Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-tools / 34646402a27f90766b7bcff5395d972741c5a08f^! / . / thalerj / openbmctool.py
commit34646402a27f90766b7bcff5395d972741c5a08f[log] [tgz]
authorMarri Devender Rao <devenrao@in.ibm.com>Mon Jul 01 05:46:03 2019 -0500
committerMarri Devender Rao <devenrao@in.ibm.com>Wed Jul 31 09:00:46 2019 -0500
tree97b62722048609307b9237eb1d4a4025ee4d85ff
parentdfe81ad5679268f235451e74a84a8a67817f7316 [diff] [blame]
Add support to display certificate contents

Redfish supports listing the certificate content catered
for the same.

Tested:
-------OP930-------
bash-4.2$ python openbmctool.py -H $BMC_IP -U bbbb -P ppppp certificate display
server
Attempting login...
Not supported
User bbbb has been logged out

-------OP940-------
bash-4.2$ python openbmctool.py -H $BMC_IP -U xxxx -P xxxx certificate --help
usage: openbmctool.py certificate [-h] {update,replace,display} ...

optional arguments:
  -h, --help            show this help message and exit

subcommands:
  valid certificate commands

  {update,replace,display}
                        sub-command help
    update              Update the certificate
    replace             Replace the certificate
    display             Print the certificate

bash-4.2$ python openbmctool.py -H $BMC_IP -U xxxx -P xxxx certificate display
--help
usage: openbmctool.py certificate display [-h] {server,client,authority}

positional arguments:
  {server,client,authority}
                        certificate type to display

optional arguments:
  -h, --help            show this help message and exit

bash-4.2$ python openbmctool.py -H $BMC_IP -U xxxx -P xxxx certificate display
server
Attempting login...
Display complete.
{
  "@odata.context": "/redfish/v1/$metadata#Certificate.Certificate",
  "@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1",
  "@odata.type": "#Certificate.v1_0_0.Certificate",
  "CertificateString": "-----BEGIN CERTIFICATE-----\n/Q=\n-----END
CERTIFICATE-----\n",
  "Description": "HTTPS Certificate",
  "Id": "1",
  "Issuer": {
    "CommonName": "localhost",
    "Organization": "openbmc-project.xyz"
  },
  "KeyUsage": [],
  "Name": "HTTPS Certificate",
  "Subject": {
    "CommonName": "localhost",
    "Organization": "openbmc-project.xyz"
  },
  "ValidNotAfter": "2029-05-09T19:59:40+00:00",
  "ValidNotBefore": "2019-05-12T19:59:40+00:00"
}
User xxxx has been logged out

Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
Change-Id: Iba2549524b2931db49111d92d7ec92867e6f41db

diff --git a/thalerj/openbmctool.py b/thalerj/openbmctool.py
index d06a38e..225d97e 100755
--- a/thalerj/openbmctool.py
+++ b/thalerj/openbmctool.py

@@ -2646,6 +2646,46 @@
         print("Replace complete.")
     return resp.text
 
+def certificateDisplay(host, args, session):
+    """
+         Called by certificate management function. display server/client/
+         authority certificates
+         Example:
+         certificate display server
+         certificate display authority
+         certificate display client
+         @param host: string, the hostname or IP address of the bmc
+         @param args: contains additional arguments used by the certificate
+                      display sub command
+         @param session: the active session to use
+    """
+    if not redfishSupportPresent(host, session):
+        return "Not supported";
+
+    httpHeader = {'Content-Type': 'application/octet-stream'}
+    httpHeader.update(xAuthHeader)
+    if(args.type.lower() == 'server'):
+        url = "https://" + host + \
+            "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1"
+    elif(args.type.lower() == 'client'):
+        url = "https://" + host + \
+            "/redfish/v1/AccountService/LDAP/Certificates/1"
+    elif(args.type.lower() == 'authority'):
+        url = "https://" + host + \
+            "/redfish/v1/Managers/bmc/Truststore/Certificates/1"
+    try:
+        resp = session.get(url, headers=httpHeader, verify=False)
+    except(requests.exceptions.Timeout):
+        return(connectionErrHandler(args.json, "Timeout", None))
+    except(requests.exceptions.ConnectionError) as err:
+        return connectionErrHandler(args.json, "ConnectionError", err)
+    if resp.status_code != 200:
+        print(resp.text)
+        return "Failed to display the certificate"
+    else:
+        print("Display complete.")
+    return resp.text
+
 def enableLDAP(host, args, session):
     """
          Called by the ldap function. Configures LDAP.
@@ -3980,6 +4020,12 @@
         help="The absolute path to the certificate file")
     certReplace.set_defaults(func=certificateReplace)
 
+    certDisplay = certMgmt_subproc.add_parser('display',
+        help="Print the certificate")
+    certDisplay.add_argument('type', choices=['server', 'client', 'authority'],
+        help="certificate type to display")
+    certDisplay.set_defaults(func=certificateDisplay)
+
     # local users
     parser_users = subparsers.add_parser("local_users", help="Work with local users")
     parser_users.add_argument('local_users', choices=['disableall','enableall', 'queryenabled'], help="Disable, enable or query local user accounts")