diff --git a/proliantutils/ilo/client.py b/proliantutils/ilo/client.py index 86f68bff..2d9de86f 100644 --- a/proliantutils/ilo/client.py +++ b/proliantutils/ilo/client.py @@ -905,7 +905,7 @@ class IloClient(operations.IloOperations): """ return self._call_method('add_tls_certificate', cert_file_list) - def remove_tls_certificate(self, cert_file_list): + def remove_tls_certificate(self, cert_file_list=[]): """Removes the TLS certificate from the iLO :param cert_file_list: List of TLS certificate files diff --git a/proliantutils/ilo/operations.py b/proliantutils/ilo/operations.py index b217560e..9dc71a9b 100644 --- a/proliantutils/ilo/operations.py +++ b/proliantutils/ilo/operations.py @@ -558,7 +558,7 @@ class IloOperations(object): """ raise exception.IloCommandNotSupportedError(ERRMSG) - def remove_tls_certificate(self, cert_file_list): + def remove_tls_certificate(self, cert_file_list=[]): """Removes the TLS certificate from the iLO :param cert_file_list: List of TLS certificate files diff --git a/proliantutils/redfish/redfish.py b/proliantutils/redfish/redfish.py index e03fc710..e8deb8a7 100644 --- a/proliantutils/redfish/redfish.py +++ b/proliantutils/redfish/redfish.py @@ -1470,7 +1470,7 @@ class RedfishOperations(operations.IloOperations): msg = 'TLS certificate cannot be upload in BIOS boot mode' raise exception.IloCommandNotSupportedInBiosError(msg) - def remove_tls_certificate(self, cert_file_list): + def remove_tls_certificate(self, cert_file_list=[]): """Removes the TLS certificate from the iLO. :param cert_file_list: List of TLS certificate files @@ -1481,9 +1481,24 @@ class RedfishOperations(operations.IloOperations): """ sushy_system = self._get_sushy_system(PROLIANT_SYSTEM_ID) - if(self._is_boot_mode_uefi()): - cert_dict = {} - del_cert_list = [] + if not self._is_boot_mode_uefi(): + msg = 'TLS certificates cannot be removed in BIOS boot mode' + raise exception.IloCommandNotSupportedInBiosError(msg) + + cert_dict = {} + del_cert_list = [] + + if not cert_file_list: + tls_certificates = (sushy_system.bios_settings.tls_config. + tls_certificates) + for cert in tls_certificates: + fp = cert.get("FingerPrint") + cert_fp = { + "FingerPrint": fp + } + del_cert_list.append(cert_fp) + + else: for cert_file in cert_file_list: with open(cert_file, 'r') as f: data = json.dumps(f.read()) @@ -1515,22 +1530,19 @@ class RedfishOperations(operations.IloOperations): } del_cert_list.append(cert_fp) - if len(del_cert_list) == 0: - msg = (self._("No valid certificate in %(cert_file_list)s.") % - {"cert_file_list": cert_file_list}) - raise exception.IloError(msg) + if len(del_cert_list) == 0: + msg = (self._("No valid certificate in %(cert_file_list)s.") % + {"cert_file_list": cert_file_list}) + raise exception.IloError(msg) - cert_dict.update({"DeleteCertificates": del_cert_list}) + cert_dict.update({"DeleteCertificates": del_cert_list}) - try: - (sushy_system.bios_settings.tls_config. - tls_config_settings.remove_tls_certificate(cert_dict)) - except sushy.exceptions.SushyError as e: - msg = (self._("The Redfish controller has failed to remove " - "TLS certificate. Error %(error)s") % - {'error': str(e)}) - LOG.debug(msg) - raise exception.IloError(msg) - else: - msg = 'TLS certificate cannot be removed in BIOS boot mode' - raise exception.IloCommandNotSupportedInBiosError(msg) + try: + (sushy_system.bios_settings.tls_config. + tls_config_settings.remove_tls_certificate(cert_dict)) + except sushy.exceptions.SushyError as e: + msg = (self._("The Redfish controller has failed to remove " + "TLS certificate. Error %(error)s") % + {'error': str(e)}) + LOG.debug(msg) + raise exception.IloError(msg) diff --git a/proliantutils/redfish/resources/system/tls_config.py b/proliantutils/redfish/resources/system/tls_config.py index c44f08c9..cec889bb 100644 --- a/proliantutils/redfish/resources/system/tls_config.py +++ b/proliantutils/redfish/resources/system/tls_config.py @@ -25,6 +25,9 @@ class TLSConfig(base.ResourceBase): from sushy. """ + tls_certificates = base.Field('Certificates') + """The certificates currently configured""" + @property @sushy_utils.cache_it def tls_config_settings(self): diff --git a/proliantutils/tests/redfish/json_samples/tls_config.json b/proliantutils/tests/redfish/json_samples/tls_config.json index f391861d..7adff7ed 100644 --- a/proliantutils/tests/redfish/json_samples/tls_config.json +++ b/proliantutils/tests/redfish/json_samples/tls_config.json @@ -21,6 +21,22 @@ "@odata.type": "#HpeTlsConfig.v1_0_0.HpeTlsConfig", "Certificates": [ + { + "FingerPrint": "1C:E7:B2:FD:9F:CB:14:EB:74:3F:EF:39:CC:81:DB:36:28:EF:D3:83:CD:B7:B3:63:7A:DB:C1:82:9A:84:A8:20", + "Issuer": "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd", + "SerialNumber": "BD96C593395EA98", + "Subject": "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd", + "ValidNotAfter": "02/23/2019 04:34", + "ValidNotBefore": "02/23/2018 04:34" + }, + { + "FingerPrint": "FA:3A:68:C7:7E:ED:90:21:D2:FA:3E:54:6B:0C:14:D3:2F:8D:43:50:F7:05:A7:0F:1C:68:35:DB:5C:D2:53:28", + "Issuer": "C=IN, ST=Karnataka, L=Bengaluru, O=HPE, OU=BCOS, CN=Vinay Muddu, emailAddress=vinay.m.kumar@hpe.com", + "SerialNumber": "92DF813625F950E5", + "Subject": "C=IN, ST=Karnataka, L=Bengaluru, O=HPE, OU=BCOS, CN=Vinay Muddu, emailAddress=vinay.m.kumar@hpe.com", + "ValidNotAfter": "06/08/2021 06:40", + "ValidNotBefore": "06/08/2020 06:40" + } ], "Ciphers": "AES128-SHA:AES256-SHA:AES128-SHA256:AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384", "DeleteCertificates": diff --git a/proliantutils/tests/redfish/test_redfish.py b/proliantutils/tests/redfish/test_redfish.py index ee77b3bf..66f8d2b4 100644 --- a/proliantutils/tests/redfish/test_redfish.py +++ b/proliantutils/tests/redfish/test_redfish.py @@ -42,6 +42,7 @@ from proliantutils.redfish.resources.system.storage import array_controller from proliantutils.redfish.resources.system.storage \ import common as common_storage from proliantutils.redfish.resources.system import system as pro_sys +from proliantutils.redfish.resources.system import tls_config @ddt.ddt @@ -2303,9 +2304,44 @@ class RedfishOperationsTestCase(testtools.TestCase): self.assertRaisesRegex( exception.IloCommandNotSupportedInBiosError, - 'TLS certificate cannot be removed in BIOS boot mode', + 'TLS certificates cannot be removed in BIOS boot mode', self.rf_client.remove_tls_certificate, fp) + @mock.patch.object(redfish, 'load_certificate') + @mock.patch.object(redfish, 'b64decode') + @mock.patch.object(redfish.RedfishOperations, '_is_boot_mode_uefi') + @mock.patch.object(redfish.RedfishOperations, '_get_sushy_system') + def test_remove_tls_certificate_default(self, get_sushy_system_mock, + _uefi_boot_mode_mock, decode_mock, + load_cert_mock): + _uefi_boot_mode_mock.return_value = True + with open('proliantutils/tests/redfish/' + 'json_samples/tls_config.json', 'r') as f: + jsonval = json.loads(f.read()) + tlsconfig_mock = mock.MagicMock(spec=tls_config.TLSConfig) + + tls_mock = mock.PropertyMock(return_value=tlsconfig_mock) + + type(get_sushy_system_mock.return_value.bios_settings).tls_config = ( + tls_mock) + certificates = jsonval.get('Certificates') + certs_mock = mock.PropertyMock(return_value=certificates) + type(tlsconfig_mock).tls_certificates = certs_mock + del_cert_list = [] + for cert in certificates: + fp = cert.get("FingerPrint") + cert_fp = { + "FingerPrint": fp + } + del_cert_list.append(cert_fp) + self.rf_client.remove_tls_certificate() + (get_sushy_system_mock.return_value. + bios_settings.tls_config.tls_config_settings. + remove_tls_certificate.assert_called_once_with( + {'DeleteCertificates': del_cert_list})) + decode_mock.assert_not_called() + load_cert_mock.assert_not_called() + @mock.patch.object(redfish.RedfishOperations, '_get_security_dashboard_values') def test__parse_security_dashboard_values_for_capabilities(self, sec_mock):