For generate CSR set key usage based on certificate type

Redfish allows various values for setting the key usage in
generating CSR.

Modified to auto-set the key usage value based on the
certificate type set for generating the CSR.

Example for "Server" certifiacte set the key usage as
"ServerAuthentication" and "Client" certificate set the key
usage as "ClientAuthentication".

Setting default values so that user does not select unrelated
key usage value like "EmailProtection" for server certificate.

Certificate manager does not validate the key usage value rather
it is used for display purpose when listing the certificate
properties.

Tested:
python openbmctool.py -H $BMC -U aaa -P bbbb certificate generatecsr server
NJ w3.ibm.com US IBM IBM-UNIT NY EC 2048 prime256v1 cp abc.com an.com,bm.com gn
sn un in
Attempting login...
Generating CSR url=/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/
GenerateCSR complete.
{
  "CSRString": "-----BEGIN CERTIFICATE
REQUEST-----\n-----END CERTIFICATE REQUEST-----\n",
  "CertificateCollection": {
    "@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/"
  }
}
User root has been logged out

Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
Change-Id: If5ab55f9d35b5e9f0c9e1d3e3dc2e75adf2fa6e9
1 file changed
tree: 526608d7f10379035c94f77573fa23823b7231da
  1. amboar/
  2. edtanous/
  3. emilyshaffer/
  4. feistjj/
  5. geissonator/
  6. hongweiz/
  7. infra/
  8. leiyu/
  9. post-process/
  10. thalerj/
  11. LICENSE
  12. MAINTAINERS
  13. README.md
README.md

The OpenBMC Tools Collection

The goal of this repository is to collect the two-minute hacks you write to automate interactions with OpenBMC systems.

It's highly likely the scripts don't meet your needs - they could be undocumented, dysfunctional or utterly broken. Please help us improve!

Repository Rules

  • Always inspect what you will be executing
  • Some hacking on your part is to be expected

If you're still with us

Then this repository aims to be the default destination for your otherwise un-homed scripts. As such we are setting the bar for submission pretty low, and we aim to make the process as easy as possible.

Catalogue of scripts

Users

Developers

  • netboot: Painless netboot of BMC kernels
  • obmc-gerrit: Automagically add reviewers to changes pushed to Gerrit
  • reboot: Endlessly reboot OpenPOWER hosts
  • tracing: Enable and clean up kernel tracepoints remotely
  • witherspoon-debug: Deploy the debug tools tarball to Witherspoon BMCs

Maintainers

  • cla-signers: Check if a contributor has signed the OpenBMC CLA

Project Administrators

Sending patches

Please use gerrit for all patches to this repository:

Do note that you will need to be party to the OpenBMC CLA before your contributions can be accepted. See Gerrit Setup and CLA for more information.

What we will do once we have your patches

So long as your patches look sane with a cursory glance you can expect them to be applied. We may push back in the event that similar tools already exist or there are egregious issues.

What you must have in your patches

We don't ask for much, but you need to give us at least a Signed-off-by, and put your work under the Apache 2.0 license. Licensing everything under Apache 2.0 will just hurt our heads less. Lets keep the lawyers off our backs. ^

^Any exceptions must be accompanied by a LICENSE file in the relevant subdirectory, and be compatible with Apache 2.0. You thought you would get away without any fine print?

How you consume the repository

There's no standard way to install the scripts housed in the here, so adding parts of the repository to your PATH might be a bit of a dice-roll. We may also move or remove scripts from time to time as part of housekeeping. It's probably best to copy things out if you need stability.