confluent/misc/installcert.py

import argparse
import pyghmi.redfish.command as cmd
import os
import sys

ap = argparse.ArgumentParser(description='Certificate Generate')
ap.add_argument('xcc', help='XCC address')
ap.add_argument('cert', help='Certificate in PEM format')
args = ap.parse_args()

cert = open(args.cert, 'r').read()
c = cmd.Command(args.xcc, os.environ['XCCUSER'], os.environ['XCCPASS'],
                verifycallback=lambda x: True)
overview = c._do_web_request('/redfish/v1/')
cs = overview.get('CertificateService', {}).get('@odata.id', None)
if cs:
    csinfo = c._do_web_request(cs)
    gcsr = csinfo.get('Actions', {}).get('#CertificateService.ReplaceCertificate', {}).get('target', None)
    if gcsr:
        repcertargs = {
                'CertificateUri': { '@odata.id': '/redfish/v1/Managers/1/NetworkProtocol/HTTPS/Certificates/1' },
                'CertificateType': 'PEM',
                'CertificateString': cert }
        print(repr(c._do_web_request(gcsr, repcertargs)))
        sys.exit(0)

    #CertificateService.ReplaceCertificate
wc = c.oem.wc
cert = open(args.cert, 'rb').read()
res = wc.grab_json_response_with_status('/api/function', {'Sec_ImportCert': '0,1,0,0,,{0}'.format(cert)})
print(repr(res))
Example for XCC cert scripting 2020-05-06 18:23:54 +00:00			`import argparse`
			`import pyghmi.redfish.command as cmd`
			`import os`
			`import sys`

			`ap = argparse.ArgumentParser(description='Certificate Generate')`
			`ap.add_argument('xcc', help='XCC address')`
			`ap.add_argument('cert', help='Certificate in PEM format')`
			`args = ap.parse_args()`

Provide components for cert management with modern XCC Refresh getcsr and installcert to handle latest firmware. Also add ability to have pre-existing CSR, and trust the SAN on the way through. If this becomes more properly a feature, then would likely impose a SAN on certs, similar to the SSH principals, rather than deferring to the CSR to get it right. 2024-04-01 16:13:21 +00:00			`cert = open(args.cert, 'r').read()`
Example for XCC cert scripting 2020-05-06 18:23:54 +00:00			`c = cmd.Command(args.xcc, os.environ['XCCUSER'], os.environ['XCCPASS'],`
			`verifycallback=lambda x: True)`
Provide components for cert management with modern XCC Refresh getcsr and installcert to handle latest firmware. Also add ability to have pre-existing CSR, and trust the SAN on the way through. If this becomes more properly a feature, then would likely impose a SAN on certs, similar to the SSH principals, rather than deferring to the CSR to get it right. 2024-04-01 16:13:21 +00:00			`overview = c._do_web_request('/redfish/v1/')`
			`cs = overview.get('CertificateService', {}).get('@odata.id', None)`
			`if cs:`
			`csinfo = c._do_web_request(cs)`
			`gcsr = csinfo.get('Actions', {}).get('#CertificateService.ReplaceCertificate', {}).get('target', None)`
			`if gcsr:`
			`repcertargs = {`
			`'CertificateUri': { '@odata.id': '/redfish/v1/Managers/1/NetworkProtocol/HTTPS/Certificates/1' },`
			`'CertificateType': 'PEM',`
			`'CertificateString': cert }`
			`print(repr(c._do_web_request(gcsr, repcertargs)))`
			`sys.exit(0)`

			`#CertificateService.ReplaceCertificate`
Example for XCC cert scripting 2020-05-06 18:23:54 +00:00			`wc = c.oem.wc`
			`cert = open(args.cert, 'rb').read()`
Correct syntax error in sample script 2022-11-30 16:09:57 +00:00			`res = wc.grab_json_response_with_status('/api/function', {'Sec_ImportCert': '0,1,0,0,,{0}'.format(cert)})`
Example for XCC cert scripting 2020-05-06 18:23:54 +00:00			`print(repr(res))`