redfish/lib/certificate_service.hpp

5968caeeSMarri Devender Rao#pragma once
5968caeeSMarri Devender Rao
5968caeeSMarri Devender Rao#include "node.hpp"
5968caeeSMarri Devender Rao
e6604b11SIwona Klimaszewska#include <boost/convert.hpp>
e6604b11SIwona Klimaszewska#include <boost/convert/strtol.hpp>
1214b7e7SGunnar Mills
5968caeeSMarri Devender Rao#include <variant>
5968caeeSMarri Devender Raonamespace redfish
5968caeeSMarri Devender Rao{
5968caeeSMarri Devender Raonamespace certs
5968caeeSMarri Devender Rao{
5968caeeSMarri Devender Raoconstexpr char const* httpsObjectPath =
5968caeeSMarri Devender Rao    "/xyz/openbmc_project/certs/server/https";
5968caeeSMarri Devender Raoconstexpr char const* certInstallIntf = "xyz.openbmc_project.Certs.Install";
5968caeeSMarri Devender Raoconstexpr char const* certReplaceIntf = "xyz.openbmc_project.Certs.Replace";
07a60299SZbigniew Kurzynskiconstexpr char const* objDeleteIntf = "xyz.openbmc_project.Object.Delete";
5968caeeSMarri Devender Raoconstexpr char const* certPropIntf = "xyz.openbmc_project.Certs.Certificate";
5968caeeSMarri Devender Raoconstexpr char const* dbusPropIntf = "org.freedesktop.DBus.Properties";
5968caeeSMarri Devender Raoconstexpr char const* dbusObjManagerIntf = "org.freedesktop.DBus.ObjectManager";
37cce918SMarri Devender Raoconstexpr char const* ldapObjectPath = "/xyz/openbmc_project/certs/client/ldap";
37cce918SMarri Devender Raoconstexpr char const* httpsServiceName =
37cce918SMarri Devender Rao    "xyz.openbmc_project.Certs.Manager.Server.Https";
37cce918SMarri Devender Raoconstexpr char const* ldapServiceName =
37cce918SMarri Devender Rao    "xyz.openbmc_project.Certs.Manager.Client.Ldap";
cfcd5f6bSMarri Devender Raoconstexpr char const* authorityServiceName =
cfcd5f6bSMarri Devender Rao    "xyz.openbmc_project.Certs.Manager.Authority.Ldap";
cfcd5f6bSMarri Devender Raoconstexpr char const* authorityObjectPath =
cfcd5f6bSMarri Devender Rao    "/xyz/openbmc_project/certs/authority/ldap";
5968caeeSMarri Devender Rao} // namespace certs
5968caeeSMarri Devender Rao
5968caeeSMarri Devender Rao/**
5968caeeSMarri Devender Rao * The Certificate schema defines a Certificate Service which represents the
5968caeeSMarri Devender Rao * actions available to manage certificates and links to where certificates
5968caeeSMarri Devender Rao * are installed.
5968caeeSMarri Devender Rao */
5968caeeSMarri Devender Raoclass CertificateService : public Node
5968caeeSMarri Devender Rao{
5968caeeSMarri Devender Rao  public:
52cc112dSEd Tanous    CertificateService(App& app) : Node(app, "/redfish/v1/CertificateService/")
5968caeeSMarri Devender Rao    {
5968caeeSMarri Devender Rao        // TODO: Issue#61 No entries are available for Certificate
4e0453b1SGunnar Mills        // service at https://www.dmtf.org/standards/redfish
5968caeeSMarri Devender Rao        // "redfish standard registries". Need to modify after DMTF
5968caeeSMarri Devender Rao        // publish Privilege details for certificate service
5968caeeSMarri Devender Rao        entityPrivileges = {
5968caeeSMarri Devender Rao            {boost::beast::http::verb::get, {{"Login"}}},
5968caeeSMarri Devender Rao            {boost::beast::http::verb::head, {{"Login"}}},
5968caeeSMarri Devender Rao            {boost::beast::http::verb::patch, {{"ConfigureComponents"}}},
5968caeeSMarri Devender Rao            {boost::beast::http::verb::put, {{"ConfigureComponents"}}},
5968caeeSMarri Devender Rao            {boost::beast::http::verb::delete_, {{"ConfigureComponents"}}},
5968caeeSMarri Devender Rao            {boost::beast::http::verb::post, {{"ConfigureComponents"}}}};
5968caeeSMarri Devender Rao    }
5968caeeSMarri Devender Rao
5968caeeSMarri Devender Rao  private:
*8d1b46d7Szhanghch05    void doGet(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
*8d1b46d7Szhanghch05               const crow::Request&, const std::vector<std::string>&) override
5968caeeSMarri Devender Rao    {
*8d1b46d7Szhanghch05        asyncResp->res.jsonValue = {
5968caeeSMarri Devender Rao            {"@odata.type", "#CertificateService.v1_0_0.CertificateService"},
5968caeeSMarri Devender Rao            {"@odata.id", "/redfish/v1/CertificateService"},
5968caeeSMarri Devender Rao            {"Id", "CertificateService"},
5968caeeSMarri Devender Rao            {"Name", "Certificate Service"},
5968caeeSMarri Devender Rao            {"Description", "Actions available to manage certificates"}};
*8d1b46d7Szhanghch05        asyncResp->res.jsonValue["CertificateLocations"] = {
5968caeeSMarri Devender Rao            {"@odata.id",
5968caeeSMarri Devender Rao             "/redfish/v1/CertificateService/CertificateLocations"}};
*8d1b46d7Szhanghch05        asyncResp->res
*8d1b46d7Szhanghch05            .jsonValue["Actions"]["#CertificateService.ReplaceCertificate"] = {
5968caeeSMarri Devender Rao            {"target", "/redfish/v1/CertificateService/Actions/"
5968caeeSMarri Devender Rao                       "CertificateService.ReplaceCertificate"},
5968caeeSMarri Devender Rao            {"CertificateType@Redfish.AllowableValues", {"PEM"}}};
*8d1b46d7Szhanghch05        asyncResp->res.jsonValue["Actions"]["#CertificateService.GenerateCSR"] =
*8d1b46d7Szhanghch05            {{"target", "/redfish/v1/CertificateService/Actions/"
30215816SMarri Devender Rao                        "CertificateService.GenerateCSR"}};
5968caeeSMarri Devender Rao    }
5968caeeSMarri Devender Rao}; // CertificateService
37cce918SMarri Devender Rao
5968caeeSMarri Devender Rao/**
5968caeeSMarri Devender Rao * @brief Find the ID specified in the URL
5968caeeSMarri Devender Rao * Finds the numbers specified after the last "/" in the URL and returns.
5968caeeSMarri Devender Rao * @param[in] path URL
5968caeeSMarri Devender Rao * @return -1 on failure and number on success
5968caeeSMarri Devender Rao */
23a21a1cSEd Tanousinline long getIDFromURL(const std::string_view url)
5968caeeSMarri Devender Rao{
f23b7296SEd Tanous    std::size_t found = url.rfind('/');
5968caeeSMarri Devender Rao    if (found == std::string::npos)
5968caeeSMarri Devender Rao    {
5968caeeSMarri Devender Rao        return -1;
5968caeeSMarri Devender Rao    }
e6604b11SIwona Klimaszewska
5968caeeSMarri Devender Rao    if ((found + 1) < url.length())
5968caeeSMarri Devender Rao    {
5968caeeSMarri Devender Rao        std::string_view str = url.substr(found + 1);
e6604b11SIwona Klimaszewska
e6604b11SIwona Klimaszewska        return boost::convert<long>(str, boost::cnv::strtol()).value_or(-1);
5968caeeSMarri Devender Rao    }
e6604b11SIwona Klimaszewska
5968caeeSMarri Devender Rao    return -1;
5968caeeSMarri Devender Rao}
5968caeeSMarri Devender Rao
*8d1b46d7Szhanghch05inline std::string getCertificateFromReqBody(
*8d1b46d7Szhanghch05    const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
58eb238fSKowalski, Kamil    const crow::Request& req)
58eb238fSKowalski, Kamil{
58eb238fSKowalski, Kamil    nlohmann::json reqJson = nlohmann::json::parse(req.body, nullptr, false);
58eb238fSKowalski, Kamil
58eb238fSKowalski, Kamil    if (reqJson.is_discarded())
58eb238fSKowalski, Kamil    {
58eb238fSKowalski, Kamil        // We did not receive JSON request, proceed as it is RAW data
58eb238fSKowalski, Kamil        return req.body;
58eb238fSKowalski, Kamil    }
58eb238fSKowalski, Kamil
58eb238fSKowalski, Kamil    std::string certificate;
58eb238fSKowalski, Kamil    std::optional<std::string> certificateType = "PEM";
58eb238fSKowalski, Kamil
58eb238fSKowalski, Kamil    if (!json_util::readJson(reqJson, asyncResp->res, "CertificateString",
58eb238fSKowalski, Kamil                             certificate, "CertificateType", certificateType))
58eb238fSKowalski, Kamil    {
58eb238fSKowalski, Kamil        BMCWEB_LOG_ERROR << "Required parameters are missing";
58eb238fSKowalski, Kamil        messages::internalError(asyncResp->res);
58eb238fSKowalski, Kamil        return std::string();
58eb238fSKowalski, Kamil    }
58eb238fSKowalski, Kamil
58eb238fSKowalski, Kamil    if (*certificateType != "PEM")
58eb238fSKowalski, Kamil    {
58eb238fSKowalski, Kamil        messages::propertyValueNotInList(asyncResp->res, *certificateType,
58eb238fSKowalski, Kamil                                         "CertificateType");
58eb238fSKowalski, Kamil        return std::string();
58eb238fSKowalski, Kamil    }
58eb238fSKowalski, Kamil
58eb238fSKowalski, Kamil    return certificate;
58eb238fSKowalski, Kamil}
58eb238fSKowalski, Kamil
5968caeeSMarri Devender Rao/**
5968caeeSMarri Devender Rao * Class to create a temporary certificate file for uploading to system
5968caeeSMarri Devender Rao */
5968caeeSMarri Devender Raoclass CertificateFile
5968caeeSMarri Devender Rao{
5968caeeSMarri Devender Rao  public:
5968caeeSMarri Devender Rao    CertificateFile() = delete;
5968caeeSMarri Devender Rao    CertificateFile(const CertificateFile&) = delete;
5968caeeSMarri Devender Rao    CertificateFile& operator=(const CertificateFile&) = delete;
5968caeeSMarri Devender Rao    CertificateFile(CertificateFile&&) = delete;
5968caeeSMarri Devender Rao    CertificateFile& operator=(CertificateFile&&) = delete;
5968caeeSMarri Devender Rao    CertificateFile(const std::string& certString)
5968caeeSMarri Devender Rao    {
72d52d25SEd Tanous        std::array<char, 18> dirTemplate = {'/', 't', 'm', 'p', '/', 'C',
5207438cSEd Tanous                                            'e', 'r', 't', 's', '.', 'X',
5207438cSEd Tanous                                            'X', 'X', 'X', 'X', 'X', '\0'};
5207438cSEd Tanous        char* tempDirectory = mkdtemp(dirTemplate.data());
5968caeeSMarri Devender Rao        if (tempDirectory)
5968caeeSMarri Devender Rao        {
5968caeeSMarri Devender Rao            certDirectory = tempDirectory;
5968caeeSMarri Devender Rao            certificateFile = certDirectory / "cert.pem";
5968caeeSMarri Devender Rao            std::ofstream out(certificateFile, std::ofstream::out |
5968caeeSMarri Devender Rao                                                   std::ofstream::binary |
5968caeeSMarri Devender Rao                                                   std::ofstream::trunc);
5968caeeSMarri Devender Rao            out << certString;
5968caeeSMarri Devender Rao            out.close();
5968caeeSMarri Devender Rao            BMCWEB_LOG_DEBUG << "Creating certificate file" << certificateFile;
5968caeeSMarri Devender Rao        }
5968caeeSMarri Devender Rao    }
5968caeeSMarri Devender Rao    ~CertificateFile()
5968caeeSMarri Devender Rao    {
5968caeeSMarri Devender Rao        if (std::filesystem::exists(certDirectory))
5968caeeSMarri Devender Rao        {
5968caeeSMarri Devender Rao            BMCWEB_LOG_DEBUG << "Removing certificate file" << certificateFile;
23a21a1cSEd Tanous            std::error_code ec;
23a21a1cSEd Tanous            std::filesystem::remove_all(certDirectory, ec);
23a21a1cSEd Tanous            if (ec)
5968caeeSMarri Devender Rao            {
5968caeeSMarri Devender Rao                BMCWEB_LOG_ERROR << "Failed to remove temp directory"
5968caeeSMarri Devender Rao                                 << certDirectory;
5968caeeSMarri Devender Rao            }
5968caeeSMarri Devender Rao        }
5968caeeSMarri Devender Rao    }
5968caeeSMarri Devender Rao    std::string getCertFilePath()
5968caeeSMarri Devender Rao    {
5968caeeSMarri Devender Rao        return certificateFile;
5968caeeSMarri Devender Rao    }
5968caeeSMarri Devender Rao
5968caeeSMarri Devender Rao  private:
5968caeeSMarri Devender Rao    std::filesystem::path certificateFile;
5968caeeSMarri Devender Rao    std::filesystem::path certDirectory;
5968caeeSMarri Devender Rao};
5968caeeSMarri Devender Rao
30215816SMarri Devender Raostatic std::unique_ptr<sdbusplus::bus::match::match> csrMatcher;
30215816SMarri Devender Rao/**
30215816SMarri Devender Rao * @brief Read data from CSR D-bus object and set to response
30215816SMarri Devender Rao *
30215816SMarri Devender Rao * @param[in] asyncResp Shared pointer to the response message
30215816SMarri Devender Rao * @param[in] certURI Link to certifiate collection URI
30215816SMarri Devender Rao * @param[in] service D-Bus service name
30215816SMarri Devender Rao * @param[in] certObjPath certificate D-Bus object path
30215816SMarri Devender Rao * @param[in] csrObjPath CSR D-Bus object path
30215816SMarri Devender Rao * @return None
30215816SMarri Devender Rao */
*8d1b46d7Szhanghch05static void getCSR(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
30215816SMarri Devender Rao                   const std::string& certURI, const std::string& service,
30215816SMarri Devender Rao                   const std::string& certObjPath,
30215816SMarri Devender Rao                   const std::string& csrObjPath)
30215816SMarri Devender Rao{
30215816SMarri Devender Rao    BMCWEB_LOG_DEBUG << "getCSR CertObjectPath" << certObjPath
30215816SMarri Devender Rao                     << " CSRObjectPath=" << csrObjPath
30215816SMarri Devender Rao                     << " service=" << service;
30215816SMarri Devender Rao    crow::connections::systemBus->async_method_call(
30215816SMarri Devender Rao        [asyncResp, certURI](const boost::system::error_code ec,
30215816SMarri Devender Rao                             const std::string& csr) {
30215816SMarri Devender Rao            if (ec)
30215816SMarri Devender Rao            {
30215816SMarri Devender Rao                BMCWEB_LOG_ERROR << "DBUS response error: " << ec;
30215816SMarri Devender Rao                messages::internalError(asyncResp->res);
30215816SMarri Devender Rao                return;
30215816SMarri Devender Rao            }
30215816SMarri Devender Rao            if (csr.empty())
30215816SMarri Devender Rao            {
30215816SMarri Devender Rao                BMCWEB_LOG_ERROR << "CSR read is empty";
30215816SMarri Devender Rao                messages::internalError(asyncResp->res);
30215816SMarri Devender Rao                return;
30215816SMarri Devender Rao            }
30215816SMarri Devender Rao            asyncResp->res.jsonValue["CSRString"] = csr;
30215816SMarri Devender Rao            asyncResp->res.jsonValue["CertificateCollection"] = {
30215816SMarri Devender Rao                {"@odata.id", certURI}};
30215816SMarri Devender Rao        },
30215816SMarri Devender Rao        service, csrObjPath, "xyz.openbmc_project.Certs.CSR", "CSR");
30215816SMarri Devender Rao}
30215816SMarri Devender Rao
30215816SMarri Devender Rao/**
30215816SMarri Devender Rao * Action to Generate CSR
30215816SMarri Devender Rao */
30215816SMarri Devender Raoclass CertificateActionGenerateCSR : public Node
30215816SMarri Devender Rao{
30215816SMarri Devender Rao  public:
52cc112dSEd Tanous    CertificateActionGenerateCSR(App& app) :
30215816SMarri Devender Rao        Node(app, "/redfish/v1/CertificateService/Actions/"
30215816SMarri Devender Rao                  "CertificateService.GenerateCSR/")
30215816SMarri Devender Rao    {
30215816SMarri Devender Rao        entityPrivileges = {
30215816SMarri Devender Rao            {boost::beast::http::verb::get, {{"Login"}}},
30215816SMarri Devender Rao            {boost::beast::http::verb::head, {{"Login"}}},
30215816SMarri Devender Rao            {boost::beast::http::verb::patch, {{"ConfigureComponents"}}},
30215816SMarri Devender Rao            {boost::beast::http::verb::put, {{"ConfigureComponents"}}},
30215816SMarri Devender Rao            {boost::beast::http::verb::delete_, {{"ConfigureComponents"}}},
30215816SMarri Devender Rao            {boost::beast::http::verb::post, {{"ConfigureComponents"}}}};
30215816SMarri Devender Rao    }
30215816SMarri Devender Rao
30215816SMarri Devender Rao  private:
*8d1b46d7Szhanghch05    void doPost(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
*8d1b46d7Szhanghch05                const crow::Request& req,
cb13a392SEd Tanous                const std::vector<std::string>&) override
30215816SMarri Devender Rao    {
2c70f800SEd Tanous        static const int rsaKeyBitLength = 2048;
*8d1b46d7Szhanghch05
30215816SMarri Devender Rao        // Required parameters
30215816SMarri Devender Rao        std::string city;
30215816SMarri Devender Rao        std::string commonName;
30215816SMarri Devender Rao        std::string country;
30215816SMarri Devender Rao        std::string organization;
30215816SMarri Devender Rao        std::string organizationalUnit;
30215816SMarri Devender Rao        std::string state;
30215816SMarri Devender Rao        nlohmann::json certificateCollection;
30215816SMarri Devender Rao
30215816SMarri Devender Rao        // Optional parameters
30215816SMarri Devender Rao        std::optional<std::vector<std::string>> optAlternativeNames =
30215816SMarri Devender Rao            std::vector<std::string>();
30215816SMarri Devender Rao        std::optional<std::string> optContactPerson = "";
30215816SMarri Devender Rao        std::optional<std::string> optChallengePassword = "";
30215816SMarri Devender Rao        std::optional<std::string> optEmail = "";
30215816SMarri Devender Rao        std::optional<std::string> optGivenName = "";
30215816SMarri Devender Rao        std::optional<std::string> optInitials = "";
2c70f800SEd Tanous        std::optional<int64_t> optKeyBitLength = rsaKeyBitLength;
aaf3206fSVernon Mauery        std::optional<std::string> optKeyCurveId = "secp384r1";
30215816SMarri Devender Rao        std::optional<std::string> optKeyPairAlgorithm = "EC";
30215816SMarri Devender Rao        std::optional<std::vector<std::string>> optKeyUsage =
30215816SMarri Devender Rao            std::vector<std::string>();
30215816SMarri Devender Rao        std::optional<std::string> optSurname = "";
30215816SMarri Devender Rao        std::optional<std::string> optUnstructuredName = "";
30215816SMarri Devender Rao        if (!json_util::readJson(
30215816SMarri Devender Rao                req, asyncResp->res, "City", city, "CommonName", commonName,
30215816SMarri Devender Rao                "ContactPerson", optContactPerson, "Country", country,
30215816SMarri Devender Rao                "Organization", organization, "OrganizationalUnit",
30215816SMarri Devender Rao                organizationalUnit, "State", state, "CertificateCollection",
30215816SMarri Devender Rao                certificateCollection, "AlternativeNames", optAlternativeNames,
30215816SMarri Devender Rao                "ChallengePassword", optChallengePassword, "Email", optEmail,
30215816SMarri Devender Rao                "GivenName", optGivenName, "Initials", optInitials,
30215816SMarri Devender Rao                "KeyBitLength", optKeyBitLength, "KeyCurveId", optKeyCurveId,
30215816SMarri Devender Rao                "KeyPairAlgorithm", optKeyPairAlgorithm, "KeyUsage",
30215816SMarri Devender Rao                optKeyUsage, "Surname", optSurname, "UnstructuredName",
30215816SMarri Devender Rao                optUnstructuredName))
30215816SMarri Devender Rao        {
30215816SMarri Devender Rao            return;
30215816SMarri Devender Rao        }
30215816SMarri Devender Rao
30215816SMarri Devender Rao        // bmcweb has no way to store or decode a private key challenge
30215816SMarri Devender Rao        // password, which will likely cause bmcweb to crash on startup if this
30215816SMarri Devender Rao        // is not set on a post so not allowing the user to set value
30215816SMarri Devender Rao        if (*optChallengePassword != "")
30215816SMarri Devender Rao        {
30215816SMarri Devender Rao            messages::actionParameterNotSupported(asyncResp->res, "GenerateCSR",
30215816SMarri Devender Rao                                                  "ChallengePassword");
30215816SMarri Devender Rao            return;
30215816SMarri Devender Rao        }
30215816SMarri Devender Rao
30215816SMarri Devender Rao        std::string certURI;
30215816SMarri Devender Rao        if (!redfish::json_util::readJson(certificateCollection, asyncResp->res,
30215816SMarri Devender Rao                                          "@odata.id", certURI))
30215816SMarri Devender Rao        {
30215816SMarri Devender Rao            return;
30215816SMarri Devender Rao        }
30215816SMarri Devender Rao
30215816SMarri Devender Rao        std::string objectPath;
30215816SMarri Devender Rao        std::string service;
30215816SMarri Devender Rao        if (boost::starts_with(
30215816SMarri Devender Rao                certURI,
30215816SMarri Devender Rao                "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates"))
30215816SMarri Devender Rao        {
30215816SMarri Devender Rao            objectPath = certs::httpsObjectPath;
30215816SMarri Devender Rao            service = certs::httpsServiceName;
30215816SMarri Devender Rao        }
3b7f0149SMarri Devender Rao        else if (boost::starts_with(
3b7f0149SMarri Devender Rao                     certURI, "/redfish/v1/AccountService/LDAP/Certificates"))
3b7f0149SMarri Devender Rao        {
3b7f0149SMarri Devender Rao            objectPath = certs::ldapObjectPath;
3b7f0149SMarri Devender Rao            service = certs::ldapServiceName;
3b7f0149SMarri Devender Rao        }
30215816SMarri Devender Rao        else
30215816SMarri Devender Rao        {
30215816SMarri Devender Rao            messages::actionParameterNotSupported(
30215816SMarri Devender Rao                asyncResp->res, "CertificateCollection", "GenerateCSR");
30215816SMarri Devender Rao            return;
30215816SMarri Devender Rao        }
30215816SMarri Devender Rao
30215816SMarri Devender Rao        // supporting only EC and RSA algorithm
30215816SMarri Devender Rao        if (*optKeyPairAlgorithm != "EC" && *optKeyPairAlgorithm != "RSA")
30215816SMarri Devender Rao        {
30215816SMarri Devender Rao            messages::actionParameterNotSupported(
30215816SMarri Devender Rao                asyncResp->res, "KeyPairAlgorithm", "GenerateCSR");
30215816SMarri Devender Rao            return;
30215816SMarri Devender Rao        }
30215816SMarri Devender Rao
30215816SMarri Devender Rao        // supporting only 2048 key bit length for RSA algorithm due to time
30215816SMarri Devender Rao        // consumed in generating private key
30215816SMarri Devender Rao        if (*optKeyPairAlgorithm == "RSA" &&
2c70f800SEd Tanous            *optKeyBitLength != rsaKeyBitLength)
30215816SMarri Devender Rao        {
30215816SMarri Devender Rao            messages::propertyValueNotInList(asyncResp->res,
30215816SMarri Devender Rao                                             std::to_string(*optKeyBitLength),
30215816SMarri Devender Rao                                             "KeyBitLength");
30215816SMarri Devender Rao            return;
30215816SMarri Devender Rao        }
30215816SMarri Devender Rao
30215816SMarri Devender Rao        // validate KeyUsage supporting only 1 type based on URL
30215816SMarri Devender Rao        if (boost::starts_with(
30215816SMarri Devender Rao                certURI,
30215816SMarri Devender Rao                "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates"))
30215816SMarri Devender Rao        {
30215816SMarri Devender Rao            if (optKeyUsage->size() == 0)
30215816SMarri Devender Rao            {
30215816SMarri Devender Rao                optKeyUsage->push_back("ServerAuthentication");
30215816SMarri Devender Rao            }
30215816SMarri Devender Rao            else if (optKeyUsage->size() == 1)
30215816SMarri Devender Rao            {
30215816SMarri Devender Rao                if ((*optKeyUsage)[0] != "ServerAuthentication")
30215816SMarri Devender Rao                {
30215816SMarri Devender Rao                    messages::propertyValueNotInList(
30215816SMarri Devender Rao                        asyncResp->res, (*optKeyUsage)[0], "KeyUsage");
30215816SMarri Devender Rao                    return;
30215816SMarri Devender Rao                }
30215816SMarri Devender Rao            }
30215816SMarri Devender Rao            else
30215816SMarri Devender Rao            {
30215816SMarri Devender Rao                messages::actionParameterNotSupported(
30215816SMarri Devender Rao                    asyncResp->res, "KeyUsage", "GenerateCSR");
30215816SMarri Devender Rao                return;
30215816SMarri Devender Rao            }
30215816SMarri Devender Rao        }
3b7f0149SMarri Devender Rao        else if (boost::starts_with(
3b7f0149SMarri Devender Rao                     certURI, "/redfish/v1/AccountService/LDAP/Certificates"))
3b7f0149SMarri Devender Rao        {
3b7f0149SMarri Devender Rao            if (optKeyUsage->size() == 0)
3b7f0149SMarri Devender Rao            {
3b7f0149SMarri Devender Rao                optKeyUsage->push_back("ClientAuthentication");
3b7f0149SMarri Devender Rao            }
3b7f0149SMarri Devender Rao            else if (optKeyUsage->size() == 1)
3b7f0149SMarri Devender Rao            {
3b7f0149SMarri Devender Rao                if ((*optKeyUsage)[0] != "ClientAuthentication")
3b7f0149SMarri Devender Rao                {
3b7f0149SMarri Devender Rao                    messages::propertyValueNotInList(
3b7f0149SMarri Devender Rao                        asyncResp->res, (*optKeyUsage)[0], "KeyUsage");
3b7f0149SMarri Devender Rao                    return;
3b7f0149SMarri Devender Rao                }
3b7f0149SMarri Devender Rao            }
3b7f0149SMarri Devender Rao            else
3b7f0149SMarri Devender Rao            {
3b7f0149SMarri Devender Rao                messages::actionParameterNotSupported(
3b7f0149SMarri Devender Rao                    asyncResp->res, "KeyUsage", "GenerateCSR");
3b7f0149SMarri Devender Rao                return;
3b7f0149SMarri Devender Rao            }
3b7f0149SMarri Devender Rao        }
30215816SMarri Devender Rao
30215816SMarri Devender Rao        // Only allow one CSR matcher at a time so setting retry time-out and
30215816SMarri Devender Rao        // timer expiry to 10 seconds for now.
2c70f800SEd Tanous        static const int timeOut = 10;
30215816SMarri Devender Rao        if (csrMatcher)
30215816SMarri Devender Rao        {
30215816SMarri Devender Rao            messages::serviceTemporarilyUnavailable(asyncResp->res,
2c70f800SEd Tanous                                                    std::to_string(timeOut));
30215816SMarri Devender Rao            return;
30215816SMarri Devender Rao        }
30215816SMarri Devender Rao
30215816SMarri Devender Rao        // Make this static so it survives outside this method
30215816SMarri Devender Rao        static boost::asio::steady_timer timeout(*req.ioService);
2c70f800SEd Tanous        timeout.expires_after(std::chrono::seconds(timeOut));
30215816SMarri Devender Rao        timeout.async_wait([asyncResp](const boost::system::error_code& ec) {
30215816SMarri Devender Rao            csrMatcher = nullptr;
30215816SMarri Devender Rao            if (ec)
30215816SMarri Devender Rao            {
30215816SMarri Devender Rao                // operation_aborted is expected if timer is canceled before
30215816SMarri Devender Rao                // completion.
30215816SMarri Devender Rao                if (ec != boost::asio::error::operation_aborted)
30215816SMarri Devender Rao                {
30215816SMarri Devender Rao                    BMCWEB_LOG_ERROR << "Async_wait failed " << ec;
30215816SMarri Devender Rao                }
30215816SMarri Devender Rao                return;
30215816SMarri Devender Rao            }
30215816SMarri Devender Rao            BMCWEB_LOG_ERROR << "Timed out waiting for Generating CSR";
30215816SMarri Devender Rao            messages::internalError(asyncResp->res);
30215816SMarri Devender Rao        });
30215816SMarri Devender Rao
30215816SMarri Devender Rao        // create a matcher to wait on CSR object
30215816SMarri Devender Rao        BMCWEB_LOG_DEBUG << "create matcher with path " << objectPath;
30215816SMarri Devender Rao        std::string match("type='signal',"
30215816SMarri Devender Rao                          "interface='org.freedesktop.DBus.ObjectManager',"
30215816SMarri Devender Rao                          "path='" +
30215816SMarri Devender Rao                          objectPath +
30215816SMarri Devender Rao                          "',"
30215816SMarri Devender Rao                          "member='InterfacesAdded'");
30215816SMarri Devender Rao        csrMatcher = std::make_unique<sdbusplus::bus::match::match>(
30215816SMarri Devender Rao            *crow::connections::systemBus, match,
30215816SMarri Devender Rao            [asyncResp, service, objectPath,
30215816SMarri Devender Rao             certURI](sdbusplus::message::message& m) {
271584abSEd Tanous                timeout.cancel();
30215816SMarri Devender Rao                if (m.is_method_error())
30215816SMarri Devender Rao                {
30215816SMarri Devender Rao                    BMCWEB_LOG_ERROR << "Dbus method error!!!";
30215816SMarri Devender Rao                    messages::internalError(asyncResp->res);
30215816SMarri Devender Rao                    return;
30215816SMarri Devender Rao                }
30215816SMarri Devender Rao                std::vector<std::pair<
30215816SMarri Devender Rao                    std::string, std::vector<std::pair<
30215816SMarri Devender Rao                                     std::string, std::variant<std::string>>>>>
30215816SMarri Devender Rao                    interfacesProperties;
30215816SMarri Devender Rao                sdbusplus::message::object_path csrObjectPath;
30215816SMarri Devender Rao                m.read(csrObjectPath, interfacesProperties);
30215816SMarri Devender Rao                BMCWEB_LOG_DEBUG << "CSR object added" << csrObjectPath.str;
30215816SMarri Devender Rao                for (auto& interface : interfacesProperties)
30215816SMarri Devender Rao                {
30215816SMarri Devender Rao                    if (interface.first == "xyz.openbmc_project.Certs.CSR")
30215816SMarri Devender Rao                    {
30215816SMarri Devender Rao                        getCSR(asyncResp, certURI, service, objectPath,
30215816SMarri Devender Rao                               csrObjectPath.str);
30215816SMarri Devender Rao                        break;
30215816SMarri Devender Rao                    }
30215816SMarri Devender Rao                }
30215816SMarri Devender Rao            });
30215816SMarri Devender Rao        crow::connections::systemBus->async_method_call(
271584abSEd Tanous            [asyncResp](const boost::system::error_code& ec,
cb13a392SEd Tanous                        const std::string&) {
30215816SMarri Devender Rao                if (ec)
30215816SMarri Devender Rao                {
30215816SMarri Devender Rao                    BMCWEB_LOG_ERROR << "DBUS response error: " << ec.message();
30215816SMarri Devender Rao                    messages::internalError(asyncResp->res);
30215816SMarri Devender Rao                    return;
30215816SMarri Devender Rao                }
30215816SMarri Devender Rao            },
30215816SMarri Devender Rao            service, objectPath, "xyz.openbmc_project.Certs.CSR.Create",
30215816SMarri Devender Rao            "GenerateCSR", *optAlternativeNames, *optChallengePassword, city,
30215816SMarri Devender Rao            commonName, *optContactPerson, country, *optEmail, *optGivenName,
30215816SMarri Devender Rao            *optInitials, *optKeyBitLength, *optKeyCurveId,
30215816SMarri Devender Rao            *optKeyPairAlgorithm, *optKeyUsage, organization,
30215816SMarri Devender Rao            organizationalUnit, state, *optSurname, *optUnstructuredName);
30215816SMarri Devender Rao    }
30215816SMarri Devender Rao}; // CertificateActionGenerateCSR
30215816SMarri Devender Rao
5968caeeSMarri Devender Rao/**
4e0453b1SGunnar Mills * @brief Parse and update Certificate Issue/Subject property
5968caeeSMarri Devender Rao *
5968caeeSMarri Devender Rao * @param[in] asyncResp Shared pointer to the response message
5968caeeSMarri Devender Rao * @param[in] str  Issuer/Subject value in key=value pairs
5968caeeSMarri Devender Rao * @param[in] type Issuer/Subject
5968caeeSMarri Devender Rao * @return None
5968caeeSMarri Devender Rao */
5968caeeSMarri Devender Raostatic void updateCertIssuerOrSubject(nlohmann::json& out,
5968caeeSMarri Devender Rao                                      const std::string_view value)
5968caeeSMarri Devender Rao{
5968caeeSMarri Devender Rao    // example: O=openbmc-project.xyz,CN=localhost
5968caeeSMarri Devender Rao    std::string_view::iterator i = value.begin();
5968caeeSMarri Devender Rao    while (i != value.end())
5968caeeSMarri Devender Rao    {
5968caeeSMarri Devender Rao        std::string_view::iterator tokenBegin = i;
5968caeeSMarri Devender Rao        while (i != value.end() && *i != '=')
5968caeeSMarri Devender Rao        {
17a897dfSManojkiran Eda            ++i;
5968caeeSMarri Devender Rao        }
5968caeeSMarri Devender Rao        if (i == value.end())
5968caeeSMarri Devender Rao        {
5968caeeSMarri Devender Rao            break;
5968caeeSMarri Devender Rao        }
271584abSEd Tanous        const std::string_view key(tokenBegin,
271584abSEd Tanous                                   static_cast<size_t>(i - tokenBegin));
17a897dfSManojkiran Eda        ++i;
5968caeeSMarri Devender Rao        tokenBegin = i;
5968caeeSMarri Devender Rao        while (i != value.end() && *i != ',')
5968caeeSMarri Devender Rao        {
17a897dfSManojkiran Eda            ++i;
5968caeeSMarri Devender Rao        }
271584abSEd Tanous        const std::string_view val(tokenBegin,
271584abSEd Tanous                                   static_cast<size_t>(i - tokenBegin));
5968caeeSMarri Devender Rao        if (key == "L")
5968caeeSMarri Devender Rao        {
5968caeeSMarri Devender Rao            out["City"] = val;
5968caeeSMarri Devender Rao        }
5968caeeSMarri Devender Rao        else if (key == "CN")
5968caeeSMarri Devender Rao        {
5968caeeSMarri Devender Rao            out["CommonName"] = val;
5968caeeSMarri Devender Rao        }
5968caeeSMarri Devender Rao        else if (key == "C")
5968caeeSMarri Devender Rao        {
5968caeeSMarri Devender Rao            out["Country"] = val;
5968caeeSMarri Devender Rao        }
5968caeeSMarri Devender Rao        else if (key == "O")
5968caeeSMarri Devender Rao        {
5968caeeSMarri Devender Rao            out["Organization"] = val;
5968caeeSMarri Devender Rao        }
5968caeeSMarri Devender Rao        else if (key == "OU")
5968caeeSMarri Devender Rao        {
5968caeeSMarri Devender Rao            out["OrganizationalUnit"] = val;
5968caeeSMarri Devender Rao        }
5968caeeSMarri Devender Rao        else if (key == "ST")
5968caeeSMarri Devender Rao        {
5968caeeSMarri Devender Rao            out["State"] = val;
5968caeeSMarri Devender Rao        }
5968caeeSMarri Devender Rao        // skip comma character
5968caeeSMarri Devender Rao        if (i != value.end())
5968caeeSMarri Devender Rao        {
17a897dfSManojkiran Eda            ++i;
5968caeeSMarri Devender Rao        }
5968caeeSMarri Devender Rao    }
5968caeeSMarri Devender Rao}
5968caeeSMarri Devender Rao
5968caeeSMarri Devender Rao/**
5968caeeSMarri Devender Rao * @brief Retrieve the certificates properties and append to the response
5968caeeSMarri Devender Rao * message
5968caeeSMarri Devender Rao *
5968caeeSMarri Devender Rao * @param[in] asyncResp Shared pointer to the response message
5968caeeSMarri Devender Rao * @param[in] objectPath  Path of the D-Bus service object
5968caeeSMarri Devender Rao * @param[in] certId  Id of the certificate
5968caeeSMarri Devender Rao * @param[in] certURL  URL of the certificate object
5968caeeSMarri Devender Rao * @param[in] name  name of the certificate
5968caeeSMarri Devender Rao * @return None
5968caeeSMarri Devender Rao */
5968caeeSMarri Devender Raostatic void getCertificateProperties(
*8d1b46d7Szhanghch05    const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
*8d1b46d7Szhanghch05    const std::string& objectPath, const std::string& service, long certId,
*8d1b46d7Szhanghch05    const std::string& certURL, const std::string& name)
5968caeeSMarri Devender Rao{
5968caeeSMarri Devender Rao    using PropertyType =
5968caeeSMarri Devender Rao        std::variant<std::string, uint64_t, std::vector<std::string>>;
5968caeeSMarri Devender Rao    using PropertiesMap = boost::container::flat_map<std::string, PropertyType>;
5968caeeSMarri Devender Rao    BMCWEB_LOG_DEBUG << "getCertificateProperties Path=" << objectPath
5968caeeSMarri Devender Rao                     << " certId=" << certId << " certURl=" << certURL;
5968caeeSMarri Devender Rao    crow::connections::systemBus->async_method_call(
37cce918SMarri Devender Rao        [asyncResp, certURL, certId, name](const boost::system::error_code ec,
5968caeeSMarri Devender Rao                                           const PropertiesMap& properties) {
5968caeeSMarri Devender Rao            if (ec)
5968caeeSMarri Devender Rao            {
5968caeeSMarri Devender Rao                BMCWEB_LOG_ERROR << "DBUS response error: " << ec;
8aae75adSMarri Devender Rao                messages::resourceNotFound(asyncResp->res, name,
8aae75adSMarri Devender Rao                                           std::to_string(certId));
5968caeeSMarri Devender Rao                return;
5968caeeSMarri Devender Rao            }
5968caeeSMarri Devender Rao            asyncResp->res.jsonValue = {
5968caeeSMarri Devender Rao                {"@odata.id", certURL},
5968caeeSMarri Devender Rao                {"@odata.type", "#Certificate.v1_0_0.Certificate"},
5968caeeSMarri Devender Rao                {"Id", std::to_string(certId)},
5968caeeSMarri Devender Rao                {"Name", name},
5968caeeSMarri Devender Rao                {"Description", name}};
5968caeeSMarri Devender Rao            for (const auto& property : properties)
5968caeeSMarri Devender Rao            {
5968caeeSMarri Devender Rao                if (property.first == "CertificateString")
5968caeeSMarri Devender Rao                {
5968caeeSMarri Devender Rao                    asyncResp->res.jsonValue["CertificateString"] = "";
5968caeeSMarri Devender Rao                    const std::string* value =
5968caeeSMarri Devender Rao                        std::get_if<std::string>(&property.second);
5968caeeSMarri Devender Rao                    if (value)
5968caeeSMarri Devender Rao                    {
37cce918SMarri Devender Rao                        asyncResp->res.jsonValue["CertificateString"] = *value;
5968caeeSMarri Devender Rao                    }
5968caeeSMarri Devender Rao                }
5968caeeSMarri Devender Rao                else if (property.first == "KeyUsage")
5968caeeSMarri Devender Rao                {
5968caeeSMarri Devender Rao                    nlohmann::json& keyUsage =
5968caeeSMarri Devender Rao                        asyncResp->res.jsonValue["KeyUsage"];
5968caeeSMarri Devender Rao                    keyUsage = nlohmann::json::array();
5968caeeSMarri Devender Rao                    const std::vector<std::string>* value =
37cce918SMarri Devender Rao                        std::get_if<std::vector<std::string>>(&property.second);
5968caeeSMarri Devender Rao                    if (value)
5968caeeSMarri Devender Rao                    {
5968caeeSMarri Devender Rao                        for (const std::string& usage : *value)
5968caeeSMarri Devender Rao                        {
5968caeeSMarri Devender Rao                            keyUsage.push_back(usage);
5968caeeSMarri Devender Rao                        }
5968caeeSMarri Devender Rao                    }
5968caeeSMarri Devender Rao                }
5968caeeSMarri Devender Rao                else if (property.first == "Issuer")
5968caeeSMarri Devender Rao                {
5968caeeSMarri Devender Rao                    const std::string* value =
5968caeeSMarri Devender Rao                        std::get_if<std::string>(&property.second);
5968caeeSMarri Devender Rao                    if (value)
5968caeeSMarri Devender Rao                    {
5968caeeSMarri Devender Rao                        updateCertIssuerOrSubject(
5968caeeSMarri Devender Rao                            asyncResp->res.jsonValue["Issuer"], *value);
5968caeeSMarri Devender Rao                    }
5968caeeSMarri Devender Rao                }
5968caeeSMarri Devender Rao                else if (property.first == "Subject")
5968caeeSMarri Devender Rao                {
5968caeeSMarri Devender Rao                    const std::string* value =
5968caeeSMarri Devender Rao                        std::get_if<std::string>(&property.second);
5968caeeSMarri Devender Rao                    if (value)
5968caeeSMarri Devender Rao                    {
5968caeeSMarri Devender Rao                        updateCertIssuerOrSubject(
37cce918SMarri Devender Rao                            asyncResp->res.jsonValue["Subject"], *value);
5968caeeSMarri Devender Rao                    }
5968caeeSMarri Devender Rao                }
5968caeeSMarri Devender Rao                else if (property.first == "ValidNotAfter")
5968caeeSMarri Devender Rao                {
5968caeeSMarri Devender Rao                    const uint64_t* value =
5968caeeSMarri Devender Rao                        std::get_if<uint64_t>(&property.second);
5968caeeSMarri Devender Rao                    if (value)
5968caeeSMarri Devender Rao                    {
37cce918SMarri Devender Rao                        std::time_t time = static_cast<std::time_t>(*value);
5968caeeSMarri Devender Rao                        asyncResp->res.jsonValue["ValidNotAfter"] =
5968caeeSMarri Devender Rao                            crow::utility::getDateTime(time);
5968caeeSMarri Devender Rao                    }
5968caeeSMarri Devender Rao                }
5968caeeSMarri Devender Rao                else if (property.first == "ValidNotBefore")
5968caeeSMarri Devender Rao                {
5968caeeSMarri Devender Rao                    const uint64_t* value =
5968caeeSMarri Devender Rao                        std::get_if<uint64_t>(&property.second);
5968caeeSMarri Devender Rao                    if (value)
5968caeeSMarri Devender Rao                    {
37cce918SMarri Devender Rao                        std::time_t time = static_cast<std::time_t>(*value);
5968caeeSMarri Devender Rao                        asyncResp->res.jsonValue["ValidNotBefore"] =
5968caeeSMarri Devender Rao                            crow::utility::getDateTime(time);
5968caeeSMarri Devender Rao                    }
5968caeeSMarri Devender Rao                }
5968caeeSMarri Devender Rao            }
5968caeeSMarri Devender Rao            asyncResp->res.addHeader("Location", certURL);
5968caeeSMarri Devender Rao        },
5968caeeSMarri Devender Rao        service, objectPath, certs::dbusPropIntf, "GetAll",
5968caeeSMarri Devender Rao        certs::certPropIntf);
5968caeeSMarri Devender Rao}
5968caeeSMarri Devender Rao
5968caeeSMarri Devender Raousing GetObjectType =
5968caeeSMarri Devender Rao    std::vector<std::pair<std::string, std::vector<std::string>>>;
5968caeeSMarri Devender Rao
5968caeeSMarri Devender Rao/**
5968caeeSMarri Devender Rao * Action to replace an existing certificate
5968caeeSMarri Devender Rao */
5968caeeSMarri Devender Raoclass CertificateActionsReplaceCertificate : public Node
5968caeeSMarri Devender Rao{
5968caeeSMarri Devender Rao  public:
52cc112dSEd Tanous    CertificateActionsReplaceCertificate(App& app) :
5968caeeSMarri Devender Rao        Node(app, "/redfish/v1/CertificateService/Actions/"
5968caeeSMarri Devender Rao                  "CertificateService.ReplaceCertificate/")
5968caeeSMarri Devender Rao    {
5968caeeSMarri Devender Rao        entityPrivileges = {
5968caeeSMarri Devender Rao            {boost::beast::http::verb::get, {{"Login"}}},
5968caeeSMarri Devender Rao            {boost::beast::http::verb::head, {{"Login"}}},
5968caeeSMarri Devender Rao            {boost::beast::http::verb::patch, {{"ConfigureComponents"}}},
5968caeeSMarri Devender Rao            {boost::beast::http::verb::put, {{"ConfigureComponents"}}},
5968caeeSMarri Devender Rao            {boost::beast::http::verb::delete_, {{"ConfigureComponents"}}},
5968caeeSMarri Devender Rao            {boost::beast::http::verb::post, {{"ConfigureComponents"}}}};
5968caeeSMarri Devender Rao    }
5968caeeSMarri Devender Rao
5968caeeSMarri Devender Rao  private:
*8d1b46d7Szhanghch05    void doPost(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
*8d1b46d7Szhanghch05                const crow::Request& req,
cb13a392SEd Tanous                const std::vector<std::string>&) override
5968caeeSMarri Devender Rao    {
5968caeeSMarri Devender Rao        std::string certificate;
5968caeeSMarri Devender Rao        nlohmann::json certificateUri;
5968caeeSMarri Devender Rao        std::optional<std::string> certificateType = "PEM";
*8d1b46d7Szhanghch05
5968caeeSMarri Devender Rao        if (!json_util::readJson(req, asyncResp->res, "CertificateString",
5968caeeSMarri Devender Rao                                 certificate, "CertificateUri", certificateUri,
5968caeeSMarri Devender Rao                                 "CertificateType", certificateType))
5968caeeSMarri Devender Rao        {
5968caeeSMarri Devender Rao            BMCWEB_LOG_ERROR << "Required parameters are missing";
5968caeeSMarri Devender Rao            messages::internalError(asyncResp->res);
5968caeeSMarri Devender Rao            return;
5968caeeSMarri Devender Rao        }
5968caeeSMarri Devender Rao
5968caeeSMarri Devender Rao        if (!certificateType)
5968caeeSMarri Devender Rao        {
5968caeeSMarri Devender Rao            // should never happen, but it never hurts to be paranoid.
5968caeeSMarri Devender Rao            return;
5968caeeSMarri Devender Rao        }
5968caeeSMarri Devender Rao        if (certificateType != "PEM")
5968caeeSMarri Devender Rao        {
5968caeeSMarri Devender Rao            messages::actionParameterNotSupported(
5968caeeSMarri Devender Rao                asyncResp->res, "CertificateType", "ReplaceCertificate");
5968caeeSMarri Devender Rao            return;
5968caeeSMarri Devender Rao        }
5968caeeSMarri Devender Rao
5968caeeSMarri Devender Rao        std::string certURI;
5968caeeSMarri Devender Rao        if (!redfish::json_util::readJson(certificateUri, asyncResp->res,
5968caeeSMarri Devender Rao                                          "@odata.id", certURI))
5968caeeSMarri Devender Rao        {
5968caeeSMarri Devender Rao            messages::actionParameterMissing(
5968caeeSMarri Devender Rao                asyncResp->res, "ReplaceCertificate", "CertificateUri");
5968caeeSMarri Devender Rao            return;
5968caeeSMarri Devender Rao        }
5968caeeSMarri Devender Rao
5968caeeSMarri Devender Rao        BMCWEB_LOG_INFO << "Certificate URI to replace" << certURI;
5968caeeSMarri Devender Rao        long id = getIDFromURL(certURI);
5968caeeSMarri Devender Rao        if (id < 0)
5968caeeSMarri Devender Rao        {
5968caeeSMarri Devender Rao            messages::actionParameterValueFormatError(asyncResp->res, certURI,
5968caeeSMarri Devender Rao                                                      "CertificateUri",
5968caeeSMarri Devender Rao                                                      "ReplaceCertificate");
5968caeeSMarri Devender Rao            return;
5968caeeSMarri Devender Rao        }
5968caeeSMarri Devender Rao        std::string objectPath;
5968caeeSMarri Devender Rao        std::string name;
37cce918SMarri Devender Rao        std::string service;
5968caeeSMarri Devender Rao        if (boost::starts_with(
5968caeeSMarri Devender Rao                certURI,
5968caeeSMarri Devender Rao                "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/"))
5968caeeSMarri Devender Rao        {
5968caeeSMarri Devender Rao            objectPath =
5968caeeSMarri Devender Rao                std::string(certs::httpsObjectPath) + "/" + std::to_string(id);
5968caeeSMarri Devender Rao            name = "HTTPS certificate";
37cce918SMarri Devender Rao            service = certs::httpsServiceName;
37cce918SMarri Devender Rao        }
37cce918SMarri Devender Rao        else if (boost::starts_with(
37cce918SMarri Devender Rao                     certURI, "/redfish/v1/AccountService/LDAP/Certificates/"))
37cce918SMarri Devender Rao        {
37cce918SMarri Devender Rao            objectPath =
37cce918SMarri Devender Rao                std::string(certs::ldapObjectPath) + "/" + std::to_string(id);
37cce918SMarri Devender Rao            name = "LDAP certificate";
37cce918SMarri Devender Rao            service = certs::ldapServiceName;
5968caeeSMarri Devender Rao        }
cfcd5f6bSMarri Devender Rao        else if (boost::starts_with(
cfcd5f6bSMarri Devender Rao                     certURI,
cfcd5f6bSMarri Devender Rao                     "/redfish/v1/Managers/bmc/Truststore/Certificates/"))
cfcd5f6bSMarri Devender Rao        {
cfcd5f6bSMarri Devender Rao            objectPath = std::string(certs::authorityObjectPath) + "/" +
cfcd5f6bSMarri Devender Rao                         std::to_string(id);
cfcd5f6bSMarri Devender Rao            name = "TrustStore certificate";
cfcd5f6bSMarri Devender Rao            service = certs::authorityServiceName;
cfcd5f6bSMarri Devender Rao        }
5968caeeSMarri Devender Rao        else
5968caeeSMarri Devender Rao        {
5968caeeSMarri Devender Rao            messages::actionParameterNotSupported(
5968caeeSMarri Devender Rao                asyncResp->res, "CertificateUri", "ReplaceCertificate");
5968caeeSMarri Devender Rao            return;
5968caeeSMarri Devender Rao        }
5968caeeSMarri Devender Rao
5968caeeSMarri Devender Rao        std::shared_ptr<CertificateFile> certFile =
5968caeeSMarri Devender Rao            std::make_shared<CertificateFile>(certificate);
5968caeeSMarri Devender Rao        crow::connections::systemBus->async_method_call(
37cce918SMarri Devender Rao            [asyncResp, certFile, objectPath, service, certURI, id,
5968caeeSMarri Devender Rao             name](const boost::system::error_code ec) {
5968caeeSMarri Devender Rao                if (ec)
5968caeeSMarri Devender Rao                {
5968caeeSMarri Devender Rao                    BMCWEB_LOG_ERROR << "DBUS response error: " << ec;
8aae75adSMarri Devender Rao                    messages::resourceNotFound(asyncResp->res, name,
8aae75adSMarri Devender Rao                                               std::to_string(id));
5968caeeSMarri Devender Rao                    return;
5968caeeSMarri Devender Rao                }
37cce918SMarri Devender Rao                getCertificateProperties(asyncResp, objectPath, service, id,
5968caeeSMarri Devender Rao                                         certURI, name);
5968caeeSMarri Devender Rao                BMCWEB_LOG_DEBUG << "HTTPS certificate install file="
5968caeeSMarri Devender Rao                                 << certFile->getCertFilePath();
5968caeeSMarri Devender Rao            },
5968caeeSMarri Devender Rao            service, objectPath, certs::certReplaceIntf, "Replace",
5968caeeSMarri Devender Rao            certFile->getCertFilePath());
5968caeeSMarri Devender Rao    }
5968caeeSMarri Devender Rao}; // CertificateActionsReplaceCertificate
5968caeeSMarri Devender Rao
5968caeeSMarri Devender Rao/**
5968caeeSMarri Devender Rao * Certificate resource describes a certificate used to prove the identity
5968caeeSMarri Devender Rao * of a component, account or service.
5968caeeSMarri Devender Rao */
5968caeeSMarri Devender Raoclass HTTPSCertificate : public Node
5968caeeSMarri Devender Rao{
5968caeeSMarri Devender Rao  public:
52cc112dSEd Tanous    HTTPSCertificate(App& app) :
5968caeeSMarri Devender Rao        Node(app,
5968caeeSMarri Devender Rao             "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/"
5968caeeSMarri Devender Rao             "<str>/",
5968caeeSMarri Devender Rao             std::string())
5968caeeSMarri Devender Rao    {
5968caeeSMarri Devender Rao        entityPrivileges = {
5968caeeSMarri Devender Rao            {boost::beast::http::verb::get, {{"Login"}}},
5968caeeSMarri Devender Rao            {boost::beast::http::verb::head, {{"Login"}}},
5968caeeSMarri Devender Rao            {boost::beast::http::verb::patch, {{"ConfigureComponents"}}},
5968caeeSMarri Devender Rao            {boost::beast::http::verb::put, {{"ConfigureComponents"}}},
5968caeeSMarri Devender Rao            {boost::beast::http::verb::delete_, {{"ConfigureComponents"}}},
5968caeeSMarri Devender Rao            {boost::beast::http::verb::post, {{"ConfigureComponents"}}}};
5968caeeSMarri Devender Rao    }
5968caeeSMarri Devender Rao
*8d1b46d7Szhanghch05    void doGet(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
*8d1b46d7Szhanghch05               const crow::Request& req,
5968caeeSMarri Devender Rao               const std::vector<std::string>& params) override
5968caeeSMarri Devender Rao    {
*8d1b46d7Szhanghch05
5968caeeSMarri Devender Rao        if (params.size() != 1)
5968caeeSMarri Devender Rao        {
5968caeeSMarri Devender Rao            messages::internalError(asyncResp->res);
5968caeeSMarri Devender Rao            return;
5968caeeSMarri Devender Rao        }
5968caeeSMarri Devender Rao        long id = getIDFromURL(req.url);
5968caeeSMarri Devender Rao
5968caeeSMarri Devender Rao        BMCWEB_LOG_DEBUG << "HTTPSCertificate::doGet ID=" << std::to_string(id);
5968caeeSMarri Devender Rao        std::string certURL =
5968caeeSMarri Devender Rao            "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/" +
5968caeeSMarri Devender Rao            std::to_string(id);
5968caeeSMarri Devender Rao        std::string objectPath = certs::httpsObjectPath;
5968caeeSMarri Devender Rao        objectPath += "/";
5968caeeSMarri Devender Rao        objectPath += std::to_string(id);
37cce918SMarri Devender Rao        getCertificateProperties(asyncResp, objectPath, certs::httpsServiceName,
37cce918SMarri Devender Rao                                 id, certURL, "HTTPS Certificate");
5968caeeSMarri Devender Rao    }
5968caeeSMarri Devender Rao
5968caeeSMarri Devender Rao}; // namespace redfish
5968caeeSMarri Devender Rao
5968caeeSMarri Devender Rao/**
5968caeeSMarri Devender Rao * Collection of HTTPS certificates
5968caeeSMarri Devender Rao */
5968caeeSMarri Devender Raoclass HTTPSCertificateCollection : public Node
5968caeeSMarri Devender Rao{
5968caeeSMarri Devender Rao  public:
52cc112dSEd Tanous    HTTPSCertificateCollection(App& app) :
5968caeeSMarri Devender Rao        Node(app,
5968caeeSMarri Devender Rao             "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/")
5968caeeSMarri Devender Rao    {
5968caeeSMarri Devender Rao        entityPrivileges = {
5968caeeSMarri Devender Rao            {boost::beast::http::verb::get, {{"Login"}}},
5968caeeSMarri Devender Rao            {boost::beast::http::verb::head, {{"Login"}}},
5968caeeSMarri Devender Rao            {boost::beast::http::verb::patch, {{"ConfigureComponents"}}},
5968caeeSMarri Devender Rao            {boost::beast::http::verb::put, {{"ConfigureComponents"}}},
5968caeeSMarri Devender Rao            {boost::beast::http::verb::delete_, {{"ConfigureComponents"}}},
5968caeeSMarri Devender Rao            {boost::beast::http::verb::post, {{"ConfigureComponents"}}}};
5968caeeSMarri Devender Rao    }
*8d1b46d7Szhanghch05    void doGet(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
*8d1b46d7Szhanghch05               const crow::Request&, const std::vector<std::string>&) override
5968caeeSMarri Devender Rao    {
*8d1b46d7Szhanghch05        asyncResp->res.jsonValue = {
5968caeeSMarri Devender Rao            {"@odata.id",
5968caeeSMarri Devender Rao             "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates"},
5968caeeSMarri Devender Rao            {"@odata.type", "#CertificateCollection.CertificateCollection"},
5968caeeSMarri Devender Rao            {"Name", "HTTPS Certificates Collection"},
5968caeeSMarri Devender Rao            {"Description", "A Collection of HTTPS certificate instances"}};
*8d1b46d7Szhanghch05
5968caeeSMarri Devender Rao        crow::connections::systemBus->async_method_call(
5968caeeSMarri Devender Rao            [asyncResp](const boost::system::error_code ec,
5968caeeSMarri Devender Rao                        const ManagedObjectType& certs) {
5968caeeSMarri Devender Rao                if (ec)
5968caeeSMarri Devender Rao                {
5968caeeSMarri Devender Rao                    BMCWEB_LOG_ERROR << "DBUS response error: " << ec;
5968caeeSMarri Devender Rao                    messages::internalError(asyncResp->res);
5968caeeSMarri Devender Rao                    return;
5968caeeSMarri Devender Rao                }
37cce918SMarri Devender Rao                nlohmann::json& members = asyncResp->res.jsonValue["Members"];
5968caeeSMarri Devender Rao                members = nlohmann::json::array();
5968caeeSMarri Devender Rao                for (const auto& cert : certs)
5968caeeSMarri Devender Rao                {
5968caeeSMarri Devender Rao                    long id = getIDFromURL(cert.first.str);
37cce918SMarri Devender Rao                    if (id >= 0)
5968caeeSMarri Devender Rao                    {
5968caeeSMarri Devender Rao                        members.push_back(
5968caeeSMarri Devender Rao                            {{"@odata.id",
5968caeeSMarri Devender Rao                              "/redfish/v1/Managers/bmc/"
5968caeeSMarri Devender Rao                              "NetworkProtocol/HTTPS/Certificates/" +
5968caeeSMarri Devender Rao                                  std::to_string(id)}});
5968caeeSMarri Devender Rao                    }
5968caeeSMarri Devender Rao                }
5968caeeSMarri Devender Rao                asyncResp->res.jsonValue["Members@odata.count"] =
5968caeeSMarri Devender Rao                    members.size();
5968caeeSMarri Devender Rao            },
37cce918SMarri Devender Rao            certs::httpsServiceName, certs::httpsObjectPath,
37cce918SMarri Devender Rao            certs::dbusObjManagerIntf, "GetManagedObjects");
5968caeeSMarri Devender Rao    }
5968caeeSMarri Devender Rao
*8d1b46d7Szhanghch05    void doPost(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
*8d1b46d7Szhanghch05                const crow::Request& req,
cb13a392SEd Tanous                const std::vector<std::string>&) override
5968caeeSMarri Devender Rao    {
5968caeeSMarri Devender Rao        BMCWEB_LOG_DEBUG << "HTTPSCertificateCollection::doPost";
*8d1b46d7Szhanghch05
5968caeeSMarri Devender Rao        asyncResp->res.jsonValue = {{"Name", "HTTPS Certificate"},
5968caeeSMarri Devender Rao                                    {"Description", "HTTPS Certificate"}};
5968caeeSMarri Devender Rao
58eb238fSKowalski, Kamil        std::string certFileBody = getCertificateFromReqBody(asyncResp, req);
58eb238fSKowalski, Kamil
58eb238fSKowalski, Kamil        if (certFileBody.empty())
58eb238fSKowalski, Kamil        {
a08752f5SZbigniew Kurzynski            BMCWEB_LOG_ERROR << "Cannot get certificate from request body.";
a08752f5SZbigniew Kurzynski            messages::unrecognizedRequestBody(asyncResp->res);
58eb238fSKowalski, Kamil            return;
58eb238fSKowalski, Kamil        }
58eb238fSKowalski, Kamil
5968caeeSMarri Devender Rao        std::shared_ptr<CertificateFile> certFile =
58eb238fSKowalski, Kamil            std::make_shared<CertificateFile>(certFileBody);
5968caeeSMarri Devender Rao
5968caeeSMarri Devender Rao        crow::connections::systemBus->async_method_call(
656ec7e3SZbigniew Kurzynski            [asyncResp, certFile](const boost::system::error_code ec,
656ec7e3SZbigniew Kurzynski                                  const std::string& objectPath) {
5968caeeSMarri Devender Rao                if (ec)
5968caeeSMarri Devender Rao                {
5968caeeSMarri Devender Rao                    BMCWEB_LOG_ERROR << "DBUS response error: " << ec;
5968caeeSMarri Devender Rao                    messages::internalError(asyncResp->res);
5968caeeSMarri Devender Rao                    return;
5968caeeSMarri Devender Rao                }
656ec7e3SZbigniew Kurzynski                long certId = getIDFromURL(objectPath);
656ec7e3SZbigniew Kurzynski                if (certId < 0)
656ec7e3SZbigniew Kurzynski                {
656ec7e3SZbigniew Kurzynski                    BMCWEB_LOG_ERROR << "Invalid objectPath value"
656ec7e3SZbigniew Kurzynski                                     << objectPath;
656ec7e3SZbigniew Kurzynski                    messages::internalError(asyncResp->res);
656ec7e3SZbigniew Kurzynski                    return;
656ec7e3SZbigniew Kurzynski                }
5968caeeSMarri Devender Rao                std::string certURL =
5968caeeSMarri Devender Rao                    "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/"
5968caeeSMarri Devender Rao                    "Certificates/" +
5968caeeSMarri Devender Rao                    std::to_string(certId);
37cce918SMarri Devender Rao                getCertificateProperties(asyncResp, objectPath,
37cce918SMarri Devender Rao                                         certs::httpsServiceName, certId,
5968caeeSMarri Devender Rao                                         certURL, "HTTPS Certificate");
5968caeeSMarri Devender Rao                BMCWEB_LOG_DEBUG << "HTTPS certificate install file="
5968caeeSMarri Devender Rao                                 << certFile->getCertFilePath();
5968caeeSMarri Devender Rao            },
37cce918SMarri Devender Rao            certs::httpsServiceName, certs::httpsObjectPath,
37cce918SMarri Devender Rao            certs::certInstallIntf, "Install", certFile->getCertFilePath());
5968caeeSMarri Devender Rao    }
5968caeeSMarri Devender Rao}; // HTTPSCertificateCollection
5968caeeSMarri Devender Rao
5968caeeSMarri Devender Rao/**
5968caeeSMarri Devender Rao * The certificate location schema defines a resource that an administrator
5968caeeSMarri Devender Rao * can use in order to locate all certificates installed on a given service.
5968caeeSMarri Devender Rao */
5968caeeSMarri Devender Raoclass CertificateLocations : public Node
5968caeeSMarri Devender Rao{
5968caeeSMarri Devender Rao  public:
52cc112dSEd Tanous    CertificateLocations(App& app) :
5968caeeSMarri Devender Rao        Node(app, "/redfish/v1/CertificateService/CertificateLocations/")
5968caeeSMarri Devender Rao    {
5968caeeSMarri Devender Rao        entityPrivileges = {
5968caeeSMarri Devender Rao            {boost::beast::http::verb::get, {{"Login"}}},
5968caeeSMarri Devender Rao            {boost::beast::http::verb::head, {{"Login"}}},
5968caeeSMarri Devender Rao            {boost::beast::http::verb::patch, {{"ConfigureComponents"}}},
5968caeeSMarri Devender Rao            {boost::beast::http::verb::put, {{"ConfigureComponents"}}},
5968caeeSMarri Devender Rao            {boost::beast::http::verb::delete_, {{"ConfigureComponents"}}},
5968caeeSMarri Devender Rao            {boost::beast::http::verb::post, {{"ConfigureComponents"}}}};
5968caeeSMarri Devender Rao    }
5968caeeSMarri Devender Rao
5968caeeSMarri Devender Rao  private:
*8d1b46d7Szhanghch05    void doGet(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
*8d1b46d7Szhanghch05               const crow::Request&, const std::vector<std::string>&) override
5968caeeSMarri Devender Rao    {
*8d1b46d7Szhanghch05        asyncResp->res.jsonValue = {
5968caeeSMarri Devender Rao            {"@odata.id",
5968caeeSMarri Devender Rao             "/redfish/v1/CertificateService/CertificateLocations"},
5968caeeSMarri Devender Rao            {"@odata.type",
5968caeeSMarri Devender Rao             "#CertificateLocations.v1_0_0.CertificateLocations"},
5968caeeSMarri Devender Rao            {"Name", "Certificate Locations"},
5968caeeSMarri Devender Rao            {"Id", "CertificateLocations"},
5968caeeSMarri Devender Rao            {"Description",
5968caeeSMarri Devender Rao             "Defines a resource that an administrator can use in order to "
5968caeeSMarri Devender Rao             "locate all certificates installed on a given service"}};
*8d1b46d7Szhanghch05
5968caeeSMarri Devender Rao        nlohmann::json& links =
5968caeeSMarri Devender Rao            asyncResp->res.jsonValue["Links"]["Certificates"];
5968caeeSMarri Devender Rao        links = nlohmann::json::array();
5968caeeSMarri Devender Rao        getCertificateLocations(
5968caeeSMarri Devender Rao            asyncResp,
5968caeeSMarri Devender Rao            "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/",
37cce918SMarri Devender Rao            certs::httpsObjectPath, certs::httpsServiceName);
37cce918SMarri Devender Rao        getCertificateLocations(asyncResp,
37cce918SMarri Devender Rao                                "/redfish/v1/AccountService/LDAP/Certificates/",
37cce918SMarri Devender Rao                                certs::ldapObjectPath, certs::ldapServiceName);
cfcd5f6bSMarri Devender Rao        getCertificateLocations(
cfcd5f6bSMarri Devender Rao            asyncResp, "/redfish/v1/Managers/bmc/Truststore/Certificates/",
cfcd5f6bSMarri Devender Rao            certs::authorityObjectPath, certs::authorityServiceName);
37cce918SMarri Devender Rao    }
37cce918SMarri Devender Rao    /**
37cce918SMarri Devender Rao     * @brief Retrieve the certificates installed list and append to the
37cce918SMarri Devender Rao     * response
37cce918SMarri Devender Rao     *
37cce918SMarri Devender Rao     * @param[in] asyncResp Shared pointer to the response message
37cce918SMarri Devender Rao     * @param[in] certURL  Path of the certificate object
37cce918SMarri Devender Rao     * @param[in] path  Path of the D-Bus service object
37cce918SMarri Devender Rao     * @return None
37cce918SMarri Devender Rao     */
*8d1b46d7Szhanghch05    void getCertificateLocations(
*8d1b46d7Szhanghch05        const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
*8d1b46d7Szhanghch05        const std::string& certURL, const std::string& path,
37cce918SMarri Devender Rao        const std::string& service)
37cce918SMarri Devender Rao    {
37cce918SMarri Devender Rao        BMCWEB_LOG_DEBUG << "getCertificateLocations URI=" << certURL
37cce918SMarri Devender Rao                         << " Path=" << path << " service= " << service;
37cce918SMarri Devender Rao        crow::connections::systemBus->async_method_call(
37cce918SMarri Devender Rao            [asyncResp, certURL](const boost::system::error_code ec,
37cce918SMarri Devender Rao                                 const ManagedObjectType& certs) {
37cce918SMarri Devender Rao                if (ec)
37cce918SMarri Devender Rao                {
9c8e039eSJonathan Doman                    BMCWEB_LOG_WARNING
9c8e039eSJonathan Doman                        << "Certificate collection query failed: " << ec
9c8e039eSJonathan Doman                        << ", skipping " << certURL;
37cce918SMarri Devender Rao                    return;
37cce918SMarri Devender Rao                }
37cce918SMarri Devender Rao                nlohmann::json& links =
37cce918SMarri Devender Rao                    asyncResp->res.jsonValue["Links"]["Certificates"];
37cce918SMarri Devender Rao                for (auto& cert : certs)
37cce918SMarri Devender Rao                {
37cce918SMarri Devender Rao                    long id = getIDFromURL(cert.first.str);
37cce918SMarri Devender Rao                    if (id >= 0)
37cce918SMarri Devender Rao                    {
37cce918SMarri Devender Rao                        links.push_back(
37cce918SMarri Devender Rao                            {{"@odata.id", certURL + std::to_string(id)}});
37cce918SMarri Devender Rao                    }
37cce918SMarri Devender Rao                }
37cce918SMarri Devender Rao                asyncResp->res.jsonValue["Links"]["Certificates@odata.count"] =
37cce918SMarri Devender Rao                    links.size();
37cce918SMarri Devender Rao            },
37cce918SMarri Devender Rao            service, path, certs::dbusObjManagerIntf, "GetManagedObjects");
5968caeeSMarri Devender Rao    }
5968caeeSMarri Devender Rao}; // CertificateLocations
37cce918SMarri Devender Rao
37cce918SMarri Devender Rao/**
37cce918SMarri Devender Rao * Collection of LDAP certificates
37cce918SMarri Devender Rao */
37cce918SMarri Devender Raoclass LDAPCertificateCollection : public Node
37cce918SMarri Devender Rao{
37cce918SMarri Devender Rao  public:
52cc112dSEd Tanous    LDAPCertificateCollection(App& app) :
37cce918SMarri Devender Rao        Node(app, "/redfish/v1/AccountService/LDAP/Certificates/")
37cce918SMarri Devender Rao    {
37cce918SMarri Devender Rao        entityPrivileges = {
37cce918SMarri Devender Rao            {boost::beast::http::verb::get, {{"Login"}}},
37cce918SMarri Devender Rao            {boost::beast::http::verb::head, {{"Login"}}},
37cce918SMarri Devender Rao            {boost::beast::http::verb::patch, {{"ConfigureComponents"}}},
37cce918SMarri Devender Rao            {boost::beast::http::verb::put, {{"ConfigureComponents"}}},
37cce918SMarri Devender Rao            {boost::beast::http::verb::delete_, {{"ConfigureComponents"}}},
37cce918SMarri Devender Rao            {boost::beast::http::verb::post, {{"ConfigureComponents"}}}};
37cce918SMarri Devender Rao    }
*8d1b46d7Szhanghch05    void doGet(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
*8d1b46d7Szhanghch05               const crow::Request&, const std::vector<std::string>&) override
37cce918SMarri Devender Rao    {
*8d1b46d7Szhanghch05        asyncResp->res.jsonValue = {
37cce918SMarri Devender Rao            {"@odata.id", "/redfish/v1/AccountService/LDAP/Certificates"},
37cce918SMarri Devender Rao            {"@odata.type", "#CertificateCollection.CertificateCollection"},
37cce918SMarri Devender Rao            {"Name", "LDAP Certificates Collection"},
37cce918SMarri Devender Rao            {"Description", "A Collection of LDAP certificate instances"}};
*8d1b46d7Szhanghch05
37cce918SMarri Devender Rao        crow::connections::systemBus->async_method_call(
37cce918SMarri Devender Rao            [asyncResp](const boost::system::error_code ec,
37cce918SMarri Devender Rao                        const ManagedObjectType& certs) {
9c8e039eSJonathan Doman                nlohmann::json& members = asyncResp->res.jsonValue["Members"];
9c8e039eSJonathan Doman                nlohmann::json& count =
9c8e039eSJonathan Doman                    asyncResp->res.jsonValue["Members@odata.count"];
9c8e039eSJonathan Doman                members = nlohmann::json::array();
9c8e039eSJonathan Doman                count = 0;
37cce918SMarri Devender Rao                if (ec)
37cce918SMarri Devender Rao                {
9c8e039eSJonathan Doman                    BMCWEB_LOG_WARNING << "LDAP certificate query failed: "
9c8e039eSJonathan Doman                                       << ec;
37cce918SMarri Devender Rao                    return;
37cce918SMarri Devender Rao                }
37cce918SMarri Devender Rao                for (const auto& cert : certs)
37cce918SMarri Devender Rao                {
37cce918SMarri Devender Rao                    long id = getIDFromURL(cert.first.str);
37cce918SMarri Devender Rao                    if (id >= 0)
37cce918SMarri Devender Rao                    {
37cce918SMarri Devender Rao                        members.push_back(
37cce918SMarri Devender Rao                            {{"@odata.id", "/redfish/v1/AccountService/"
37cce918SMarri Devender Rao                                           "LDAP/Certificates/" +
37cce918SMarri Devender Rao                                               std::to_string(id)}});
37cce918SMarri Devender Rao                    }
37cce918SMarri Devender Rao                }
9c8e039eSJonathan Doman                count = members.size();
37cce918SMarri Devender Rao            },
37cce918SMarri Devender Rao            certs::ldapServiceName, certs::ldapObjectPath,
37cce918SMarri Devender Rao            certs::dbusObjManagerIntf, "GetManagedObjects");
37cce918SMarri Devender Rao    }
37cce918SMarri Devender Rao
*8d1b46d7Szhanghch05    void doPost(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
*8d1b46d7Szhanghch05                const crow::Request& req,
cb13a392SEd Tanous                const std::vector<std::string>&) override
37cce918SMarri Devender Rao    {
*8d1b46d7Szhanghch05
58eb238fSKowalski, Kamil        std::string certFileBody = getCertificateFromReqBody(asyncResp, req);
58eb238fSKowalski, Kamil
58eb238fSKowalski, Kamil        if (certFileBody.empty())
58eb238fSKowalski, Kamil        {
a08752f5SZbigniew Kurzynski            BMCWEB_LOG_ERROR << "Cannot get certificate from request body.";
a08752f5SZbigniew Kurzynski            messages::unrecognizedRequestBody(asyncResp->res);
58eb238fSKowalski, Kamil            return;
58eb238fSKowalski, Kamil        }
58eb238fSKowalski, Kamil
58eb238fSKowalski, Kamil        std::shared_ptr<CertificateFile> certFile =
58eb238fSKowalski, Kamil            std::make_shared<CertificateFile>(certFileBody);
58eb238fSKowalski, Kamil
37cce918SMarri Devender Rao        crow::connections::systemBus->async_method_call(
656ec7e3SZbigniew Kurzynski            [asyncResp, certFile](const boost::system::error_code ec,
656ec7e3SZbigniew Kurzynski                                  const std::string& objectPath) {
37cce918SMarri Devender Rao                if (ec)
37cce918SMarri Devender Rao                {
37cce918SMarri Devender Rao                    BMCWEB_LOG_ERROR << "DBUS response error: " << ec;
37cce918SMarri Devender Rao                    messages::internalError(asyncResp->res);
37cce918SMarri Devender Rao                    return;
37cce918SMarri Devender Rao                }
656ec7e3SZbigniew Kurzynski                long certId = getIDFromURL(objectPath);
656ec7e3SZbigniew Kurzynski                if (certId < 0)
656ec7e3SZbigniew Kurzynski                {
656ec7e3SZbigniew Kurzynski                    BMCWEB_LOG_ERROR << "Invalid objectPath value"
656ec7e3SZbigniew Kurzynski                                     << objectPath;
656ec7e3SZbigniew Kurzynski                    messages::internalError(asyncResp->res);
656ec7e3SZbigniew Kurzynski                    return;
656ec7e3SZbigniew Kurzynski                }
37cce918SMarri Devender Rao                std::string certURL =
37cce918SMarri Devender Rao                    "/redfish/v1/AccountService/LDAP/Certificates/" +
37cce918SMarri Devender Rao                    std::to_string(certId);
37cce918SMarri Devender Rao                getCertificateProperties(asyncResp, objectPath,
37cce918SMarri Devender Rao                                         certs::ldapServiceName, certId,
37cce918SMarri Devender Rao                                         certURL, "LDAP Certificate");
37cce918SMarri Devender Rao                BMCWEB_LOG_DEBUG << "LDAP certificate install file="
37cce918SMarri Devender Rao                                 << certFile->getCertFilePath();
37cce918SMarri Devender Rao            },
37cce918SMarri Devender Rao            certs::ldapServiceName, certs::ldapObjectPath,
37cce918SMarri Devender Rao            certs::certInstallIntf, "Install", certFile->getCertFilePath());
37cce918SMarri Devender Rao    }
37cce918SMarri Devender Rao}; // LDAPCertificateCollection
37cce918SMarri Devender Rao
37cce918SMarri Devender Rao/**
37cce918SMarri Devender Rao * Certificate resource describes a certificate used to prove the identity
37cce918SMarri Devender Rao * of a component, account or service.
37cce918SMarri Devender Rao */
37cce918SMarri Devender Raoclass LDAPCertificate : public Node
37cce918SMarri Devender Rao{
37cce918SMarri Devender Rao  public:
52cc112dSEd Tanous    LDAPCertificate(App& app) :
37cce918SMarri Devender Rao        Node(app, "/redfish/v1/AccountService/LDAP/Certificates/<str>/",
37cce918SMarri Devender Rao             std::string())
37cce918SMarri Devender Rao    {
37cce918SMarri Devender Rao        entityPrivileges = {
37cce918SMarri Devender Rao            {boost::beast::http::verb::get, {{"Login"}}},
37cce918SMarri Devender Rao            {boost::beast::http::verb::head, {{"Login"}}},
37cce918SMarri Devender Rao            {boost::beast::http::verb::patch, {{"ConfigureComponents"}}},
37cce918SMarri Devender Rao            {boost::beast::http::verb::put, {{"ConfigureComponents"}}},
37cce918SMarri Devender Rao            {boost::beast::http::verb::delete_, {{"ConfigureComponents"}}},
37cce918SMarri Devender Rao            {boost::beast::http::verb::post, {{"ConfigureComponents"}}}};
37cce918SMarri Devender Rao    }
37cce918SMarri Devender Rao
*8d1b46d7Szhanghch05    void doGet(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
*8d1b46d7Szhanghch05               const crow::Request& req,
cb13a392SEd Tanous               const std::vector<std::string>&) override
37cce918SMarri Devender Rao    {
*8d1b46d7Szhanghch05
37cce918SMarri Devender Rao        long id = getIDFromURL(req.url);
37cce918SMarri Devender Rao        if (id < 0)
37cce918SMarri Devender Rao        {
37cce918SMarri Devender Rao            BMCWEB_LOG_ERROR << "Invalid url value" << req.url;
37cce918SMarri Devender Rao            messages::internalError(asyncResp->res);
37cce918SMarri Devender Rao            return;
37cce918SMarri Devender Rao        }
37cce918SMarri Devender Rao        BMCWEB_LOG_DEBUG << "LDAP Certificate ID=" << std::to_string(id);
37cce918SMarri Devender Rao        std::string certURL = "/redfish/v1/AccountService/LDAP/Certificates/" +
37cce918SMarri Devender Rao                              std::to_string(id);
37cce918SMarri Devender Rao        std::string objectPath = certs::ldapObjectPath;
37cce918SMarri Devender Rao        objectPath += "/";
37cce918SMarri Devender Rao        objectPath += std::to_string(id);
37cce918SMarri Devender Rao        getCertificateProperties(asyncResp, objectPath, certs::ldapServiceName,
37cce918SMarri Devender Rao                                 id, certURL, "LDAP Certificate");
37cce918SMarri Devender Rao    }
37cce918SMarri Devender Rao}; // LDAPCertificate
cfcd5f6bSMarri Devender Rao/**
cfcd5f6bSMarri Devender Rao * Collection of TrustStoreCertificate certificates
cfcd5f6bSMarri Devender Rao */
cfcd5f6bSMarri Devender Raoclass TrustStoreCertificateCollection : public Node
cfcd5f6bSMarri Devender Rao{
cfcd5f6bSMarri Devender Rao  public:
52cc112dSEd Tanous    TrustStoreCertificateCollection(App& app) :
cfcd5f6bSMarri Devender Rao        Node(app, "/redfish/v1/Managers/bmc/Truststore/Certificates/")
cfcd5f6bSMarri Devender Rao    {
cfcd5f6bSMarri Devender Rao        entityPrivileges = {
cfcd5f6bSMarri Devender Rao            {boost::beast::http::verb::get, {{"Login"}}},
cfcd5f6bSMarri Devender Rao            {boost::beast::http::verb::head, {{"Login"}}},
cfcd5f6bSMarri Devender Rao            {boost::beast::http::verb::patch, {{"ConfigureComponents"}}},
cfcd5f6bSMarri Devender Rao            {boost::beast::http::verb::put, {{"ConfigureComponents"}}},
cfcd5f6bSMarri Devender Rao            {boost::beast::http::verb::delete_, {{"ConfigureComponents"}}},
cfcd5f6bSMarri Devender Rao            {boost::beast::http::verb::post, {{"ConfigureComponents"}}}};
cfcd5f6bSMarri Devender Rao    }
*8d1b46d7Szhanghch05    void doGet(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
*8d1b46d7Szhanghch05               const crow::Request&, const std::vector<std::string>&) override
cfcd5f6bSMarri Devender Rao    {
*8d1b46d7Szhanghch05        asyncResp->res.jsonValue = {
cfcd5f6bSMarri Devender Rao            {"@odata.id", "/redfish/v1/Managers/bmc/Truststore/Certificates/"},
cfcd5f6bSMarri Devender Rao            {"@odata.type", "#CertificateCollection.CertificateCollection"},
cfcd5f6bSMarri Devender Rao            {"Name", "TrustStore Certificates Collection"},
cfcd5f6bSMarri Devender Rao            {"Description",
cfcd5f6bSMarri Devender Rao             "A Collection of TrustStore certificate instances"}};
*8d1b46d7Szhanghch05
cfcd5f6bSMarri Devender Rao        crow::connections::systemBus->async_method_call(
cfcd5f6bSMarri Devender Rao            [asyncResp](const boost::system::error_code ec,
cfcd5f6bSMarri Devender Rao                        const ManagedObjectType& certs) {
cfcd5f6bSMarri Devender Rao                if (ec)
cfcd5f6bSMarri Devender Rao                {
cfcd5f6bSMarri Devender Rao                    BMCWEB_LOG_ERROR << "DBUS response error: " << ec;
cfcd5f6bSMarri Devender Rao                    messages::internalError(asyncResp->res);
cfcd5f6bSMarri Devender Rao                    return;
cfcd5f6bSMarri Devender Rao                }
cfcd5f6bSMarri Devender Rao                nlohmann::json& members = asyncResp->res.jsonValue["Members"];
cfcd5f6bSMarri Devender Rao                members = nlohmann::json::array();
cfcd5f6bSMarri Devender Rao                for (const auto& cert : certs)
cfcd5f6bSMarri Devender Rao                {
cfcd5f6bSMarri Devender Rao                    long id = getIDFromURL(cert.first.str);
cfcd5f6bSMarri Devender Rao                    if (id >= 0)
cfcd5f6bSMarri Devender Rao                    {
cfcd5f6bSMarri Devender Rao                        members.push_back(
cfcd5f6bSMarri Devender Rao                            {{"@odata.id", "/redfish/v1/Managers/bmc/"
cfcd5f6bSMarri Devender Rao                                           "Truststore/Certificates/" +
cfcd5f6bSMarri Devender Rao                                               std::to_string(id)}});
cfcd5f6bSMarri Devender Rao                    }
cfcd5f6bSMarri Devender Rao                }
cfcd5f6bSMarri Devender Rao                asyncResp->res.jsonValue["Members@odata.count"] =
cfcd5f6bSMarri Devender Rao                    members.size();
cfcd5f6bSMarri Devender Rao            },
cfcd5f6bSMarri Devender Rao            certs::authorityServiceName, certs::authorityObjectPath,
cfcd5f6bSMarri Devender Rao            certs::dbusObjManagerIntf, "GetManagedObjects");
cfcd5f6bSMarri Devender Rao    }
cfcd5f6bSMarri Devender Rao
*8d1b46d7Szhanghch05    void doPost(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
*8d1b46d7Szhanghch05                const crow::Request& req,
cb13a392SEd Tanous                const std::vector<std::string>&) override
cfcd5f6bSMarri Devender Rao    {
*8d1b46d7Szhanghch05
a08752f5SZbigniew Kurzynski        std::string certFileBody = getCertificateFromReqBody(asyncResp, req);
a08752f5SZbigniew Kurzynski
a08752f5SZbigniew Kurzynski        if (certFileBody.empty())
a08752f5SZbigniew Kurzynski        {
a08752f5SZbigniew Kurzynski            BMCWEB_LOG_ERROR << "Cannot get certificate from request body.";
a08752f5SZbigniew Kurzynski            messages::unrecognizedRequestBody(asyncResp->res);
a08752f5SZbigniew Kurzynski            return;
a08752f5SZbigniew Kurzynski        }
a08752f5SZbigniew Kurzynski
a08752f5SZbigniew Kurzynski        std::shared_ptr<CertificateFile> certFile =
a08752f5SZbigniew Kurzynski            std::make_shared<CertificateFile>(certFileBody);
cfcd5f6bSMarri Devender Rao        crow::connections::systemBus->async_method_call(
656ec7e3SZbigniew Kurzynski            [asyncResp, certFile](const boost::system::error_code ec,
656ec7e3SZbigniew Kurzynski                                  const std::string& objectPath) {
cfcd5f6bSMarri Devender Rao                if (ec)
cfcd5f6bSMarri Devender Rao                {
cfcd5f6bSMarri Devender Rao                    BMCWEB_LOG_ERROR << "DBUS response error: " << ec;
cfcd5f6bSMarri Devender Rao                    messages::internalError(asyncResp->res);
cfcd5f6bSMarri Devender Rao                    return;
cfcd5f6bSMarri Devender Rao                }
656ec7e3SZbigniew Kurzynski                long certId = getIDFromURL(objectPath);
656ec7e3SZbigniew Kurzynski                if (certId < 0)
656ec7e3SZbigniew Kurzynski                {
656ec7e3SZbigniew Kurzynski                    BMCWEB_LOG_ERROR << "Invalid objectPath value"
656ec7e3SZbigniew Kurzynski                                     << objectPath;
656ec7e3SZbigniew Kurzynski                    messages::internalError(asyncResp->res);
656ec7e3SZbigniew Kurzynski                    return;
656ec7e3SZbigniew Kurzynski                }
cfcd5f6bSMarri Devender Rao                std::string certURL = "/redfish/v1/Managers/bmc/"
cfcd5f6bSMarri Devender Rao                                      "Truststore/Certificates/" +
cfcd5f6bSMarri Devender Rao                                      std::to_string(certId);
656ec7e3SZbigniew Kurzynski
cfcd5f6bSMarri Devender Rao                getCertificateProperties(asyncResp, objectPath,
cfcd5f6bSMarri Devender Rao                                         certs::authorityServiceName, certId,
cfcd5f6bSMarri Devender Rao                                         certURL, "TrustStore Certificate");
cfcd5f6bSMarri Devender Rao                BMCWEB_LOG_DEBUG << "TrustStore certificate install file="
cfcd5f6bSMarri Devender Rao                                 << certFile->getCertFilePath();
cfcd5f6bSMarri Devender Rao            },
cfcd5f6bSMarri Devender Rao            certs::authorityServiceName, certs::authorityObjectPath,
cfcd5f6bSMarri Devender Rao            certs::certInstallIntf, "Install", certFile->getCertFilePath());
cfcd5f6bSMarri Devender Rao    }
cfcd5f6bSMarri Devender Rao}; // TrustStoreCertificateCollection
cfcd5f6bSMarri Devender Rao
cfcd5f6bSMarri Devender Rao/**
cfcd5f6bSMarri Devender Rao * Certificate resource describes a certificate used to prove the identity
cfcd5f6bSMarri Devender Rao * of a component, account or service.
cfcd5f6bSMarri Devender Rao */
cfcd5f6bSMarri Devender Raoclass TrustStoreCertificate : public Node
cfcd5f6bSMarri Devender Rao{
cfcd5f6bSMarri Devender Rao  public:
52cc112dSEd Tanous    TrustStoreCertificate(App& app) :
cfcd5f6bSMarri Devender Rao        Node(app, "/redfish/v1/Managers/bmc/Truststore/Certificates/<str>/",
cfcd5f6bSMarri Devender Rao             std::string())
cfcd5f6bSMarri Devender Rao    {
cfcd5f6bSMarri Devender Rao        entityPrivileges = {
cfcd5f6bSMarri Devender Rao            {boost::beast::http::verb::get, {{"Login"}}},
cfcd5f6bSMarri Devender Rao            {boost::beast::http::verb::head, {{"Login"}}},
cfcd5f6bSMarri Devender Rao            {boost::beast::http::verb::patch, {{"ConfigureComponents"}}},
cfcd5f6bSMarri Devender Rao            {boost::beast::http::verb::put, {{"ConfigureComponents"}}},
cfcd5f6bSMarri Devender Rao            {boost::beast::http::verb::delete_, {{"ConfigureComponents"}}},
cfcd5f6bSMarri Devender Rao            {boost::beast::http::verb::post, {{"ConfigureComponents"}}}};
cfcd5f6bSMarri Devender Rao    }
cfcd5f6bSMarri Devender Rao
*8d1b46d7Szhanghch05    void doGet(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
*8d1b46d7Szhanghch05               const crow::Request& req,
cb13a392SEd Tanous               const std::vector<std::string>&) override
cfcd5f6bSMarri Devender Rao    {
*8d1b46d7Szhanghch05
cfcd5f6bSMarri Devender Rao        long id = getIDFromURL(req.url);
cfcd5f6bSMarri Devender Rao        if (id < 0)
cfcd5f6bSMarri Devender Rao        {
cfcd5f6bSMarri Devender Rao            BMCWEB_LOG_ERROR << "Invalid url value" << req.url;
cfcd5f6bSMarri Devender Rao            messages::internalError(asyncResp->res);
cfcd5f6bSMarri Devender Rao            return;
cfcd5f6bSMarri Devender Rao        }
cfcd5f6bSMarri Devender Rao        BMCWEB_LOG_DEBUG << "TrustStoreCertificate::doGet ID="
cfcd5f6bSMarri Devender Rao                         << std::to_string(id);
cfcd5f6bSMarri Devender Rao        std::string certURL =
cfcd5f6bSMarri Devender Rao            "/redfish/v1/Managers/bmc/Truststore/Certificates/" +
cfcd5f6bSMarri Devender Rao            std::to_string(id);
cfcd5f6bSMarri Devender Rao        std::string objectPath = certs::authorityObjectPath;
cfcd5f6bSMarri Devender Rao        objectPath += "/";
cfcd5f6bSMarri Devender Rao        objectPath += std::to_string(id);
cfcd5f6bSMarri Devender Rao        getCertificateProperties(asyncResp, objectPath,
cfcd5f6bSMarri Devender Rao                                 certs::authorityServiceName, id, certURL,
cfcd5f6bSMarri Devender Rao                                 "TrustStore Certificate");
cfcd5f6bSMarri Devender Rao    }
07a60299SZbigniew Kurzynski
*8d1b46d7Szhanghch05    void doDelete(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
*8d1b46d7Szhanghch05                  const crow::Request& req,
07a60299SZbigniew Kurzynski                  const std::vector<std::string>& params) override
07a60299SZbigniew Kurzynski    {
07a60299SZbigniew Kurzynski
07a60299SZbigniew Kurzynski        if (params.size() != 1)
07a60299SZbigniew Kurzynski        {
07a60299SZbigniew Kurzynski            messages::internalError(asyncResp->res);
07a60299SZbigniew Kurzynski            return;
07a60299SZbigniew Kurzynski        }
07a60299SZbigniew Kurzynski
07a60299SZbigniew Kurzynski        long id = getIDFromURL(req.url);
07a60299SZbigniew Kurzynski        if (id < 0)
07a60299SZbigniew Kurzynski        {
07a60299SZbigniew Kurzynski            BMCWEB_LOG_ERROR << "Invalid url value: " << req.url;
07a60299SZbigniew Kurzynski            messages::resourceNotFound(asyncResp->res, "TrustStore Certificate",
07a60299SZbigniew Kurzynski                                       std::string(req.url));
07a60299SZbigniew Kurzynski            return;
07a60299SZbigniew Kurzynski        }
07a60299SZbigniew Kurzynski        BMCWEB_LOG_DEBUG << "TrustStoreCertificate::doDelete ID="
07a60299SZbigniew Kurzynski                         << std::to_string(id);
07a60299SZbigniew Kurzynski        std::string certPath = certs::authorityObjectPath;
07a60299SZbigniew Kurzynski        certPath += "/";
07a60299SZbigniew Kurzynski        certPath += std::to_string(id);
07a60299SZbigniew Kurzynski
07a60299SZbigniew Kurzynski        crow::connections::systemBus->async_method_call(
07a60299SZbigniew Kurzynski            [asyncResp, id](const boost::system::error_code ec) {
07a60299SZbigniew Kurzynski                if (ec)
07a60299SZbigniew Kurzynski                {
07a60299SZbigniew Kurzynski                    messages::resourceNotFound(asyncResp->res,
07a60299SZbigniew Kurzynski                                               "TrustStore Certificate",
07a60299SZbigniew Kurzynski                                               std::to_string(id));
07a60299SZbigniew Kurzynski                    return;
07a60299SZbigniew Kurzynski                }
07a60299SZbigniew Kurzynski                BMCWEB_LOG_INFO << "Certificate deleted";
07a60299SZbigniew Kurzynski                asyncResp->res.result(boost::beast::http::status::no_content);
07a60299SZbigniew Kurzynski            },
07a60299SZbigniew Kurzynski            certs::authorityServiceName, certPath, certs::objDeleteIntf,
07a60299SZbigniew Kurzynski            "Delete");
07a60299SZbigniew Kurzynski    }
cfcd5f6bSMarri Devender Rao}; // TrustStoreCertificate
5968caeeSMarri Devender Rao} // namespace redfish