| commit | 3cdf8aee133c6b55b370c481705ea51b0640cdab | [log] [tgz] |
|---|---|---|
| author | Marri Devender Rao <devenrao@in.ibm.com> | Mon Jul 01 06:01:40 2019 -0500 |
| committer | Marri Devender Rao <devenrao@in.ibm.com> | Wed Jul 31 09:00:47 2019 -0500 |
| tree | bfac715ca3eede7c09993389cde051e2104e5f19 | |
| parent | a208ff8f4267be240504dc50d3a9b2eda2332a90 [diff] |
Add support for Generate Certificate Signing Request(CSR)
Redfish supports generating CSR, added support for the same
Tested:
-------OP930-------
bash-4.2$ python python openbmctool.py -H $BMC_IP -U rrr -P pppp certificate
generatecsr server NJ w3.ibm.com US IBM IBM-UNIT NY EC 2048 prime256v1 cp
abc.com an.com,bm.com gn sn un in ClientAuthentication,CodeSigning
Attempting login...
Not supported
User bbbb has been logged out
-------OP940-------
bash-4.2$ python openbmctool.py -H $BMC_IP -U uuu -P ppp certificate generatecsr server NJ w3.ibm.com US IBM IBM-UNIT NY EC 2048 prime256v1 cp abc.com an.com,bm.com gn sn un in ClientAuthentication,CodeSigning
Attempting login...
Generating CSR url=/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/
GenerateCSR complete.
{
"CSRString": "-----BEGIN CERTIFICATE REQUEST-----\nMIIByzCCAXICAQEwggEOMQ8wDQYDVR0RDAZhbi5jb20xDzANBgNVHREMBmJtLmNv\nbTELMAkGA1UEBwwCTkoxEzARBgNVBAMMCnczLmlibS5jb20xCzAJBgNVBCkMAmNw\nMQswCQYDVQQGEwJVUzEWMBQGCSqGSIb3DQEJARYHYWJjLmNvbTELMAkGA1UEKgwC\nZ24xCzAJBgNVBCsMAmluMQwwCgYEKw4DAgwCRUMxHTAbBgNVHQ8MFENsaWVudEF1\ndGhlbnRpY2F0aW9uMRQwEgYDVR0PDAtDb2RlU2lnbmluZzEMMAoGA1UECgwDSUJN\nMQswCQYDVQQIDAJOWTELMAkGA1UEBAwCc24xETAPBgkqhkiG9w0BCQIMAnVuMFkw\nEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9Rt+I8tkTneN+5w+Ln5YgrIlvjEVPFcI\nazDzmxgjL6jtaeDcha9cYtj/7VXA67WSp9odVGWhAgM61LMpP3DcNKAAMAoGCCqG\nSM49BAMCA0cAMEQCIDpPzyNqhoRCYHIXxbTaynQ/ac2Oa3zff2G5HBdqx+eBAiAZ\nl+O7TAYxr+UzbbgSWEARuc5Kc7c4xLwldtecwxPbRg==\n-----END CERTIFICATE REQUEST-----\n",
"CertificateCollection": {
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/"
}
}
User root has been logged out
bash-4.2$ python openbmctool.py -H $BMC_IP -U uuuu -P pppp certificate generatecsr --help
usage: openbmctool.py certificate generatecsr [-h]
{server,client,authority} city
commonName country organization
organizationUnit state {RSA,EC}
{2048} keyCurveId contactPerson
email alternativeNames givenname
surname unstructuredname
initials keyUsage
positional arguments:
{server,client,authority}
Generate CSR
city The city or locality of the organization making the
request
commonName The fully qualified domain name of the component that
is being secured.
country The country of the organization making the request
organization The name of the organization making the request.
organizationUnit The name of the unit or division of the organization
making the request.
state The state, province, or region of the organization
making the request.
{RSA,EC} The type of key pair for use with signing algorithms.
{2048} The length of the key in bits, if needed based on the
value of the 'KeyPairAlgorithm' parameter.
keyCurveId The curve ID to be used with the key, if needed based
on the value of the 'KeyPairAlgorithm' parameter.
contactPerson The name of the user making the request
email The email address of the contact within the
organization
alternativeNames Additional hostnames of the component that is being
secured
givenname The given name of the user making the request
surname The surname of the user making the request
unstructuredname he unstructured name of the subject
initials The initials of the user making the request
keyUsage The usage of the key contained in the certificate
optional arguments:
-h, --help show this help message and exit
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
Change-Id: I12c0a1311e233a238806f500fd97048780f0e0c1
The goal of this repository is to collect the two-minute hacks you write to automate interactions with OpenBMC systems.
It's highly likely the scripts don't meet your needs - they could be undocumented, dysfunctional or utterly broken. Please help us improve!
Then this repository aims to be the default destination for your otherwise un-homed scripts. As such we are setting the bar for submission pretty low, and we aim to make the process as easy as possible.
openbmc-events: Query error events on the target serveropenbmc-sensors: Query sensors on the target serveropenbmc-sfw: Manage host and BMC firmware images on the target serveropenbmctool: A general purpose tool for user interactions with OpenBMCpretty-journal: Convert journalctl's 'pretty' output to regular outputupload_and_update: Upload a tarball to TFTP server and update BMC with itnetboot: Painless netboot of BMC kernelsobmc-gerrit: Automagically add reviewers to changes pushed to Gerritreboot: Endlessly reboot OpenPOWER hoststracing: Enable and clean up kernel tracepoints remotelywitherspoon-debug: Deploy the debug tools tarball to Witherspoon BMCscla-signers: Check if a contributor has signed the OpenBMC CLAopenbmc-autobump.py: Update commit IDs in bitbake recipes to bring in new changesPlease use gerrit for all patches to this repository:
Do note that you will need to be party to the OpenBMC CLA before your contributions can be accepted. See Gerrit Setup and CLA for more information.
So long as your patches look sane with a cursory glance you can expect them to be applied. We may push back in the event that similar tools already exist or there are egregious issues.
We don't ask for much, but you need to give us at least a Signed-off-by, and put your work under the Apache 2.0 license. Licensing everything under Apache 2.0 will just hurt our heads less. Lets keep the lawyers off our backs. ^
^Any exceptions must be accompanied by a LICENSE file in the relevant subdirectory, and be compatible with Apache 2.0. You thought you would get away without any fine print?
There's no standard way to install the scripts housed in the here, so adding parts of the repository to your PATH might be a bit of a dice-roll. We may also move or remove scripts from time to time as part of housekeeping. It's probably best to copy things out if you need stability.