1*6ceec40bSMarri Devender Rao #pragma once 2*6ceec40bSMarri Devender Rao 3*6ceec40bSMarri Devender Rao #include <openssl/x509.h> 4*6ceec40bSMarri Devender Rao 5*6ceec40bSMarri Devender Rao #include <filesystem> 6*6ceec40bSMarri Devender Rao #include <phosphor-logging/elog.hpp> 7*6ceec40bSMarri Devender Rao 8*6ceec40bSMarri Devender Rao namespace phosphor 9*6ceec40bSMarri Devender Rao { 10*6ceec40bSMarri Devender Rao namespace certs 11*6ceec40bSMarri Devender Rao { 12*6ceec40bSMarri Devender Rao using CertificateType = std::string; 13*6ceec40bSMarri Devender Rao using UnitsToRestart = std::string; 14*6ceec40bSMarri Devender Rao using CertInstallPath = std::string; 15*6ceec40bSMarri Devender Rao using CertUploadPath = std::string; 16*6ceec40bSMarri Devender Rao using InputType = std::string; 17*6ceec40bSMarri Devender Rao using InstallFunc = std::function<void(const std::string&)>; 18*6ceec40bSMarri Devender Rao 19*6ceec40bSMarri Devender Rao using namespace phosphor::logging; 20*6ceec40bSMarri Devender Rao 21*6ceec40bSMarri Devender Rao // for placeholders 22*6ceec40bSMarri Devender Rao using namespace std::placeholders; 23*6ceec40bSMarri Devender Rao namespace fs = std::filesystem; 24*6ceec40bSMarri Devender Rao 25*6ceec40bSMarri Devender Rao // Supported Types. 26*6ceec40bSMarri Devender Rao static constexpr auto SERVER = "server"; 27*6ceec40bSMarri Devender Rao static constexpr auto CLIENT = "client"; 28*6ceec40bSMarri Devender Rao static constexpr auto AUTHORITY = "authority"; 29*6ceec40bSMarri Devender Rao 30*6ceec40bSMarri Devender Rao // RAII support for openSSL functions. 31*6ceec40bSMarri Devender Rao using X509_Ptr = std::unique_ptr<X509, decltype(&::X509_free)>; 32*6ceec40bSMarri Devender Rao 33*6ceec40bSMarri Devender Rao /** @class Certificate 34*6ceec40bSMarri Devender Rao * @brief OpenBMC Certificate entry implementation. 35*6ceec40bSMarri Devender Rao * @details A concrete implementation for the 36*6ceec40bSMarri Devender Rao * xyz.openbmc_project.Certs.Certificate DBus API 37*6ceec40bSMarri Devender Rao * xyz.openbmc_project.Certs.Instal DBus API 38*6ceec40bSMarri Devender Rao */ 39*6ceec40bSMarri Devender Rao class Certificate 40*6ceec40bSMarri Devender Rao { 41*6ceec40bSMarri Devender Rao public: 42*6ceec40bSMarri Devender Rao Certificate() = delete; 43*6ceec40bSMarri Devender Rao Certificate(const Certificate&) = delete; 44*6ceec40bSMarri Devender Rao Certificate& operator=(const Certificate&) = delete; 45*6ceec40bSMarri Devender Rao Certificate(Certificate&&) = delete; 46*6ceec40bSMarri Devender Rao Certificate& operator=(Certificate&&) = delete; 47*6ceec40bSMarri Devender Rao virtual ~Certificate(); 48*6ceec40bSMarri Devender Rao 49*6ceec40bSMarri Devender Rao /** @brief Constructor for the Certificate Object 50*6ceec40bSMarri Devender Rao * @param[in] bus - Bus to attach to. 51*6ceec40bSMarri Devender Rao * @param[in] objPath - Object path to attach to 52*6ceec40bSMarri Devender Rao * @param[in] type - Type of the certificate 53*6ceec40bSMarri Devender Rao * @param[in] unit - Units to restart after a certificate is installed 54*6ceec40bSMarri Devender Rao * @param[in] installPath - Path of the certificate to install 55*6ceec40bSMarri Devender Rao * @param[in] uploadPath - Path of the certificate file to upload 56*6ceec40bSMarri Devender Rao */ 57*6ceec40bSMarri Devender Rao Certificate(sdbusplus::bus::bus& bus, const std::string& objPath, 58*6ceec40bSMarri Devender Rao const CertificateType& type, const UnitsToRestart& unit, 59*6ceec40bSMarri Devender Rao const CertInstallPath& installPath, 60*6ceec40bSMarri Devender Rao const CertUploadPath& uploadPath); 61*6ceec40bSMarri Devender Rao 62*6ceec40bSMarri Devender Rao /** @brief Implementation for Install 63*6ceec40bSMarri Devender Rao * Replace the existing certificate file with another 64*6ceec40bSMarri Devender Rao * (possibly CA signed) Certificate file. 65*6ceec40bSMarri Devender Rao * @param[in] filePath - Certificate file path. 66*6ceec40bSMarri Devender Rao */ 67*6ceec40bSMarri Devender Rao void install(const std::string filePath); 68*6ceec40bSMarri Devender Rao 69*6ceec40bSMarri Devender Rao private: 70*6ceec40bSMarri Devender Rao /** @brief Load Certificate file into the X509 structre. 71*6ceec40bSMarri Devender Rao * @param[in] fileName - Certificate and key full file path. 72*6ceec40bSMarri Devender Rao * @return pointer to the X509 structure. 73*6ceec40bSMarri Devender Rao */ 74*6ceec40bSMarri Devender Rao X509_Ptr loadCert(const std::string& filePath); 75*6ceec40bSMarri Devender Rao 76*6ceec40bSMarri Devender Rao /** @brief Public/Private key compare function. 77*6ceec40bSMarri Devender Rao * Comparing private key against certificate public key 78*6ceec40bSMarri Devender Rao * from input .pem file. 79*6ceec40bSMarri Devender Rao * @param[in] fileName - Certificate and key full file path. 80*6ceec40bSMarri Devender Rao * @return Return true if Key compare is successful, 81*6ceec40bSMarri Devender Rao * false if not 82*6ceec40bSMarri Devender Rao */ 83*6ceec40bSMarri Devender Rao bool compareKeys(const std::string& filePath); 84*6ceec40bSMarri Devender Rao /** @brief systemd unit reload or reset helper function 85*6ceec40bSMarri Devender Rao * Reload if the unit supports it and use a restart otherwise. 86*6ceec40bSMarri Devender Rao * @param[in] unit - service need to reload. 87*6ceec40bSMarri Devender Rao */ 88*6ceec40bSMarri Devender Rao void reloadOrReset(const UnitsToRestart& unit); 89*6ceec40bSMarri Devender Rao 90*6ceec40bSMarri Devender Rao /** @brief Type specific function pointer map **/ 91*6ceec40bSMarri Devender Rao std::unordered_map<InputType, InstallFunc> typeFuncMap; 92*6ceec40bSMarri Devender Rao 93*6ceec40bSMarri Devender Rao /** @brief sdbusplus handler */ 94*6ceec40bSMarri Devender Rao sdbusplus::bus::bus& bus; 95*6ceec40bSMarri Devender Rao 96*6ceec40bSMarri Devender Rao /** @brief object path */ 97*6ceec40bSMarri Devender Rao std::string objectPath; 98*6ceec40bSMarri Devender Rao 99*6ceec40bSMarri Devender Rao /** @brief Type of the certificate **/ 100*6ceec40bSMarri Devender Rao CertificateType certType; 101*6ceec40bSMarri Devender Rao 102*6ceec40bSMarri Devender Rao /** @brief Unit name associated to the service **/ 103*6ceec40bSMarri Devender Rao UnitsToRestart unitToRestart; 104*6ceec40bSMarri Devender Rao 105*6ceec40bSMarri Devender Rao /** @brief Certificate file installation path **/ 106*6ceec40bSMarri Devender Rao CertInstallPath certInstallPath; 107*6ceec40bSMarri Devender Rao }; 108*6ceec40bSMarri Devender Rao 109*6ceec40bSMarri Devender Rao } // namespace certs 110*6ceec40bSMarri Devender Rao } // namespace phosphor 111