diff options
author | Marri Devender Rao <devenrao@in.ibm.com> | 2019-05-17 10:53:23 +0300 |
---|---|---|
committer | Ed Tanous <ed.tanous@intel.com> | 2019-08-16 21:08:23 +0300 |
commit | 3b7f0149959f976ab18ecb5b510c505f2f1f3c94 (patch) | |
tree | 803af6acab14f938dfdb9a0cf00a23d8218d9fa1 /redfish-core/lib/certificate_service.hpp | |
parent | 3021581655861c74e8c0c71ce1ca49bb7b54f72d (diff) | |
download | bmcweb-3b7f0149959f976ab18ecb5b510c505f2f1f3c94.tar.xz |
Redfish: Extend GenerateCSR action for LDAP certificate collection
Tested:
1) Tested schema with validator and no issues
curl -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token" -X POST
https://${bmc}/redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR/
-d @generate_ldap_required.json
{
"CSRString": "-----BEGIN CERTIFICATE
REQUEST-----\\nLoyR0IExAw==\n-----END
CERTIFICATE REQUEST-----\n",
"CertificateCollection": {
"@odata.id": "/redfish/v1/AccountService/LDAP/Certificates/"
}
}
Change-Id: Iae0919a2f222c1f85e5428d9140e386f8695370d
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
Diffstat (limited to 'redfish-core/lib/certificate_service.hpp')
-rw-r--r-- | redfish-core/lib/certificate_service.hpp | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/redfish-core/lib/certificate_service.hpp b/redfish-core/lib/certificate_service.hpp index 712baf1843..10fe554320 100644 --- a/redfish-core/lib/certificate_service.hpp +++ b/redfish-core/lib/certificate_service.hpp @@ -298,6 +298,12 @@ class CertificateActionGenerateCSR : public Node objectPath = certs::httpsObjectPath; service = certs::httpsServiceName; } + else if (boost::starts_with( + certURI, "/redfish/v1/AccountService/LDAP/Certificates")) + { + objectPath = certs::ldapObjectPath; + service = certs::ldapServiceName; + } else { messages::actionParameterNotSupported( @@ -349,6 +355,29 @@ class CertificateActionGenerateCSR : public Node return; } } + else if (boost::starts_with( + certURI, "/redfish/v1/AccountService/LDAP/Certificates")) + { + if (optKeyUsage->size() == 0) + { + optKeyUsage->push_back("ClientAuthentication"); + } + else if (optKeyUsage->size() == 1) + { + if ((*optKeyUsage)[0] != "ClientAuthentication") + { + messages::propertyValueNotInList( + asyncResp->res, (*optKeyUsage)[0], "KeyUsage"); + return; + } + } + else + { + messages::actionParameterNotSupported( + asyncResp->res, "KeyUsage", "GenerateCSR"); + return; + } + } // Only allow one CSR matcher at a time so setting retry time-out and // timer expiry to 10 seconds for now. |