diff options
| author | Marri Devender Rao <devenrao@in.ibm.com> | 2019-03-18 08:59:21 -0500 |
|---|---|---|
| committer | Ed Tanous <ed.tanous@intel.com> | 2019-08-16 18:08:23 +0000 |
| commit | 3021581655861c74e8c0c71ce1ca49bb7b54f72d (patch) | |
| tree | 2a8df7b1185c2301e0470e6c60b7f54dd38105a0 /redfish-core/include | |
| parent | adc4f0db57568c5e5d2a3398fce00dbb050a3b72 (diff) | |
| download | bmcweb-3021581655861c74e8c0c71ce1ca49bb7b54f72d.tar.gz bmcweb-3021581655861c74e8c0c71ce1ca49bb7b54f72d.zip | |
Redfish: GenerateCSR action for HTTPS certificate
Implemented GenerateCSR action of CertificateService
for generating CSR of HTTPS certificate
CSR requests initiated through D-Bus are time-consuming
and might result D-Bus time-out error
GenerateCSR request is performed in child process in
the backend so that caller is returned immediately.
Caller need to register for "InterfacesAdded" signal
generated when a new CSR object is creatd by backend
after completion of the CSR request.
Caller initiates read on the CSR object created to
read the CSR string.
Timer is added to cancel the operation if "Interfaces
Added" signal is not received in a specified time.
Modified to support only 2048 keybit length due to
time taken in private key generation.
Tested
1) Tested schema with validator and no issues
2)
curl -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token" -X POST
https://${bmc}/redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR/
-d @generate_https.json
{
"CSRString": "-----BEGIN CERTIFICATE ..."
"CertificateCollection": {
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/"
}
}
3. generate_https.json
{
"City": "Austin",
"CertificateCollection": {
"@odata.id":
"/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/"
},
"CommonName": "www.ibm.com",
"ContactPerson":"myname",
"AlternativeNames":["www.ibm.com"],
"ChallengePassword":"",
"Email":"openbmc@in.ibm.com",
"GivenName":"",
"Initials":"",
"Country": "US",
"KeyCurveId":"",
"KeyUsage":["KeyAgreement"],
"KeyBitLength": 1024,
"KeyPairAlgorithm": "RSA",
"Organization": "IBM",
"OrganizationalUnit": "ISL",
"State": "AU",
"Surname": "",
"UnstructuredName": ""
}
4) Verified Required and Optional parameters
5) Generate EC CSR with curve ID secp224r1
curl -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token" -X POST
https://${bmc}/redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR/
-d @generate_https.json
{
"CSRString": "-----BEGIN CERTIFICATE
REQUEST-----\nMIIBQzCB8wIBATCBmzEUMBIGA1UdEQwLd3d3LmlibS5jb20xDzANBgNVBAcMBkF1\nc3RpbjEUMBIGA1UEAwwLd3d3LmlibS5jb20xDzANBgNVBCkMBm15bmFtZTELMAkG\nA1UEBhMCVVMxDDAKBgQrDgMCDAJFQzEVMBMGA1UdDwwMS2V5QWdyZWVtZW50MQww\nCgYDVQQKDANJQk0xCzAJBgNVBAgMAkFVME4wEAYHKoZIzj0CAQYFK4EEACEDOgAE\n7hyL8FWmeCBRpCxWKjlce9nRghwS0lBrBdslOZ+n9+hFD+0KD8L+BORwm7dfzGlG\nTblh2G6cQ8KgADAKBggqhkjOPQQDAgM/ADA8Ahw1nlGdEFfnb+2zxdfVeTQYgCTw\nNos0t2rsGc/zAhxS9/paXZtVqR+WzdQVsjSLC/BedbXv1EmW52Uo\n-----END
CERTIFICATE REQUEST-----\n",
"CertificateCollection": {
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/"
}
}
Change-Id: I2528c802ff3c6f63570cdb355b9c1195797a0e53
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
Diffstat (limited to 'redfish-core/include')
| -rw-r--r-- | redfish-core/include/redfish.hpp | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/redfish-core/include/redfish.hpp b/redfish-core/include/redfish.hpp index 6f68611..93418e4 100644 --- a/redfish-core/include/redfish.hpp +++ b/redfish-core/include/redfish.hpp @@ -134,10 +134,9 @@ class RedfishService nodes.emplace_back(std::make_unique<HTTPSCertificate>(app)); nodes.emplace_back(std::make_unique<LDAPCertificateCollection>(app)); nodes.emplace_back(std::make_unique<LDAPCertificate>(app)); - + nodes.emplace_back(std::make_unique<CertificateActionGenerateCSR>(app)); nodes.emplace_back(std::make_unique<SystemPCIeFunction>(app)); nodes.emplace_back(std::make_unique<SystemPCIeDevice>(app)); - for (const auto& node : nodes) { node->initPrivileges(); |
