Redfish: Extend GenerateCSR action for LDAP certificate collection

Tested: 1) Tested schema with validator and no issues curl -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token" -X POST https://${bmc}/redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR/ -d @generate_ldap_required.json { "CSRString": "-----BEGIN CERTIFICATE REQUEST-----\\nLoyR0IExAw==\n-----END CERTIFICATE REQUEST-----\n", "CertificateCollection": { "@odata.id": "/redfish/v1/AccountService/LDAP/Certificates/" } } Change-Id: Iae0919a2f222c1f85e5428d9140e386f8695370d Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
author: Marri Devender Rao <devenrao@in.ibm.com> 2019-05-17 10:53:23 +0300
committer: Ed Tanous <ed.tanous@intel.com> 2019-08-16 21:08:23 +0300
commit: 3b7f0149959f976ab18ecb5b510c505f2f1f3c94 (patch)
tree: 803af6acab14f938dfdb9a0cf00a23d8218d9fa1 /redfish-core/lib/certificate_service.hpp
parent: 3021581655861c74e8c0c71ce1ca49bb7b54f72d (diff)
download: bmcweb-3b7f0149959f976ab18ecb5b510c505f2f1f3c94.tar.xz
1 files changed, 29 insertions, 0 deletions
diff --git a/redfish-core/lib/certificate_service.hpp b/redfish-core/lib/certificate_service.hpp
index 712baf1843..10fe554320 100644
--- a/redfish-core/lib/certificate_service.hpp
+++ b/redfish-core/lib/certificate_service.hpp
@@ -298,6 +298,12 @@ class CertificateActionGenerateCSR : public Node
             objectPath = certs::httpsObjectPath;
             service = certs::httpsServiceName;
         }
+        else if (boost::starts_with(
+                     certURI, "/redfish/v1/AccountService/LDAP/Certificates"))
+        {
+            objectPath = certs::ldapObjectPath;
+            service = certs::ldapServiceName;
+        }
         else
         {
             messages::actionParameterNotSupported(
@@ -349,6 +355,29 @@ class CertificateActionGenerateCSR : public Node
                 return;
             }
         }
+        else if (boost::starts_with(
+                     certURI, "/redfish/v1/AccountService/LDAP/Certificates"))
+        {
+            if (optKeyUsage->size() == 0)
+            {
+                optKeyUsage->push_back("ClientAuthentication");
+            }
+            else if (optKeyUsage->size() == 1)
+            {
+                if ((*optKeyUsage)[0] != "ClientAuthentication")
+                {
+                    messages::propertyValueNotInList(
+                        asyncResp->res, (*optKeyUsage)[0], "KeyUsage");
+                    return;
+                }
+            }
+            else
+            {
+                messages::actionParameterNotSupported(
+                    asyncResp->res, "KeyUsage", "GenerateCSR");
+                return;
+            }
+        }
 
         // Only allow one CSR matcher at a time so setting retry time-out and
         // timer expiry to 10 seconds for now.
author	Marri Devender Rao <devenrao@in.ibm.com>	2019-05-17 10:53:23 +0300
committer	Ed Tanous <ed.tanous@intel.com>	2019-08-16 21:08:23 +0300
commit	3b7f0149959f976ab18ecb5b510c505f2f1f3c94 (patch)
tree	803af6acab14f938dfdb9a0cf00a23d8218d9fa1 /redfish-core/lib/certificate_service.hpp
parent	3021581655861c74e8c0c71ce1ca49bb7b54f72d (diff)
download	bmcweb-3b7f0149959f976ab18ecb5b510c505f2f1f3c94.tar.xz