2024-06-07 02:51:12 +00:00
|
|
|
package apcssh
|
|
|
|
|
2024-06-07 02:51:12 +00:00
|
|
|
import (
|
2024-07-09 23:05:14 +00:00
|
|
|
"errors"
|
2024-06-07 02:51:12 +00:00
|
|
|
"fmt"
|
|
|
|
"strings"
|
|
|
|
)
|
2024-06-07 02:51:12 +00:00
|
|
|
|
2024-07-09 23:05:14 +00:00
|
|
|
var errSSLMissingData = errors.New("apcssh: ssl cert install: cant install nil data (unsupported key/nmc version/nmc firmware combo?)")
|
|
|
|
|
2024-06-07 02:51:12 +00:00
|
|
|
// InstallSSLCert installs the specified p15 key and p15 cert files on the
|
|
|
|
// UPS. It has logic to deduce if the NMC is a newer version (e.g., NMC3 with
|
|
|
|
// newer firmware) and acts accordingly.
|
|
|
|
func (cli *Client) InstallSSLCert(keyP15 []byte, certPem []byte, keyCertP15 []byte) error {
|
|
|
|
// run `ssl` command to check if it exists
|
|
|
|
result, err := cli.cmd("ssl")
|
|
|
|
if err != nil {
|
2024-06-19 23:56:16 +00:00
|
|
|
return fmt.Errorf("apcssh: ssl cert install: failed to test ssl cmd (%w)", err)
|
2024-06-07 02:51:12 +00:00
|
|
|
}
|
|
|
|
// E101 is the code for "Command Not Found"
|
2024-06-19 01:30:39 +00:00
|
|
|
supportsSSLCmd := !strings.EqualFold(result.code, "e101")
|
2024-06-07 02:51:12 +00:00
|
|
|
|
|
|
|
// if SSL is supported, use that method
|
|
|
|
if supportsSSLCmd {
|
|
|
|
return cli.installSSLCertModern(keyP15, certPem)
|
|
|
|
}
|
|
|
|
|
|
|
|
// fallback to legacy
|
|
|
|
return cli.installSSLCertLegacy(keyCertP15)
|
|
|
|
}
|
|
|
|
|
|
|
|
// installSSLCertModern installs the SSL key and certificate using the UPS built-in
|
|
|
|
// command `ssl`. This command is not present on older devices (e.g., NMC2) or firmwares.
|
|
|
|
func (cli *Client) installSSLCertModern(keyP15 []byte, certPem []byte) error {
|
2024-07-09 23:05:14 +00:00
|
|
|
// fail if required data isn't present
|
|
|
|
if keyP15 == nil || len(keyP15) <= 0 || certPem == nil || len(certPem) <= 0 {
|
|
|
|
return errSSLMissingData
|
|
|
|
}
|
|
|
|
|
2024-06-07 02:51:12 +00:00
|
|
|
// upload the key P15 file
|
|
|
|
err := cli.UploadSCP("/ssl/nmc.key", keyP15, 0600)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("apcssh: ssl cert install: failed to send nmc.key file to ups over scp (%w)", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// upload the cert PEM file
|
|
|
|
err = cli.UploadSCP("/ssl/nmc.crt", certPem, 0666)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("apcssh: ssl cert install: failed to send nmc.key file to ups over scp (%w)", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// run `ssl` install commands
|
|
|
|
result, err := cli.cmd("ssl key -i /ssl/nmc.key")
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("apcssh: ssl cert install: failed to send ssl key install cmd (%w)", err)
|
2024-06-19 23:56:16 +00:00
|
|
|
} else if !strings.EqualFold(result.code, "e000") {
|
2024-06-07 02:51:12 +00:00
|
|
|
return fmt.Errorf("apcssh: ssl cert install: ssl key install cmd returned error code (%s: %s)", result.code, result.codeText)
|
|
|
|
}
|
|
|
|
|
|
|
|
result, err = cli.cmd("ssl cert -i /ssl/nmc.crt")
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("apcssh: ssl cert install: failed to send ssl cert install cmd (%w)", err)
|
2024-06-19 23:56:16 +00:00
|
|
|
} else if !strings.EqualFold(result.code, "e000") {
|
2024-06-07 02:51:12 +00:00
|
|
|
return fmt.Errorf("apcssh: ssl cert install: ssl cert install cmd returned error code (%s: %s)", result.code, result.codeText)
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// installSSLCertLegacy installs the SSL key and certificate by directly uploading
|
|
|
|
// them to a .p15 file on the UPS. This is used for older devices (e.g., NMC2) and
|
|
|
|
// firmwares that do not support the `ssl` command.
|
|
|
|
func (cli *Client) installSSLCertLegacy(keyCertP15 []byte) error {
|
2024-07-09 23:05:14 +00:00
|
|
|
// fail if required data isn't present
|
|
|
|
if keyCertP15 == nil || len(keyCertP15) <= 0 {
|
|
|
|
return errSSLMissingData
|
|
|
|
}
|
|
|
|
|
2024-06-07 02:51:12 +00:00
|
|
|
// upload/install keyCert P15 file
|
2024-06-07 02:51:12 +00:00
|
|
|
err := cli.UploadSCP("/ssl/defaultcert.p15", keyCertP15, 0600)
|
|
|
|
if err != nil {
|
2024-06-07 02:51:12 +00:00
|
|
|
return fmt.Errorf("apcssh: ssl cert install: failed to send defaultcert.p15 file to ups over scp (%w)", err)
|
2024-06-07 02:51:12 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|