Merge pull request #206 from open-amt-cloud-toolkit/local-wifi-fixup

fix: addwifisettings - track added certs to prevent duplicate error
open-amt-cloud-toolkit · Sep 8, 2023 · 8c703aa · 8c703aa
2 parents 06b67ec + a946bf1
commit 8c703aa
Show file tree

Hide file tree

Showing 7 changed files with 298 additions and 99 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,85 @@
-<a name="2.11.0"></a>
-## [2.11.0] - 2023-07-10
+<a name="v2.14.1"></a>
+## [v2.14.1] - 2023-09-06
+### Fix
+- addwifisettings - track added certs to prevent duplicates error
+
+<a name="v2.14.0"></a>
+## [v2.14.0] - 2023-09-06
+### Build
+- bump go-wsman-messages to v1.8.2 ([#205](https://github.com/open-amt-cloud-toolkit/rpc-go/issues/205))
+- **deps:** bump actions/checkout from 3.6.0 to 4.0.0
+- **deps:** bump aquasecurity/trivy-action
+- **deps:** bump go-wsman-messages to v1.8.1
+- **deps:** bump cycjimmy/semantic-release-action from 3.4.2 to 4.0.0
+- **deps:** bump github/codeql-action from 2.21.4 to 2.21.5
+- **deps:** bump actions/checkout from 3.5.3 to 3.6.0
+
+### Feat
+- local wifi configuration
+
+<a name="v2.13.1"></a>
+## [v2.13.1] - 2023-08-16
+### Build
+- **deps:** bump github/codeql-action from 2.21.3 to 2.21.4
+- **deps:** bump docker/login-action from 1.6.0 to 2.2.0
+
+### Ci
+- push another image with a github tag
+
+### Fix
+- update ProjectVersion to 2.13.0
+
+<a name="v2.13.0"></a>
+## [v2.13.0] - 2023-08-14
+### Build
+- **deps:** bump github/codeql-action from 1.1.39 to 2.21.3
+- **deps:** bump step-security/harden-runner from 2.5.0 to 2.5.1
+- **deps:** bump aquasecurity/trivy-action
+- **deps:** bump codecov/codecov-action from 3.1.3 to 3.1.4
+- **deps:** bump golang.org/x/sys from 0.10.0 to 0.11.0
+- **deps:** bump github.com/open-amt-cloud-toolkit/go-wsman-messages
+- **deps:** bump actions/upload-artifact from 2.3.1 to 3.1.2
+- **deps:** bump golang from 1.20-alpine to 1.21-alpine
+- **deps:** bump actions/checkout from 3.1.0 to 3.5.3
+- **deps:** bump actions/setup-dotnet from 2.1.1 to 3.2.0
+- **deps:** bump danhellem/github-actions-issue-to-work-item
+- **deps:** bump wagoid/commitlint-github-action from 4.1.15 to 5.4.3
+- **deps:** bump actions/add-to-project from 0.3.0 to 0.5.0
+- **deps:** bump ossf/scorecard-action from 2.0.6 to 2.2.0
+
+### Ci
+- [StepSecurity] Apply security best practices
+- adds release notes generator and github to semantic release
+
+### Feat
+- activate in acm using local command
+
+### Refactor
+- result codes ([#185](https://github.com/open-amt-cloud-toolkit/rpc-go/issues/185))
+- add configure command
+
+<a name="v2.12.0"></a>
+## [v2.12.0] - 2023-07-27
+### Build
+- **deps:** bump github.com/open-amt-cloud-toolkit/go-wsman-messages
+- **deps:** bump github.com/ilyakaznacheev/cleanenv from 1.4.2 to 1.5.0
+
+### Feat
+- add local deactivation in ACM
+
+### Refactor
+- move command execution out of flags package
+
+<a name="v2.11.1"></a>
+## [v2.11.0] - 2023-07-14
+### Fix
+- password not set correctly for ccm activate
+
+### Refactor
+- **internal:** remove .parsed check
+
+<a name="v2.11.0"></a>
+## [v2.11.0] - 2023-07-10
 ### Build
 - update version to v2.11.0
 - **deps:** bump golang.org/x/sys from 0.9.0 to 0.10.0
@@ -18,17 +98,17 @@
 ### Refactor
 - simplify friendly name
 
-<a name="2.10.0"></a>
-## [2.10.0] - 2023-06-16
+<a name="v2.10.0"></a>
+## [v2.10.0] - 2023-06-16
 ### Build
 - update version and changelog to v2.10.0
 
 ### Feat
 - adds AMT Features to amtinfo
 - support device friendly name
 
-<a name="2.9.1"></a>
-## [2.9.1] - 2023-06-08
+<a name="v2.9.1"></a>
+## [v2.9.1] - 2023-06-08
 ### Build
 - update version and changelog to v2.9.1
 - **deps:** bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3
@@ -37,8 +117,8 @@
 ### Fix
 - **internal:** GetOSDnsSuffixOS bug with docker desktop
 
-<a name="2.9.0"></a>
-## [2.9.0] - 2023-05-25
+<a name="v2.9.0"></a>
+## [v2.9.0] - 2023-05-25
 ### Build
 - update version and changelog for v2.9.0
 - **deps:** bump github.com/stretchr/testify from 1.8.2 to 1.8.3
@@ -55,8 +135,8 @@
 ### Test
 - move flag tests to respective files for better organization
 
-<a name="2.8.0"></a>
-## [2.8.0] - 2023-05-18
+<a name="v2.8.0"></a>
+## [v2.8.0] - 2023-05-18
 ### Build
 - update version to 2.8.0 and changelog
 - add tasks.json for vscode
@@ -68,8 +148,8 @@
 ### Feat
 - deactivate a device in CCM from RPC
 
-<a name="2.7.0"></a>
-## [2.7.0] - 2023-05-04
+<a name="v2.7.0"></a>
+## [v2.7.0] - 2023-05-04
 ### Build
 - update version to 2.7.0, update changelogbuild: update version to 2.6.0, update changelog
 - update go to 1.20

diff --git a/internal/local/configure.go b/internal/local/configure.go
@@ -2,6 +2,7 @@ package local
 
 import (
 	"fmt"
+	"github.com/open-amt-cloud-toolkit/go-wsman-messages/pkg/amt/publicprivate"
 	"regexp"
 	"rpc/internal/config"
 	"rpc/pkg/utils"
@@ -24,6 +25,9 @@ func (service *ProvisioningService) Configure() int {
 }
 
 func (service *ProvisioningService) AddWifiSettings() int {
+	// start with fresh map
+	service.handlesWithCerts = make(map[string]string)
+
 	// PruneWifiConfigs is best effort
 	// it will log error messages, but doesn't stop the configuration flow
 	service.PruneWifiConfigs()
@@ -79,54 +83,79 @@ func (service *ProvisioningService) PruneWifiIeee8021xCerts(certHandles []string
 		resultCode := service.DeletePublicCert(handle)
 		if resultCode != utils.Success {
 			failedCertHandles = append(failedCertHandles, handle)
+		} else {
+			delete(service.handlesWithCerts, handle)
 		}
 	}
 	for _, handle := range keyPairHandles {
 		resultCode := service.DeletePublicPrivateKeyPair(handle)
 		if resultCode != utils.Success {
 			failedKeyPairHandles = append(failedKeyPairHandles, handle)
+		} else {
+			delete(service.handlesWithCerts, handle)
 		}
 	}
 	return failedCertHandles, failedKeyPairHandles
 }
 
 func (service *ProvisioningService) GetWifiIeee8021xCerts() (certHandles []string, keyPairHandles []string) {
 
+	var publicCerts []publickey.PublicKeyCertificate
+	service.GetPublicKeyCerts(&publicCerts)
+	var keyPairs []publicprivate.PublicPrivateKeyPair
+	service.GetPublicPrivateKeyPairs(&keyPairs)
 	credentials, resultCode := service.GetCredentialRelationships()
 	if resultCode != utils.Success {
 		return certHandles, keyPairHandles
 	}
+	certHandleMap := make(map[string]bool)
 	for i := range credentials {
 		inParams := &credentials[i].ElementInContext.ReferenceParameters
 		providesPrams := &credentials[i].ElementProvidingContext.ReferenceParameters
 		if providesPrams.ResourceURI == `http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_IEEE8021xSettings` {
-			handle := inParams.GetSelectorValue("InstanceID")
-			if handle != "" {
-				certHandles = append(certHandles, handle)
+			id := inParams.GetSelectorValue("InstanceID")
+			certHandleMap[id] = true
+			for j := range publicCerts {
+				if publicCerts[j].InstanceID == id {
+					service.handlesWithCerts[id] = publicCerts[j].X509Certificate
+				}
 			}
 		}
 	}
+	for k := range certHandleMap {
+		if k != "" {
+			certHandles = append(certHandles, k)
+		}
+	}
 	if len(certHandles) == 0 {
 		return certHandles, keyPairHandles
 	}
 
+	keyPairHandleMap := make(map[string]bool)
 	dependencies, _ := service.GetConcreteDependencies()
 	for i := range dependencies {
 		antecedent := &dependencies[i].Antecedent.ReferenceParameters
+		if antecedent.ResourceURI != `http://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicKeyCertificate` {
+			continue
+		}
 		dependent := &dependencies[i].Dependent.ReferenceParameters
+		if dependent.ResourceURI != `http://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicPrivateKeyPair` {
+			continue
+		}
 		for _, certHandle := range certHandles {
-			if antecedent.ResourceURI != `http://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicKeyCertificate` {
-				continue
-			}
 			if !antecedent.HasSelector("InstanceID", certHandle) {
 				continue
 			}
-			if dependent.ResourceURI == `http://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicPrivateKeyPair` {
-				handle := dependent.GetSelectorValue("InstanceID")
-				keyPairHandles = append(keyPairHandles, handle)
-			}
+			id := dependent.GetSelectorValue("InstanceID")
+			keyPairHandleMap[id] = true
+		}
+	}
+	for k := range keyPairHandleMap {
+		if k != "" {
+			keyPairHandles = append(keyPairHandles, k)
 		}
 	}
+
 	return certHandles, keyPairHandles
 }
 
@@ -212,13 +241,16 @@ func (service *ProvisioningService) ProcessWifiConfig(wifiCfg *config.WifiConfig
 func (service *ProvisioningService) ProcessIeee8012xConfig(profileName string, settings *models.IEEE8021xSettings, handles *Handles) int {
 
 	// find the matching configuration
-	var ieee8021xConfig *config.Ieee8021xConfig
+	var ieee8021xConfig config.Ieee8021xConfig
+	var found bool
 	for _, curCfg := range service.flags.LocalConfig.Ieee8021xConfigs {
 		if curCfg.ProfileName == profileName {
-			ieee8021xConfig = &curCfg
+			ieee8021xConfig = curCfg
+			found = true
+			break
 		}
 	}
-	if ieee8021xConfig == nil {
+	if !found {
 		log.Errorf("missing Ieee8021xConfig %s", profileName)
 		return utils.MissingIeee8021xConfiguration
 	}
@@ -302,9 +334,9 @@ func (service *ProvisioningService) RollbackAddedItems(handles *Handles) {
 		log.Trace(xmlMsg)
 		_, err := service.client.Post(xmlMsg)
 		if err != nil {
-			log.Errorf("failed deleting client certificate: %s", handles.privateKeyHandle)
+			log.Errorf("failed deleting private key: %s", handles.privateKeyHandle)
 		} else {
-			log.Debugf("successfully deleted client certificate: %s", handles.privateKeyHandle)
+			log.Debugf("successfully deleted private key: %s", handles.privateKeyHandle)
 		}
 	}
 	if handles.clientCertHandle != "" {
@@ -313,25 +345,31 @@ func (service *ProvisioningService) RollbackAddedItems(handles *Handles) {
 		log.Trace(xmlMsg)
 		_, err := service.client.Post(xmlMsg)
 		if err != nil {
-			log.Errorf("failed deleting client certificate: %s", handles.clientCertHandle)
+			log.Errorf("failed deleting client cert: %s", handles.clientCertHandle)
 		} else {
-			log.Debugf("successfully deleted client certificate: %s", handles.clientCertHandle)
+			log.Debugf("successfully deleted client cert: %s", handles.clientCertHandle)
 		}
 	}
 	if handles.rootCertHandle != "" {
-		log.Infof("rolling back client cert %s", handles.rootCertHandle)
+		log.Infof("rolling back root cert %s", handles.rootCertHandle)
 		xmlMsg := service.amtMessages.PublicKeyCertificate.Delete(handles.rootCertHandle)
 		log.Trace(xmlMsg)
 		_, err := service.client.Post(xmlMsg)
 		if err != nil {
-			log.Errorf("failed deleting client certificate: %s", handles.rootCertHandle)
+			log.Errorf("failed deleting root cert: %s", handles.rootCertHandle)
 		} else {
-			log.Debugf("successfully deleted client certificate: %s", handles.rootCertHandle)
+			log.Debugf("successfully deleted root cert: %s", handles.rootCertHandle)
 		}
 	}
 }
 
 func (service *ProvisioningService) AddTrustedRootCert(caCert string) (string, int) {
+	// check if this has been added already
+	for k, v := range service.handlesWithCerts {
+		if v == caCert {
+			return k, utils.Success
+		}
+	}
 	xmlMsg := service.amtMessages.PublicKeyManagementService.AddTrustedRootCertificate(caCert)
 	var rspEnv publickey.Response
 	resultCode := service.PostAndUnmarshal(xmlMsg, &rspEnv)
@@ -346,10 +384,17 @@ func (service *ProvisioningService) AddTrustedRootCert(caCert string) (string, i
 	if len(rspEnv.Body.AddTrustedRootCertificate_OUTPUT.CreatedCertificate.ReferenceParameters.SelectorSet.Selector) > 0 {
 		handle = rspEnv.Body.AddTrustedRootCertificate_OUTPUT.CreatedCertificate.ReferenceParameters.SelectorSet.Selector[0].Value
 	}
+	service.handlesWithCerts[handle] = caCert
 	return handle, utils.Success
 }
 
 func (service *ProvisioningService) AddClientCert(clientCert string) (string, int) {
+	// check if this has been added already
+	for k, v := range service.handlesWithCerts {
+		if v == clientCert {
+			return k, utils.Success
+		}
+	}
 	xmlMsg := service.amtMessages.PublicKeyManagementService.AddCertificate(clientCert)
 	var rspEnv publickey.Response
 	resultCode := service.PostAndUnmarshal(xmlMsg, &rspEnv)
@@ -364,10 +409,17 @@ func (service *ProvisioningService) AddClientCert(clientCert string) (string, in
 	if len(rspEnv.Body.AddTrustedCertificate_OUTPUT.CreatedCertificate.ReferenceParameters.SelectorSet.Selector) > 0 {
 		handle = rspEnv.Body.AddTrustedCertificate_OUTPUT.CreatedCertificate.ReferenceParameters.SelectorSet.Selector[0].Value
 	}
+	service.handlesWithCerts[handle] = clientCert
 	return handle, utils.Success
 }
 
 func (service *ProvisioningService) AddPrivateKey(privateKey string) (string, int) {
+	// check if this has been added already, but need the publik key of the pair
+	for k, v := range service.handlesWithCerts {
+		if v == privateKey {
+			return k, utils.Success
+		}
+	}
 	xmlMsg := service.amtMessages.PublicKeyManagementService.AddKey([]byte(privateKey))
 	var rspEnv publickey.Response
 	resultCode := service.PostAndUnmarshal(xmlMsg, &rspEnv)
@@ -382,6 +434,7 @@ func (service *ProvisioningService) AddPrivateKey(privateKey string) (string, in
 	if len(rspEnv.Body.AddKey_OUTPUT.CreatedKey.ReferenceParameters.SelectorSet.Selector) > 0 {
 		handle = rspEnv.Body.AddKey_OUTPUT.CreatedKey.ReferenceParameters.SelectorSet.Selector[0].Value
 	}
+	service.handlesWithCerts[handle] = privateKey
 	return handle, utils.Success
 }