Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-tools / 64e7f6ff8f396703ae02f77bc240fdfceac72b04^! / .
commit64e7f6ff8f396703ae02f77bc240fdfceac72b04[log] [tgz]
authorDhruvaraj Subhashchandran <dhruvaraj@in.ibm.com>Tue Oct 02 03:42:14 2018 -0500
committerAndrew Geissler <geissonator@yahoo.com>Mon Nov 12 13:57:04 2018 +0000
tree7007f95a7329ac8691bc78fced85ad684ce31b8e
parent62a9b4caca55b66fcb98afffc69bf7f66300c3c9 [diff]
openbmctool: add certificate management commands

Following commands are added
 - Update certificate
 - Delete certificate

Change-Id: I9de11f8015bb504f4584f5f001c4fca3ea48ef40
Signed-off-by: Dhruvaraj Subhashchandran <dhruvaraj@in.ibm.com>

diff --git a/thalerj/openbmctool.py b/thalerj/openbmctool.py
index 1318d5d..2510db1 100755
--- a/thalerj/openbmctool.py
+++ b/thalerj/openbmctool.py

@@ -2152,6 +2152,62 @@
         return(connectionErrHandler(args.json, "Timeout", None))
     return res.text
 
+def certificateUpdate(host, args, session):
+    """
+         Called by certificate management function. update server/client/authority certificates
+         Example:
+         certificate update server https -f cert.pem
+         certificate update authority ldap -f Root-CA.pem
+         certificate update client ldap -f cert.pem
+         @param host: string, the hostname or IP address of the bmc
+         @param args: contains additional arguments used by the certificate update sub command
+         @param session: the active session to use
+    """
+
+    httpHeader = {'Content-Type': 'application/octet-stream'}
+    url = "https://" + host + "/xyz/openbmc_project/certs/" + args.type.lower() + "/" + args.service.lower()
+    data = open(args.fileloc, 'rb').read()
+    print("Updating certificate url=" + url)
+    try:
+        resp = session.put(url, headers=httpHeader, data=data, verify=False)
+    except(requests.exceptions.Timeout):
+        return(connectionErrHandler(args.json, "Timeout", None))
+    except(requests.exceptions.ConnectionError) as err:
+        return connectionErrHandler(args.json, "ConnectionError", err)
+    if resp.status_code != 200:
+        print(resp.text)
+        return "Failed to update the certificate"
+    else:
+       print("Update complete.")
+
+
+def certificateDelete(host, args, session):
+    """
+         Called by certificate management function to delete certificate
+         Example:
+         certificate delete server https
+         certificate delete authority ldap
+         certificate delete client ldap
+         @param host: string, the hostname or IP address of the bmc
+         @param args: contains additional arguments used by the certificate delete sub command
+         @param session: the active session to use
+    """
+
+    httpHeader = {'Content-Type': 'multipart/form-data'}
+    url = "https://" + host + "/xyz/openbmc_project/certs/" + args.type.lower() + "/" + args.service.lower()
+    print("Deleting certificate url=" + url)
+    try:
+        resp = session.delete(url, headers=httpHeader)
+    except(requests.exceptions.Timeout):
+        return(connectionErrHandler(args.json, "Timeout", None))
+    except(requests.exceptions.ConnectionError) as err:
+        return connectionErrHandler(args.json, "ConnectionError", err)
+    if resp.status_code != 200:
+        print(resp.text)
+        return "Failed to delete the certificate"
+    else:
+       print("Delete complete.")
+
 
 def localUsers(host, args, session):
     """
@@ -2405,6 +2461,21 @@
     parser_remote_logging_config.add_argument("-a", "--address", required=True, help="Set IP address of rsyslog server")
     parser_remote_logging_config.add_argument("-p", "--port", required=True, type=int, help="Set Port of rsyslog server")
     parser_remote_logging_config.set_defaults(func=remoteLoggingConfig)
+
+    #certificate management
+    parser_cert = subparsers.add_parser("certificate", help="Certificate management")
+    certMgmt_subproc = parser_cert.add_subparsers(title='subcommands', description='valid certificate commands', help='sub-command help', dest='command')
+
+    certUpdate = certMgmt_subproc.add_parser('update', help="Update the certificate")
+    certUpdate.add_argument('type', choices=['server', 'client', 'authority'], help="certificate type to update")
+    certUpdate.add_argument('service', choices=['https', 'ldap'], help="Service to update")
+    certUpdate.add_argument('-f', '--fileloc', required=True, help="The absolute path to the certificate file")
+    certUpdate.set_defaults(func=certificateUpdate)
+
+    certDelete = certMgmt_subproc.add_parser('delete', help="Delete the certificate")
+    certDelete.add_argument('type', choices=['server', 'client', 'authority'], help="certificate type to delete")
+    certDelete.add_argument('service', choices=['https', 'ldap'], help="Service to delete the certificate")
+    certDelete.set_defaults(func=certificateDelete)
     
     # local users
     parser_users = subparsers.add_parser("local_users", help="Work with local users")