Skip to content

Commit

Permalink
feat: move http client to tls
Browse files Browse the repository at this point in the history
Signed-off-by: Suraj Shirvankar <[email protected]>
  • Loading branch information
h0lyalg0rithm committed Aug 17, 2024
2 parents 15002b5 + dae834d commit 48825de
Show file tree
Hide file tree
Showing 14 changed files with 1,013 additions and 876 deletions.
2 changes: 1 addition & 1 deletion sztp-agent/cmd/daemon.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ func Daemon() *cobra.Command {
return fmt.Errorf("must not be folder: %q", filePath)
}
}
client := secureagent.NewHttpClient(bootstrapTrustAnchorCert, deviceEndEntityCert, devicePrivateKey)
client := secureagent.NewHTTPClient(bootstrapTrustAnchorCert, deviceEndEntityCert, devicePrivateKey)
a := secureagent.NewAgent(bootstrapURL, serialNumber, dhcpLeaseFile, devicePassword, devicePrivateKey, deviceEndEntityCert, bootstrapTrustAnchorCert, &client)
return a.RunCommandDaemon()
},
Expand Down
2 changes: 1 addition & 1 deletion sztp-agent/cmd/disable.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ func Disable() *cobra.Command {
Use: "disable",
Short: "Run the disable command",
RunE: func(_ *cobra.Command, _ []string) error {
client := secureagent.NewHttpClient(bootstrapTrustAnchorCert, deviceEndEntityCert, devicePrivateKey)
client := secureagent.NewHTTPClient(bootstrapTrustAnchorCert, deviceEndEntityCert, devicePrivateKey)
a := secureagent.NewAgent(bootstrapURL, serialNumber, dhcpLeaseFile, devicePassword, devicePrivateKey, deviceEndEntityCert, bootstrapTrustAnchorCert, &client)
return a.RunCommandDisable()
},
Expand Down
2 changes: 1 addition & 1 deletion sztp-agent/cmd/enable.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ func Enable() *cobra.Command {
Use: "enable",
Short: "Run the enable command",
RunE: func(_ *cobra.Command, _ []string) error {
client := secureagent.NewHttpClient(bootstrapTrustAnchorCert, deviceEndEntityCert, devicePrivateKey)
client := secureagent.NewHTTPClient(bootstrapTrustAnchorCert, deviceEndEntityCert, devicePrivateKey)
a := secureagent.NewAgent(bootstrapURL, serialNumber, dhcpLeaseFile, devicePassword, devicePrivateKey, deviceEndEntityCert, bootstrapTrustAnchorCert, &client)
return a.RunCommandEnable()
},
Expand Down
2 changes: 1 addition & 1 deletion sztp-agent/cmd/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ func Run() *cobra.Command {
return fmt.Errorf("must not be folder: %q", filePath)
}
}
client := secureagent.NewHttpClient(bootstrapTrustAnchorCert, deviceEndEntityCert, devicePrivateKey)
client := secureagent.NewHTTPClient(bootstrapTrustAnchorCert, deviceEndEntityCert, devicePrivateKey)
a := secureagent.NewAgent(bootstrapURL, serialNumber, dhcpLeaseFile, devicePassword, devicePrivateKey, deviceEndEntityCert, bootstrapTrustAnchorCert, &client)
return a.RunCommand()
},
Expand Down
2 changes: 1 addition & 1 deletion sztp-agent/cmd/status.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ func Status() *cobra.Command {
Use: "status",
Short: "Run the status command",
RunE: func(_ *cobra.Command, _ []string) error {
client := secureagent.NewHttpClient(bootstrapTrustAnchorCert, deviceEndEntityCert, devicePrivateKey)
client := secureagent.NewHTTPClient(bootstrapTrustAnchorCert, deviceEndEntityCert, devicePrivateKey)
a := secureagent.NewAgent(bootstrapURL, serialNumber, dhcpLeaseFile, devicePassword, devicePrivateKey, deviceEndEntityCert, bootstrapTrustAnchorCert, &client)
return a.RunCommandStatus()
},
Expand Down
25 changes: 0 additions & 25 deletions sztp-agent/pkg/secureagent/agent.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,7 @@ Copyright (C) 2022 Red Hat.
package secureagent

import (
"crypto/tls"
"crypto/x509"
"net/http"
"os"
)

const (
Expand Down Expand Up @@ -184,25 +181,3 @@ func (a *Agent) SetContentTypeReq(ct string) {
func (a *Agent) SetProgressJSON(p ProgressJSON) {
a.ProgressJSON = p
}

func NewHttpClient(bootstrapTrustAnchorCert string, deviceEndEntityCert string, devicePrivateKey string) http.Client {
caCert, _ := os.ReadFile(bootstrapTrustAnchorCert)
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
cert, _ := tls.LoadX509KeyPair(deviceEndEntityCert, devicePrivateKey)
client := http.Client{
CheckRedirect: func(r *http.Request, _ []*http.Request) error {
r.URL.Opaque = r.URL.Path
return nil
},
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
//nolint:gosec
InsecureSkipVerify: true, // TODO: remove skip verify
RootCAs: caCertPool,
Certificates: []tls.Certificate{cert},
},
},
}
return client
}
94 changes: 94 additions & 0 deletions sztp-agent/pkg/secureagent/configuration.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
package secureagent

import (
"encoding/base64"
"log"
"os"
"os/exec"
)

func (a *Agent) copyConfigurationFile() error {
log.Println("[INFO] Starting the Copy Configuration.")
_ = a.doReportProgress(ProgressTypeConfigInitiated, "Configuration Initiated")
// Copy the configuration file to the device
file, err := os.Create(ARTIFACTS_PATH + a.BootstrapServerOnboardingInfo.IetfSztpConveyedInfoOnboardingInformation.InfoTimestampReference + "-config")
if err != nil {
log.Println("[ERROR] creating the configuration file", err.Error())
return err
}
defer func() {
if err := file.Close(); err != nil {
log.Println("[ERROR] Error when closing:", err)
}
}()

plainTest, _ := base64.StdEncoding.DecodeString(a.BootstrapServerOnboardingInfo.IetfSztpConveyedInfoOnboardingInformation.Configuration)
_, err = file.WriteString(string(plainTest))
if err != nil {
log.Println("[ERROR] writing the configuration file", err.Error())
return err
}
// nolint:gosec
err = os.Chmod(ARTIFACTS_PATH+a.BootstrapServerOnboardingInfo.IetfSztpConveyedInfoOnboardingInformation.InfoTimestampReference+"-config", 0744)
if err != nil {
log.Println("[ERROR] changing the configuration file permission", err.Error())
return err
}
log.Println("[INFO] Configuration file copied successfully")
_ = a.doReportProgress(ProgressTypeConfigComplete, "Configuration Complete")
return nil
}

func (a *Agent) launchScriptsConfiguration(typeOf string) error {
var script, scriptName string
var reportStart, reportEnd ProgressType
switch typeOf {
case "post":
script = a.BootstrapServerOnboardingInfo.IetfSztpConveyedInfoOnboardingInformation.PostConfigurationScript
scriptName = "post"
reportStart = ProgressTypePostScriptInitiated
reportEnd = ProgressTypePostScriptComplete
default: // pre or default
script = a.BootstrapServerOnboardingInfo.IetfSztpConveyedInfoOnboardingInformation.PreConfigurationScript
scriptName = "pre"
reportStart = ProgressTypePreScriptInitiated
reportEnd = ProgressTypePreScriptComplete
}
log.Println("[INFO] Starting the " + scriptName + "-configuration.")
_ = a.doReportProgress(reportStart, "Report starting")
// nolint:gosec
file, err := os.Create(ARTIFACTS_PATH + a.BootstrapServerOnboardingInfo.IetfSztpConveyedInfoOnboardingInformation.InfoTimestampReference + scriptName + "configuration.sh")
if err != nil {
log.Println("[ERROR] creating the "+scriptName+"-configuration script", err.Error())
return err
}
defer func() {
if err := file.Close(); err != nil {
log.Println("[ERROR] Error when closing:", err)
}
}()

plainTest, _ := base64.StdEncoding.DecodeString(script)
_, err = file.WriteString(string(plainTest))
if err != nil {
log.Println("[ERROR] writing the "+scriptName+"-configuration script", err.Error())
return err
}
// nolint:gosec
err = os.Chmod(ARTIFACTS_PATH+a.BootstrapServerOnboardingInfo.IetfSztpConveyedInfoOnboardingInformation.InfoTimestampReference+scriptName+"configuration.sh", 0755)
if err != nil {
log.Println("[ERROR] changing the "+scriptName+"-configuration script permission", err.Error())
return err
}
log.Println("[INFO] " + scriptName + "-configuration script created successfully")
cmd := exec.Command("/bin/sh", ARTIFACTS_PATH+a.BootstrapServerOnboardingInfo.IetfSztpConveyedInfoOnboardingInformation.InfoTimestampReference+scriptName+"configuration.sh") //nolint:gosec
out, err := cmd.Output()
if err != nil {
log.Println("[ERROR] running the "+scriptName+"-configuration script", err.Error())
return err
}
log.Println(string(out)) // remove it
_ = a.doReportProgress(reportEnd, "Report end")
log.Println("[INFO] " + scriptName + "-Configuration script executed successfully")
return nil
}
Loading

0 comments on commit 48825de

Please sign in to comment.