commit 62db08a938e08debb4bc56c155238eb22a5a885c
author Marri Devender Rao <devenrao@in.ibm.com> Thu Aug 22 03:16:02 2019 -0500
committer Andrew Geissler <geissonator@yahoo.com> Thu Sep 05 18:14:21 2019 +0000
tree bdecd6442eba2bc492dc70af23a931cb09b79d47
parent 88064f0d61a8ff8f28cee73caa094f3325abb5ae

Validate the certificate type and service values

In OP930 certificate type and service values are used to compute
the certifiate URL, any mismatch in the values used to result in
Invalid D-Bus path error.

In OP940 only certificate type is used in computing the Redfish
url and service value is ignored. But allowing the user to pass
service for backward compatability.

In OP940 as serivce value is not used, no validation is done to
check if certificate type and service are related leading to
confusion. Modified to add the validation.

listed below are the valid combinations of certificate type and
service values.
"server" and "https"
"client" and "ldap",
"autority" and "ldap"

Tested
$ python openbmctool.py -H $bmc -U user1 -P password1 certificate update server
ldap -f cert.pem
Attempting login...
Invalid service type
User user1 has been logged out
$ python openbmctool.py -H $bmc -U user1 -P password1 certificate update client
https -f cert.pem
Attempting login...
Invalid service type
User user1 has been logged out
$ python openbmctool.py -H $bmc -U user1 -P password1 certificate update
authority https -f cert.pem
Attempting login...
Invalid service type
User user1 has been logged out
$ python openbmctool.py -H $bmc -U user1 -P password1 certificate update
authority ldap -f cert.pem
Attempting login...
Update complete.
None
User user1 has been logged out

Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
Change-Id: I64dccca42391dca583fd0b2b8b612aff3b3970c3

thalerj/openbmctool.py

diff --git a/thalerj/openbmctool.py b/thalerj/openbmctool.py
index 138c34c..6583b77 100755
--- a/thalerj/openbmctool.py
+++ b/thalerj/openbmctool.py
@@ -2543,6 +2543,12 @@
     data = open(args.fileloc, 'rb').read()
     try:
         if redfishSupportPresent(host, session):
+            if(args.type.lower() == 'server' and args.service.lower() != "https"):
+                return "Invalid service type"
+            if(args.type.lower() == 'client' and args.service.lower() != "ldap"):
+                return "Invalid service type"
+            if(args.type.lower() == 'authority' and args.service.lower() != "ldap"):
+                return "Invalid service type"
             url = "";
             if(args.type.lower() == 'server'):
                 url = "https://" + host + \
@@ -2619,6 +2625,12 @@
             httpHeader = {'Content-Type': 'application/json'}
             httpHeader.update(xAuthHeader)
             url = "";
+            if(args.type.lower() == 'server' and args.service.lower() != "https"):
+                return "Invalid service type"
+            if(args.type.lower() == 'client' and args.service.lower() != "ldap"):
+                return "Invalid service type"
+            if(args.type.lower() == 'authority' and args.service.lower() != "ldap"):
+                return "Invalid service type"
             if(args.type.lower() == 'server'):
                 url = "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1"
             elif(args.type.lower() == 'client'):