083828252d5SJiaqing Zhao .privileges(redfish::privileges::getCertificate) 1084002d39b4SEd Tanous .methods(boost::beast::http::verb::get)( 1085828252d5SJiaqing Zhao std::bind_front(handleHTTPSCertificateGet, std::ref(app))); 1086828252d5SJiaqing Zhao } 1087828252d5SJiaqing Zhao 1088828252d5SJiaqing Zhao inline void handleLDAPCertificateCollectionGet( 1089828252d5SJiaqing Zhao App& app, const crow::Request& req, 1090828252d5SJiaqing Zhao const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) 1091828252d5SJiaqing Zhao { 10923ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 109345ca1b86SEd Tanous { 109445ca1b86SEd Tanous return; 109545ca1b86SEd Tanous } 10961476687dSEd Tanous 10971476687dSEd Tanous asyncResp->res.jsonValue["@odata.id"] = 10981476687dSEd Tanous "/redfish/v1/AccountService/LDAP/Certificates"; 10991476687dSEd Tanous asyncResp->res.jsonValue["@odata.type"] = 11001476687dSEd Tanous "#CertificateCollection.CertificateCollection"; 11011476687dSEd Tanous asyncResp->res.jsonValue["Name"] = "LDAP Certificates Collection"; 11021476687dSEd Tanous asyncResp->res.jsonValue["Description"] = 11031476687dSEd Tanous "A Collection of LDAP certificate instances"; 11048d1b46d7Szhanghch05 1105d3f92ce7SJiaqing Zhao getCertificateList(asyncResp, certs::ldapObjectPath, 1106d3f92ce7SJiaqing Zhao "/Members"_json_pointer, 1107d3f92ce7SJiaqing Zhao "/Members@odata.count"_json_pointer); 1108828252d5SJiaqing Zhao } 110937cce918SMarri Devender Rao 1110828252d5SJiaqing Zhao inline void handleLDAPCertificateCollectionPost( 1111828252d5SJiaqing Zhao App& app, const crow::Request& req, 1112828252d5SJiaqing Zhao const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) 1113828252d5SJiaqing Zhao { 11143ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 111545ca1b86SEd Tanous { 111645ca1b86SEd Tanous return; 111745ca1b86SEd Tanous } 1118b2896149SEd Tanous std::string certHttpBody = getCertificateFromReqBody(asyncResp, req); 111958eb238fSKowalski, Kamil 1120b2896149SEd Tanous if (certHttpBody.empty()) 112158eb238fSKowalski, Kamil { 112262598e31SEd Tanous BMCWEB_LOG_ERROR("Cannot get certificate from request body."); 1123a08752f5SZbigniew Kurzynski messages::unrecognizedRequestBody(asyncResp->res); 112458eb238fSKowalski, Kamil return; 112558eb238fSKowalski, Kamil } 112658eb238fSKowalski, Kamil 112758eb238fSKowalski, Kamil std::shared_ptr<CertificateFile> certFile = 1128b2896149SEd Tanous std::make_shared<CertificateFile>(certHttpBody); 112958eb238fSKowalski, Kamil 1130*177612aaSEd Tanous dbus::utility::async_method_call( 1131*177612aaSEd Tanous asyncResp, 11325e7e2dc5SEd Tanous [asyncResp, certFile](const boost::system::error_code& ec, 1133656ec7e3SZbigniew Kurzynski const std::string& objectPath) { 113437cce918SMarri Devender Rao if (ec) 113537cce918SMarri Devender Rao { 113662598e31SEd Tanous BMCWEB_LOG_ERROR("DBUS response error: {}", ec); 113737cce918SMarri Devender Rao messages::internalError(asyncResp->res); 113837cce918SMarri Devender Rao return; 113937cce918SMarri Devender Rao } 1140717b9802SJiaqing Zhao 1141717b9802SJiaqing Zhao sdbusplus::message::object_path path(objectPath); 1142717b9802SJiaqing Zhao std::string certId = path.filename(); 1143ef4c65b7SEd Tanous const boost::urls::url certURL = boost::urls::format( 1144ef4c65b7SEd Tanous "/redfish/v1/AccountService/LDAP/Certificates/{}", certId); 1145bd79bce8SPatrick Williams getCertificateProperties(asyncResp, objectPath, 1146bd79bce8SPatrick Williams certs::ldapServiceName, certId, certURL, 1147bd79bce8SPatrick Williams "LDAP Certificate"); 114862598e31SEd Tanous BMCWEB_LOG_DEBUG("LDAP certificate install file={}", 114962598e31SEd Tanous certFile->getCertFilePath()); 115037cce918SMarri Devender Rao }, 1151828252d5SJiaqing Zhao certs::ldapServiceName, certs::ldapObjectPath, certs::certInstallIntf, 1152828252d5SJiaqing Zhao "Install", certFile->getCertFilePath()); 1153828252d5SJiaqing Zhao } 115437cce918SMarri Devender Rao 1155828252d5SJiaqing Zhao inline void handleLDAPCertificateGet( 1156828252d5SJiaqing Zhao App& app, const crow::Request& req, 1157828252d5SJiaqing Zhao const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, const std::string& id) 115837cce918SMarri Devender Rao { 11593ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 116045ca1b86SEd Tanous { 116145ca1b86SEd Tanous return; 116245ca1b86SEd Tanous } 1163717b9802SJiaqing Zhao 116462598e31SEd Tanous BMCWEB_LOG_DEBUG("LDAP Certificate ID={}", id); 1165ef4c65b7SEd Tanous const boost::urls::url certURL = boost::urls::format( 1166ef4c65b7SEd Tanous "/redfish/v1/AccountService/LDAP/Certificates/{}", id); 1167717b9802SJiaqing Zhao std::string objPath = 1168717b9802SJiaqing Zhao sdbusplus::message::object_path(certs::ldapObjectPath) / id; 1169717b9802SJiaqing Zhao getCertificateProperties(asyncResp, objPath, certs::ldapServiceName, id, 1170717b9802SJiaqing Zhao certURL, "LDAP Certificate"); 1171828252d5SJiaqing Zhao } 1172828252d5SJiaqing Zhao 117399612247SJiaqing Zhao inline void handleLDAPCertificateDelete( 117499612247SJiaqing Zhao App& app, const crow::Request& req, 117599612247SJiaqing Zhao const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, const std::string& id) 117699612247SJiaqing Zhao { 117799612247SJiaqing Zhao if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 117899612247SJiaqing Zhao { 117999612247SJiaqing Zhao return; 118099612247SJiaqing Zhao } 118199612247SJiaqing Zhao 118262598e31SEd Tanous BMCWEB_LOG_DEBUG("Delete LDAP Certificate ID={}", id); 118399612247SJiaqing Zhao std::string objPath = 118499612247SJiaqing Zhao sdbusplus::message::object_path(certs::ldapObjectPath) / id; 118599612247SJiaqing Zhao 118699612247SJiaqing Zhao deleteCertificate(asyncResp, certs::ldapServiceName, objPath); 118799612247SJiaqing Zhao } 118899612247SJiaqing Zhao 1189828252d5SJiaqing Zhao inline void requestRoutesLDAPCertificate(App& app) 1190cfcd5f6bSMarri Devender Rao { 1191828252d5SJiaqing Zhao BMCWEB_ROUTE(app, "/redfish/v1/AccountService/LDAP/Certificates/") 1192828252d5SJiaqing Zhao .privileges(redfish::privileges::getCertificateCollection) 1193828252d5SJiaqing Zhao .methods(boost::beast::http::verb::get)( 1194828252d5SJiaqing Zhao std::bind_front(handleLDAPCertificateCollectionGet, std::ref(app))); 1195828252d5SJiaqing Zhao 1196828252d5SJiaqing Zhao BMCWEB_ROUTE(app, "/redfish/v1/AccountService/LDAP/Certificates/") 1197828252d5SJiaqing Zhao .privileges(redfish::privileges::postCertificateCollection) 1198828252d5SJiaqing Zhao .methods(boost::beast::http::verb::post)(std::bind_front( 1199828252d5SJiaqing Zhao handleLDAPCertificateCollectionPost, std::ref(app))); 1200828252d5SJiaqing Zhao 1201828252d5SJiaqing Zhao BMCWEB_ROUTE(app, "/redfish/v1/AccountService/LDAP/Certificates/<str>/") 1202ed398213SEd Tanous .privileges(redfish::privileges::getCertificate) 1203002d39b4SEd Tanous .methods(boost::beast::http::verb::get)( 1204828252d5SJiaqing Zhao std::bind_front(handleLDAPCertificateGet, std::ref(app))); 120599612247SJiaqing Zhao 120699612247SJiaqing Zhao BMCWEB_ROUTE(app, "/redfish/v1/AccountService/LDAP/Certificates/<str>/") 120799612247SJiaqing Zhao .privileges(redfish::privileges::deleteCertificate) 120899612247SJiaqing Zhao .methods(boost::beast::http::verb::delete_)( 120999612247SJiaqing Zhao std::bind_front(handleLDAPCertificateDelete, std::ref(app))); 1210828252d5SJiaqing Zhao } // requestRoutesLDAPCertificate 1211828252d5SJiaqing Zhao 1212828252d5SJiaqing Zhao inline void handleTrustStoreCertificateCollectionGet( 1213828252d5SJiaqing Zhao App& app, const crow::Request& req, 1214253f11b8SEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 1215253f11b8SEd Tanous const std::string& managerId) 1216828252d5SJiaqing Zhao { 12173ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 121845ca1b86SEd Tanous { 121945ca1b86SEd Tanous return; 122045ca1b86SEd Tanous } 12211476687dSEd Tanous 1222253f11b8SEd Tanous if (managerId != BMCWEB_REDFISH_MANAGER_URI_NAME) 1223253f11b8SEd Tanous { 1224253f11b8SEd Tanous messages::resourceNotFound(asyncResp->res, "Manager", managerId); 1225253f11b8SEd Tanous return; 1226253f11b8SEd Tanous } 1227253f11b8SEd Tanous 12281476687dSEd Tanous asyncResp->res.jsonValue["@odata.id"] = 1229253f11b8SEd Tanous boost::urls::format("/redfish/v1/Managers/{}/Truststore/Certificates/", 1230253f11b8SEd Tanous BMCWEB_REDFISH_MANAGER_URI_NAME); 12311476687dSEd Tanous asyncResp->res.jsonValue["@odata.type"] = 12321476687dSEd Tanous "#CertificateCollection.CertificateCollection"; 1233002d39b4SEd Tanous asyncResp->res.jsonValue["Name"] = "TrustStore Certificates Collection"; 12341476687dSEd Tanous asyncResp->res.jsonValue["Description"] = 12351476687dSEd Tanous "A Collection of TrustStore certificate instances"; 12368d1b46d7Szhanghch05 1237d3f92ce7SJiaqing Zhao getCertificateList(asyncResp, certs::authorityObjectPath, 1238d3f92ce7SJiaqing Zhao "/Members"_json_pointer, 1239d3f92ce7SJiaqing Zhao "/Members@odata.count"_json_pointer); 1240828252d5SJiaqing Zhao } 1241cfcd5f6bSMarri Devender Rao 1242828252d5SJiaqing Zhao inline void handleTrustStoreCertificateCollectionPost( 1243828252d5SJiaqing Zhao App& app, const crow::Request& req, 1244253f11b8SEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 1245253f11b8SEd Tanous const std::string& managerId) 1246828252d5SJiaqing Zhao { 12473ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 124845ca1b86SEd Tanous { 124945ca1b86SEd Tanous return; 125045ca1b86SEd Tanous } 1251253f11b8SEd Tanous 1252253f11b8SEd Tanous if (managerId != BMCWEB_REDFISH_MANAGER_URI_NAME) 1253253f11b8SEd Tanous { 1254253f11b8SEd Tanous messages::resourceNotFound(asyncResp->res, "Manager", managerId); 1255253f11b8SEd Tanous return; 1256253f11b8SEd Tanous } 1257253f11b8SEd Tanous 1258b2896149SEd Tanous std::string certHttpBody = getCertificateFromReqBody(asyncResp, req); 1259a08752f5SZbigniew Kurzynski 1260b2896149SEd Tanous if (certHttpBody.empty()) 1261a08752f5SZbigniew Kurzynski { 126262598e31SEd Tanous BMCWEB_LOG_ERROR("Cannot get certificate from request body."); 1263a08752f5SZbigniew Kurzynski messages::unrecognizedRequestBody(asyncResp->res); 1264a08752f5SZbigniew Kurzynski return; 1265a08752f5SZbigniew Kurzynski } 1266a08752f5SZbigniew Kurzynski 1267a08752f5SZbigniew Kurzynski std::shared_ptr<CertificateFile> certFile = 1268b2896149SEd Tanous std::make_shared<CertificateFile>(certHttpBody); 1269*177612aaSEd Tanous dbus::utility::async_method_call( 1270*177612aaSEd Tanous asyncResp, 12715e7e2dc5SEd Tanous [asyncResp, certFile](const boost::system::error_code& ec, 1272656ec7e3SZbigniew Kurzynski const std::string& objectPath) { 1273cfcd5f6bSMarri Devender Rao if (ec) 1274cfcd5f6bSMarri Devender Rao { 127562598e31SEd Tanous BMCWEB_LOG_ERROR("DBUS response error: {}", ec); 1276cfcd5f6bSMarri Devender Rao messages::internalError(asyncResp->res); 1277cfcd5f6bSMarri Devender Rao return; 1278cfcd5f6bSMarri Devender Rao } 1279656ec7e3SZbigniew Kurzynski 1280717b9802SJiaqing Zhao sdbusplus::message::object_path path(objectPath); 1281717b9802SJiaqing Zhao std::string certId = path.filename(); 1282ef4c65b7SEd Tanous const boost::urls::url certURL = boost::urls::format( 1283253f11b8SEd Tanous "/redfish/v1/Managers/{}/Truststore/Certificates/{}", 1284253f11b8SEd Tanous BMCWEB_REDFISH_MANAGER_URI_NAME, certId); 1285717b9802SJiaqing Zhao getCertificateProperties(asyncResp, objectPath, 1286bd79bce8SPatrick Williams certs::authorityServiceName, certId, 1287bd79bce8SPatrick Williams certURL, "TrustStore Certificate"); 128862598e31SEd Tanous BMCWEB_LOG_DEBUG("TrustStore certificate install file={}", 128962598e31SEd Tanous certFile->getCertFilePath()); 1290cfcd5f6bSMarri Devender Rao }, 1291cfcd5f6bSMarri Devender Rao certs::authorityServiceName, certs::authorityObjectPath, 12920fda0f12SGeorge Liu certs::certInstallIntf, "Install", certFile->getCertFilePath()); 1293828252d5SJiaqing Zhao } 1294cfcd5f6bSMarri Devender Rao 1295828252d5SJiaqing Zhao inline void handleTrustStoreCertificateGet( 1296828252d5SJiaqing Zhao App& app, const crow::Request& req, 1297253f11b8SEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 1298253f11b8SEd Tanous const std::string& managerId, const std::string& certId) 1299cfcd5f6bSMarri Devender Rao { 13003ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 130145ca1b86SEd Tanous { 130245ca1b86SEd Tanous return; 130345ca1b86SEd Tanous } 1304717b9802SJiaqing Zhao 1305253f11b8SEd Tanous if (managerId != BMCWEB_REDFISH_MANAGER_URI_NAME) 1306253f11b8SEd Tanous { 1307253f11b8SEd Tanous messages::resourceNotFound(asyncResp->res, "Manager", managerId); 1308253f11b8SEd Tanous return; 1309253f11b8SEd Tanous } 1310253f11b8SEd Tanous 1311253f11b8SEd Tanous BMCWEB_LOG_DEBUG("Truststore Certificate ID={}", certId); 1312ef4c65b7SEd Tanous const boost::urls::url certURL = boost::urls::format( 1313253f11b8SEd Tanous "/redfish/v1/Managers/{}/Truststore/Certificates/{}", 1314253f11b8SEd Tanous BMCWEB_REDFISH_MANAGER_URI_NAME, certId); 1315717b9802SJiaqing Zhao std::string objPath = 1316253f11b8SEd Tanous sdbusplus::message::object_path(certs::authorityObjectPath) / certId; 1317828252d5SJiaqing Zhao getCertificateProperties(asyncResp, objPath, certs::authorityServiceName, 1318253f11b8SEd Tanous certId, certURL, "TrustStore Certificate"); 1319828252d5SJiaqing Zhao } 132007a60299SZbigniew Kurzynski 1321828252d5SJiaqing Zhao inline void handleTrustStoreCertificateDelete( 1322828252d5SJiaqing Zhao App& app, const crow::Request& req, 1323253f11b8SEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 1324253f11b8SEd Tanous const std::string& managerId, const std::string& certId) 1325828252d5SJiaqing Zhao { 13263ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 132745ca1b86SEd Tanous { 132845ca1b86SEd Tanous return; 132945ca1b86SEd Tanous } 133007a60299SZbigniew Kurzynski 1331253f11b8SEd Tanous if (managerId != BMCWEB_REDFISH_MANAGER_URI_NAME) 1332253f11b8SEd Tanous { 1333253f11b8SEd Tanous messages::resourceNotFound(asyncResp->res, "Manager", managerId); 1334253f11b8SEd Tanous return; 1335253f11b8SEd Tanous } 1336253f11b8SEd Tanous 1337253f11b8SEd Tanous BMCWEB_LOG_DEBUG("Delete TrustStore Certificate ID={}", certId); 1338717b9802SJiaqing Zhao std::string objPath = 1339253f11b8SEd Tanous sdbusplus::message::object_path(certs::authorityObjectPath) / certId; 134007a60299SZbigniew Kurzynski 13417a3a8f7aSJiaqing Zhao deleteCertificate(asyncResp, certs::authorityServiceName, objPath); 1342828252d5SJiaqing Zhao } 1343828252d5SJiaqing Zhao 1344828252d5SJiaqing Zhao inline void requestRoutesTrustStoreCertificate(App& app) 1345828252d5SJiaqing Zhao { 1346253f11b8SEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/Managers/<str>/Truststore/Certificates/") 1347828252d5SJiaqing Zhao .privileges(redfish::privileges::getCertificate) 1348828252d5SJiaqing Zhao .methods(boost::beast::http::verb::get)(std::bind_front( 1349828252d5SJiaqing Zhao handleTrustStoreCertificateCollectionGet, std::ref(app))); 1350828252d5SJiaqing Zhao 1351253f11b8SEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/Managers/<str>/Truststore/Certificates/") 1352828252d5SJiaqing Zhao .privileges(redfish::privileges::postCertificateCollection) 1353828252d5SJiaqing Zhao .methods(boost::beast::http::verb::post)(std::bind_front( 1354828252d5SJiaqing Zhao handleTrustStoreCertificateCollectionPost, std::ref(app))); 1355828252d5SJiaqing Zhao 1356253f11b8SEd Tanous BMCWEB_ROUTE(app, 1357253f11b8SEd Tanous "/redfish/v1/Managers/<str>/Truststore/Certificates/<str>/") 1358828252d5SJiaqing Zhao .privileges(redfish::privileges::getCertificate) 1359828252d5SJiaqing Zhao .methods(boost::beast::http::verb::get)( 1360828252d5SJiaqing Zhao std::bind_front(handleTrustStoreCertificateGet, std::ref(app))); 1361828252d5SJiaqing Zhao 1362253f11b8SEd Tanous BMCWEB_ROUTE(app, 1363253f11b8SEd Tanous "/redfish/v1/Managers/<str>/Truststore/Certificates/<str>/") 1364828252d5SJiaqing Zhao .privileges(redfish::privileges::deleteCertificate) 1365828252d5SJiaqing Zhao .methods(boost::beast::http::verb::delete_)( 1366828252d5SJiaqing Zhao std::bind_front(handleTrustStoreCertificateDelete, std::ref(app))); 13677e860f15SJohn Edward Broadbent } // requestRoutesTrustStoreCertificate 13685968caeeSMarri Devender Rao } // namespace redfish 1369