1 #include "config.h" 2 3 #include "ca_certs_manager.hpp" 4 5 #include <filesystem> 6 #include <fstream> 7 #include <phosphor-logging/elog-errors.hpp> 8 #include <phosphor-logging/elog.hpp> 9 #include <phosphor-logging/log.hpp> 10 #include <xyz/openbmc_project/Common/error.hpp> 11 12 namespace ca 13 { 14 namespace cert 15 { 16 static constexpr auto maxCertSize = 4096; 17 namespace fs = std::filesystem; 18 using namespace phosphor::logging; 19 using InvalidArgument = 20 sdbusplus::xyz::openbmc_project::Common::Error::InvalidArgument; 21 using Argument = xyz::openbmc_project::Common::InvalidArgument; 22 23 sdbusplus::message::object_path CACertMgr::signCSR(std::string csr) 24 { 25 std::string objPath; 26 try 27 { 28 if (csr.size() > maxCertSize) 29 { 30 log<level::ERR>("Invalid CSR size"); 31 elog<InvalidArgument>(Argument::ARGUMENT_NAME("CSR"), 32 Argument::ARGUMENT_VALUE(csr.c_str())); 33 } 34 auto id = lastEntryId + 1; 35 objPath = fs::path(OBJPATH) / "ca" / "entry" / std::to_string(id); 36 std::string cert; 37 // Creating the dbus object here with the empty certificate string 38 // actual signing is being done by the hypervisor, once it signs then 39 // the certificate string would be updated with actual certificate. 40 entries.insert(std::make_pair( 41 id, std::make_unique<Entry>(bus, objPath, id, csr, cert, *this))); 42 lastEntryId++; 43 } 44 catch (const std::invalid_argument& e) 45 { 46 log<level::ERR>(e.what()); 47 elog<InvalidArgument>(Argument::ARGUMENT_NAME("csr"), 48 Argument::ARGUMENT_VALUE(csr.c_str())); 49 } 50 return objPath; 51 } 52 53 void CACertMgr::erase(uint32_t entryId) 54 { 55 entries.erase(entryId); 56 } 57 58 void CACertMgr::deleteAll() 59 { 60 auto iter = entries.begin(); 61 while (iter != entries.end()) 62 { 63 auto& entry = iter->second; 64 ++iter; 65 entry->delete_(); 66 } 67 } 68 69 } // namespace cert 70 } // namespace ca 71