tlbmc/redfish/routes/trust_bundle_manager.h - gbmcweb - Git at Google

 #ifndef THIRD_PARTY_MILOTIC_EXTERNAL_CC_TLBMC_REDFISH_ROUTES_TRUST_BUNDLE_MANAGER_H_
 #define THIRD_PARTY_MILOTIC_EXTERNAL_CC_TLBMC_REDFISH_ROUTES_TRUST_BUNDLE_MANAGER_H_

 #include <string>

 #include "absl/base/no_destructor.h"
 #include "absl/base/thread_annotations.h"
 #include "absl/functional/any_invocable.h"
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/string_view.h"
 #include "absl/synchronization/mutex.h"
 #include "absl/time/time.h"

 namespace milotic_tlbmc::certificate_service {

 class TrustBundleManagerPeer;

 inline constexpr int kTrustBundleRestartDelaySeconds = 3;
 // Add 1 second as buffer to make sure the restart is triggered after the delay
 // but the grpc server is not restarted, so we allow retry to go through.
 inline constexpr int kTrustBundleRetryDelaySeconds =
     kTrustBundleRestartDelaySeconds + 1;

 class StagedTempFile {
  public:
   static absl::StatusOr<StagedTempFile> Create(
       absl::string_view content, absl::string_view temp_name_template);
   ~StagedTempFile();
   StagedTempFile(StagedTempFile&& other) noexcept;
   StagedTempFile& operator=(StagedTempFile&& other) noexcept;
   StagedTempFile(const StagedTempFile&) = delete;
   StagedTempFile& operator=(const StagedTempFile&) = delete;

   const std::string& path() const { return path_; }

  private:
   explicit StagedTempFile(absl::string_view path);
   std::string path_;
 };

 absl::StatusOr<StagedTempFile> VerifyAndStageTrustBundle(
     absl::string_view trust_bundle, absl::string_view signature,
     absl::string_view ca_file_path);

 class TrustBundleManager {
  public:
   static TrustBundleManager& GetInstance() {
     static absl::NoDestructor<TrustBundleManager> instance;
     return *instance;
   }

   absl::Status InstallTrustBundle(absl::string_view trust_bundle_blob,
                                   absl::string_view signature);

  private:
   friend class TrustBundleManagerPeer;
   friend class absl::NoDestructor<TrustBundleManager>;

   TrustBundleManager() = default;

   // For testing only
   void SetCaller(absl::AnyInvocable<int(const char*) const>&& caller);

   absl::Status RestartGrpcServer(absl::string_view staged_temp_file_path);

   absl::Mutex mutex_;
   absl::Time last_install_time_ ABSL_GUARDED_BY(mutex_) = absl::InfinitePast();
   absl::AnyInvocable<int(const char*) const> system_caller_ = std::system;
 };

 }  // namespace milotic_tlbmc::certificate_service

 #endif  // THIRD_PARTY_MILOTIC_EXTERNAL_CC_TLBMC_REDFISH_ROUTES_TRUST_BUNDLE_MANAGER_H_
	#ifndef THIRD_PARTY_MILOTIC_EXTERNAL_CC_TLBMC_REDFISH_ROUTES_TRUST_BUNDLE_MANAGER_H_
	#define THIRD_PARTY_MILOTIC_EXTERNAL_CC_TLBMC_REDFISH_ROUTES_TRUST_BUNDLE_MANAGER_H_

	#include <string>

	#include "absl/base/no_destructor.h"
	#include "absl/base/thread_annotations.h"
	#include "absl/functional/any_invocable.h"
	#include "absl/status/status.h"
	#include "absl/status/statusor.h"
	#include "absl/strings/string_view.h"
	#include "absl/synchronization/mutex.h"
	#include "absl/time/time.h"

	namespace milotic_tlbmc::certificate_service {

	class TrustBundleManagerPeer;

	inline constexpr int kTrustBundleRestartDelaySeconds = 3;
	// Add 1 second as buffer to make sure the restart is triggered after the delay
	// but the grpc server is not restarted, so we allow retry to go through.
	inline constexpr int kTrustBundleRetryDelaySeconds =
	kTrustBundleRestartDelaySeconds + 1;

	class StagedTempFile {
	public:
	static absl::StatusOr<StagedTempFile> Create(
	absl::string_view content, absl::string_view temp_name_template);
	~StagedTempFile();
	StagedTempFile(StagedTempFile&& other) noexcept;
	StagedTempFile& operator=(StagedTempFile&& other) noexcept;
	StagedTempFile(const StagedTempFile&) = delete;
	StagedTempFile& operator=(const StagedTempFile&) = delete;

	const std::string& path() const { return path_; }

	private:
	explicit StagedTempFile(absl::string_view path);
	std::string path_;
	};

	absl::StatusOr<StagedTempFile> VerifyAndStageTrustBundle(
	absl::string_view trust_bundle, absl::string_view signature,
	absl::string_view ca_file_path);

	class TrustBundleManager {
	public:
	static TrustBundleManager& GetInstance() {
	static absl::NoDestructor<TrustBundleManager> instance;
	return *instance;
	}

	absl::Status InstallTrustBundle(absl::string_view trust_bundle_blob,
	absl::string_view signature);

	private:
	friend class TrustBundleManagerPeer;
	friend class absl::NoDestructor<TrustBundleManager>;

	TrustBundleManager() = default;

	// For testing only
	void SetCaller(absl::AnyInvocable<int(const char*) const>&& caller);

	absl::Status RestartGrpcServer(absl::string_view staged_temp_file_path);

	absl::Mutex mutex_;
	absl::Time last_install_time_ ABSL_GUARDED_BY(mutex_) = absl::InfinitePast();
	absl::AnyInvocable<int(const char*) const> system_caller_ = std::system;
	};

	} // namespace milotic_tlbmc::certificate_service

	#endif // THIRD_PARTY_MILOTIC_EXTERNAL_CC_TLBMC_REDFISH_ROUTES_TRUST_BUNDLE_MANAGER_H_