From a946bf1f4d31420ae0963ea31574a91a5c44ac35 Mon Sep 17 00:00:00 2001 From: Tim Shockley Date: Tue, 5 Sep 2023 21:54:30 -0700 Subject: [PATCH] fix: addwifisettings - track added certs to prevent duplicates error --- CHANGELOG.md | 104 ++++++++++++++++++--- internal/local/configure.go | 93 ++++++++++++++----- internal/local/configure_test.go | 149 ++++++++++++++++++++++--------- internal/local/lps.go | 34 +++---- internal/local/lps_test.go | 1 - internal/local/utils_test.go | 14 ++- pkg/utils/constants.go | 2 +- 7 files changed, 298 insertions(+), 99 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cd86eebe..e6ce375f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,85 @@ - -## [2.11.0] - 2023-07-10 + +## [v2.14.1] - 2023-09-06 +### Fix +- addwifisettings - track added certs to prevent duplicates error + + +## [v2.14.0] - 2023-09-06 +### Build +- bump go-wsman-messages to v1.8.2 ([#205](https://github.com/open-amt-cloud-toolkit/rpc-go/issues/205)) +- **deps:** bump actions/checkout from 3.6.0 to 4.0.0 +- **deps:** bump aquasecurity/trivy-action +- **deps:** bump go-wsman-messages to v1.8.1 +- **deps:** bump cycjimmy/semantic-release-action from 3.4.2 to 4.0.0 +- **deps:** bump github/codeql-action from 2.21.4 to 2.21.5 +- **deps:** bump actions/checkout from 3.5.3 to 3.6.0 + +### Feat +- local wifi configuration + + +## [v2.13.1] - 2023-08-16 +### Build +- **deps:** bump github/codeql-action from 2.21.3 to 2.21.4 +- **deps:** bump docker/login-action from 1.6.0 to 2.2.0 + +### Ci +- push another image with a github tag + +### Fix +- update ProjectVersion to 2.13.0 + + +## [v2.13.0] - 2023-08-14 +### Build +- **deps:** bump github/codeql-action from 1.1.39 to 2.21.3 +- **deps:** bump step-security/harden-runner from 2.5.0 to 2.5.1 +- **deps:** bump aquasecurity/trivy-action +- **deps:** bump codecov/codecov-action from 3.1.3 to 3.1.4 +- **deps:** bump golang.org/x/sys from 0.10.0 to 0.11.0 +- **deps:** bump github.com/open-amt-cloud-toolkit/go-wsman-messages +- **deps:** bump actions/upload-artifact from 2.3.1 to 3.1.2 +- **deps:** bump golang from 1.20-alpine to 1.21-alpine +- **deps:** bump actions/checkout from 3.1.0 to 3.5.3 +- **deps:** bump actions/setup-dotnet from 2.1.1 to 3.2.0 +- **deps:** bump danhellem/github-actions-issue-to-work-item +- **deps:** bump wagoid/commitlint-github-action from 4.1.15 to 5.4.3 +- **deps:** bump actions/add-to-project from 0.3.0 to 0.5.0 +- **deps:** bump ossf/scorecard-action from 2.0.6 to 2.2.0 + +### Ci +- [StepSecurity] Apply security best practices +- adds release notes generator and github to semantic release + +### Feat +- activate in acm using local command + +### Refactor +- result codes ([#185](https://github.com/open-amt-cloud-toolkit/rpc-go/issues/185)) +- add configure command + + +## [v2.12.0] - 2023-07-27 +### Build +- **deps:** bump github.com/open-amt-cloud-toolkit/go-wsman-messages +- **deps:** bump github.com/ilyakaznacheev/cleanenv from 1.4.2 to 1.5.0 + +### Feat +- add local deactivation in ACM + +### Refactor +- move command execution out of flags package + + +## [v2.11.0] - 2023-07-14 +### Fix +- password not set correctly for ccm activate + +### Refactor +- **internal:** remove .parsed check + + +## [v2.11.0] - 2023-07-10 ### Build - update version to v2.11.0 - **deps:** bump golang.org/x/sys from 0.9.0 to 0.10.0 @@ -18,8 +98,8 @@ ### Refactor - simplify friendly name - -## [2.10.0] - 2023-06-16 + +## [v2.10.0] - 2023-06-16 ### Build - update version and changelog to v2.10.0 @@ -27,8 +107,8 @@ - adds AMT Features to amtinfo - support device friendly name - -## [2.9.1] - 2023-06-08 + +## [v2.9.1] - 2023-06-08 ### Build - update version and changelog to v2.9.1 - **deps:** bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 @@ -37,8 +117,8 @@ ### Fix - **internal:** GetOSDnsSuffixOS bug with docker desktop - -## [2.9.0] - 2023-05-25 + +## [v2.9.0] - 2023-05-25 ### Build - update version and changelog for v2.9.0 - **deps:** bump github.com/stretchr/testify from 1.8.2 to 1.8.3 @@ -55,8 +135,8 @@ ### Test - move flag tests to respective files for better organization - -## [2.8.0] - 2023-05-18 + +## [v2.8.0] - 2023-05-18 ### Build - update version to 2.8.0 and changelog - add tasks.json for vscode @@ -68,8 +148,8 @@ ### Feat - deactivate a device in CCM from RPC - -## [2.7.0] - 2023-05-04 + +## [v2.7.0] - 2023-05-04 ### Build - update version to 2.7.0, update changelogbuild: update version to 2.6.0, update changelog - update go to 1.20 diff --git a/internal/local/configure.go b/internal/local/configure.go index b4ddcdd5..152dcd8b 100644 --- a/internal/local/configure.go +++ b/internal/local/configure.go @@ -2,6 +2,7 @@ package local import ( "fmt" + "github.com/open-amt-cloud-toolkit/go-wsman-messages/pkg/amt/publicprivate" "regexp" "rpc/internal/config" "rpc/pkg/utils" @@ -24,6 +25,9 @@ func (service *ProvisioningService) Configure() int { } func (service *ProvisioningService) AddWifiSettings() int { + // start with fresh map + service.handlesWithCerts = make(map[string]string) + // PruneWifiConfigs is best effort // it will log error messages, but doesn't stop the configuration flow service.PruneWifiConfigs() @@ -79,12 +83,16 @@ func (service *ProvisioningService) PruneWifiIeee8021xCerts(certHandles []string resultCode := service.DeletePublicCert(handle) if resultCode != utils.Success { failedCertHandles = append(failedCertHandles, handle) + } else { + delete(service.handlesWithCerts, handle) } } for _, handle := range keyPairHandles { resultCode := service.DeletePublicPrivateKeyPair(handle) if resultCode != utils.Success { failedKeyPairHandles = append(failedKeyPairHandles, handle) + } else { + delete(service.handlesWithCerts, handle) } } return failedCertHandles, failedKeyPairHandles @@ -92,41 +100,62 @@ func (service *ProvisioningService) PruneWifiIeee8021xCerts(certHandles []string func (service *ProvisioningService) GetWifiIeee8021xCerts() (certHandles []string, keyPairHandles []string) { + var publicCerts []publickey.PublicKeyCertificate + service.GetPublicKeyCerts(&publicCerts) + var keyPairs []publicprivate.PublicPrivateKeyPair + service.GetPublicPrivateKeyPairs(&keyPairs) credentials, resultCode := service.GetCredentialRelationships() if resultCode != utils.Success { return certHandles, keyPairHandles } + certHandleMap := make(map[string]bool) for i := range credentials { inParams := &credentials[i].ElementInContext.ReferenceParameters providesPrams := &credentials[i].ElementProvidingContext.ReferenceParameters if providesPrams.ResourceURI == `http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_IEEE8021xSettings` { - handle := inParams.GetSelectorValue("InstanceID") - if handle != "" { - certHandles = append(certHandles, handle) + id := inParams.GetSelectorValue("InstanceID") + certHandleMap[id] = true + for j := range publicCerts { + if publicCerts[j].InstanceID == id { + service.handlesWithCerts[id] = publicCerts[j].X509Certificate + } } } } + for k := range certHandleMap { + if k != "" { + certHandles = append(certHandles, k) + } + } if len(certHandles) == 0 { return certHandles, keyPairHandles } + keyPairHandleMap := make(map[string]bool) dependencies, _ := service.GetConcreteDependencies() for i := range dependencies { antecedent := &dependencies[i].Antecedent.ReferenceParameters + if antecedent.ResourceURI != `http://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicKeyCertificate` { + continue + } dependent := &dependencies[i].Dependent.ReferenceParameters + if dependent.ResourceURI != `http://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicPrivateKeyPair` { + continue + } for _, certHandle := range certHandles { - if antecedent.ResourceURI != `http://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicKeyCertificate` { - continue - } if !antecedent.HasSelector("InstanceID", certHandle) { continue } - if dependent.ResourceURI == `http://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicPrivateKeyPair` { - handle := dependent.GetSelectorValue("InstanceID") - keyPairHandles = append(keyPairHandles, handle) - } + id := dependent.GetSelectorValue("InstanceID") + keyPairHandleMap[id] = true + } + } + for k := range keyPairHandleMap { + if k != "" { + keyPairHandles = append(keyPairHandles, k) } } + return certHandles, keyPairHandles } @@ -212,13 +241,16 @@ func (service *ProvisioningService) ProcessWifiConfig(wifiCfg *config.WifiConfig func (service *ProvisioningService) ProcessIeee8012xConfig(profileName string, settings *models.IEEE8021xSettings, handles *Handles) int { // find the matching configuration - var ieee8021xConfig *config.Ieee8021xConfig + var ieee8021xConfig config.Ieee8021xConfig + var found bool for _, curCfg := range service.flags.LocalConfig.Ieee8021xConfigs { if curCfg.ProfileName == profileName { - ieee8021xConfig = &curCfg + ieee8021xConfig = curCfg + found = true + break } } - if ieee8021xConfig == nil { + if !found { log.Errorf("missing Ieee8021xConfig %s", profileName) return utils.MissingIeee8021xConfiguration } @@ -302,9 +334,9 @@ func (service *ProvisioningService) RollbackAddedItems(handles *Handles) { log.Trace(xmlMsg) _, err := service.client.Post(xmlMsg) if err != nil { - log.Errorf("failed deleting client certificate: %s", handles.privateKeyHandle) + log.Errorf("failed deleting private key: %s", handles.privateKeyHandle) } else { - log.Debugf("successfully deleted client certificate: %s", handles.privateKeyHandle) + log.Debugf("successfully deleted private key: %s", handles.privateKeyHandle) } } if handles.clientCertHandle != "" { @@ -313,25 +345,31 @@ func (service *ProvisioningService) RollbackAddedItems(handles *Handles) { log.Trace(xmlMsg) _, err := service.client.Post(xmlMsg) if err != nil { - log.Errorf("failed deleting client certificate: %s", handles.clientCertHandle) + log.Errorf("failed deleting client cert: %s", handles.clientCertHandle) } else { - log.Debugf("successfully deleted client certificate: %s", handles.clientCertHandle) + log.Debugf("successfully deleted client cert: %s", handles.clientCertHandle) } } if handles.rootCertHandle != "" { - log.Infof("rolling back client cert %s", handles.rootCertHandle) + log.Infof("rolling back root cert %s", handles.rootCertHandle) xmlMsg := service.amtMessages.PublicKeyCertificate.Delete(handles.rootCertHandle) log.Trace(xmlMsg) _, err := service.client.Post(xmlMsg) if err != nil { - log.Errorf("failed deleting client certificate: %s", handles.rootCertHandle) + log.Errorf("failed deleting root cert: %s", handles.rootCertHandle) } else { - log.Debugf("successfully deleted client certificate: %s", handles.rootCertHandle) + log.Debugf("successfully deleted root cert: %s", handles.rootCertHandle) } } } func (service *ProvisioningService) AddTrustedRootCert(caCert string) (string, int) { + // check if this has been added already + for k, v := range service.handlesWithCerts { + if v == caCert { + return k, utils.Success + } + } xmlMsg := service.amtMessages.PublicKeyManagementService.AddTrustedRootCertificate(caCert) var rspEnv publickey.Response resultCode := service.PostAndUnmarshal(xmlMsg, &rspEnv) @@ -346,10 +384,17 @@ func (service *ProvisioningService) AddTrustedRootCert(caCert string) (string, i if len(rspEnv.Body.AddTrustedRootCertificate_OUTPUT.CreatedCertificate.ReferenceParameters.SelectorSet.Selector) > 0 { handle = rspEnv.Body.AddTrustedRootCertificate_OUTPUT.CreatedCertificate.ReferenceParameters.SelectorSet.Selector[0].Value } + service.handlesWithCerts[handle] = caCert return handle, utils.Success } func (service *ProvisioningService) AddClientCert(clientCert string) (string, int) { + // check if this has been added already + for k, v := range service.handlesWithCerts { + if v == clientCert { + return k, utils.Success + } + } xmlMsg := service.amtMessages.PublicKeyManagementService.AddCertificate(clientCert) var rspEnv publickey.Response resultCode := service.PostAndUnmarshal(xmlMsg, &rspEnv) @@ -364,10 +409,17 @@ func (service *ProvisioningService) AddClientCert(clientCert string) (string, in if len(rspEnv.Body.AddTrustedCertificate_OUTPUT.CreatedCertificate.ReferenceParameters.SelectorSet.Selector) > 0 { handle = rspEnv.Body.AddTrustedCertificate_OUTPUT.CreatedCertificate.ReferenceParameters.SelectorSet.Selector[0].Value } + service.handlesWithCerts[handle] = clientCert return handle, utils.Success } func (service *ProvisioningService) AddPrivateKey(privateKey string) (string, int) { + // check if this has been added already, but need the publik key of the pair + for k, v := range service.handlesWithCerts { + if v == privateKey { + return k, utils.Success + } + } xmlMsg := service.amtMessages.PublicKeyManagementService.AddKey([]byte(privateKey)) var rspEnv publickey.Response resultCode := service.PostAndUnmarshal(xmlMsg, &rspEnv) @@ -382,6 +434,7 @@ func (service *ProvisioningService) AddPrivateKey(privateKey string) (string, in if len(rspEnv.Body.AddKey_OUTPUT.CreatedKey.ReferenceParameters.SelectorSet.Selector) > 0 { handle = rspEnv.Body.AddKey_OUTPUT.CreatedKey.ReferenceParameters.SelectorSet.Selector[0].Value } + service.handlesWithCerts[handle] = privateKey return handle, utils.Success } diff --git a/internal/local/configure_test.go b/internal/local/configure_test.go index 6c1a3a89..41c60cdc 100644 --- a/internal/local/configure_test.go +++ b/internal/local/configure_test.go @@ -1,7 +1,8 @@ package local import ( - "github.com/open-amt-cloud-toolkit/go-wsman-messages/pkg/cim/concrete" + "github.com/open-amt-cloud-toolkit/go-wsman-messages/pkg/amt/publickey" + "github.com/open-amt-cloud-toolkit/go-wsman-messages/pkg/amt/publicprivate" "github.com/open-amt-cloud-toolkit/go-wsman-messages/pkg/cim/credential" "regexp" "rpc/internal/config" @@ -83,6 +84,25 @@ var ieee8021xCfgPEAPv0_EAPMSCHAPv2 = config.Ieee8021xConfig{ PrivateKey: "privateKey", } +func emptyPublicPrivateCertsResponsers(t *testing.T) ResponseFuncArray { + return ResponseFuncArray{ + respondMsgFunc(t, common.EnumerationResponse{}), + respondMsgFunc(t, publickey.PullResponseEnvelope{}), + respondMsgFunc(t, common.EnumerationResponse{}), + respondMsgFunc(t, publicprivate.PullResponseEnvelope{}), + } +} + +func emptyGetWifiIeee8021xCerts(t *testing.T) ResponseFuncArray { + return append( + emptyPublicPrivateCertsResponsers(t), + ResponseFuncArray{ + respondMsgFunc(t, common.EnumerationResponse{}), + respondMsgFunc(t, credential.ContextPullResponseEnvelope{}), + }..., + ) +} + func TestConfigure(t *testing.T) { f := &flags.Flags{} @@ -106,17 +126,16 @@ func TestAddWifiSettings(t *testing.T) { pcsRsp := wifiportconfiguration.Response{} pcsRsp.Body.WiFiPortConfigurationService.LocalProfileSynchronizationEnabled = 1 t.Run("expect Success on happy path", func(t *testing.T) { - rfa := ResponseFuncArray{ - respondMsgFunc(t, common.EnumerationResponse{}), - respondMsgFunc(t, credential.ContextPullResponseEnvelope{}), - respondMsgFunc(t, common.EnumerationResponse{}), - respondMsgFunc(t, concrete.DependencyPullResponseEnvelope{}), - respondMsgFunc(t, common.EnumerationResponse{}), - respondMsgFunc(t, wifi.PullResponseEnvelope{}), - respondMsgFunc(t, pcsRsp), - respondMsgFunc(t, wifi.RequestStateChangeResponse{}), - respondMsgFunc(t, wifiportconfiguration.AddWiFiSettingsResponse{}), - } + rfa := append( + emptyGetWifiIeee8021xCerts(t), + ResponseFuncArray{ + respondMsgFunc(t, common.EnumerationResponse{}), + respondMsgFunc(t, wifi.PullResponseEnvelope{}), + respondMsgFunc(t, pcsRsp), + respondMsgFunc(t, wifi.RequestStateChangeResponse{}), + respondMsgFunc(t, wifiportconfiguration.AddWiFiSettingsResponse{}), + }..., + ) lps := setupWsmanResponses(t, f, rfa) resultCode := lps.AddWifiSettings() assert.Equal(t, utils.Success, resultCode) @@ -205,11 +224,13 @@ func TestPruneWifiConfigs(t *testing.T) { f := &flags.Flags{} t.Run("expect Success when there are no configs", func(t *testing.T) { - rfa := ResponseFuncArray{ - respondServerErrFunc(), // no ieee8021x relationships - respondMsgFunc(t, common.EnumerationResponse{}), - respondMsgFunc(t, wifi.PullResponseEnvelope{}), - } + rfa := append( + emptyGetWifiIeee8021xCerts(t), + ResponseFuncArray{ + respondMsgFunc(t, common.EnumerationResponse{}), + respondMsgFunc(t, wifi.PullResponseEnvelope{}), + }..., + ) lps := setupWsmanResponses(t, f, rfa) errCode := lps.PruneWifiConfigs() assert.Equal(t, utils.Success, errCode) @@ -219,14 +240,16 @@ func TestPruneWifiConfigs(t *testing.T) { pullEnvelope.Body.PullResponse.Items = append(pullEnvelope.Body.PullResponse.Items, wifi.CIMWiFiEndpointSettings{InstanceID: "Config1"}) pullEnvelope.Body.PullResponse.Items = append(pullEnvelope.Body.PullResponse.Items, wifi.CIMWiFiEndpointSettings{InstanceID: "Config2"}) pullEnvelope.Body.PullResponse.Items = append(pullEnvelope.Body.PullResponse.Items, wifi.CIMWiFiEndpointSettings{InstanceID: ""}) - rfa := ResponseFuncArray{ - respondServerErrFunc(), // no ieee8021x relationships - respondMsgFunc(t, common.EnumerationResponse{}), - respondMsgFunc(t, pullEnvelope), - respondMsgFunc(t, "Config1 Deleted"), - respondMsgFunc(t, "Config2 Deleted"), - respondServerErrFunc(), // this one should NOT get called - } + rfa := append( + emptyGetWifiIeee8021xCerts(t), + ResponseFuncArray{ + respondMsgFunc(t, common.EnumerationResponse{}), + respondMsgFunc(t, pullEnvelope), + respondMsgFunc(t, "Config1 Deleted"), + respondMsgFunc(t, "Config2 Deleted"), + respondServerErrFunc(), // this one should NOT get called + }..., + ) lps := setupWsmanResponses(t, f, rfa) errCode := lps.PruneWifiConfigs() assert.Equal(t, utils.Success, errCode) @@ -235,22 +258,26 @@ func TestPruneWifiConfigs(t *testing.T) { pullEnvelope := wifi.PullResponseEnvelope{} pullEnvelope.Body.PullResponse.Items = append(pullEnvelope.Body.PullResponse.Items, wifi.CIMWiFiEndpointSettings{InstanceID: "Config1"}) pullEnvelope.Body.PullResponse.Items = append(pullEnvelope.Body.PullResponse.Items, wifi.CIMWiFiEndpointSettings{InstanceID: "Config2"}) - rfa := ResponseFuncArray{ - respondServerErrFunc(), // no ieee8021x relationships - respondMsgFunc(t, common.EnumerationResponse{}), - respondMsgFunc(t, pullEnvelope), - respondMsgFunc(t, "Config1 Deleted"), - respondServerErrFunc(), - } + rfa := append( + emptyGetWifiIeee8021xCerts(t), + ResponseFuncArray{ + respondMsgFunc(t, common.EnumerationResponse{}), + respondMsgFunc(t, pullEnvelope), + respondMsgFunc(t, "Config1 Deleted"), + respondServerErrFunc(), + }..., + ) lps := setupWsmanResponses(t, f, rfa) errCode := lps.PruneWifiConfigs() assert.Equal(t, utils.DeleteWifiConfigFailed, errCode) }) t.Run("expect WSMANMessageError error on EnumPullUnmarshal", func(t *testing.T) { - rfa := ResponseFuncArray{ - respondServerErrFunc(), // no ieee8021x relationships - respondServerErrFunc(), - } + rfa := append( + emptyGetWifiIeee8021xCerts(t), + ResponseFuncArray{ + respondServerErrFunc(), + }..., + ) lps := setupWsmanResponses(t, f, rfa) errCode := lps.PruneWifiConfigs() assert.Equal(t, utils.WSMANMessageError, errCode) @@ -261,13 +288,13 @@ func TestPruneIeee8012xConfig(t *testing.T) { f := &flags.Flags{} certHandles := []string{"handle 1", "handle 2"} keyPairHandles := []string{"handle 3", "handle 4"} - r := ResponseFuncArray{ + rfa := ResponseFuncArray{ respondMsgFunc(t, "Deleted"), respondServerErrFunc(), respondMsgFunc(t, "Deleted"), respondServerErrFunc(), } - lps := setupWsmanResponses(t, f, r) + lps := setupWsmanResponses(t, f, rfa) failCerts, failKeyPairs := lps.PruneWifiIeee8021xCerts(certHandles, keyPairHandles) assert.NotEmpty(t, failCerts) assert.Equal(t, "handle 2", failCerts[0]) @@ -280,16 +307,31 @@ func TestGetWifiIeee8021xCerts(t *testing.T) { re := regexp.MustCompile(enumCtxElement) relationshipsEOS := re.ReplaceAllString(credCtxPullRspString, endOfSequenceElement) dependenciesEOS := re.ReplaceAllString(concreteDependencyPullRspString, endOfSequenceElement) - r := ResponseFuncArray{ + // make a puclickey response to match the credCtx + instanceId := "Intel(r) AMT Certificate: Handle: 1" + x509CertString := "ThisIsJustFakeCertBytes" + pkPullRspEnv := publickey.PullResponseEnvelope{} + pkPullRspEnv.Body.PullResponse.Items = []publickey.PublicKeyCertificate{ + { + InstanceID: instanceId, + X509Certificate: x509CertString, + }, + } + rfa := ResponseFuncArray{ + respondMsgFunc(t, common.EnumerationResponse{}), + respondMsgFunc(t, pkPullRspEnv), + respondMsgFunc(t, common.EnumerationResponse{}), + respondMsgFunc(t, publicprivate.PullResponseEnvelope{}), respondMsgFunc(t, common.EnumerationResponse{}), respondStringFunc(t, relationshipsEOS), respondMsgFunc(t, common.EnumerationResponse{}), respondStringFunc(t, dependenciesEOS), } - lps := setupWsmanResponses(t, f, r) + lps := setupWsmanResponses(t, f, rfa) certHandles, keyPairHandles := lps.GetWifiIeee8021xCerts() assert.Equal(t, 2, len(certHandles)) assert.Equal(t, 1, len(keyPairHandles)) + assert.Equal(t, x509CertString, lps.handlesWithCerts[instanceId]) } func TestProcessIeee8012xConfig(t *testing.T) { @@ -518,6 +560,15 @@ func TestAddTrustedRootCert(t *testing.T) { assert.Equal(t, expected, resultCode) assert.Empty(t, handle) }) + t.Run("expect success when credential already added", func(t *testing.T) { + lps := setupWsmanResponses(t, f, ResponseFuncArray{}) + instanceId := `Intel® AMT XXXCertYYYkey: Handle: 1` + associatedCredential := `THISISAFAKECERTSTRING` + lps.handlesWithCerts[instanceId] = associatedCredential + handle, resultCode := lps.AddTrustedRootCert(associatedCredential) + assert.Equal(t, utils.Success, resultCode) + assert.Equal(t, instanceId, handle) + }) } func TestAddClientCert(t *testing.T) { @@ -545,6 +596,15 @@ func TestAddClientCert(t *testing.T) { assert.Equal(t, expected, resultCode) assert.Empty(t, handle) }) + t.Run("expect success when credential already added", func(t *testing.T) { + lps := setupWsmanResponses(t, f, ResponseFuncArray{}) + instanceId := `Intel® AMT XXXCertYYYkey: Handle: 1` + associatedCredential := `THISISAFAKECERTSTRING` + lps.handlesWithCerts[instanceId] = associatedCredential + handle, resultCode := lps.AddClientCert(associatedCredential) + assert.Equal(t, utils.Success, resultCode) + assert.Equal(t, instanceId, handle) + }) } func TestAddPrivateKey(t *testing.T) { @@ -572,6 +632,15 @@ func TestAddPrivateKey(t *testing.T) { assert.Equal(t, expected, resultCode) assert.Empty(t, handle) }) + t.Run("expect success when credential already added", func(t *testing.T) { + lps := setupWsmanResponses(t, f, ResponseFuncArray{}) + instanceId := `Intel® AMT XXXCertYYYkey: Handle: 1` + associatedCredential := `THISISAFAKECERTSTRING` + lps.handlesWithCerts[instanceId] = associatedCredential + handle, resultCode := lps.AddPrivateKey(associatedCredential) + assert.Equal(t, utils.Success, resultCode) + assert.Equal(t, instanceId, handle) + }) } func TestCheckReturnValue(t *testing.T) { diff --git a/internal/local/lps.go b/internal/local/lps.go index bf395186..9bc4c9b8 100644 --- a/internal/local/lps.go +++ b/internal/local/lps.go @@ -12,28 +12,30 @@ import ( ) type ProvisioningService struct { - flags *flags.Flags - serverURL string - client *wsman.Client - config *config.Config - amtCommand internalAMT.Interface - amtMessages amt.Messages - cimMessages cim.Messages - ipsMessages ips.Messages + flags *flags.Flags + serverURL string + client *wsman.Client + config *config.Config + amtCommand internalAMT.Interface + amtMessages amt.Messages + cimMessages cim.Messages + ipsMessages ips.Messages + handlesWithCerts map[string]string } func NewProvisioningService(flags *flags.Flags) ProvisioningService { // supports unit testing serverURL := "http://" + utils.LMSAddress + ":" + utils.LMSPort + "/wsman" return ProvisioningService{ - flags: flags, - client: nil, - serverURL: serverURL, - config: &flags.LocalConfig, - amtCommand: internalAMT.NewAMTCommand(), - amtMessages: amt.NewMessages(), - cimMessages: cim.NewMessages(), - ipsMessages: ips.NewMessages(), + flags: flags, + client: nil, + serverURL: serverURL, + config: &flags.LocalConfig, + amtCommand: internalAMT.NewAMTCommand(), + amtMessages: amt.NewMessages(), + cimMessages: cim.NewMessages(), + ipsMessages: ips.NewMessages(), + handlesWithCerts: make(map[string]string), } } diff --git a/internal/local/lps_test.go b/internal/local/lps_test.go index 505d5090..341734e0 100644 --- a/internal/local/lps_test.go +++ b/internal/local/lps_test.go @@ -83,7 +83,6 @@ var mockUnprovisionErr error = nil func (c MockAMT) Unprovision() (int, error) { return mockUnprovisionCode, mockUnprovisionErr } -// TODO: remove these when local-acm-activation branch is available in main type ResponseFuncArray []func(w http.ResponseWriter, r *http.Request) func setupWsmanResponses(t *testing.T, f *flags.Flags, responses ResponseFuncArray) ProvisioningService { diff --git a/internal/local/utils_test.go b/internal/local/utils_test.go index f9511a14..9fe6cf65 100644 --- a/internal/local/utils_test.go +++ b/internal/local/utils_test.go @@ -350,22 +350,18 @@ var concreteDependencyPullRspString = ` http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous - http://intel.com/wbem/wscim/1/amt-schema/1/AMT_AssetTableService + http://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicKeyCertificate - AMT_AssetTableService - Intel(r) AMT Asset Table Service - CIM_ComputerSystem - Intel(r) AMT + Intel(r) AMT Certificate: Handle: 1 http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous - http://intel.com/wbem/wscim/1/amt-schema/1/AMT_AssetTable + http://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicPrivateKeyPair - 1 - 130 + Intel(r) AMT Key: Handle: 0 @@ -383,7 +379,7 @@ var concreteDependencyPullRspString = ` http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous - http://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicPrivateKeyPair + http://intel.com/wbem/wscim/1/amt-schema/1/AMT_SOME_UNHANDLED_RESOURCE_FOR_TESTING Intel(r) AMT Key: Handle: 0 diff --git a/pkg/utils/constants.go b/pkg/utils/constants.go index 0690b109..d401639e 100644 --- a/pkg/utils/constants.go +++ b/pkg/utils/constants.go @@ -8,7 +8,7 @@ const ( // ProjectName is the name of the executable ProjectName = "rpc" // ProjectVersion is the full version of this executable - ProjectVersion = "2.14.0" + ProjectVersion = "2.14.1" ProtocolVersion = "4.0.0" // ClientName is the name of the exectable ClientName = "RPC"