--- /dev/null
+/** @file\r
+ EmulaotPkg RedfishPlatformCredentialLib instance\r
+\r
+ (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>\r
+\r
+ SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+#include <Uefi.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/BaseLib.h>\r
+#include <Library/DebugLib.h>\r
+#include <Library/MemoryAllocationLib.h>\r
+#include <Library/UefiLib.h>\r
+\r
+#include <Protocol/EdkIIRedfishCredential.h>\r
+\r
+#include <Guid/GlobalVariable.h>\r
+#include <Guid/ImageAuthentication.h>\r
+\r
+BOOLEAN mSecureBootDisabled = FALSE;\r
+BOOLEAN mStopRedfishService = FALSE;\r
+\r
+EFI_STATUS\r
+EFIAPI\r
+LibStopRedfishService (\r
+ IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,\r
+ IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType\r
+);\r
+\r
+/**\r
+ Return the credential for accessing to Redfish servcice.\r
+\r
+ @param[out] AuthMethod The authentication method.\r
+ @param[out] UserId User ID.\r
+ @param[out] Password USer password.\r
+\r
+ @retval EFI_SUCCESS Get the authentication information successfully.\r
+ @retval EFI_OUT_OF_RESOURCES There are not enough memory resources.\r
+\r
+**/\r
+EFI_STATUS\r
+GetRedfishCredential (\r
+ OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,\r
+ OUT CHAR8 **UserId,\r
+ OUT CHAR8 **Password\r
+)\r
+{\r
+ UINTN UserIdSize;\r
+ UINTN PasswordSize;\r
+\r
+ //\r
+ // AuthMethod set to HTTP Basic authentication.\r
+ //\r
+ *AuthMethod = AuthMethodHttpBasic;\r
+\r
+ //\r
+ // User ID and Password.\r
+ //\r
+ UserIdSize = AsciiStrSize ((CHAR8 *)PcdGetPtr (PcdRedfishServieUserId));\r
+ PasswordSize = AsciiStrSize ((CHAR8 *)PcdGetPtr (PcdRedfishServiePassword));\r
+ if (UserIdSize == 0 || PasswordSize == 0) {\r
+ DEBUG ((DEBUG_ERROR, "Incorrect string of UserID or Password for REdfish service.\n"));\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+ *UserId = AllocateZeroPool (UserIdSize);\r
+ if (*UserId == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+ CopyMem (*UserId, (CHAR8 *)PcdGetPtr (PcdRedfishServieUserId), UserIdSize);\r
+\r
+ *Password = AllocateZeroPool (PasswordSize);\r
+ if (*Password == NULL) {\r
+ FreePool (*UserId);\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+\r
+ CopyMem (*Password, (CHAR8 *)PcdGetPtr (PcdRedfishServiePassword), PasswordSize);\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ Retrieve platform's Redfish authentication information.\r
+\r
+ This functions returns the Redfish authentication method together with the user Id and\r
+ password.\r
+ - For AuthMethodNone, the UserId and Password could be used for HTTP header authentication\r
+ as defined by RFC7235.\r
+ - For AuthMethodRedfishSession, the UserId and Password could be used for Redfish\r
+ session login as defined by Redfish API specification (DSP0266).\r
+\r
+ Callers are responsible for and freeing the returned string storage.\r
+\r
+ @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.\r
+ @param[out] AuthMethod Type of Redfish authentication method.\r
+ @param[out] UserId The pointer to store the returned UserId string.\r
+ @param[out] Password The pointer to store the returned Password string.\r
+\r
+ @retval EFI_SUCCESS Get the authentication information successfully.\r
+ @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe.\r
+ @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or Password is NULL.\r
+ @retval EFI_OUT_OF_RESOURCES There are not enough memory resources.\r
+ @retval EFI_UNSUPPORTED Unsupported authentication method is found.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+LibCredentialGetAuthInfo (\r
+ IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,\r
+ OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,\r
+ OUT CHAR8 **UserId,\r
+ OUT CHAR8 **Password\r
+)\r
+{\r
+ EFI_STATUS Status;\r
+\r
+ if (This == NULL || AuthMethod == NULL || UserId == NULL || Password == NULL) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ if (mStopRedfishService) {\r
+ return EFI_ACCESS_DENIED;\r
+ }\r
+\r
+ if (mSecureBootDisabled) {\r
+ Status = LibStopRedfishService (This, ServiceStopTypeSecureBootDisabled);\r
+ if (EFI_ERROR (Status) && Status != EFI_UNSUPPORTED) {\r
+ DEBUG ((DEBUG_ERROR, "SecureBoot has been disabled, but failed to stop RedfishService - %r\n", Status));\r
+ return Status;\r
+ }\r
+ }\r
+\r
+ Status = GetRedfishCredential (\r
+ AuthMethod,\r
+ UserId,\r
+ Password\r
+ );\r
+\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Notify the Redfish service to stop provide configuration service to this platform.\r
+\r
+ This function should be called when the platfrom is about to leave the safe environment.\r
+ It will notify the Redfish service provider to abort all logined session, and prohibit\r
+ further login with original auth info. GetAuthInfo() will return EFI_UNSUPPORTED once this\r
+ function is returned.\r
+\r
+ @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.\r
+ @param[in] ServiceStopType Reason of stopping Redfish service.\r
+\r
+ @retval EFI_SUCCESS Service has been stoped successfully.\r
+ @retval EFI_INVALID_PARAMETER This is NULL or given the worng ServiceStopType.\r
+ @retval EFI_UNSUPPORTED Not support to stop Redfish service.\r
+ @retval Others Some error happened.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+LibStopRedfishService (\r
+ IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,\r
+ IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType\r
+)\r
+{\r
+ if (ServiceStopType >= ServiceStopTypeMax) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ if (ServiceStopType == ServiceStopTypeSecureBootDisabled) {\r
+ //\r
+ // Check platform PCD to determine the action for stopping\r
+ // Redfish service due to secure boot is disabled.\r
+ //\r
+ if (!PcdGetBool (PcdRedfishServieStopIfSecureBootDisabled)) {\r
+ return EFI_UNSUPPORTED;\r
+ } else {\r
+ mStopRedfishService = TRUE;\r
+ DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped due to SecureBoot is disabled!!\n"));\r
+ }\r
+ } else if (ServiceStopType == ServiceStopTypeExitBootService) {\r
+ //\r
+ // Check platform PCD to determine the action for stopping\r
+ // Redfish service due to exit boot service.\r
+ //\r
+ if (PcdGetBool (PcdRedfishServieStopIfExitbootService)) {\r
+ return EFI_UNSUPPORTED;\r
+ } else {\r
+ mStopRedfishService = TRUE;\r
+ DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped due to Exit Boot Service!!\n"));\r
+ }\r
+ } else {\r
+ mStopRedfishService = TRUE;\r
+ DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped without Redfish service stop type!!\n"));\r
+ }\r
+ return EFI_SUCCESS;\r
+}\r
+/**\r
+ Notification of Exit Boot Service.\r
+\r
+ @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.\r
+**/\r
+VOID\r
+EFIAPI\r
+LibCredentialExitBootServicesNotify (\r
+ IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This\r
+)\r
+{\r
+ LibStopRedfishService (This, ServiceStopTypeExitBootService);\r
+}\r
+\r
+/**\r
+ Notification of End of DXE.\r
+\r
+ @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.\r
+**/\r
+VOID\r
+EFIAPI\r
+LibCredentialEndOfDxeNotify (\r
+ IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This\r
+)\r
+{\r
+ EFI_STATUS Status;\r
+ UINT8 *SecureBootVar;\r
+\r
+ //\r
+ // Check Secure Boot status and lock Redfish service if Secure Boot is disabled.\r
+ //\r
+ Status = GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SecureBootVar, NULL);\r
+ if (EFI_ERROR (Status) || (*SecureBootVar != SECURE_BOOT_MODE_ENABLE)) {\r
+ //\r
+ // Secure Boot is disabled\r
+ //\r
+ mSecureBootDisabled = TRUE;\r
+ LibStopRedfishService (This, ServiceStopTypeSecureBootDisabled);\r
+ }\r
+}\r