diff options
| author | Zbigniew Kurzynski <zbigniew.kurzynski@intel.com> | 2019-09-17 15:56:16 +0200 |
|---|---|---|
| committer | Zbigniew Kurzynski <zbigniew.kurzynski@intel.com> | 2019-11-06 08:29:06 +0000 |
| commit | 07a602993f1007b0b0b764bdb3f14f302a8d2e26 (patch) | |
| tree | c1e5215e892ae0166d5bc9b8df7b7679aae19d4f | |
| parent | 66b5ca76ccbad5ff6a51189c9b984d4b0e1ba18a (diff) | |
| download | bmcweb-07a602993f1007b0b0b764bdb3f14f302a8d2e26.tar.gz bmcweb-07a602993f1007b0b0b764bdb3f14f302a8d2e26.zip | |
Certificate delete API – middleware
With introducing Mutual-TLS and option to add multiple certificates
there is a need to give user a possibility to remove them, for example
when they expire. This commit adds implementation of DELETE function
to TLS Certificate node, so each of them can be removed.
Beckend implementation is here:
https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-certificate-manager/+/25268
Tested with uploaded multiple TLS certificates.
Other certificates remains irremovable as they were so far.
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: I9781c5c79288ec5d080e80e42c63a55e471ddb77
Depends-On: I9dd6fa998e8bd8081fbd13549831bc94a4a7aa54
| -rw-r--r-- | redfish-core/lib/certificate_service.hpp | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/redfish-core/lib/certificate_service.hpp b/redfish-core/lib/certificate_service.hpp index b40b1e9..9b4f60e 100644 --- a/redfish-core/lib/certificate_service.hpp +++ b/redfish-core/lib/certificate_service.hpp @@ -26,6 +26,7 @@ constexpr char const *httpsObjectPath = "/xyz/openbmc_project/certs/server/https"; constexpr char const *certInstallIntf = "xyz.openbmc_project.Certs.Install"; constexpr char const *certReplaceIntf = "xyz.openbmc_project.Certs.Replace"; +constexpr char const *objDeleteIntf = "xyz.openbmc_project.Object.Delete"; constexpr char const *certPropIntf = "xyz.openbmc_project.Certs.Certificate"; constexpr char const *dbusPropIntf = "org.freedesktop.DBus.Properties"; constexpr char const *dbusObjManagerIntf = "org.freedesktop.DBus.ObjectManager"; @@ -1363,5 +1364,46 @@ class TrustStoreCertificate : public Node certs::authorityServiceName, id, certURL, "TrustStore Certificate"); } + + void doDelete(crow::Response &res, const crow::Request &req, + const std::vector<std::string> ¶ms) override + { + auto asyncResp = std::make_shared<AsyncResp>(res); + + if (params.size() != 1) + { + messages::internalError(asyncResp->res); + return; + } + + long id = getIDFromURL(req.url); + if (id < 0) + { + BMCWEB_LOG_ERROR << "Invalid url value: " << req.url; + messages::resourceNotFound(asyncResp->res, "TrustStore Certificate", + std::string(req.url)); + return; + } + BMCWEB_LOG_DEBUG << "TrustStoreCertificate::doDelete ID=" + << std::to_string(id); + std::string certPath = certs::authorityObjectPath; + certPath += "/"; + certPath += std::to_string(id); + + crow::connections::systemBus->async_method_call( + [asyncResp, id](const boost::system::error_code ec) { + if (ec) + { + messages::resourceNotFound(asyncResp->res, + "TrustStore Certificate", + std::to_string(id)); + return; + } + BMCWEB_LOG_INFO << "Certificate deleted"; + asyncResp->res.result(boost::beast::http::status::no_content); + }, + certs::authorityServiceName, certPath, certs::objDeleteIntf, + "Delete"); + } }; // TrustStoreCertificate } // namespace redfish |
