diff options
| author | John Edward Broadbent <jebr@google.com> | 2021-04-09 01:57:16 +0300 |
|---|---|---|
| committer | Ed Tanous <ed@tanous.net> | 2021-06-03 21:18:02 +0300 |
| commit | 7e860f1550c8686eec42f7a75bc5f2ef51e756ad (patch) | |
| tree | 989da47a8427bc1a60119f480e2523151b1433aa /redfish-core/lib/certificate_service.hpp | |
| parent | eb75770c6c4369984cb150ded4f5ace410ed24a9 (diff) | |
| download | bmcweb-7e860f1550c8686eec42f7a75bc5f2ef51e756ad.tar.xz | |
Remove Redfish Node class
Reduces the total number of lines and will allow for easier testing of
the redfish responses.
A main purpose of the node class was to set app.routeDynamic(). However
now app.routeDynamic can handle the complexity that was once in critical
to node. The macro app.routeDynamic() provides a shorter cleaner
interface to the unerlying app.routeDyanic call. The old pattern set
permissions for 6 interfaces (get, head, patch, put, delete_, and post)
even if only one interface is created. That pattern creates unneeded
code that can be safely removed with no effect.
Unit test for the responses would have to mock the node the class in
order to fully test responses.
see https://github.com/openbmc/bmcweb/issues/181
The following files still need node to be extracted.
virtual_media.hpp
account_service.hpp
redfish_sessions.hpp
ethernet.hpp
The files above use a pattern that is not trivial to address. Often their
responses call an async lambda capturing the inherited class. ie
(https://github.com/openbmc/bmcweb/blob/ffed87b5ad1797ca966d030e7f979770
28d258fa/redfish-core/lib/account_service.hpp#L1393)
At a later point I plan to remove node from the files above.
Tested:
I ran the docker unit test with the following command.
WORKSPACE=$(pwd) UNIT_TEST_PKG=bmcweb
./openbmc-build-scripts/run-unit-test-docker.sh
I ran the validator and this change did not create any issues.
python3 RedfishServiceValidator.py -c config.ini
Signed-off-by: John Edward Broadbent <jebr@google.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I147a0289c52cb4198345b1ad9bfe6fdddf57f3df
Diffstat (limited to 'redfish-core/lib/certificate_service.hpp')
| -rw-r--r-- | redfish-core/lib/certificate_service.hpp | 1749 |
1 files changed, 843 insertions, 906 deletions
diff --git a/redfish-core/lib/certificate_service.hpp b/redfish-core/lib/certificate_service.hpp index 0e53571be4..0e26a86bdb 100644 --- a/redfish-core/lib/certificate_service.hpp +++ b/redfish-core/lib/certificate_service.hpp @@ -1,7 +1,6 @@ #pragma once -#include "node.hpp" - +#include <app.hpp> #include <boost/convert.hpp> #include <boost/convert/strtol.hpp> @@ -34,47 +33,42 @@ constexpr char const* authorityObjectPath = * actions available to manage certificates and links to where certificates * are installed. */ -class CertificateService : public Node -{ - public: - CertificateService(App& app) : Node(app, "/redfish/v1/CertificateService/") - { - // TODO: Issue#61 No entries are available for Certificate - // service at https://www.dmtf.org/standards/redfish - // "redfish standard registries". Need to modify after DMTF - // publish Privilege details for certificate service - entityPrivileges = { - {boost::beast::http::verb::get, {{"Login"}}}, - {boost::beast::http::verb::head, {{"Login"}}}, - {boost::beast::http::verb::patch, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::put, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::delete_, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::post, {{"ConfigureComponents"}}}}; - } - private: - void doGet(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, - const crow::Request&, const std::vector<std::string>&) override - { - asyncResp->res.jsonValue = { - {"@odata.type", "#CertificateService.v1_0_0.CertificateService"}, - {"@odata.id", "/redfish/v1/CertificateService"}, - {"Id", "CertificateService"}, - {"Name", "Certificate Service"}, - {"Description", "Actions available to manage certificates"}}; - asyncResp->res.jsonValue["CertificateLocations"] = { - {"@odata.id", - "/redfish/v1/CertificateService/CertificateLocations"}}; - asyncResp->res - .jsonValue["Actions"]["#CertificateService.ReplaceCertificate"] = { - {"target", "/redfish/v1/CertificateService/Actions/" - "CertificateService.ReplaceCertificate"}, - {"CertificateType@Redfish.AllowableValues", {"PEM"}}}; - asyncResp->res.jsonValue["Actions"]["#CertificateService.GenerateCSR"] = - {{"target", "/redfish/v1/CertificateService/Actions/" - "CertificateService.GenerateCSR"}}; - } -}; // CertificateService +// TODO: Issue#61 No entries are available for Certificate +// service at https://www.dmtf.org/standards/redfish +// "redfish standard registries". Need to modify after DMTF +// publish Privilege details for certificate service + +inline void requestRoutesCertificateService(App& app) +{ + BMCWEB_ROUTE(app, "/redfish/v1/CertificateService/") + .privileges({"Login"}) + .methods(boost::beast::http::verb::get)( + [](const crow::Request&, + const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) { + asyncResp->res.jsonValue = { + {"@odata.type", + "#CertificateService.v1_0_0.CertificateService"}, + {"@odata.id", "/redfish/v1/CertificateService"}, + {"Id", "CertificateService"}, + {"Name", "Certificate Service"}, + {"Description", + "Actions available to manage certificates"}}; + asyncResp->res.jsonValue["CertificateLocations"] = { + {"@odata.id", + "/redfish/v1/CertificateService/CertificateLocations"}}; + asyncResp->res + .jsonValue["Actions"] + ["#CertificateService.ReplaceCertificate"] = { + {"target", "/redfish/v1/CertificateService/Actions/" + "CertificateService.ReplaceCertificate"}, + {"CertificateType@Redfish.AllowableValues", {"PEM"}}}; + asyncResp->res + .jsonValue["Actions"]["#CertificateService.GenerateCSR"] = { + {"target", "/redfish/v1/CertificateService/Actions/" + "CertificateService.GenerateCSR"}}; + }); +} // requestRoutesCertificateService /** * @brief Find the ID specified in the URL @@ -230,259 +224,259 @@ static void getCSR(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, /** * Action to Generate CSR */ -class CertificateActionGenerateCSR : public Node +inline void requestRoutesCertificateActionGenerateCSR(App& app) { - public: - CertificateActionGenerateCSR(App& app) : - Node(app, "/redfish/v1/CertificateService/Actions/" - "CertificateService.GenerateCSR/") - { - entityPrivileges = { - {boost::beast::http::verb::get, {{"Login"}}}, - {boost::beast::http::verb::head, {{"Login"}}}, - {boost::beast::http::verb::patch, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::put, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::delete_, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::post, {{"ConfigureComponents"}}}}; - } - - private: - void doPost(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, - const crow::Request& req, - const std::vector<std::string>&) override - { - static const int rsaKeyBitLength = 2048; - - // Required parameters - std::string city; - std::string commonName; - std::string country; - std::string organization; - std::string organizationalUnit; - std::string state; - nlohmann::json certificateCollection; - - // Optional parameters - std::optional<std::vector<std::string>> optAlternativeNames = - std::vector<std::string>(); - std::optional<std::string> optContactPerson = ""; - std::optional<std::string> optChallengePassword = ""; - std::optional<std::string> optEmail = ""; - std::optional<std::string> optGivenName = ""; - std::optional<std::string> optInitials = ""; - std::optional<int64_t> optKeyBitLength = rsaKeyBitLength; - std::optional<std::string> optKeyCurveId = "secp384r1"; - std::optional<std::string> optKeyPairAlgorithm = "EC"; - std::optional<std::vector<std::string>> optKeyUsage = - std::vector<std::string>(); - std::optional<std::string> optSurname = ""; - std::optional<std::string> optUnstructuredName = ""; - if (!json_util::readJson( - req, asyncResp->res, "City", city, "CommonName", commonName, - "ContactPerson", optContactPerson, "Country", country, - "Organization", organization, "OrganizationalUnit", - organizationalUnit, "State", state, "CertificateCollection", - certificateCollection, "AlternativeNames", optAlternativeNames, - "ChallengePassword", optChallengePassword, "Email", optEmail, - "GivenName", optGivenName, "Initials", optInitials, - "KeyBitLength", optKeyBitLength, "KeyCurveId", optKeyCurveId, - "KeyPairAlgorithm", optKeyPairAlgorithm, "KeyUsage", - optKeyUsage, "Surname", optSurname, "UnstructuredName", - optUnstructuredName)) - { - return; - } - - // bmcweb has no way to store or decode a private key challenge - // password, which will likely cause bmcweb to crash on startup if this - // is not set on a post so not allowing the user to set value - if (*optChallengePassword != "") - { - messages::actionParameterNotSupported(asyncResp->res, "GenerateCSR", - "ChallengePassword"); - return; - } - - std::string certURI; - if (!redfish::json_util::readJson(certificateCollection, asyncResp->res, - "@odata.id", certURI)) - { - return; - } - - std::string objectPath; - std::string service; - if (boost::starts_with( - certURI, - "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates")) - { - objectPath = certs::httpsObjectPath; - service = certs::httpsServiceName; - } - else if (boost::starts_with( - certURI, "/redfish/v1/AccountService/LDAP/Certificates")) - { - objectPath = certs::ldapObjectPath; - service = certs::ldapServiceName; - } - else - { - messages::actionParameterNotSupported( - asyncResp->res, "CertificateCollection", "GenerateCSR"); - return; - } - - // supporting only EC and RSA algorithm - if (*optKeyPairAlgorithm != "EC" && *optKeyPairAlgorithm != "RSA") - { - messages::actionParameterNotSupported( - asyncResp->res, "KeyPairAlgorithm", "GenerateCSR"); - return; - } - - // supporting only 2048 key bit length for RSA algorithm due to time - // consumed in generating private key - if (*optKeyPairAlgorithm == "RSA" && - *optKeyBitLength != rsaKeyBitLength) - { - messages::propertyValueNotInList(asyncResp->res, - std::to_string(*optKeyBitLength), - "KeyBitLength"); - return; - } + BMCWEB_ROUTE(app, "/redfish/v1/CertificateService/Actions/" + "CertificateService.GenerateCSR/") + .privileges({"ConfigureComponents"}) + .methods(boost::beast::http::verb::post)( + [](const crow::Request& req, + const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) { + static const int rsaKeyBitLength = 2048; + + // Required parameters + std::string city; + std::string commonName; + std::string country; + std::string organization; + std::string organizationalUnit; + std::string state; + nlohmann::json certificateCollection; + + // Optional parameters + std::optional<std::vector<std::string>> optAlternativeNames = + std::vector<std::string>(); + std::optional<std::string> optContactPerson = ""; + std::optional<std::string> optChallengePassword = ""; + std::optional<std::string> optEmail = ""; + std::optional<std::string> optGivenName = ""; + std::optional<std::string> optInitials = ""; + std::optional<int64_t> optKeyBitLength = rsaKeyBitLength; + std::optional<std::string> optKeyCurveId = "secp384r1"; + std::optional<std::string> optKeyPairAlgorithm = "EC"; + std::optional<std::vector<std::string>> optKeyUsage = + std::vector<std::string>(); + std::optional<std::string> optSurname = ""; + std::optional<std::string> optUnstructuredName = ""; + if (!json_util::readJson( + req, asyncResp->res, "City", city, "CommonName", + commonName, "ContactPerson", optContactPerson, + "Country", country, "Organization", organization, + "OrganizationalUnit", organizationalUnit, "State", + state, "CertificateCollection", certificateCollection, + "AlternativeNames", optAlternativeNames, + "ChallengePassword", optChallengePassword, "Email", + optEmail, "GivenName", optGivenName, "Initials", + optInitials, "KeyBitLength", optKeyBitLength, + "KeyCurveId", optKeyCurveId, "KeyPairAlgorithm", + optKeyPairAlgorithm, "KeyUsage", optKeyUsage, "Surname", + optSurname, "UnstructuredName", optUnstructuredName)) + { + return; + } - // validate KeyUsage supporting only 1 type based on URL - if (boost::starts_with( - certURI, - "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates")) - { - if (optKeyUsage->size() == 0) - { - optKeyUsage->push_back("ServerAuthentication"); - } - else if (optKeyUsage->size() == 1) - { - if ((*optKeyUsage)[0] != "ServerAuthentication") + // bmcweb has no way to store or decode a private key challenge + // password, which will likely cause bmcweb to crash on startup + // if this is not set on a post so not allowing the user to set + // value + if (*optChallengePassword != "") { - messages::propertyValueNotInList( - asyncResp->res, (*optKeyUsage)[0], "KeyUsage"); + messages::actionParameterNotSupported( + asyncResp->res, "GenerateCSR", "ChallengePassword"); return; } - } - else - { - messages::actionParameterNotSupported( - asyncResp->res, "KeyUsage", "GenerateCSR"); - return; - } - } - else if (boost::starts_with( - certURI, "/redfish/v1/AccountService/LDAP/Certificates")) - { - if (optKeyUsage->size() == 0) - { - optKeyUsage->push_back("ClientAuthentication"); - } - else if (optKeyUsage->size() == 1) - { - if ((*optKeyUsage)[0] != "ClientAuthentication") + + std::string certURI; + if (!redfish::json_util::readJson(certificateCollection, + asyncResp->res, "@odata.id", + certURI)) { - messages::propertyValueNotInList( - asyncResp->res, (*optKeyUsage)[0], "KeyUsage"); return; } - } - else - { - messages::actionParameterNotSupported( - asyncResp->res, "KeyUsage", "GenerateCSR"); - return; - } - } - // Only allow one CSR matcher at a time so setting retry time-out and - // timer expiry to 10 seconds for now. - static const int timeOut = 10; - if (csrMatcher) - { - messages::serviceTemporarilyUnavailable(asyncResp->res, - std::to_string(timeOut)); - return; - } + std::string objectPath; + std::string service; + if (boost::starts_with(certURI, + "/redfish/v1/Managers/bmc/" + "NetworkProtocol/HTTPS/Certificates")) + { + objectPath = certs::httpsObjectPath; + service = certs::httpsServiceName; + } + else if (boost::starts_with( + certURI, + "/redfish/v1/AccountService/LDAP/Certificates")) + { + objectPath = certs::ldapObjectPath; + service = certs::ldapServiceName; + } + else + { + messages::actionParameterNotSupported( + asyncResp->res, "CertificateCollection", "GenerateCSR"); + return; + } - // Make this static so it survives outside this method - static boost::asio::steady_timer timeout(*req.ioService); - timeout.expires_after(std::chrono::seconds(timeOut)); - timeout.async_wait([asyncResp](const boost::system::error_code& ec) { - csrMatcher = nullptr; - if (ec) - { - // operation_aborted is expected if timer is canceled before - // completion. - if (ec != boost::asio::error::operation_aborted) + // supporting only EC and RSA algorithm + if (*optKeyPairAlgorithm != "EC" && + *optKeyPairAlgorithm != "RSA") { - BMCWEB_LOG_ERROR << "Async_wait failed " << ec; + messages::actionParameterNotSupported( + asyncResp->res, "KeyPairAlgorithm", "GenerateCSR"); + return; } - return; - } - BMCWEB_LOG_ERROR << "Timed out waiting for Generating CSR"; - messages::internalError(asyncResp->res); - }); - // create a matcher to wait on CSR object - BMCWEB_LOG_DEBUG << "create matcher with path " << objectPath; - std::string match("type='signal'," - "interface='org.freedesktop.DBus.ObjectManager'," - "path='" + - objectPath + - "'," - "member='InterfacesAdded'"); - csrMatcher = std::make_unique<sdbusplus::bus::match::match>( - *crow::connections::systemBus, match, - [asyncResp, service, objectPath, - certURI](sdbusplus::message::message& m) { - timeout.cancel(); - if (m.is_method_error()) + // supporting only 2048 key bit length for RSA algorithm due to + // time consumed in generating private key + if (*optKeyPairAlgorithm == "RSA" && + *optKeyBitLength != rsaKeyBitLength) { - BMCWEB_LOG_ERROR << "Dbus method error!!!"; - messages::internalError(asyncResp->res); + messages::propertyValueNotInList( + asyncResp->res, std::to_string(*optKeyBitLength), + "KeyBitLength"); return; } - std::vector<std::pair< - std::string, std::vector<std::pair< - std::string, std::variant<std::string>>>>> - interfacesProperties; - sdbusplus::message::object_path csrObjectPath; - m.read(csrObjectPath, interfacesProperties); - BMCWEB_LOG_DEBUG << "CSR object added" << csrObjectPath.str; - for (auto& interface : interfacesProperties) + + // validate KeyUsage supporting only 1 type based on URL + if (boost::starts_with(certURI, + "/redfish/v1/Managers/bmc/" + "NetworkProtocol/HTTPS/Certificates")) { - if (interface.first == "xyz.openbmc_project.Certs.CSR") + if (optKeyUsage->size() == 0) { - getCSR(asyncResp, certURI, service, objectPath, - csrObjectPath.str); - break; + optKeyUsage->push_back("ServerAuthentication"); + } + else if (optKeyUsage->size() == 1) + { + if ((*optKeyUsage)[0] != "ServerAuthentication") + { + messages::propertyValueNotInList( + asyncResp->res, (*optKeyUsage)[0], "KeyUsage"); + return; + } + } + else + { + messages::actionParameterNotSupported( + asyncResp->res, "KeyUsage", "GenerateCSR"); + return; } } - }); - crow::connections::systemBus->async_method_call( - [asyncResp](const boost::system::error_code& ec, - const std::string&) { - if (ec) + else if (boost::starts_with( + certURI, + "/redfish/v1/AccountService/LDAP/Certificates")) { - BMCWEB_LOG_ERROR << "DBUS response error: " << ec.message(); - messages::internalError(asyncResp->res); + if (optKeyUsage->size() == 0) + { + optKeyUsage->push_back("ClientAuthentication"); + } + else if (optKeyUsage->size() == 1) + { + if ((*optKeyUsage)[0] != "ClientAuthentication") + { + messages::propertyValueNotInList( + asyncResp->res, (*optKeyUsage)[0], "KeyUsage"); + return; + } + } + else + { + messages::actionParameterNotSupported( + asyncResp->res, "KeyUsage", "GenerateCSR"); + return; + } + } + + // Only allow one CSR matcher at a time so setting retry + // time-out and timer expiry to 10 seconds for now. + static const int timeOut = 10; + if (csrMatcher) + { + messages::serviceTemporarilyUnavailable( + asyncResp->res, std::to_string(timeOut)); return; } - }, - service, objectPath, "xyz.openbmc_project.Certs.CSR.Create", - "GenerateCSR", *optAlternativeNames, *optChallengePassword, city, - commonName, *optContactPerson, country, *optEmail, *optGivenName, - *optInitials, *optKeyBitLength, *optKeyCurveId, - *optKeyPairAlgorithm, *optKeyUsage, organization, - organizationalUnit, state, *optSurname, *optUnstructuredName); - } -}; // CertificateActionGenerateCSR + + // Make this static so it survives outside this method + static boost::asio::steady_timer timeout(*req.ioService); + timeout.expires_after(std::chrono::seconds(timeOut)); + timeout.async_wait([asyncResp]( + const boost::system::error_code& ec) { + csrMatcher = nullptr; + if (ec) + { + // operation_aborted is expected if timer is canceled + // before completion. + if (ec != boost::asio::error::operation_aborted) + { + BMCWEB_LOG_ERROR << "Async_wait failed " << ec; + } + return; + } + BMCWEB_LOG_ERROR << "Timed out waiting for Generating CSR"; + messages::internalError(asyncResp->res); + }); + + // create a matcher to wait on CSR object + BMCWEB_LOG_DEBUG << "create matcher with path " << objectPath; + std::string match( + "type='signal'," + "interface='org.freedesktop.DBus.ObjectManager'," + "path='" + + objectPath + + "'," + "member='InterfacesAdded'"); + csrMatcher = std::make_unique<sdbusplus::bus::match::match>( + *crow::connections::systemBus, match, + [asyncResp, service, objectPath, + certURI](sdbusplus::message::message& m) { + timeout.cancel(); + if (m.is_method_error()) + { + BMCWEB_LOG_ERROR << "Dbus method error!!!"; + messages::internalError(asyncResp->res); + return; + } + std::vector<std::pair< + std::string, + std::vector<std::pair<std::string, + std::variant<std::string>>>>> + interfacesProperties; + sdbusplus::message::object_path csrObjectPath; + m.read(csrObjectPath, interfacesProperties); + BMCWEB_LOG_DEBUG << "CSR object added" + << csrObjectPath.str; + for (auto& interface : interfacesProperties) + { + if (interface.first == + "xyz.openbmc_project.Certs.CSR") + { + getCSR(asyncResp, certURI, service, objectPath, + csrObjectPath.str); + break; + } + } + }); + crow::connections::systemBus->async_method_call( + [asyncResp](const boost::system::error_code& ec, + const std::string&) { + if (ec) + { + BMCWEB_LOG_ERROR << "DBUS response error: " + << ec.message(); + messages::internalError(asyncResp->res); + return; + } + }, + service, objectPath, "xyz.openbmc_project.Certs.CSR.Create", + "GenerateCSR", *optAlternativeNames, *optChallengePassword, + city, commonName, *optContactPerson, country, *optEmail, + *optGivenName, *optInitials, *optKeyBitLength, + *optKeyCurveId, *optKeyPairAlgorithm, *optKeyUsage, + organization, organizationalUnit, state, *optSurname, + *optUnstructuredName); + }); +} // requestRoutesCertificateActionGenerateCSR /** * @brief Parse and update Certificate Issue/Subject property @@ -669,713 +663,656 @@ using GetObjectType = /** * Action to replace an existing certificate */ -class CertificateActionsReplaceCertificate : public Node +inline void requestRoutesCertificateActionsReplaceCertificate(App& app) { - public: - CertificateActionsReplaceCertificate(App& app) : - Node(app, "/redfish/v1/CertificateService/Actions/" - "CertificateService.ReplaceCertificate/") - { - entityPrivileges = { - {boost::beast::http::verb::get, {{"Login"}}}, - {boost::beast::http::verb::head, {{"Login"}}}, - {boost::beast::http::verb::patch, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::put, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::delete_, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::post, {{"ConfigureComponents"}}}}; - } - - private: - void doPost(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, - const crow::Request& req, - const std::vector<std::string>&) override - { - std::string certificate; - nlohmann::json certificateUri; - std::optional<std::string> certificateType = "PEM"; - - if (!json_util::readJson(req, asyncResp->res, "CertificateString", - certificate, "CertificateUri", certificateUri, - "CertificateType", certificateType)) - { - BMCWEB_LOG_ERROR << "Required parameters are missing"; - messages::internalError(asyncResp->res); - return; - } + BMCWEB_ROUTE(app, "/redfish/v1/CertificateService/Actions/" + "CertificateService.ReplaceCertificate/") + .privileges({"ConfigureComponents"}) + .methods( + boost::beast::http::verb:: + post)([](const crow::Request& req, + const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) { + std::string certificate; + nlohmann::json certificateUri; + std::optional<std::string> certificateType = "PEM"; + + if (!json_util::readJson(req, asyncResp->res, "CertificateString", + certificate, "CertificateUri", + certificateUri, "CertificateType", + certificateType)) + { + BMCWEB_LOG_ERROR << "Required parameters are missing"; + messages::internalError(asyncResp->res); + return; + } - if (!certificateType) - { - // should never happen, but it never hurts to be paranoid. - return; - } - if (certificateType != "PEM") - { - messages::actionParameterNotSupported( - asyncResp->res, "CertificateType", "ReplaceCertificate"); - return; - } + if (!certificateType) + { + // should never happen, but it never hurts to be paranoid. + return; + } + if (certificateType != "PEM") + { + messages::actionParameterNotSupported( + asyncResp->res, "CertificateType", "ReplaceCertificate"); + return; + } - std::string certURI; - if (!redfish::json_util::readJson(certificateUri, asyncResp->res, - "@odata.id", certURI)) - { - messages::actionParameterMissing( - asyncResp->res, "ReplaceCertificate", "CertificateUri"); - return; - } + std::string certURI; + if (!redfish::json_util::readJson(certificateUri, asyncResp->res, + "@odata.id", certURI)) + { + messages::actionParameterMissing( + asyncResp->res, "ReplaceCertificate", "CertificateUri"); + return; + } - BMCWEB_LOG_INFO << "Certificate URI to replace" << certURI; - long id = getIDFromURL(certURI); - if (id < 0) - { - messages::actionParameterValueFormatError(asyncResp->res, certURI, - "CertificateUri", - "ReplaceCertificate"); - return; - } - std::string objectPath; - std::string name; - std::string service; - if (boost::starts_with( - certURI, - "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/")) - { - objectPath = - std::string(certs::httpsObjectPath) + "/" + std::to_string(id); - name = "HTTPS certificate"; - service = certs::httpsServiceName; - } - else if (boost::starts_with( - certURI, "/redfish/v1/AccountService/LDAP/Certificates/")) - { - objectPath = - std::string(certs::ldapObjectPath) + "/" + std::to_string(id); - name = "LDAP certificate"; - service = certs::ldapServiceName; - } - else if (boost::starts_with( - certURI, - "/redfish/v1/Managers/bmc/Truststore/Certificates/")) - { - objectPath = std::string(certs::authorityObjectPath) + "/" + - std::to_string(id); - name = "TrustStore certificate"; - service = certs::authorityServiceName; - } - else - { - messages::actionParameterNotSupported( - asyncResp->res, "CertificateUri", "ReplaceCertificate"); - return; - } + BMCWEB_LOG_INFO << "Certificate URI to replace" << certURI; + long id = getIDFromURL(certURI); + if (id < 0) + { + messages::actionParameterValueFormatError( + asyncResp->res, certURI, "CertificateUri", + "ReplaceCertificate"); + return; + } + std::string objectPath; + std::string name; + std::string service; + if (boost::starts_with(certURI, + "/redfish/v1/Managers/bmc/NetworkProtocol/" + "HTTPS/Certificates/")) + { + objectPath = std::string(certs::httpsObjectPath) + "/" + + std::to_string(id); + name = "HTTPS certificate"; + service = certs::httpsServiceName; + } + else if (boost::starts_with( + certURI, + "/redfish/v1/AccountService/LDAP/Certificates/")) + { + objectPath = std::string(certs::ldapObjectPath) + "/" + + std::to_string(id); + name = "LDAP certificate"; + service = certs::ldapServiceName; + } + else if (boost::starts_with( + certURI, + "/redfish/v1/Managers/bmc/Truststore/Certificates/")) + { + objectPath = std::string(certs::authorityObjectPath) + "/" + + std::to_string(id); + name = "TrustStore certificate"; + service = certs::authorityServiceName; + } + else + { + messages::actionParameterNotSupported( + asyncResp->res, "CertificateUri", "ReplaceCertificate"); + return; + } - std::shared_ptr<CertificateFile> certFile = - std::make_shared<CertificateFile>(certificate); - crow::connections::systemBus->async_method_call( - [asyncResp, certFile, objectPath, service, certURI, id, - name](const boost::system::error_code ec) { - if (ec) - { - BMCWEB_LOG_ERROR << "DBUS response error: " << ec; - messages::resourceNotFound(asyncResp->res, name, - std::to_string(id)); - return; - } - getCertificateProperties(asyncResp, objectPath, service, id, - certURI, name); - BMCWEB_LOG_DEBUG << "HTTPS certificate install file=" - << certFile->getCertFilePath(); - }, - service, objectPath, certs::certReplaceIntf, "Replace", - certFile->getCertFilePath()); - } -}; // CertificateActionsReplaceCertificate + std::shared_ptr<CertificateFile> certFile = + std::make_shared<CertificateFile>(certificate); + crow::connections::systemBus->async_method_call( + [asyncResp, certFile, objectPath, service, certURI, id, + name](const boost::system::error_code ec) { + if (ec) + { + BMCWEB_LOG_ERROR << "DBUS response error: " << ec; + messages::resourceNotFound(asyncResp->res, name, + std::to_string(id)); + return; + } + getCertificateProperties(asyncResp, objectPath, service, id, + certURI, name); + BMCWEB_LOG_DEBUG << "HTTPS certificate install file=" + << certFile->getCertFilePath(); + }, + service, objectPath, certs::certReplaceIntf, "Replace", + certFile->getCertFilePath()); + }); +} // requestRoutesCertificateActionsReplaceCertificate /** * Certificate resource describes a certificate used to prove the identity * of a component, account or service. */ -class HTTPSCertificate : public Node -{ - public: - HTTPSCertificate(App& app) : - Node(app, - "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/" - "<str>/", - std::string()) - { - entityPrivileges = { - {boost::beast::http::verb::get, {{"Login"}}}, - {boost::beast::http::verb::head, {{"Login"}}}, - {boost::beast::http::verb::patch, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::put, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::delete_, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::post, {{"ConfigureComponents"}}}}; - } - - void doGet(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, - const crow::Request& req, - const std::vector<std::string>& params) override - { - if (params.size() != 1) - { - messages::internalError(asyncResp->res); - return; - } - long id = getIDFromURL(req.url); - - BMCWEB_LOG_DEBUG << "HTTPSCertificate::doGet ID=" << std::to_string(id); - std::string certURL = - "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/" + - std::to_string(id); - std::string objectPath = certs::httpsObjectPath; - objectPath += "/"; - objectPath += std::to_string(id); - getCertificateProperties(asyncResp, objectPath, certs::httpsServiceName, - id, certURL, "HTTPS Certificate"); - } - -}; // namespace redfish +inline void requestRoutesHTTPSCertificate(App& app) +{ + BMCWEB_ROUTE( + app, + "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/<str>/") + .privileges({"Login"}) + .methods( + boost::beast::http::verb:: + get)([](const crow::Request& req, + const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, + const std::string& param) -> void { + if (param.empty()) + { + messages::internalError(asyncResp->res); + return; + } + long id = getIDFromURL(req.url); + + BMCWEB_LOG_DEBUG << "HTTPSCertificate::doGet ID=" + << std::to_string(id); + std::string certURL = + "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/" + + std::to_string(id); + std::string objectPath = certs::httpsObjectPath; + objectPath += "/"; + objectPath += std::to_string(id); + getCertificateProperties(asyncResp, objectPath, + certs::httpsServiceName, id, certURL, + "HTTPS Certificate"); + }); +} /** * Collection of HTTPS certificates */ -class HTTPSCertificateCollection : public Node +inline void requestRoutesHTTPSCertificateCollection(App& app) { - public: - HTTPSCertificateCollection(App& app) : - Node(app, - "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/") - { - entityPrivileges = { - {boost::beast::http::verb::get, {{"Login"}}}, - {boost::beast::http::verb::head, {{"Login"}}}, - {boost::beast::http::verb::patch, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::put, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::delete_, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::post, {{"ConfigureComponents"}}}}; - } - void doGet(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, - const crow::Request&, const std::vector<std::string>&) override - { - asyncResp->res.jsonValue = { - {"@odata.id", - "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates"}, - {"@odata.type", "#CertificateCollection.CertificateCollection"}, - {"Name", "HTTPS Certificates Collection"}, - {"Description", "A Collection of HTTPS certificate instances"}}; - - crow::connections::systemBus->async_method_call( - [asyncResp](const boost::system::error_code ec, - const ManagedObjectType& certs) { - if (ec) - { - BMCWEB_LOG_ERROR << "DBUS response error: " << ec; - messages::internalError(asyncResp->res); - return; - } - nlohmann::json& members = asyncResp->res.jsonValue["Members"]; - members = nlohmann::json::array(); - for (const auto& cert : certs) - { - long id = getIDFromURL(cert.first.str); - if (id >= 0) + BMCWEB_ROUTE(app, + "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/") + .privileges({"Login"}) + .methods( + boost::beast::http::verb:: + get)([](const crow::Request&, + const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) { + asyncResp->res.jsonValue = { + {"@odata.id", + "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates"}, + {"@odata.type", "#CertificateCollection.CertificateCollection"}, + {"Name", "HTTPS Certificates Collection"}, + {"Description", "A Collection of HTTPS certificate instances"}}; + + crow::connections::systemBus->async_method_call( + [asyncResp](const boost::system::error_code ec, + const ManagedObjectType& certs) { + if (ec) { - members.push_back( - {{"@odata.id", - "/redfish/v1/Managers/bmc/" - "NetworkProtocol/HTTPS/Certificates/" + - std::to_string(id)}}); + BMCWEB_LOG_ERROR << "DBUS response error: " << ec; + messages::internalError(asyncResp->res); + return; } - } - asyncResp->res.jsonValue["Members@odata.count"] = - members.size(); - }, - certs::httpsServiceName, certs::httpsObjectPath, - certs::dbusObjManagerIntf, "GetManagedObjects"); - } - - void doPost(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, - const crow::Request& req, - const std::vector<std::string>&) override - { - BMCWEB_LOG_DEBUG << "HTTPSCertificateCollection::doPost"; - - asyncResp->res.jsonValue = {{"Name", "HTTPS Certificate"}, - {"Description", "HTTPS Certificate"}}; + nlohmann::json& members = + asyncResp->res.jsonValue["Members"]; + members = nlohmann::json::array(); + for (const auto& cert : certs) + { + long id = getIDFromURL(cert.first.str); + if (id >= 0) + { + members.push_back( + {{"@odata.id", + "/redfish/v1/Managers/bmc/" + "NetworkProtocol/HTTPS/Certificates/" + + std::to_string(id)}}); + } + } + asyncResp->res.jsonValue["Members@odata.count"] = + members.size(); + }, + certs::httpsServiceName, certs::httpsObjectPath, + certs::dbusObjManagerIntf, "GetManagedObjects"); + }); - std::string certFileBody = getCertificateFromReqBody(asyncResp, req); + BMCWEB_ROUTE(app, + "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/") + .privileges({"ConfigureComponents"}) + .methods(boost::beast::http::verb::post)( + [](const crow::Request& req, + const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) { + BMCWEB_LOG_DEBUG << "HTTPSCertificateCollection::doPost"; - if (certFileBody.empty()) - { - BMCWEB_LOG_ERROR << "Cannot get certificate from request body."; - messages::unrecognizedRequestBody(asyncResp->res); - return; - } + asyncResp->res.jsonValue = { + {"Name", "HTTPS Certificate"}, + {"Description", "HTTPS Certificate"}}; - std::shared_ptr<CertificateFile> certFile = - std::make_shared<CertificateFile>(certFileBody); + std::string certFileBody = + getCertificateFromReqBody(asyncResp, req); - crow::connections::systemBus->async_method_call( - [asyncResp, certFile](const boost::system::error_code ec, - const std::string& objectPath) { - if (ec) + if (certFileBody.empty()) { - BMCWEB_LOG_ERROR << "DBUS response error: " << ec; - messages::internalError(asyncResp->res); + BMCWEB_LOG_ERROR + << "Cannot get certificate from request body."; + messages::unrecognizedRequestBody(asyncResp->res); return; } - long certId = getIDFromURL(objectPath); - if (certId < 0) + + std::shared_ptr<CertificateFile> certFile = + std::make_shared<CertificateFile>(certFileBody); + + crow::connections::systemBus->async_method_call( + [asyncResp, certFile](const boost::system::error_code ec, + const std::string& objectPath) { + if (ec) + { + BMCWEB_LOG_ERROR << "DBUS response error: " << ec; + messages::internalError(asyncResp->res); + return; + } + long certId = getIDFromURL(objectPath); + if (certId < 0) + { + BMCWEB_LOG_ERROR << "Invalid objectPath value" + << objectPath; + messages::internalError(asyncResp->res); + return; + } + std::string certURL = + "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/" + "Certificates/" + + std::to_string(certId); + getCertificateProperties( + asyncResp, objectPath, certs::httpsServiceName, + certId, certURL, "HTTPS Certificate"); + BMCWEB_LOG_DEBUG << "HTTPS certificate install file=" + << certFile->getCertFilePath(); + }, + certs::httpsServiceName, certs::httpsObjectPath, + certs::certInstallIntf, "Install", + certFile->getCertFilePath()); + }); +} // requestRoutesHTTPSCertificateCollection + +/** + * @brief Retrieve the certificates installed list and append to the + * response + * + * @param[in] asyncResp Shared pointer to the response message + * @param[in] certURL Path of the certificate object + * @param[in] path Path of the D-Bus service object + * @return None + */ +void getCertificateLocations( + const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, + const std::string& certURL, const std::string& path, + const std::string& service) +{ + BMCWEB_LOG_DEBUG << "getCertificateLocations URI=" << certURL + << " Path=" << path << " service= " << service; + crow::connections::systemBus->async_method_call( + [asyncResp, certURL](const boost::system::error_code ec, + const ManagedObjectType& certs) { + if (ec) + { + BMCWEB_LOG_WARNING + << "Certificate collection query failed: " << ec + << ", skipping " << certURL; + return; + } + nlohmann::json& links = + asyncResp->res.jsonValue["Links"]["Certificates"]; + for (auto& cert : certs) + { + long id = getIDFromURL(cert.first.str); + if (id >= 0) { - BMCWEB_LOG_ERROR << "Invalid objectPath value" - << objectPath; - messages::internalError(asyncResp->res); - return; + links.push_back( + {{"@odata.id", certURL + std::to_string(id)}}); } - std::string certURL = - "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/" - "Certificates/" + - std::to_string(certId); - getCertificateProperties(asyncResp, objectPath, - certs::httpsServiceName, certId, - certURL, "HTTPS Certificate"); - BMCWEB_LOG_DEBUG << "HTTPS certificate install file=" - << certFile->getCertFilePath(); - }, - certs::httpsServiceName, certs::httpsObjectPath, - certs::certInstallIntf, "Install", certFile->getCertFilePath()); - } -}; // HTTPSCertificateCollection + } + asyncResp->res.jsonValue["Links"]["Certificates@odata.count"] = + links.size(); + }, + service, path, certs::dbusObjManagerIntf, "GetManagedObjects"); +} /** * The certificate location schema defines a resource that an administrator * can use in order to locate all certificates installed on a given service. */ -class CertificateLocations : public Node +inline void requestRoutesCertificateLocations(App& app) { - public: - CertificateLocations(App& app) : - Node(app, "/redfish/v1/CertificateService/CertificateLocations/") - { - entityPrivileges = { - {boost::beast::http::verb::get, {{"Login"}}}, - {boost::beast::http::verb::head, {{"Login"}}}, - {boost::beast::http::verb::patch, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::put, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::delete_, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::post, {{"ConfigureComponents"}}}}; - } - - private: - void doGet(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, - const crow::Request&, const std::vector<std::string>&) override - { - asyncResp->res.jsonValue = { - {"@odata.id", - "/redfish/v1/CertificateService/CertificateLocations"}, - {"@odata.type", - "#CertificateLocations.v1_0_0.CertificateLocations"}, - {"Name", "Certificate Locations"}, - {"Id", "CertificateLocations"}, - {"Description", - "Defines a resource that an administrator can use in order to " - "locate all certificates installed on a given service"}}; - - nlohmann::json& links = - asyncResp->res.jsonValue["Links"]["Certificates"]; - links = nlohmann::json::array(); - getCertificateLocations( - asyncResp, - "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/", - certs::httpsObjectPath, certs::httpsServiceName); - getCertificateLocations(asyncResp, - "/redfish/v1/AccountService/LDAP/Certificates/", - certs::ldapObjectPath, certs::ldapServiceName); - getCertificateLocations( - asyncResp, "/redfish/v1/Managers/bmc/Truststore/Certificates/", - certs::authorityObjectPath, certs::authorityServiceName); - } - /** - * @brief Retrieve the certificates installed list and append to the - * response - * - * @param[in] asyncResp Shared pointer to the response message - * @param[in] certURL Path of the certificate object - * @param[in] path Path of the D-Bus service object - * @return None - */ - void getCertificateLocations( - const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, - const std::string& certURL, const std::string& path, - const std::string& service) - { - BMCWEB_LOG_DEBUG << "getCertificateLocations URI=" << certURL - << " Path=" << path << " service= " << service; - crow::connections::systemBus->async_method_call( - [asyncResp, certURL](const boost::system::error_code ec, - const ManagedObjectType& certs) { - if (ec) - { - BMCWEB_LOG_WARNING - << "Certificate collection query failed: " << ec - << ", skipping " << certURL; - return; - } - nlohmann::json& links = - asyncResp->res.jsonValue["Links"]["Certificates"]; - for (auto& cert : certs) - { - long id = getIDFromURL(cert.first.str); - if (id >= 0) - { - links.push_back( - {{"@odata.id", certURL + std::to_string(id)}}); - } - } - asyncResp->res.jsonValue["Links"]["Certificates@odata.count"] = - links.size(); - }, - service, path, certs::dbusObjManagerIntf, "GetManagedObjects"); - } -}; // CertificateLocations + BMCWEB_ROUTE(app, "/redfish/v1/CertificateService/CertificateLocations/") + .privileges({"Login"}) + .methods( + boost::beast::http::verb:: + get)([](const crow::Request&, + const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) { + asyncResp->res.jsonValue = { + {"@odata.id", + "/redfish/v1/CertificateService/CertificateLocations"}, + {"@odata.type", + "#CertificateLocations.v1_0_0.CertificateLocations"}, + {"Name", "Certificate Locations"}, + {"Id", "CertificateLocations"}, + {"Description", + "Defines a resource that an administrator can use in order to " + "locate all certificates installed on a given service"}}; + + nlohmann::json& links = + asyncResp->res.jsonValue["Links"]["Certificates"]; + links = nlohmann::json::array(); + getCertificateLocations( + asyncResp, + "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/", + certs::httpsObjectPath, certs::httpsServiceName); + getCertificateLocations( + asyncResp, "/redfish/v1/AccountService/LDAP/Certificates/", + certs::ldapObjectPath, certs::ldapServiceName); + getCertificateLocations( + asyncResp, "/redfish/v1/Managers/bmc/Truststore/Certificates/", + certs::authorityObjectPath, certs::authorityServiceName); + }); +} +// requestRoutesCertificateLocations /** * Collection of LDAP certificates */ -class LDAPCertificateCollection : public Node +inline void requestRoutesLDAPCertificateCollection(App& app) { - public: - LDAPCertificateCollection(App& app) : - Node(app, "/redfish/v1/AccountService/LDAP/Certificates/") - { - entityPrivileges = { - {boost::beast::http::verb::get, {{"Login"}}}, - {boost::beast::http::verb::head, {{"Login"}}}, - {boost::beast::http::verb::patch, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::put, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::delete_, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::post, {{"ConfigureComponents"}}}}; - } - void doGet(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, - const crow::Request&, const std::vector<std::string>&) override - { - asyncResp->res.jsonValue = { - {"@odata.id", "/redfish/v1/AccountService/LDAP/Certificates"}, - {"@odata.type", "#CertificateCollection.CertificateCollection"}, - {"Name", "LDAP Certificates Collection"}, - {"Description", "A Collection of LDAP certificate instances"}}; - - crow::connections::systemBus->async_method_call( - [asyncResp](const boost::system::error_code ec, - const ManagedObjectType& certs) { - nlohmann::json& members = asyncResp->res.jsonValue["Members"]; - nlohmann::json& count = - asyncResp->res.jsonValue["Members@odata.count"]; - members = nlohmann::json::array(); - count = 0; - if (ec) + BMCWEB_ROUTE(app, "/redfish/v1/AccountService/LDAP/Certificates/") + .privileges({"Login"}) + .methods(boost::beast::http::verb::get)( + [](const crow::Request&, + const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) { + asyncResp->res.jsonValue = { + {"@odata.id", + "/redfish/v1/AccountService/LDAP/Certificates"}, + {"@odata.type", + "#CertificateCollection.CertificateCollection"}, + {"Name", "LDAP Certificates Collection"}, + {"Description", + "A Collection of LDAP certificate instances"}}; + + crow::connections::systemBus->async_method_call( + [asyncResp](const boost::system::error_code ec, + const ManagedObjectType& certs) { + nlohmann::json& members = + asyncResp->res.jsonValue["Members"]; + nlohmann::json& count = + asyncResp->res.jsonValue["Members@odata.count"]; + members = nlohmann::json::array(); + count = 0; + if (ec) + { + BMCWEB_LOG_WARNING + << "LDAP certificate query failed: " << ec; + return; + } + for (const auto& cert : certs) + { + long id = getIDFromURL(cert.first.str); + if (id >= 0) + { + members.push_back( + {{"@odata.id", "/redfish/v1/AccountService/" + "LDAP/Certificates/" + + std::to_string(id)}}); + } + } + count = members.size(); + }, + certs::ldapServiceName, certs::ldapObjectPath, + certs::dbusObjManagerIntf, "GetManagedObjects"); + }); + + BMCWEB_ROUTE(app, "/redfish/v1/AccountService/LDAP/Certificates/") + .privileges({"ConfigureComponents"}) + .methods(boost::beast::http::verb::post)( + [](const crow::Request& req, + const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) { + std::string certFileBody = + getCertificateFromReqBody(asyncResp, req); + + if (certFileBody.empty()) { - BMCWEB_LOG_WARNING << "LDAP certificate query failed: " - << ec; + BMCWEB_LOG_ERROR + << "Cannot get certificate from request body."; + messages::unrecognizedRequestBody(asyncResp->res); return; } - for (const auto& cert : certs) - { - long id = getIDFromURL(cert.first.str); - if (id >= 0) - { - members.push_back( - {{"@odata.id", "/redfish/v1/AccountService/" - "LDAP/Certificates/" + - std::to_string(id)}}); - } - } - count = members.size(); - }, - certs::ldapServiceName, certs::ldapObjectPath, - certs::dbusObjManagerIntf, "GetManagedObjects"); - } - void doPost(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, - const crow::Request& req, - const std::vector<std::string>&) override - { - - std::string certFileBody = getCertificateFromReqBody(asyncResp, req); - - if (certFileBody.empty()) - { - BMCWEB_LOG_ERROR << "Cannot get certificate from request body."; - messages::unrecognizedRequestBody(asyncResp->res); - return; - } + std::shared_ptr<CertificateFile> certFile = + std::make_shared<CertificateFile>(certFileBody); - std::shared_ptr<CertificateFile> certFile = - std::make_shared<CertificateFile>(certFileBody); + crow::connections::systemBus->async_method_call( + [asyncResp, certFile](const boost::system::error_code ec, + const std::string& objectPath) { + if (ec) + { + BMCWEB_LOG_ERROR << "DBUS response error: " << ec; + messages::internalError(asyncResp->res); + return; + } + long certId = getIDFromURL(objectPath); + if (certId < 0) + { + BMCWEB_LOG_ERROR << "Invalid objectPath value" + << objectPath; + messages::internalError(asyncResp->res); + return; + } + std::string certURL = + "/redfish/v1/AccountService/LDAP/Certificates/" + + std::to_string(certId); + getCertificateProperties(asyncResp, objectPath, + certs::ldapServiceName, certId, + certURL, "LDAP Certificate"); + BMCWEB_LOG_DEBUG << "LDAP certificate install file=" + << certFile->getCertFilePath(); + }, + certs::ldapServiceName, certs::ldapObjectPath, + certs::certInstallIntf, "Install", + certFile->getCertFilePath()); + }); +} // requestRoutesLDAPCertificateCollection - crow::connections::systemBus->async_method_call( - [asyncResp, certFile](const boost::system::error_code ec, - const std::string& objectPath) { - if (ec) - { - BMCWEB_LOG_ERROR << "DBUS response error: " << ec; - messages::internalError(asyncResp->res); - return; - } - long certId = getIDFromURL(objectPath); - if (certId < 0) +/** + * Certificate resource describes a certificate used to prove the identity + * of a component, account or service. + */ +inline void requestRoutesLDAPCertificate(App& app) +{ + BMCWEB_ROUTE(app, "/redfish/v1/AccountService/LDAP/Certificates/<str>/") + .privileges({"Login"}) + .methods(boost::beast::http::verb::get)( + [](const crow::Request& req, + const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, + const std::string&) { + long id = getIDFromURL(req.url); + if (id < 0) { - BMCWEB_LOG_ERROR << "Invalid objectPath value" - << objectPath; + BMCWEB_LOG_ERROR << "Invalid url value" << req.url; messages::internalError(asyncResp->res); return; } + BMCWEB_LOG_DEBUG << "LDAP Certificate ID=" + << std::to_string(id); std::string certURL = "/redfish/v1/AccountService/LDAP/Certificates/" + - std::to_string(certId); + std::to_string(id); + std::string objectPath = certs::ldapObjectPath; + objectPath += "/"; + objectPath += std::to_string(id); getCertificateProperties(asyncResp, objectPath, - certs::ldapServiceName, certId, - certURL, "LDAP Certificate"); - BMCWEB_LOG_DEBUG << "LDAP certificate install file=" - << certFile->getCertFilePath(); - }, - certs::ldapServiceName, certs::ldapObjectPath, - certs::certInstallIntf, "Install", certFile->getCertFilePath()); - } -}; // LDAPCertificateCollection - + certs::ldapServiceName, id, certURL, + "LDAP Certificate"); + }); +} // requestRoutesLDAPCertificate /** - * Certificate resource describes a certificate used to prove the identity - * of a component, account or service. + * Collection of TrustStoreCertificate certificates */ -class LDAPCertificate : public Node +inline void requestRoutesTrustStoreCertificateCollection(App& app) { - public: - LDAPCertificate(App& app) : - Node(app, "/redfish/v1/AccountService/LDAP/Certificates/<str>/", - std::string()) - { - entityPrivileges = { - {boost::beast::http::verb::get, {{"Login"}}}, - {boost::beast::http::verb::head, {{"Login"}}}, - {boost::beast::http::verb::patch, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::put, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::delete_, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::post, {{"ConfigureComponents"}}}}; - } + BMCWEB_ROUTE(app, "/redfish/v1/Managers/bmc/Truststore/Certificates/") + .privileges({"Login"}) + .methods(boost::beast::http::verb::get)( + [](const crow::Request&, + const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) { + asyncResp->res.jsonValue = { + {"@odata.id", + "/redfish/v1/Managers/bmc/Truststore/Certificates/"}, + {"@odata.type", + "#CertificateCollection.CertificateCollection"}, + {"Name", "TrustStore Certificates Collection"}, + {"Description", + "A Collection of TrustStore certificate instances"}}; + + crow::connections::systemBus->async_method_call( + [asyncResp](const boost::system::error_code ec, + const ManagedObjectType& certs) { + if (ec) + { + BMCWEB_LOG_ERROR << "DBUS response error: " << ec; + messages::internalError(asyncResp->res); + return; + } + nlohmann::json& members = + asyncResp->res.jsonValue["Members"]; + members = nlohmann::json::array(); + for (const auto& cert : certs) + { + long id = getIDFromURL(cert.first.str); + if (id >= 0) + { + members.push_back( + {{"@odata.id", "/redfish/v1/Managers/bmc/" + "Truststore/Certificates/" + + std::to_string(id)}}); + } + } + asyncResp->res.jsonValue["Members@odata.count"] = + members.size(); + }, + certs::authorityServiceName, certs::authorityObjectPath, + certs::dbusObjManagerIntf, "GetManagedObjects"); + }); - void doGet(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, - const crow::Request& req, - const std::vector<std::string>&) override - { + BMCWEB_ROUTE(app, "/redfish/v1/Managers/bmc/Truststore/Certificates/") + .privileges({"ConfigureComponents"}) + .methods(boost::beast::http::verb::post)( + [](const crow::Request& req, + const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) { + std::string certFileBody = + getCertificateFromReqBody(asyncResp, req); - long id = getIDFromURL(req.url); - if (id < 0) - { - BMCWEB_LOG_ERROR << "Invalid url value" << req.url; - messages::internalError(asyncResp->res); - return; - } - BMCWEB_LOG_DEBUG << "LDAP Certificate ID=" << std::to_string(id); - std::string certURL = "/redfish/v1/AccountService/LDAP/Certificates/" + - std::to_string(id); - std::string objectPath = certs::ldapObjectPath; - objectPath += "/"; - objectPath += std::to_string(id); - getCertificateProperties(asyncResp, objectPath, certs::ldapServiceName, - id, certURL, "LDAP Certificate"); - } -}; // LDAPCertificate -/** - * Collection of TrustStoreCertificate certificates - */ -class TrustStoreCertificateCollection : public Node -{ - public: - TrustStoreCertificateCollection(App& app) : - Node(app, "/redfish/v1/Managers/bmc/Truststore/Certificates/") - { - entityPrivileges = { - {boost::beast::http::verb::get, {{"Login"}}}, - {boost::beast::http::verb::head, {{"Login"}}}, - {boost::beast::http::verb::patch, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::put, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::delete_, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::post, {{"ConfigureComponents"}}}}; - } - void doGet(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, - const crow::Request&, const std::vector<std::string>&) override - { - asyncResp->res.jsonValue = { - {"@odata.id", "/redfish/v1/Managers/bmc/Truststore/Certificates/"}, - {"@odata.type", "#CertificateCollection.CertificateCollection"}, - {"Name", "TrustStore Certificates Collection"}, - {"Description", - "A Collection of TrustStore certificate instances"}}; - - crow::connections::systemBus->async_method_call( - [asyncResp](const boost::system::error_code ec, - const ManagedObjectType& certs) { - if (ec) + if (certFileBody.empty()) { - BMCWEB_LOG_ERROR << "DBUS response error: " << ec; - messages::internalError(asyncResp->res); + BMCWEB_LOG_ERROR + << "Cannot get certificate from request body."; + messages::unrecognizedRequestBody(asyncResp->res); return; } - nlohmann::json& members = asyncResp->res.jsonValue["Members"]; - members = nlohmann::json::array(); - for (const auto& cert : certs) - { - long id = getIDFromURL(cert.first.str); - if (id >= 0) - { - members.push_back( - {{"@odata.id", "/redfish/v1/Managers/bmc/" - "Truststore/Certificates/" + - std::to_string(id)}}); - } - } - asyncResp->res.jsonValue["Members@odata.count"] = - members.size(); - }, - certs::authorityServiceName, certs::authorityObjectPath, - certs::dbusObjManagerIntf, "GetManagedObjects"); - } - - void doPost(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, - const crow::Request& req, - const std::vector<std::string>&) override - { - - std::string certFileBody = getCertificateFromReqBody(asyncResp, req); - if (certFileBody.empty()) - { - BMCWEB_LOG_ERROR << "Cannot get certificate from request body."; - messages::unrecognizedRequestBody(asyncResp->res); - return; - } + std::shared_ptr<CertificateFile> certFile = + std::make_shared<CertificateFile>(certFileBody); + crow::connections::systemBus->async_method_call( + [asyncResp, certFile](const boost::system::error_code ec, + const std::string& objectPath) { + if (ec) + { + BMCWEB_LOG_ERROR << "DBUS response error: " << ec; + messages::internalError(asyncResp->res); + return; + } + long certId = getIDFromURL(objectPath); + if (certId < 0) + { + BMCWEB_LOG_ERROR << "Invalid objectPath value" + << objectPath; + messages::internalError(asyncResp->res); + return; + } + std::string certURL = "/redfish/v1/Managers/bmc/" + "Truststore/Certificates/" + + std::to_string(certId); + + getCertificateProperties( + asyncResp, objectPath, certs::authorityServiceName, + certId, certURL, "TrustStore Certificate"); + BMCWEB_LOG_DEBUG + << "TrustStore certificate install file=" + << certFile->getCertFilePath(); + }, + certs::authorityServiceName, certs::authorityObjectPath, + certs::certInstallIntf, "Install", + certFile->getCertFilePath()); + }); +} // requestRoutesTrustStoreCertificateCollection - std::shared_ptr<CertificateFile> certFile = - std::make_shared<CertificateFile>(certFileBody); - crow::connections::systemBus->async_method_call( - [asyncResp, certFile](const boost::system::error_code ec, - const std::string& objectPath) { - if (ec) +/** + * Certificate resource describes a certificate used to prove the identity + * of a component, account or service. + */ +inline void requestRoutesTrustStoreCertificate(App& app) +{ + BMCWEB_ROUTE(app, "/redfish/v1/Managers/bmc/Truststore/Certificates/<str>/") + .privileges({"Loign"}) + .methods(boost::beast::http::verb::get)( + [](const crow::Request& req, + const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, + const std::string&) { + long id = getIDFromURL(req.url); + if (id < 0) { - BMCWEB_LOG_ERROR << "DBUS response error: " << ec; + BMCWEB_LOG_ERROR << "Invalid url value" << req.url; messages::internalError(asyncResp->res); return; } - long certId = getIDFromURL(objectPath); - if (certId < 0) + BMCWEB_LOG_DEBUG << "TrustStoreCertificate::doGet ID=" + << std::to_string(id); + std::string certURL = + "/redfish/v1/Managers/bmc/Truststore/Certificates/" + + std::to_string(id); + std::string objectPath = certs::authorityObjectPath; + objectPath += "/"; + objectPath += std::to_string(id); + getCertificateProperties(asyncResp, objectPath, + certs::authorityServiceName, id, + certURL, "TrustStore Certificate"); + }); + + BMCWEB_ROUTE(app, "/redfish/v1/Managers/bmc/Truststore/Certificates/<str>/") + .privileges({"ConfigureComponents"}) + .methods(boost::beast::http::verb::delete_)( + [](const crow::Request& req, + const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, + const std::string& param) { + if (param.empty()) { - BMCWEB_LOG_ERROR << "Invalid objectPath value" - << objectPath; messages::internalError(asyncResp->res); return; } - std::string certURL = "/redfish/v1/Managers/bmc/" - "Truststore/Certificates/" + - std::to_string(certId); - - getCertificateProperties(asyncResp, objectPath, - certs::authorityServiceName, certId, - certURL, "TrustStore Certificate"); - BMCWEB_LOG_DEBUG << "TrustStore certificate install file=" - << certFile->getCertFilePath(); - }, - certs::authorityServiceName, certs::authorityObjectPath, - certs::certInstallIntf, "Install", certFile->getCertFilePath()); - } -}; // TrustStoreCertificateCollection -/** - * Certificate resource describes a certificate used to prove the identity - * of a component, account or service. - */ -class TrustStoreCertificate : public Node -{ - public: - TrustStoreCertificate(App& app) : - Node(app, "/redfish/v1/Managers/bmc/Truststore/Certificates/<str>/", - std::string()) - { - entityPrivileges = { - {boost::beast::http::verb::get, {{"Login"}}}, - {boost::beast::http::verb::head, {{"Login"}}}, - {boost::beast::http::verb::patch, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::put, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::delete_, {{"ConfigureComponents"}}}, - {boost::beast::http::verb::post, {{"ConfigureComponents"}}}}; - } - - void doGet(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, - const crow::Request& req, - const std::vector<std::string>&) override - { - - long id = getIDFromURL(req.url); - if (id < 0) - { - BMCWEB_LOG_ERROR << "Invalid url value" << req.url; - messages::internalError(asyncResp->res); - return; - } - BMCWEB_LOG_DEBUG << "TrustStoreCertificate::doGet ID=" - << std::to_string(id); - std::string certURL = - "/redfish/v1/Managers/bmc/Truststore/Certificates/" + - std::to_string(id); - std::string objectPath = certs::authorityObjectPath; - objectPath += "/"; - objectPath += std::to_string(id); - getCertificateProperties(asyncResp, objectPath, - certs::authorityServiceName, id, certURL, - "TrustStore Certificate"); - } - - void doDelete(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, - const crow::Request& req, - const std::vector<std::string>& params) override - { - - if (params.size() != 1) - { - messages::internalError(asyncResp->res); - return; - } - - long id = getIDFromURL(req.url); - if (id < 0) - { - BMCWEB_LOG_ERROR << "Invalid url value: " << req.url; - messages::resourceNotFound(asyncResp->res, "TrustStore Certificate", - std::string(req.url)); - return; - } - BMCWEB_LOG_DEBUG << "TrustStoreCertificate::doDelete ID=" - << std::to_string(id); - std::string certPath = certs::authorityObjectPath; - certPath += "/"; - certPath += std::to_string(id); - - crow::connections::systemBus->async_method_call( - [asyncResp, id](const boost::system::error_code ec) { - if (ec) + long id = getIDFromURL(req.url); + if (id < 0) { + BMCWEB_LOG_ERROR << "Invalid url value: " << req.url; messages::resourceNotFound(asyncResp->res, "TrustStore Certificate", - std::to_string(id)); + std::string(req.url)); return; } - BMCWEB_LOG_INFO << "Certificate deleted"; - asyncResp->res.result(boost::beast::http::status::no_content); - }, - certs::authorityServiceName, certPath, certs::objDeleteIntf, - "Delete"); - } -}; // TrustStoreCertificate + BMCWEB_LOG_DEBUG << "TrustStoreCertificate::doDelete ID=" + << std::to_string(id); + std::string certPath = certs::authorityObjectPath; + certPath += "/"; + certPath += std::to_string(id); + + crow::connections::systemBus->async_method_call( + [asyncResp, id](const boost::system::error_code ec) { + if (ec) + { + messages::resourceNotFound(asyncResp->res, + "TrustStore Certificate", + std::to_string(id)); + return; + } + BMCWEB_LOG_INFO << "Certificate deleted"; + asyncResp->res.result( + boost::beast::http::status::no_content); + }, + certs::authorityServiceName, certPath, certs::objDeleteIntf, + "Delete"); + }); +} // requestRoutesTrustStoreCertificate } // namespace redfish |