phosphor-certificate-manager - OpenGrok cross reference for /openbmc/phosphor-certificate-manager/

# phosphor-certificate-manager

Certificate management allows to replace the existing certificate and private
key file with another (possibly CA signed) Certificate key file. Certificate
management allows the user to install both the server and client certificates.

## To Build

This project can be built with `meson`. The typical `meson` workflow is:
`meson builddir && ninja -C builddir`.

## To Run

Multiple instances of `phosphor-certificate-manager` are usually run on the bmc
to support management of different types of certificates.

```text
Usage: ./phosphor-certificate-manager [options]
Options:
    --help            Print this menu
    --type            certificate type
                      Valid types: client,server,authority
    --endpoint        d-bus endpoint
    --path            certificate file path
    --unit=<name>     Optional systemd unit need to reload
```

### Https certificate management

**Purpose:** Server https certificate

```bash
./phosphor-certificate-manager --type=server --endpoint=https \
    --path=/etc/ssl/certs/https/server.pem --unit=bmcweb.service
```

### CA certificate management

**Purpose:** Client certificate validation

```bash
./phosphor-certificate-manager --type=authority --endpoint=truststore \
    --path=/etc/ssl/certs/authority --unit=bmcweb.service
```

### LDAP client certificate management

**Purpose:** LDAP client certificate validation

```bash
./phosphor-certificate-manager --type=client --endpoint=ldap \
    --path=/etc/nslcd/certs/cert.pem
```

## D-Bus Interface

`phosphor-certificate-manager` is an implementation of the D-Bus interface
defined in
[this document](https://github.com/openbmc/phosphor-dbus-interfaces/blob/a3d0c212a1e734a77fbaf11c7561c59e59d514da/xyz/openbmc_project/Certs/README.md).

D-Bus service name is constructed by
"xyz.openbmc_project.Certs.Manager.{Type}.{Endpoint}" and D-Bus object path is
constructed by "/xyz/openbmc_project/certs/{type}/{endpoint}".

Take https certificate management as an example.

```bash
./phosphor-certificate-manager --type=server --endpoint=https \
    --path=/etc/ssl/certs/https/server.pem --unit=bmcweb.service
```

D-Bus service name is "xyz.openbmc_project.Certs.Manager.Server.Https" and D-Bus
object path is "/xyz/openbmc_project/certs/server/https".

## Usage in openbmc/bmcweb

OpenBMC [bmcweb](https://github.com/openbmc/bmcweb) exposes various
[REST APIs](https://github.com/openbmc/bmcweb/blob/master/redfish-core/lib/certificate_service.hpp)
for certificate management on the BMC, which leverages functionalities of
`phosphor-certificate-manager` via D-Bus.
Name		Date	Size	#Lines	LOC
..		Today	-
bmc-vmi-ca/	H	11-Oct-2023	-	290	193
dist/	H	31-Aug-2023	-	148	121
subprojects/	H	29-Mar-2022	-	32	23
test/	H	31-Aug-2023	-	2,152	1,765
.clang-format	H A D	25-Oct-2023	3.6 KiB	136	134
.clang-tidy	H A D	22-Sep-2022	731	17	14
.gitignore	H A D	29-Mar-2022	182	8	7
.openbmc-enforce-gitlint	H A D	19-Sep-2022	0
LICENSE	H A D	07-Mar-2021	11.1 KiB	202	169
OWNERS	H A D	02-Dec-2023	1.9 KiB	61	56
README.md	H A D	31-Aug-2023	2.5 KiB	81	57
argument.cpp	H A D	22-Sep-2022	1 KiB	33	28
argument.hpp	H A D	29-Mar-2022	487	20	13
certificate.cpp	H A D	11-Oct-2023	22.1 KiB	714	577
certificate.hpp	H A D	11-May-2023	10.7 KiB	321	115
certs_manager.cpp	H A D	25-Mar-2024	36.7 KiB	1,139	974
certs_manager.hpp	H A D	11-May-2023	14.1 KiB	346	110
config.h.in	H A D	10-May-2023	1,014	27	18
csr.cpp	H A D	11-Oct-2023	2.4 KiB	88	73
csr.hpp	H A D	11-May-2023	1.3 KiB	58	34
mainapp.cpp	H A D	11-May-2023	2.2 KiB	75	44
meson.build	H A D	22-Jul-2023	2.1 KiB	101	85
meson.options	H A D	31-Aug-2023	742	35	28
watch.cpp	H A D	25-Oct-2023	2.8 KiB	117	102
watch.hpp	H A D	11-May-2023	1.8 KiB	72	31
x509_utils.cpp	H A D	11-Oct-2023	8.3 KiB	263	213
x509_utils.hpp	H A D	24-Mar-2022	2 KiB	67	17