Add support for certificate update command
Existing REST server is broken with design changes
done to phosphor-certificate-manager as it is catered
for Redfish specification
Modified certificate update command to use Redfish
specification
Tested:
-------OP940-------
bash-4.2$ python openbmctool.py -H $BMC_IP -U xxx -P xxxx certificate update
server -f testcert.pem
{
"@odata.context": "/redfish/v1/$metadata#Certificate.Certificate",
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1",
"@odata.type": "#Certificate.v1_0_0.Certificate",
"CertificateString": "-----BEGIN CERTIFICATE----DzyQ==\n-----END
CERTIFICATE-----\n",
"Description": "HTTPS Certificate",
"Id": "1",
"Name": "HTTPS Certificate",
"Subject": {
"City": "SomeCity",
"CommonName": "www.company.com",
"State": "VA"
},
"ValidNotAfter": "2029-03-14T02:11:02+00:00",
"ValidNotBefore": "2019-03-17T02:11:02+00:00"
}
-------OP930-------
bash-4.2$ python openbmctool.py -H $BMC_IP -U rrrr -P aaaa certificate
update server https -f cert.pem
Attempting login...
Updating certificate url=https://$bmc/xyz/openbmc_project/certs/server/https
Update complete.
None
User root has been logged out
Change-Id: I3502683f7bf22898826accb2d154da3b9e6744b1
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
diff --git a/thalerj/openbmctool.py b/thalerj/openbmctool.py
index 70a1296..a9ea855 100755
--- a/thalerj/openbmctool.py
+++ b/thalerj/openbmctool.py
@@ -2512,6 +2512,18 @@
return(connectionErrHandler(args.json, "Timeout", None))
return res.text
+def redfishSupportPresent(host, session):
+ url = "https://" + host + "/redfish/v1"
+ try:
+ resp = session.get(url, headers=jsonHeader, verify=False, timeout=baseTimeout)
+ except(requests.exceptions.Timeout):
+ return False
+ except(requests.exceptions.ConnectionError) as err:
+ return False
+ if resp.status_code != 200:
+ return False
+ else:
+ return True
def certificateUpdate(host, args, session):
"""
@@ -2524,14 +2536,29 @@
@param args: contains additional arguments used by the certificate update sub command
@param session: the active session to use
"""
-
httpHeader = {'Content-Type': 'application/octet-stream'}
httpHeader.update(xAuthHeader)
- url = "https://" + host + "/xyz/openbmc_project/certs/" + args.type.lower() + "/" + args.service.lower()
data = open(args.fileloc, 'rb').read()
- print("Updating certificate url=" + url)
try:
- resp = session.put(url, headers=httpHeader, data=data, verify=False)
+ if redfishSupportPresent(host, session):
+ url = "";
+ if(args.type.lower() == 'server'):
+ url = "https://" + host + \
+ "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates"
+ elif(args.type.lower() == 'client'):
+ url = "https://" + host + \
+ "/redfish/v1/AccountService/LDAP/Certificates"
+ elif(args.type.lower() == 'authority'):
+ url = "https://" + host + \
+ "/redfish/v1/Managers/bmc/Truststore/Certificates"
+ else:
+ return "Unsupported certificate type"
+ resp = session.post(url, headers=httpHeader, data=data,
+ verify=False)
+ else:
+ url = "https://" + host + "/xyz/openbmc_project/certs/" + \
+ args.type.lower() + "/" + args.service.lower()
+ resp = session.put(url, headers=httpHeader, data=data, verify=False)
except(requests.exceptions.Timeout):
return(connectionErrHandler(args.json, "Timeout", None))
except(requests.exceptions.ConnectionError) as err:
@@ -2540,8 +2567,7 @@
print(resp.text)
return "Failed to update the certificate"
else:
- print("Update complete.")
-
+ print("Update complete.")
def certificateDelete(host, args, session):
"""
@@ -4211,7 +4237,7 @@
main function for running the command line utility as a sub application
"""
global toolVersion
- toolVersion = "1.14"
+ toolVersion = "1.15"
parser = createCommandParser()
args = parser.parse_args(argv)