From 3f754ecc7f8cc877105e7ba69ffdb873a975ace3 Mon Sep 17 00:00:00 2001 From: madhavilosetty-intel Date: Wed, 7 Aug 2024 07:07:33 -0700 Subject: [PATCH] feat: prunes wired and tls configs when adding new ones --- internal/local/Certificates.go | 287 ++++++++++++++++++++++++++++ internal/local/Certificates_test.go | 182 ++++++++++++++++++ internal/local/amt/wsman.go | 33 ++-- internal/local/ethernet.go | 154 +++++++++------ internal/local/ethernet_test.go | 4 +- internal/local/info.go | 2 +- internal/local/lps_test.go | 135 ++++++------- internal/local/opstate_test.go | 4 +- internal/local/tls.go | 76 +++++++- internal/local/tls_test.go | 10 +- internal/local/utils.go | 3 +- internal/local/wifi.go | 195 +++---------------- internal/local/wifi_test.go | 88 ++------- internal/local/windows.go | 2 +- pkg/utils/constants.go | 4 +- 15 files changed, 788 insertions(+), 391 deletions(-) create mode 100644 internal/local/Certificates.go create mode 100644 internal/local/Certificates_test.go diff --git a/internal/local/Certificates.go b/internal/local/Certificates.go new file mode 100644 index 00000000..c6ef363b --- /dev/null +++ b/internal/local/Certificates.go @@ -0,0 +1,287 @@ +package local + +import ( + "reflect" + "rpc/pkg/utils" + "strings" + + "github.com/open-amt-cloud-toolkit/go-wsman-messages/v2/pkg/wsman/amt/publickey" + "github.com/open-amt-cloud-toolkit/go-wsman-messages/v2/pkg/wsman/amt/publicprivate" + "github.com/open-amt-cloud-toolkit/go-wsman-messages/v2/pkg/wsman/cim/concrete" + "github.com/open-amt-cloud-toolkit/go-wsman-messages/v2/pkg/wsman/cim/credential" + log "github.com/sirupsen/logrus" +) + +const ( + TypeWireless string = "Wireless" + TypeTLS string = "TLS" + TypeWired string = "Wired" +) + +type ( + SecuritySettings struct { + ProfileAssociation []ProfileAssociation `json:"ProfileAssociation"` + Certificates interface{} `json:"Certificates"` + Keys interface{} `json:"PublicKeys"` + } + + ProfileAssociation struct { + Type string `json:"Type"` + ProfileID string `json:"ProfileID"` + RootCertificate interface{} `json:"RootCertificate,omitempty"` + ClientCertificate interface{} `json:"ClientCertificate,omitempty"` + Key interface{} `json:"PublicKey,omitempty"` + } + Certificates struct { + ConcreteDependencyResponse []concrete.ConcreteDependency + PublicKeyCertificateResponse []publickey.RefinedPublicKeyCertificateResponse + PublicPrivateKeyPairResponse []publicprivate.RefinedPublicPrivateKeyPair + CIMCredentialContextResponse credential.Items + } +) + +func (service *ProvisioningService) PruneCerts() error { + getCertificateResponse, err := service.GetCertificates() + if err != nil { + return nil + } + + for i := range getCertificateResponse.Certificates.([]publickey.RefinedPublicKeyCertificateResponse) { + cert := getCertificateResponse.Certificates.([]publickey.RefinedPublicKeyCertificateResponse)[i] + if cert.AssociatedProfiles == nil { + err := service.interfacedWsmanMessage.DeletePublicCert(cert.InstanceID) + if err != nil { + log.Debugf("unable to delete: %s %s", cert.InstanceID, err) + } + } + } + + for i := range getCertificateResponse.Keys.([]publicprivate.RefinedPublicPrivateKeyPair) { + key := getCertificateResponse.Keys.([]publicprivate.RefinedPublicPrivateKeyPair)[i] + if key.CertificateHandle == "" { + err := service.interfacedWsmanMessage.DeletePublicPrivateKeyPair(key.InstanceID) + if err != nil { + log.Debugf("unable to delete: %s %s", key.InstanceID, err) + } + } + } + return nil +} + +func (service *ProvisioningService) GetCertificates() (SecuritySettings, error) { + concreteDepResponse, err := service.interfacedWsmanMessage.GetConcreteDependencies() + if err != nil { + return SecuritySettings{}, err + } + + pubKeyCertResponse, err := service.interfacedWsmanMessage.GetPublicKeyCerts() + if err != nil { + return SecuritySettings{}, err + } + + pubPrivKeyPairResponse, err := service.interfacedWsmanMessage.GetPublicPrivateKeyPairs() + if err != nil { + return SecuritySettings{}, err + } + + credentialResponse, err := service.interfacedWsmanMessage.GetCredentialRelationships() + if err != nil { + return SecuritySettings{}, err + } + + certificates := Certificates{ + ConcreteDependencyResponse: concreteDepResponse, + PublicKeyCertificateResponse: pubKeyCertResponse, + PublicPrivateKeyPairResponse: pubPrivKeyPairResponse, + CIMCredentialContextResponse: credentialResponse, + } + + securitySettings := SecuritySettings{ + Certificates: certificates.PublicKeyCertificateResponse, + Keys: certificates.PublicPrivateKeyPairResponse, + } + + if !reflect.DeepEqual(certificates.CIMCredentialContextResponse, credential.PullResponse{}) { + processCertificates(certificates.CIMCredentialContextResponse.CredentialContextTLS, certificates, TypeTLS, &securitySettings) + processCertificates(certificates.CIMCredentialContextResponse.CredentialContext, certificates, TypeWireless, &securitySettings) + processCertificates(certificates.CIMCredentialContextResponse.CredentialContext8021x, certificates, TypeWired, &securitySettings) + } + + return securitySettings, nil +} + +func processConcreteDependencies(certificateHandle string, profileAssociation *ProfileAssociation, dependancyItems []concrete.ConcreteDependency, keyPairItems []publicprivate.RefinedPublicPrivateKeyPair) { + for x := range dependancyItems { + if dependancyItems[x].Antecedent.ReferenceParameters.SelectorSet.Selectors[0].Text != certificateHandle { + continue + } + + keyHandle := dependancyItems[x].Dependent.ReferenceParameters.SelectorSet.Selectors[0].Text + + for i := range keyPairItems { + if keyPairItems[i].InstanceID == keyHandle { + profileAssociation.Key = keyPairItems[i] + + break + } + } + } +} + +func buildCertificateAssociations(profileAssociation ProfileAssociation, securitySettings *SecuritySettings) { + var publicKeyHandle string + + // If a client cert, update the associated public key w/ the cert's handle + if profileAssociation.ClientCertificate != nil { + // Loop thru public keys looking for the one that matches the current profileAssociation's key + for i, existingKeyPair := range securitySettings.Keys.([]publicprivate.RefinedPublicPrivateKeyPair) { + // If found update that key with the profileAssociation's certificate handle + if existingKeyPair.InstanceID == profileAssociation.Key.(publicprivate.RefinedPublicPrivateKeyPair).InstanceID { + securitySettings.Keys.([]publicprivate.RefinedPublicPrivateKeyPair)[i].CertificateHandle = profileAssociation.ClientCertificate.(publickey.RefinedPublicKeyCertificateResponse).InstanceID + // save this public key handle since we know it pairs with the profileAssociation's certificate + publicKeyHandle = securitySettings.Keys.([]publicprivate.RefinedPublicPrivateKeyPair)[i].InstanceID + + break + } + } + } + + // Loop thru certificates looking for the one that matches the current profileAssociation's certificate and append profile name + for i := range securitySettings.Certificates.([]publickey.RefinedPublicKeyCertificateResponse) { + if (profileAssociation.ClientCertificate != nil && securitySettings.Certificates.([]publickey.RefinedPublicKeyCertificateResponse)[i].InstanceID == profileAssociation.ClientCertificate.(publickey.RefinedPublicKeyCertificateResponse).InstanceID) || + (profileAssociation.RootCertificate != nil && securitySettings.Certificates.([]publickey.RefinedPublicKeyCertificateResponse)[i].InstanceID == profileAssociation.RootCertificate.(publickey.RefinedPublicKeyCertificateResponse).InstanceID) { + // if client cert found, associate the previously found key handle with it + if !securitySettings.Certificates.([]publickey.RefinedPublicKeyCertificateResponse)[i].TrustedRootCertificate { + securitySettings.Certificates.([]publickey.RefinedPublicKeyCertificateResponse)[i].PublicKeyHandle = publicKeyHandle + } + + securitySettings.Certificates.([]publickey.RefinedPublicKeyCertificateResponse)[i].AssociatedProfiles = append(securitySettings.Certificates.([]publickey.RefinedPublicKeyCertificateResponse)[i].AssociatedProfiles, profileAssociation.ProfileID) + + break + } + } +} + +func buildProfileAssociations(certificateHandle string, profileAssociation *ProfileAssociation, response Certificates, securitySettings *SecuritySettings) { + isNewProfileAssociation := true + + for idx := range response.PublicKeyCertificateResponse { + if response.PublicKeyCertificateResponse[idx].InstanceID != certificateHandle { + continue + } + + if response.PublicKeyCertificateResponse[idx].TrustedRootCertificate { + profileAssociation.RootCertificate = response.PublicKeyCertificateResponse[idx] + + continue + } + + profileAssociation.ClientCertificate = response.PublicKeyCertificateResponse[idx] + + processConcreteDependencies(certificateHandle, profileAssociation, response.ConcreteDependencyResponse, response.PublicPrivateKeyPairResponse) + } + + // Check if the certificate is already in the list + for idx := range securitySettings.ProfileAssociation { + if !(securitySettings.ProfileAssociation[idx].ProfileID == profileAssociation.ProfileID) { + continue + } + + if profileAssociation.RootCertificate != nil { + securitySettings.ProfileAssociation[idx].RootCertificate = profileAssociation.RootCertificate + } + + if profileAssociation.ClientCertificate != nil { + securitySettings.ProfileAssociation[idx].ClientCertificate = profileAssociation.ClientCertificate + } + + if profileAssociation.Key != nil { + securitySettings.ProfileAssociation[idx].Key = profileAssociation.Key + } + + isNewProfileAssociation = false + + break + } + + // If the profile is not in the list, add it + if isNewProfileAssociation { + securitySettings.ProfileAssociation = append(securitySettings.ProfileAssociation, *profileAssociation) + } +} + +func processCertificates(contextItems []credential.CredentialContext, response Certificates, profileType string, securitySettings *SecuritySettings) { + for idx := range contextItems { + var profileAssociation ProfileAssociation + + profileAssociation.Type = profileType + profileAssociation.ProfileID = strings.TrimPrefix(contextItems[idx].ElementProvidingContext.ReferenceParameters.SelectorSet.Selectors[0].Text, "Intel(r) AMT:IEEE 802.1x Settings ") + certificateHandle := contextItems[idx].ElementInContext.ReferenceParameters.SelectorSet.Selectors[0].Text + + buildProfileAssociations(certificateHandle, &profileAssociation, response, securitySettings) + buildCertificateAssociations(profileAssociation, securitySettings) + } +} + +func (service *ProvisioningService) GetPrivateKeyHandle(securitySettings SecuritySettings, privateKey string) (privateKeyHandle string, err error) { + privateKeyHandle, err = service.interfacedWsmanMessage.AddPrivateKey(privateKey) + if err != nil && strings.Contains(err.Error(), "already exists") { + for i := range securitySettings.Keys.([]publicprivate.RefinedPublicPrivateKeyPair) { + key := securitySettings.Keys.([]publicprivate.RefinedPublicPrivateKeyPair)[i] + if key.DERKey == privateKey { + privateKeyHandle = key.InstanceID + service.handlesWithCerts[privateKeyHandle] = privateKey //TODO: remove if not necessary + return privateKeyHandle, nil + } + } + if privateKeyHandle == "" { + return "", utils.GenericFailure + } + } else if err != nil { + return "", err + } + service.handlesWithCerts[privateKeyHandle] = privateKey //TODO: remove if not necessary + return privateKeyHandle, nil +} + +func (service *ProvisioningService) GetClientCertHandle(securitySettings SecuritySettings, clientCert string) (clientCertHandle string, err error) { + clientCertHandle, err = service.interfacedWsmanMessage.AddClientCert(clientCert) + if err != nil && strings.Contains(err.Error(), "already exists") { + for i := range securitySettings.Certificates.([]publickey.RefinedPublicKeyCertificateResponse) { + cert := securitySettings.Certificates.([]publickey.RefinedPublicKeyCertificateResponse)[i] + if !cert.TrustedRootCertificate && cert.X509Certificate == clientCert { + clientCertHandle = cert.InstanceID + service.handlesWithCerts[clientCertHandle] = clientCert //TODO: remove if not necessary + return clientCertHandle, nil + } + } + if clientCertHandle == "" { + return "", utils.GenericFailure + } + } else if err != nil { + return "", err + } + service.handlesWithCerts[clientCertHandle] = clientCert //TODO: remove if not necessary + return clientCertHandle, err +} + +func (service *ProvisioningService) GetTrustedRootCertHandle(securitySettings SecuritySettings, caCert string) (rootCertHandle string, err error) { + rootCertHandle, err = service.interfacedWsmanMessage.AddTrustedRootCert(caCert) + if err != nil && strings.Contains(err.Error(), "already exists") { + for i := range securitySettings.Certificates.([]publickey.RefinedPublicKeyCertificateResponse) { + cert := securitySettings.Certificates.([]publickey.RefinedPublicKeyCertificateResponse)[i] + if cert.TrustedRootCertificate && cert.X509Certificate == caCert { + rootCertHandle = cert.InstanceID + service.handlesWithCerts[rootCertHandle] = caCert //TODO: remove if not necessary + return rootCertHandle, nil + } + } + if rootCertHandle == "" { + return "", utils.GenericFailure + } + } else if err != nil { + return "", err + } + service.handlesWithCerts[rootCertHandle] = caCert //TODO: remove if not necessary + return rootCertHandle, nil +} diff --git a/internal/local/Certificates_test.go b/internal/local/Certificates_test.go new file mode 100644 index 00000000..f288c786 --- /dev/null +++ b/internal/local/Certificates_test.go @@ -0,0 +1,182 @@ +package local + +import ( + // "encoding/xml" + "rpc/internal/flags" + "testing" + + "github.com/open-amt-cloud-toolkit/go-wsman-messages/v2/pkg/wsman/amt/publickey" + "github.com/open-amt-cloud-toolkit/go-wsman-messages/v2/pkg/wsman/amt/publicprivate" + // "github.com/open-amt-cloud-toolkit/go-wsman-messages/v2/pkg/wsman/cim/credential" + // "github.com/open-amt-cloud-toolkit/go-wsman-messages/v2/pkg/wsman/cim/models" + "github.com/stretchr/testify/assert" +) + +func TestPruneCerts(t *testing.T) { + tests := []struct { + name string + expectedError bool + }{ + { + name: "successful pruning", + expectedError: false, + }, + } + + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + f := &flags.Flags{} + mockAMT := new(MockAMT) + mockWsman := new(MockWSMAN) + service := NewProvisioningService(f) + service.amtCommand = mockAMT + service.interfacedWsmanMessage = mockWsman + + service.PruneCerts() + }) + } +} + +type test struct { + name string + setupMocks func(*MockWSMAN) + res any + err error +} + +func TestGetCertificates(t *testing.T) { + tests := []test{ + { + name: "success", + setupMocks: func(mock *MockWSMAN) { + }, + res: SecuritySettings{ + ProfileAssociation: []ProfileAssociation(nil), + Certificates: publickey.RefinedPullResponse{ + KeyManagementItems: []publickey.RefinedKeyManagementResponse(nil), + PublicKeyCertificateItems: []publickey.RefinedPublicKeyCertificateResponse(nil), + }, + Keys: publicprivate.RefinedPullResponse{ + PublicPrivateKeyPairItems: []publicprivate.RefinedPublicPrivateKeyPair(nil), + }, + }, + err: nil, + }, + // { + // name: "success with CIMCredentialContext", + // action: 0, + // setupMocks: func(mock *MockWSMAN) { + // man2.EXPECT(). + // GetCertificates(). + // Return(Certificates{ + // CIMCredentialContextResponse: credential.Items{ + // CredentialContextTLS: []credential.CredentialContext{ + // { + // ElementInContext: models.AssociationReference{ + // Address: "http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous", + // ReferenceParameters: models.ReferenceParametersNoNamespace{ + // XMLName: xml.Name{ + // Space: "http://schemas.xmlsoap.org/ws/2004/08/addressing", + // Local: "ReferenceParameters", + // }, + // ResourceURI: "http://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicKeyCertificate", + // SelectorSet: models.SelectorNoNamespace{ + // XMLName: xml.Name{ + // Space: "http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd", + // Local: "SelectorSet", + // }, + // Selectors: []models.SelectorResponse{ + // { + // XMLName: xml.Name{ + // Space: "http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd", + // Local: "Selector", + // }, + // Name: "InstanceID", + // Text: "Intel(r) AMT Certificate: Handle: 0", + // }, + // }, + // }, + // }, + // }, + // ElementProvidingContext: models.AssociationReference{ + // Address: "http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous", + // ReferenceParameters: models.ReferenceParametersNoNamespace{ + // XMLName: xml.Name{ + // Space: "http://schemas.xmlsoap.org/ws/2004/08/addressing", + // Local: "ReferenceParameters", + // }, + // ResourceURI: "http://intel.com/wbem/wscim/1/amt-schema/1/AMT_TLSProtocolEndpointCollection", + // SelectorSet: models.SelectorNoNamespace{ + // XMLName: xml.Name{ + // Space: "http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd", + // Local: "SelectorSet", + // }, + // Selectors: []models.SelectorResponse{ + // { + // XMLName: xml.Name{ + // Space: "http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd", + // Local: "Selector", + // }, + // Name: "ElementName", + // Text: "TLSProtocolEndpoint Instances Collection", + // }, + // }, + // }, + // }, + // }, + // }, + // }, + // }, + // }, nil) + // }, + // res: SecuritySettings{ + // ProfileAssociation: []ProfileAssociation{ + // { + // Type: "TLS", + // ProfileID: "TLSProtocolEndpoint Instances Collection", + // RootCertificate: interface{}(nil), + // ClientCertificate: interface{}(nil), + // Key: interface{}(nil), + // }, + // }, + // Certificates: publickey.RefinedPullResponse{ + // KeyManagementItems: []publickey.RefinedKeyManagementResponse(nil), + // PublicKeyCertificateItems: []publickey.RefinedPublicKeyCertificateResponse(nil), + // }, + // Keys: publicprivate.RefinedPullResponse{ + // PublicPrivateKeyPairItems: []publicprivate.RefinedPublicPrivateKeyPair(nil), + // }, + // }, + // err: nil, + // }, + // { + // name: "GetCertificates fails", + // setupMocks: func(mock *MockWSMAN) { + // man.EXPECT(). + // SetupWsmanClient(gomock.Any(), false, true). + // Return(man2) + // man2.EXPECT(). + // GetCertificates(). + // Return(Certificates{}, ErrGeneral) + // }, + // res: SecuritySettings{}, + // err: ErrGeneral, + // }, + } + + for _, tc := range tests { + tc := tc + t.Run(tc.name, func(t *testing.T) { + service, _, mockWsman := setupProvisioningService() + tc.setupMocks(mockWsman) + + _, err := service.GetCertificates() + + if tc.err != nil { + assert.Error(t, err) + } else { + assert.NoError(t, err) + } + }) + } +} diff --git a/internal/local/amt/wsman.go b/internal/local/amt/wsman.go index f05a23cc..82b72bf7 100644 --- a/internal/local/amt/wsman.go +++ b/internal/local/amt/wsman.go @@ -42,11 +42,11 @@ type WSMANer interface { AddNextCertInChain(cert string, isLeaf bool, isRoot bool) (hostbasedsetup.Response, error) HostBasedSetupServiceAdmin(password string, digestRealm string, nonce []byte, signature string) (hostbasedsetup.Response, error) SetupMEBX(string) (response setupandconfiguration.Response, err error) - GetPublicKeyCerts() ([]publickey.PublicKeyCertificateResponse, error) - GetPublicPrivateKeyPairs() ([]publicprivate.PublicPrivateKeyPair, error) + GetPublicKeyCerts() ([]publickey.RefinedPublicKeyCertificateResponse, error) + GetPublicPrivateKeyPairs() ([]publicprivate.RefinedPublicPrivateKeyPair, error) DeletePublicPrivateKeyPair(instanceId string) error DeletePublicCert(instanceId string) error - GetCredentialRelationships() ([]credential.CredentialContext, error) + GetCredentialRelationships() (credential.Items, error) GetConcreteDependencies() ([]concrete.ConcreteDependency, error) AddTrustedRootCert(caCert string) (string, error) AddClientCert(clientCert string) (string, error) @@ -69,6 +69,7 @@ type WSMANer interface { SetIPSIEEE8021xCertificates(serverCertificateIssuer, clientCertificate string) (response ieee8021x.Response, err error) // TLS CreateTLSCredentialContext(certHandle string) (response tls.Response, err error) + PutTLSCredentialContext(certHandle string) (response tls.Response, err error) EnumerateTLSSettingData() (response tls.Response, err error) PullTLSSettingData(enumerationContext string) (response tls.Response, err error) PUTTLSSettings(instanceID string, tlsSettingData tls.SettingDataRequest) (response tls.Response, err error) @@ -148,7 +149,7 @@ func (g *GoWSMANMessages) SetupMEBX(password string) (response setupandconfigura return g.wsmanMessages.AMT.SetupAndConfigurationService.SetMEBXPassword(password) } -func (g *GoWSMANMessages) GetPublicKeyCerts() ([]publickey.PublicKeyCertificateResponse, error) { +func (g *GoWSMANMessages) GetPublicKeyCerts() ([]publickey.RefinedPublicKeyCertificateResponse, error) { response, err := g.wsmanMessages.AMT.PublicKeyCertificate.Enumerate() if err != nil { return nil, err @@ -157,7 +158,7 @@ func (g *GoWSMANMessages) GetPublicKeyCerts() ([]publickey.PublicKeyCertificateR if err != nil { return nil, err } - return response.Body.PullResponse.PublicKeyCertificateItems, nil + return response.Body.RefinedPullResponse.PublicKeyCertificateItems, nil } func (g *GoWSMANMessages) GenerateKeyPair(keyAlgorithm publickey.KeyAlgorithm, keyLength publickey.KeyLength) (response publickey.Response, err error) { @@ -172,11 +173,15 @@ func (g *GoWSMANMessages) CreateTLSCredentialContext(certHandle string) (respons return g.wsmanMessages.AMT.TLSCredentialContext.Create(certHandle) } +func (g *GoWSMANMessages) PutTLSCredentialContext(certHandle string) (response tls.Response, err error) { + return g.wsmanMessages.AMT.TLSCredentialContext.Put(certHandle) +} + // GetPublicPrivateKeyPairs // NOTE: RSA Key encoded as DES PKCS#1. The Exponent (E) is 65537 (0x010001). // When this structure is used as an output parameter (GET or PULL method), // only the public section of the key is exported. -func (g *GoWSMANMessages) GetPublicPrivateKeyPairs() ([]publicprivate.PublicPrivateKeyPair, error) { +func (g *GoWSMANMessages) GetPublicPrivateKeyPairs() ([]publicprivate.RefinedPublicPrivateKeyPair, error) { response, err := g.wsmanMessages.AMT.PublicPrivateKeyPair.Enumerate() if err != nil { return nil, err @@ -185,7 +190,7 @@ func (g *GoWSMANMessages) GetPublicPrivateKeyPairs() ([]publicprivate.PublicPriv if err != nil { return nil, err } - return response.Body.PullResponse.PublicPrivateKeyPairItems, nil + return response.Body.RefinedPullResponse.PublicPrivateKeyPairItems, nil } func (g *GoWSMANMessages) GetWiFiSettings() ([]wifi.WiFiEndpointSettingsResponse, error) { response, err := g.wsmanMessages.CIM.WiFiEndpointSettings.Enumerate() @@ -220,16 +225,16 @@ func (g *GoWSMANMessages) DeletePublicCert(instanceId string) error { _, err := g.wsmanMessages.AMT.PublicKeyCertificate.Delete(instanceId) return err } -func (g *GoWSMANMessages) GetCredentialRelationships() ([]credential.CredentialContext, error) { +func (g *GoWSMANMessages) GetCredentialRelationships() (credential.Items, error) { response, err := g.wsmanMessages.CIM.CredentialContext.Enumerate() if err != nil { - return nil, err + return credential.Items{}, err } response, err = g.wsmanMessages.CIM.CredentialContext.Pull(response.Body.EnumerateResponse.EnumerationContext) if err != nil { - return nil, err + return credential.Items{}, err } - return response.Body.PullResponse.Items.CredentialContext, nil + return response.Body.PullResponse.Items, nil } func (g *GoWSMANMessages) GetConcreteDependencies() ([]concrete.ConcreteDependency, error) { response, err := g.wsmanMessages.CIM.ConcreteDependency.Enumerate() @@ -268,14 +273,18 @@ func (g *GoWSMANMessages) AddClientCert(clientCert string) (handle string, err e } func (g *GoWSMANMessages) AddPrivateKey(privateKey string) (handle string, err error) { response, err := g.wsmanMessages.AMT.PublicKeyManagementService.AddKey(privateKey) - if err != nil { + if err != nil && response.Body.AddKey_OUTPUT.ReturnValue == 2058 { + return "", utils.DuplicateKey + } else if err != nil { return "", err } + if len(response.Body.AddKey_OUTPUT.CreatedKey.ReferenceParameters.SelectorSet.Selectors) > 0 { handle = response.Body.AddKey_OUTPUT.CreatedKey.ReferenceParameters.SelectorSet.Selectors[0].Text } return handle, nil } + func (g *GoWSMANMessages) DeleteKeyPair(instanceID string) error { _, err := g.wsmanMessages.AMT.PublicKeyManagementService.Delete(instanceID) return err diff --git a/internal/local/ethernet.go b/internal/local/ethernet.go index 8a9253eb..acc491f9 100644 --- a/internal/local/ethernet.go +++ b/internal/local/ethernet.go @@ -1,7 +1,6 @@ package local import ( - "errors" "os" "rpc/internal/config" "rpc/pkg/utils" @@ -15,7 +14,7 @@ func (service *ProvisioningService) AddEthernetSettings() (err error) { var handles Handles defer func() { if err != nil { - service.RollbackAddedItems(&handles) + service.PruneCerts() } }() @@ -23,26 +22,36 @@ func (service *ProvisioningService) AddEthernetSettings() (err error) { if err != nil { return err } + // Get the current settings getResponse, err := service.interfacedWsmanMessage.GetEthernetSettings() if err != nil { - return utils.NetworkConfigurationFailed + return utils.WiredConfigurationFailed } + // Create the request for the new settings based on the current settings to update AMT settingsRequest, err := service.createEthernetSettingsRequest(getResponse[0]) if err != nil { - return utils.NetworkConfigurationFailed + return utils.WiredConfigurationFailed } + // Update the settings in AMT _, err = service.interfacedWsmanMessage.PutEthernetSettings(settingsRequest, settingsRequest.InstanceID) if err != nil { - return utils.NetworkConfigurationFailed + return utils.WiredConfigurationFailed + } + + err = service.Disable8021xProfile() + if err != nil { + return err } + // Check to configure 802.1x, add the certs and update the settings if service.config.WiredConfig.Ieee8021xProfileName == "" { log.Info("Wired settings configured successfully") return nil } + // Configure 802.1x // Get the 802.1x settings to configure ieee8021xConfig := config.Ieee8021xConfig{} @@ -52,41 +61,71 @@ func (service *ProvisioningService) AddEthernetSettings() (err error) { break } } + // Get the current 802.1x settings on AMT getIEEESettings, err := service.interfacedWsmanMessage.GetIPSIEEE8021xSettings() - log.Info("IEEE8021x settings retrieved successfully", getIEEESettings.JSON()) if err != nil { - return utils.NetworkConfigurationFailed + log.Error("Get IPS_IEEE8021xSettings failed", err) + return utils.WiredConfigurationFailed } + // Check if EA credentials are provided, if so use EA to add the certs, otherwise add the certs given in config if service.config.EnterpriseAssistant.EAConfigured { - handles, ieee8021xConfig, err = service.AddCertsUsingEnterpriseAssistant(handles, ieee8021xConfig) + handles, ieee8021xConfig, err = service.AddCertsUsingEnterpriseAssistant(ieee8021xConfig) if err != nil { - return utils.NetworkConfigurationFailed + return utils.WiredConfigurationFailed } } else { - handles, err = service.AddCerts(handles, ieee8021xConfig) + handles, err = service.AddCerts(ieee8021xConfig) if err != nil { - return utils.NetworkConfigurationFailed + return utils.WiredConfigurationFailed } } + // Update the 802.1x settings in AMT err = service.PutIEEESettings(getIEEESettings, ieee8021xConfig) if err != nil { - return utils.NetworkConfigurationFailed + return utils.WiredConfigurationFailed } // Update the 802.1x certs in AMT if ieee8021xConfig.AuthenticationProtocol == 0 { _, err = service.interfacedWsmanMessage.SetIPSIEEE8021xCertificates(handles.rootCertHandle, handles.clientCertHandle) if err != nil { log.Errorf("Failed to set 802.1x certificates: %v", err) - return utils.NetworkConfigurationFailed + return utils.WiredConfigurationFailed } } log.Info("Wired settings configured with 802.1x successfully") return nil } +func (service *ProvisioningService) Disable8021xProfile() (err error) { + + response, err := service.interfacedWsmanMessage.GetIPSIEEE8021xSettings() + if err != nil { + return err + } + + // Enabled(2) , Disabled(3), Enabled without certificates(6) + if response.Body.IEEE8021xSettingsResponse.Enabled != 3 { + request := ieee8021x.IEEE8021xSettingsRequest{ + ElementName: response.Body.IEEE8021xSettingsResponse.ElementName, + InstanceID: response.Body.IEEE8021xSettingsResponse.InstanceID, + Enabled: 3, + } + + _, err = service.interfacedWsmanMessage.PutIPSIEEE8021xSettings(request) + if err != nil { + return err + } + + //Delete unused certificates + service.PruneCerts() + } + + return nil +} + func (service *ProvisioningService) verifyInput() error { if service.config.WiredConfig.DHCP == service.config.WiredConfig.Static || (service.config.WiredConfig.DHCP && !service.config.WiredConfig.IpSync) { return utils.InvalidParameterCombination @@ -166,33 +205,41 @@ func (service *ProvisioningService) createEthernetSettingsRequest(getResponse et return settingsRequest, nil } -func (service *ProvisioningService) AddCerts(handles Handles, ieee8021xConfig config.Ieee8021xConfig) (Handles, error) { +func (service *ProvisioningService) AddCerts(ieee8021xConfig config.Ieee8021xConfig) (Handles, error) { + var handles Handles var err error - if ieee8021xConfig.PrivateKey != "" { - handles.privateKeyHandle, err = service.interfacedWsmanMessage.AddPrivateKey(ieee8021xConfig.PrivateKey) - service.handlesWithCerts[handles.privateKeyHandle] = ieee8021xConfig.PrivateKey - if err != nil { - return handles, err - } + securitySettings, err := service.GetCertificates() + if err != nil { + return handles, utils.WiredConfigurationFailed } - if ieee8021xConfig.ClientCert != "" { - handles.clientCertHandle, err = service.interfacedWsmanMessage.AddClientCert(ieee8021xConfig.ClientCert) - service.handlesWithCerts[handles.clientCertHandle] = ieee8021xConfig.ClientCert - if err != nil { - return handles, err - } + + //Add PrivateKey + handles.privateKeyHandle, err = service.GetPrivateKeyHandle(securitySettings, ieee8021xConfig.PrivateKey) + if err != nil { + return handles, utils.WiredConfigurationFailed } - if ieee8021xConfig.CACert != "" { - handles.rootCertHandle, err = service.interfacedWsmanMessage.AddTrustedRootCert(ieee8021xConfig.CACert) - service.handlesWithCerts[handles.rootCertHandle] = ieee8021xConfig.CACert - if err != nil { - return handles, err - } + + //Add Client Certificate + handles.clientCertHandle, err = service.GetClientCertHandle(securitySettings, ieee8021xConfig.ClientCert) + if err != nil { + return handles, utils.WiredConfigurationFailed } + + //Add Trusted Root Certificate + handles.rootCertHandle, err = service.GetTrustedRootCertHandle(securitySettings, ieee8021xConfig.CACert) + if err != nil { + return handles, utils.WiredConfigurationFailed + } + return handles, nil } -func (service *ProvisioningService) AddCertsUsingEnterpriseAssistant(handles Handles, ieee8021xConfig config.Ieee8021xConfig) (Handles, config.Ieee8021xConfig, error) { +func (service *ProvisioningService) AddCertsUsingEnterpriseAssistant(ieee8021xConfig config.Ieee8021xConfig) (Handles, config.Ieee8021xConfig, error) { + var handles Handles + securitySettings, err := service.GetCertificates() + if err != nil { + return handles, ieee8021xConfig, utils.WiredConfigurationFailed + } credentials := AuthRequest{ Username: service.config.EnterpriseAssistant.EAUsername, @@ -230,8 +277,8 @@ func (service *ProvisioningService) AddCertsUsingEnterpriseAssistant(handles Han ieee8021xConfig.ClientCert = "" ieee8021xConfig.Username = reqResponse.Response.Username ieee8021xConfig.Password = reqResponse.Response.Password - handles.rootCertHandle, err = service.interfacedWsmanMessage.AddTrustedRootCert(reqResponse.Response.RootCert) - if err != nil && err.Error() != "Root Certificate already exists and must be removed before continuing" { + handles.rootCertHandle, err = service.GetTrustedRootCertHandle(securitySettings, reqResponse.Response.RootCert) + if err != nil { return handles, ieee8021xConfig, utils.WSMANMessageError } return handles, ieee8021xConfig, nil @@ -274,47 +321,29 @@ func (service *ProvisioningService) AddCertsUsingEnterpriseAssistant(handles Han return handles, ieee8021xConfig, utils.Ieee8021xConfigurationFailed } ieee8021xConfig.Username = eaResponse.Response.Username - handles.clientCertHandle, err = service.interfacedWsmanMessage.AddClientCert(eaResponse.Response.Certificate) + handles.clientCertHandle, err = service.GetClientCertHandle(securitySettings, eaResponse.Response.Certificate) if err != nil { return handles, ieee8021xConfig, utils.WSMANMessageError } - handles.rootCertHandle, err = service.interfacedWsmanMessage.AddTrustedRootCert(eaResponse.Response.RootCert) - if err != nil && err.Error() != "Root Certificate already exists and must be removed before continuing" { + handles.rootCertHandle, err = service.GetTrustedRootCertHandle(securitySettings, eaResponse.Response.RootCert) + if err != nil { return handles, ieee8021xConfig, utils.WSMANMessageError } - if handles.rootCertHandle == "" { - handles.rootCertHandle, err = service.GetCertHandle(eaResponse.Response.RootCert) - if handles.rootCertHandle == "" && err != nil { - log.Error("Root certificate not found") - return handles, ieee8021xConfig, utils.Ieee8021xConfigurationFailed - } - } - return handles, ieee8021xConfig, nil } -func (service *ProvisioningService) GetCertHandle(cert string) (string, error) { - publicCerts, err := service.interfacedWsmanMessage.GetPublicKeyCerts() - if err != nil { - return "", err - } - for j := range publicCerts { - if publicCerts[j].X509Certificate == cert { - return publicCerts[j].InstanceID, nil - } - } - return "", errors.New("certificate not found") -} - func (service *ProvisioningService) PutIEEESettings(getIEEESettings ieee8021x.Response, ieee802xCfg config.Ieee8021xConfig) error { + enabled := 2 + pxeTimeout := 120 + request := ieee8021x.IEEE8021xSettingsRequest{ AvailableInS0: true, ElementName: getIEEESettings.Body.IEEE8021xSettingsResponse.ElementName, - Enabled: 2, + Enabled: enabled, InstanceID: getIEEESettings.Body.IEEE8021xSettingsResponse.InstanceID, - PxeTimeout: 120, + PxeTimeout: pxeTimeout, AuthenticationProtocol: ieee802xCfg.AuthenticationProtocol, Username: ieee802xCfg.Username, } @@ -323,7 +352,8 @@ func (service *ProvisioningService) PutIEEESettings(getIEEESettings ieee8021x.Re } putResponse, err := service.interfacedWsmanMessage.PutIPSIEEE8021xSettings(request) - log.Info("IEEE8021x settings updated successfully", putResponse.JSON()) + log.Info("IEEE8021x settings updated successfully") + log.Debug("IEEE8021x settings: ", putResponse.JSON()) if err != nil { return err } diff --git a/internal/local/ethernet_test.go b/internal/local/ethernet_test.go index b36c4326..28873a96 100644 --- a/internal/local/ethernet_test.go +++ b/internal/local/ethernet_test.go @@ -215,7 +215,7 @@ func TestWiredSettings(t *testing.T) { setupMocks: func(mock *MockWSMAN) { errPutEthernetSettings = utils.WSMANMessageError }, - expectedErr: utils.NetworkConfigurationFailed, + expectedErr: utils.WiredConfigurationFailed, }, { name: "Success - 802.1x Configuration Without EA", @@ -343,7 +343,7 @@ func TestAddCertsUsingEnterpriseAssistant(t *testing.T) { service.config.EnterpriseAssistant.EAUsername = "user" service.config.EnterpriseAssistant.EAPassword = "pass" var handles Handles - handles, _, err := service.AddCertsUsingEnterpriseAssistant(handles, Ieee8021xConfigs[0]) + handles, _, err := service.AddCertsUsingEnterpriseAssistant(Ieee8021xConfigs[0]) if tt.expectError != nil { assert.Error(t, err) } else { diff --git a/internal/local/info.go b/internal/local/info.go index 2a23f052..d6b3d889 100644 --- a/internal/local/info.go +++ b/internal/local/info.go @@ -302,7 +302,7 @@ func (service *ProvisioningService) DisplayAMTInfo() (err error) { if service.flags.AmtInfo.UserCert { service.interfacedWsmanMessage.SetupWsmanClient("admin", service.flags.Password, logrus.GetLevel() == logrus.TraceLevel) userCerts, _ := service.interfacedWsmanMessage.GetPublicKeyCerts() - userCertMap := map[string]publickey.PublicKeyCertificateResponse{} + userCertMap := map[string]publickey.RefinedPublicKeyCertificateResponse{} for i := range userCerts { c := userCerts[i] name := GetTokenFromKeyValuePairs(c.Subject, "CN") diff --git a/internal/local/lps_test.go b/internal/local/lps_test.go index 9e0b4477..490ccc21 100644 --- a/internal/local/lps_test.go +++ b/internal/local/lps_test.go @@ -157,6 +157,13 @@ func (m MockWSMAN) CreateTLSCredentialContext(certHandle string) (response tls.R return mockCreateTLSCredentialContextResponse, mockCreateTLSCredentialContextErr } +var mockPutTLSCredentialContextErr error = nil +var mockPutTLSCredentialContextResponse tls.Response + +func (m MockWSMAN) PutTLSCredentialContext(certHandle string) (response tls.Response, err error) { + return mockPutTLSCredentialContextResponse, mockPutTLSCredentialContextErr +} + var mockEnumerateTLSSettingDataErr error = nil var mockTLSSettingDataContext string @@ -306,21 +313,17 @@ func (m MockWSMAN) HostBasedSetupServiceAdmin(password string, digestRealm strin return mockHostBasedSetupServiceAdmin, errHostBasedSetupServiceAdmin } +var mockGetPublicKeyCertsResponse = []publickey.RefinedPublicKeyCertificateResponse{} var errGetPublicKeyCerts error = nil -func (m MockWSMAN) GetPublicKeyCerts() ([]publickey.PublicKeyCertificateResponse, error) { - certs := []publickey.PublicKeyCertificateResponse{ - mpsCert, - clientCert, - caCert, - } - return certs, errGetPublicKeyCerts +func (m MockWSMAN) GetPublicKeyCerts() ([]publickey.RefinedPublicKeyCertificateResponse, error) { + return mockGetPublicKeyCertsResponse, errGetPublicKeyCerts } var errGetPublicPrivateKeyPairs error = nil -var PublicPrivateKeyPairResponse []publicprivate.PublicPrivateKeyPair = nil +var PublicPrivateKeyPairResponse []publicprivate.RefinedPublicPrivateKeyPair = nil -func (m MockWSMAN) GetPublicPrivateKeyPairs() ([]publicprivate.PublicPrivateKeyPair, error) { +func (m MockWSMAN) GetPublicPrivateKeyPairs() ([]publicprivate.RefinedPublicPrivateKeyPair, error) { return PublicPrivateKeyPairResponse, errGetPublicPrivateKeyPairs } @@ -338,79 +341,83 @@ func (m MockWSMAN) DeletePublicCert(instanceId string) error { var errGetCredentialRelationships error = nil -func (m MockWSMAN) GetCredentialRelationships() ([]credential.CredentialContext, error) { - return []credential.CredentialContext{ - { - ElementInContext: models.AssociationReference{ - Address: "http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous", - ReferenceParameters: models.ReferenceParametersNoNamespace{ - XMLName: xml.Name{Space: "http://schemas.xmlsoap.org/ws/2004/08/addressing", Local: "ReferenceParameters"}, - ResourceURI: "http://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicKeyCertificate", - SelectorSet: models.SelectorNoNamespace{ - XMLName: xml.Name{Space: "http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd", Local: "SelectorSet"}, - Selectors: []models.SelectorResponse{ - { - XMLName: xml.Name{Space: "http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd", Local: "Selector"}, - Name: "InstanceID", - Text: "Intel(r) AMT Certificate: Handle: 2", +func (m MockWSMAN) GetCredentialRelationships() (credential.Items, error) { + return credential.Items{ + CredentialContext: []credential.CredentialContext{ + { + ElementInContext: models.AssociationReference{ + Address: "http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous", + ReferenceParameters: models.ReferenceParametersNoNamespace{ + XMLName: xml.Name{Space: "http://schemas.xmlsoap.org/ws/2004/08/addressing", Local: "ReferenceParameters"}, + ResourceURI: "http://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicKeyCertificate", + SelectorSet: models.SelectorNoNamespace{ + XMLName: xml.Name{Space: "http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd", Local: "SelectorSet"}, + Selectors: []models.SelectorResponse{ + { + XMLName: xml.Name{Space: "http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd", Local: "Selector"}, + Name: "InstanceID", + Text: "Intel(r) AMT Certificate: Handle: 2", + }, }, }, }, }, - }, - ElementProvidingContext: models.AssociationReference{ - Address: "http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous", - ReferenceParameters: models.ReferenceParametersNoNamespace{ - XMLName: xml.Name{Space: "http://schemas.xmlsoap.org/ws/2004/08/addressing", Local: "ReferenceParameters"}, - ResourceURI: "http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_IEEE8021xSettings", - SelectorSet: models.SelectorNoNamespace{ - XMLName: xml.Name{Space: "http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd", Local: "SelectorSet"}, - Selectors: []models.SelectorResponse{ - { - XMLName: xml.Name{Space: "http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd", Local: "Selector"}, - Name: "InstanceID", - Text: "Intel(r) AMT:IEEE 802.1x Settings wifi8021x", + ElementProvidingContext: models.AssociationReference{ + Address: "http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous", + ReferenceParameters: models.ReferenceParametersNoNamespace{ + XMLName: xml.Name{Space: "http://schemas.xmlsoap.org/ws/2004/08/addressing", Local: "ReferenceParameters"}, + ResourceURI: "http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_IEEE8021xSettings", + SelectorSet: models.SelectorNoNamespace{ + XMLName: xml.Name{Space: "http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd", Local: "SelectorSet"}, + Selectors: []models.SelectorResponse{ + { + XMLName: xml.Name{Space: "http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd", Local: "Selector"}, + Name: "InstanceID", + Text: "Intel(r) AMT:IEEE 802.1x Settings wifi8021x", + }, }, }, }, }, - }, - }, { - ElementInContext: models.AssociationReference{ - Address: "http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous", - ReferenceParameters: models.ReferenceParametersNoNamespace{ - XMLName: xml.Name{Space: "http://schemas.xmlsoap.org/ws/2004/08/addressing", Local: "ReferenceParameters"}, - ResourceURI: "http://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicKeyCertificate", - SelectorSet: models.SelectorNoNamespace{ - XMLName: xml.Name{Space: "http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd", Local: "SelectorSet"}, - Selectors: []models.SelectorResponse{ - { - XMLName: xml.Name{Space: "http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd", Local: "Selector"}, - Name: "InstanceID", - Text: "Intel(r) AMT Certificate: Handle: 1", + }, { + ElementInContext: models.AssociationReference{ + Address: "http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous", + ReferenceParameters: models.ReferenceParametersNoNamespace{ + XMLName: xml.Name{Space: "http://schemas.xmlsoap.org/ws/2004/08/addressing", Local: "ReferenceParameters"}, + ResourceURI: "http://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicKeyCertificate", + SelectorSet: models.SelectorNoNamespace{ + XMLName: xml.Name{Space: "http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd", Local: "SelectorSet"}, + Selectors: []models.SelectorResponse{ + { + XMLName: xml.Name{Space: "http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd", Local: "Selector"}, + Name: "InstanceID", + Text: "Intel(r) AMT Certificate: Handle: 1", + }, }, }, }, }, - }, - ElementProvidingContext: models.AssociationReference{ - Address: "http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous", - ReferenceParameters: models.ReferenceParametersNoNamespace{ - XMLName: xml.Name{Space: "http://schemas.xmlsoap.org/ws/2004/08/addressing", Local: "ReferenceParameters"}, - ResourceURI: "http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_IEEE8021xSettings", - SelectorSet: models.SelectorNoNamespace{ - XMLName: xml.Name{Space: "http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd", Local: "SelectorSet"}, - Selectors: []models.SelectorResponse{ - { - XMLName: xml.Name{Space: "http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd", Local: "Selector"}, - Name: "InstanceID", - Text: "Intel(r) AMT:IEEE 802.1x Settings wifi8021x", + ElementProvidingContext: models.AssociationReference{ + Address: "http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous", + ReferenceParameters: models.ReferenceParametersNoNamespace{ + XMLName: xml.Name{Space: "http://schemas.xmlsoap.org/ws/2004/08/addressing", Local: "ReferenceParameters"}, + ResourceURI: "http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_IEEE8021xSettings", + SelectorSet: models.SelectorNoNamespace{ + XMLName: xml.Name{Space: "http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd", Local: "SelectorSet"}, + Selectors: []models.SelectorResponse{ + { + XMLName: xml.Name{Space: "http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd", Local: "Selector"}, + Name: "InstanceID", + Text: "Intel(r) AMT:IEEE 802.1x Settings wifi8021x", + }, }, }, }, }, }, }, + CredentialContextTLS: []credential.CredentialContext{}, + CredentialContext8021x: []credential.CredentialContext{}, }, errGetCredentialRelationships } diff --git a/internal/local/opstate_test.go b/internal/local/opstate_test.go index cd31e4b0..96d024b7 100644 --- a/internal/local/opstate_test.go +++ b/internal/local/opstate_test.go @@ -58,7 +58,7 @@ func TestCheckAndEnableAMT(t *testing.T) { expectedRC: nil, rsp: ChangeEnabledResponseNewDisabled, skipIPRenewal: true, - renewDHCPLeaseRC: utils.NetworkConfigurationFailed, + renewDHCPLeaseRC: utils.WiredConfigurationFailed, }, } @@ -92,7 +92,7 @@ func TestRenewIP(t *testing.T) { log.SetLevel(log.DebugLevel) lps := setupService(f) origRC := mockRenewDHCPLeaseerr - mockRenewDHCPLeaseerr = utils.NetworkConfigurationFailed + mockRenewDHCPLeaseerr = utils.WiredConfigurationFailed err := lps.RenewIP() assert.Equal(t, mockRenewDHCPLeaseerr, err) mockRenewDHCPLeaseerr = origRC diff --git a/internal/local/tls.go b/internal/local/tls.go index b43ec2f7..098e54a2 100644 --- a/internal/local/tls.go +++ b/internal/local/tls.go @@ -36,16 +36,26 @@ func (service *ProvisioningService) ConfigureTLS() error { if err != nil { return err } + err = service.SynchronizeTime() if err != nil { return err } + err = service.EnableTLS() if err != nil { log.Error("Failed to configure TLS") return utils.TLSConfigurationFailed } + + service.Pause(3) + err = service.PruneCerts() + if err != nil { + return err + } + log.Info("configuring TLS completed successfully") + return nil } @@ -55,9 +65,14 @@ func (service *ProvisioningService) ConfigureTLSWithEA() error { var err error defer func() { if err != nil { - service.RollbackAddedItems(&handles) + service.PruneCerts() } }() + securitySettings, err := service.GetCertificates() + if err != nil { + return utils.TLSConfigurationFailed + } + credentials := AuthRequest{ Username: service.flags.ConfigTLSInfo.EAUsername, Password: service.flags.ConfigTLSInfo.EAPassword, @@ -123,14 +138,14 @@ func (service *ProvisioningService) ConfigureTLSWithEA() error { return utils.TLSConfigurationFailed } - handles.clientCertHandle, err = service.interfacedWsmanMessage.AddClientCert(eaResponse.Response.Certificate) + handles.clientCertHandle, err = service.GetClientCertHandle(securitySettings, eaResponse.Response.Certificate) if err != nil { return utils.TLSConfigurationFailed } - err = service.CreateTLSCredentialContext(handles.clientCertHandle) + err = service.updateTLSCredentialContext(handles) if err != nil { - return err + return utils.TLSConfigurationFailed } return nil } @@ -141,7 +156,7 @@ func (service *ProvisioningService) ConfigureTLSWithSelfSignedCert() error { var err error defer func() { if err != nil { - service.RollbackAddedItems(&handles) + service.PruneCerts() } }() @@ -175,19 +190,21 @@ func (service *ProvisioningService) ConfigureTLSWithSelfSignedCert() error { if err != nil { return err } + log.Debug("TLS rootCertHandle:", handles.rootCertHandle) log.Debug("TLS clientCertHandle:", handles.clientCertHandle) log.Debug("TLS keyPairHandle:", handles.keyPairHandle) - err = service.CreateTLSCredentialContext(handles.clientCertHandle) + err = service.updateTLSCredentialContext(handles) if err != nil { - return err + return utils.TLSConfigurationFailed } + return nil } func (service *ProvisioningService) GetDERKey(handles Handles) (derKey string, err error) { - var keyPairs []publicprivate.PublicPrivateKeyPair + var keyPairs []publicprivate.RefinedPublicPrivateKeyPair keyPairs, err = service.interfacedWsmanMessage.GetPublicPrivateKeyPairs() if err != nil { return "", err @@ -236,14 +253,17 @@ func (service *ProvisioningService) CreateTLSCredentialContext(certHandle string func (service *ProvisioningService) EnableTLS() error { log.Info("enabling tls") + enumerateRsp, err := service.interfacedWsmanMessage.EnumerateTLSSettingData() if err != nil { return utils.WSMANMessageError } + pullRsp, err := service.interfacedWsmanMessage.PullTLSSettingData(enumerateRsp.Body.EnumerateResponse.EnumerationContext) if err != nil { return utils.WSMANMessageError } + for _, item := range pullRsp.Body.PullResponse.SettingDataItems { if item.InstanceID == RemoteTLSInstanceId || item.InstanceID == LocalTLSInstanceId { err = service.ConfigureTLSSettings(item) @@ -292,3 +312,43 @@ func getTLSSettings(setting tls.SettingDataResponse, tlsMode flags.TLSMode) tls. } return data } + +func (service *ProvisioningService) updateTLSCredentialContext(handles Handles) error { + enumerateRsp, err := service.interfacedWsmanMessage.EnumerateTLSSettingData() + if err != nil { + return utils.WSMANMessageError + } + pullRsp, err := service.interfacedWsmanMessage.PullTLSSettingData(enumerateRsp.Body.EnumerateResponse.EnumerationContext) + if err != nil { + return utils.WSMANMessageError + } + var isRemoteTLSEnabled bool + var isLocalTLSEnabled bool + for _, item := range pullRsp.Body.PullResponse.SettingDataItems { + if item.InstanceID == RemoteTLSInstanceId && item.Enabled { + isRemoteTLSEnabled = true + } + if item.InstanceID == LocalTLSInstanceId && item.Enabled { + isLocalTLSEnabled = true + } + } + + if isRemoteTLSEnabled || isLocalTLSEnabled { + _, err := service.interfacedWsmanMessage.PutTLSCredentialContext(handles.clientCertHandle) + if err != nil { + return err + } + _, err = service.interfacedWsmanMessage.CommitChanges() + if err != nil { + log.Error("commit changes failed") + return err + } + } else { + err = service.CreateTLSCredentialContext(handles.clientCertHandle) + if err != nil { + return err + } + } + + return nil +} diff --git a/internal/local/tls_test.go b/internal/local/tls_test.go index 9f16c178..f995e1a9 100644 --- a/internal/local/tls_test.go +++ b/internal/local/tls_test.go @@ -48,7 +48,7 @@ var tlsSettingDataItems = []tls.SettingDataResponse{ }, } -var publicPrivateKeyPair = []publicprivate.PublicPrivateKeyPair{ +var publicPrivateKeyPair = []publicprivate.RefinedPublicPrivateKeyPair{ { ElementName: "SomeElement", InstanceID: "keyHandle", @@ -208,7 +208,7 @@ func TestConfigureTLSWithSelfSignedCert(t *testing.T) { PublicPrivateKeyPairResponse = publicPrivateKeyPair mockCreateTLSCredentialContextErr = assert.AnError }, - expectedError: utils.WSMANMessageError, + expectedError: utils.TLSConfigurationFailed, }, } @@ -292,7 +292,7 @@ func TestGetDERKey(t *testing.T) { { name: "success - matching key pair found", setupMocks: func(mock *MockWSMAN) { - PublicPrivateKeyPairResponse = []publicprivate.PublicPrivateKeyPair{{InstanceID: "keyPair1", DERKey: "DERKey1", ElementName: "keyPair1"}} + PublicPrivateKeyPairResponse = []publicprivate.RefinedPublicPrivateKeyPair{{InstanceID: "keyPair1", DERKey: "DERKey1", ElementName: "keyPair1"}} }, handles: Handles{keyPairHandle: "keyPair1"}, expectedDERKey: "DERKey1", @@ -301,7 +301,7 @@ func TestGetDERKey(t *testing.T) { { name: "failure - no matching key pair", setupMocks: func(mock *MockWSMAN) { - PublicPrivateKeyPairResponse = []publicprivate.PublicPrivateKeyPair{{InstanceID: "keyPair1", DERKey: "DERKey1", ElementName: "keyPair1"}} + PublicPrivateKeyPairResponse = []publicprivate.RefinedPublicPrivateKeyPair{{InstanceID: "keyPair1", DERKey: "DERKey1", ElementName: "keyPair1"}} }, handles: Handles{keyPairHandle: "keyPair2"}, expectedDERKey: "", @@ -310,7 +310,7 @@ func TestGetDERKey(t *testing.T) { { name: "failure - error fetching key pairs", setupMocks: func(mock *MockWSMAN) { - PublicPrivateKeyPairResponse = []publicprivate.PublicPrivateKeyPair{} + PublicPrivateKeyPairResponse = []publicprivate.RefinedPublicPrivateKeyPair{} errGetPublicPrivateKeyPairs = assert.AnError }, handles: Handles{keyPairHandle: "keyPair1"}, diff --git a/internal/local/utils.go b/internal/local/utils.go index 3e2ceb6c..0c8f0ca8 100644 --- a/internal/local/utils.go +++ b/internal/local/utils.go @@ -6,10 +6,11 @@ package local import ( - log "github.com/sirupsen/logrus" "reflect" "strings" "time" + + log "github.com/sirupsen/logrus" ) func reflectObjectName(v any) string { diff --git a/internal/local/wifi.go b/internal/local/wifi.go index 0d69f33d..c3f1c8e7 100644 --- a/internal/local/wifi.go +++ b/internal/local/wifi.go @@ -28,129 +28,43 @@ type Handles struct { func (service *ProvisioningService) AddWifiSettings() (err error) { // start with fresh map - service.handlesWithCerts = make(map[string]string) + service.handlesWithCerts = make(map[string]string) //TODO: Remove if not required - // PruneWifiConfigs is best effort - // it will log error messages, but doesn't stop the configuration flow - service.PruneWifiConfigs() - err = service.EnableWifiPort() - if err != nil { - return err - } - return service.ProcessWifiConfigs() -} - -func (service *ProvisioningService) PruneWifiConfigs() (err error) { - // get these handles BEFORE deleting the wifi profiles - certHandles, keyPairHandles, err := service.GetWifiIeee8021xCerts() - if err != nil { - return err - } + // Get WiFi Profiles wifiEndpointSettings, err := service.interfacedWsmanMessage.GetWiFiSettings() if err != nil { return err } + //Delete the existing WiFi profiles for _, wifiSetting := range wifiEndpointSettings { - // while testing, saw some cases where the PullResponse returned items with no InstanceID? + // Skip wifiSettings with no InstanceID if wifiSetting.InstanceID == "" { - // Skip wifiSettings with no InstanceID continue } log.Infof("deleting wifiSetting: %s", wifiSetting.InstanceID) err := service.interfacedWsmanMessage.DeleteWiFiSetting(wifiSetting.InstanceID) if err != nil { log.Infof("unable to delete: %s %s", wifiSetting.InstanceID, err) - err = utils.DeleteWifiConfigFailed + err = utils.DeleteConfigsFailed continue } log.Infof("successfully deleted wifiSetting: %s", wifiSetting.InstanceID) } - err = service.PruneWifiIeee8021xCerts(certHandles, keyPairHandles) - - return err -} - -func (service *ProvisioningService) PruneWifiIeee8021xCerts(certHandles []string, keyPairHandles []string) (err error) { - for _, handle := range certHandles { - err := service.interfacedWsmanMessage.DeletePublicCert(handle) - if err != nil { - log.Infof("unable to delete: %s %s", handle, err) - err = utils.DeleteWifiConfigFailed - } else { - delete(service.handlesWithCerts, handle) - } - } - for _, handle := range keyPairHandles { - err := service.interfacedWsmanMessage.DeletePublicPrivateKeyPair(handle) - if err != nil { - log.Infof("unable to delete: %s %s", handle, err) - err = utils.DeleteWifiConfigFailed - } - } - return err -} - -func (service *ProvisioningService) GetWifiIeee8021xCerts() (certHandles, keyPairHandles []string, err error) { - publicCerts, err := service.interfacedWsmanMessage.GetPublicKeyCerts() - if err != nil { - return []string{}, []string{}, err - } - credentials, err := service.interfacedWsmanMessage.GetCredentialRelationships() + //Delete unused certificates + err = service.PruneCerts() if err != nil { - return []string{}, []string{}, err - } - certHandleMap := make(map[string]bool) - for i := range credentials { - inParams := &credentials[i].ElementInContext.ReferenceParameters - providesPrams := &credentials[i].ElementProvidingContext.ReferenceParameters - if providesPrams.ResourceURI == `http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_IEEE8021xSettings` { - id := inParams.GetSelectorValue("InstanceID") - certHandleMap[id] = true - for j := range publicCerts { - if publicCerts[j].InstanceID == id { - service.handlesWithCerts[id] = publicCerts[j].X509Certificate - } - } - } - } - for k := range certHandleMap { - if k != "" { - certHandles = append(certHandles, k) - } - } - if len(certHandles) == 0 { - return certHandles, keyPairHandles, err + return utils.WiFiConfigurationFailed } - keyPairHandleMap := make(map[string]bool) - dependencies, _ := service.interfacedWsmanMessage.GetConcreteDependencies() - for i := range dependencies { - antecedent := &dependencies[i].Antecedent.ReferenceParameters - if antecedent.ResourceURI != `http://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicKeyCertificate` { - continue - } - dependent := &dependencies[i].Dependent.ReferenceParameters - if dependent.ResourceURI != `http://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicPrivateKeyPair` { - continue - } - for _, certHandle := range certHandles { - if !antecedent.HasSelector("InstanceID", certHandle) { - continue - } - id := dependent.GetSelectorValue("InstanceID") - keyPairHandleMap[id] = true - } - } - for k := range keyPairHandleMap { - if k != "" { - keyPairHandles = append(keyPairHandles, k) - } + err = service.EnableWifiPort() + if err != nil { + return err } - return certHandles, keyPairHandles, err + return service.ProcessWifiConfigs() } func (service *ProvisioningService) ProcessWifiConfigs() error { @@ -191,7 +105,6 @@ func (service *ProvisioningService) ProcessWifiConfig(wifiCfg *config.WifiConfig } // Set wifiEndpointSettings properties from wifiCfg file - wifiEndpointSettings := wifi.WiFiEndpointSettingsRequest{ ElementName: wifiCfg.ProfileName, InstanceID: fmt.Sprintf("Intel(r) AMT:WiFi Endpoint Settings %s", wifiCfg.ProfileName), @@ -231,19 +144,19 @@ func (service *ProvisioningService) ProcessWifiConfig(wifiCfg *config.WifiConfig _, err = service.interfacedWsmanMessage.AddWiFiSettings(wifiEndpointSettings, ieee8021xSettings, "WiFi Endpoint 0", handles.clientCertHandle, handles.rootCertHandle) if err != nil { // The AddWiFiSettings call failed, return error response from go-wsman-messages - service.RollbackAddedItems(&handles) - return utils.WiFiConfigurationFailed //should we return err? + service.PruneCerts() + return utils.WiFiConfigurationFailed } - return nil } func (service *ProvisioningService) setIeee8021xConfig(ieee8021xConfig *config.Ieee8021xConfig) (ieee8021xSettings models.IEEE8021xSettings, handles Handles, err error) { handles = Handles{} - handles.rootCertHandle, _ = service.GetCertHandle(ieee8021xConfig.CACert) - if handles.rootCertHandle != "" { - service.handlesWithCerts[handles.rootCertHandle] = ieee8021xConfig.CACert + securitySettings, err := service.GetCertificates() + if err != nil { + return ieee8021xSettings, handles, utils.WiFiConfigurationFailed } + ieee8021xSettings = models.IEEE8021xSettings{ ElementName: ieee8021xConfig.ProfileName, InstanceID: fmt.Sprintf("Intel(r) AMT: 8021X Settings %s", ieee8021xConfig.ProfileName), @@ -253,34 +166,25 @@ func (service *ProvisioningService) setIeee8021xConfig(ieee8021xConfig *config.I if ieee8021xSettings.AuthenticationProtocol == models.AuthenticationProtocol(ieee8021x.AuthenticationProtocolPEAPv0_EAPMSCHAPv2) { ieee8021xSettings.Password = ieee8021xConfig.Password } + if ieee8021xConfig.PrivateKey != "" { - handles.privateKeyHandle = checkHandleExists(service.handlesWithCerts, ieee8021xConfig.PrivateKey) - if handles.privateKeyHandle == "" { - handles.privateKeyHandle, err = service.interfacedWsmanMessage.AddPrivateKey(ieee8021xConfig.PrivateKey) - service.handlesWithCerts[handles.privateKeyHandle] = ieee8021xConfig.PrivateKey - if err != nil { - return ieee8021xSettings, handles, err - } + handles.privateKeyHandle, err = service.GetPrivateKeyHandle(securitySettings, ieee8021xConfig.PrivateKey) + if err != nil { + return ieee8021xSettings, handles, utils.WiFiConfigurationFailed } } + if ieee8021xConfig.ClientCert != "" { - handles.clientCertHandle = checkHandleExists(service.handlesWithCerts, ieee8021xConfig.ClientCert) - if handles.clientCertHandle == "" { - handles.clientCertHandle, err = service.interfacedWsmanMessage.AddClientCert(ieee8021xConfig.ClientCert) - service.handlesWithCerts[handles.clientCertHandle] = ieee8021xConfig.ClientCert - if err != nil { - return ieee8021xSettings, handles, err - } + handles.clientCertHandle, err = service.GetClientCertHandle(securitySettings, ieee8021xConfig.ClientCert) + if err != nil { + return ieee8021xSettings, handles, utils.WiFiConfigurationFailed } } + if ieee8021xConfig.CACert != "" { - handles.rootCertHandle = checkHandleExists(service.handlesWithCerts, ieee8021xConfig.CACert) - if handles.rootCertHandle == "" { - handles.rootCertHandle, err = service.interfacedWsmanMessage.AddTrustedRootCert(ieee8021xConfig.CACert) - service.handlesWithCerts[handles.rootCertHandle] = ieee8021xConfig.CACert - if err != nil { - return ieee8021xSettings, handles, err - } + handles.rootCertHandle, err = service.GetTrustedRootCertHandle(securitySettings, ieee8021xConfig.CACert) + if err != nil { + return ieee8021xSettings, handles, utils.WiFiConfigurationFailed } } return ieee8021xSettings, handles, nil @@ -381,42 +285,3 @@ func (service *ProvisioningService) checkForIeee8021xConfig(wifiCfg *config.Wifi log.Error("no matching 802.1x configuration found") return nil, utils.Ieee8021xConfigurationFailed } - -func (service *ProvisioningService) RollbackAddedItems(handles *Handles) { - if handles.privateKeyHandle != "" { - log.Infof("rolling back private key %s", handles.privateKeyHandle) - err := service.interfacedWsmanMessage.DeletePublicPrivateKeyPair(handles.privateKeyHandle) - if err != nil { - log.Errorf("failed deleting private key: %s", handles.privateKeyHandle) - } else { - log.Debugf("successfully deleted private key: %s", handles.privateKeyHandle) - } - } - if handles.keyPairHandle != "" { - log.Infof("rolling back private key %s", handles.keyPairHandle) - err := service.interfacedWsmanMessage.DeleteKeyPair(handles.keyPairHandle) - if err != nil { - log.Errorf("failed deleting keyPairHandle: %s", handles.keyPairHandle) - } else { - log.Debugf("successfully deleted keyPairHandle: %s", handles.keyPairHandle) - } - } - if handles.clientCertHandle != "" { - log.Infof("rolling back client cert %s", handles.clientCertHandle) - err := service.interfacedWsmanMessage.DeletePublicCert(handles.clientCertHandle) - if err != nil { - log.Errorf("failed deleting client cert: %s", handles.clientCertHandle) - } else { - log.Debugf("successfully deleted client cert: %s", handles.clientCertHandle) - } - } - if handles.rootCertHandle != "" { - log.Infof("rolling back root cert %s", handles.rootCertHandle) - err := service.interfacedWsmanMessage.DeletePublicCert(handles.rootCertHandle) - if err != nil { - log.Errorf("failed deleting root cert: %s", handles.rootCertHandle) - } else { - log.Debugf("successfully deleted root cert: %s", handles.rootCertHandle) - } - } -} diff --git a/internal/local/wifi_test.go b/internal/local/wifi_test.go index 60a5e822..78884a1c 100644 --- a/internal/local/wifi_test.go +++ b/internal/local/wifi_test.go @@ -101,46 +101,27 @@ func TestProcessWifiConfigs(t *testing.T) { }) } -func TestProcessWifiConfig(t *testing.T) { - f := &flags.Flags{} - - // bad name error already tested - t.Run("expect success when handling ieee8021x config", func(t *testing.T) { - orig := wifiCfgWPA8021xEAPTLS.AuthenticationMethod - wifiCfgWPA8021xEAPTLS.AuthenticationMethod = int(wifi.AuthenticationMethodWPAIEEE8021x) - f.LocalConfig.Ieee8021xConfigs = []config.Ieee8021xConfig{ - ieee8021xCfgEAPTLS, - } - lps := setupService(f) - err := lps.ProcessWifiConfig(&wifiCfgWPA8021xEAPTLS) - assert.NoError(t, err) - wifiCfgWPA8021xEAPTLS.AuthenticationMethod = orig - }) - t.Run("expect success when handling non-ieee8021x config", func(t *testing.T) { - lps := setupService(f) - err := lps.ProcessWifiConfig(&wifiCfgWPA2) - assert.NoError(t, err) - }) -} -func TestPruneWifiConfigs(t *testing.T) { - f := &flags.Flags{} - - t.Run("expect Success when there are no configs", func(t *testing.T) { - lps := setupService(f) - tempStorage := getWiFiSettingsResponse - // empty the response - getWiFiSettingsResponse = []wifi.WiFiEndpointSettingsResponse{} - err := lps.PruneWifiConfigs() - assert.NoError(t, err) - //restore - getWiFiSettingsResponse = tempStorage - }) - t.Run("expect success when there are configs", func(t *testing.T) { - lps := setupService(f) - err := lps.PruneWifiConfigs() - assert.NoError(t, err) - }) -} +// func TestProcessWifiConfig(t *testing.T) { +// f := &flags.Flags{} + +// // bad name error already tested +// t.Run("expect success when handling ieee8021x config", func(t *testing.T) { +// orig := wifiCfgWPA8021xEAPTLS.AuthenticationMethod +// wifiCfgWPA8021xEAPTLS.AuthenticationMethod = int(wifi.AuthenticationMethodWPAIEEE8021x) +// f.LocalConfig.Ieee8021xConfigs = []config.Ieee8021xConfig{ +// ieee8021xCfgEAPTLS, +// } +// lps := setupService(f) +// err := lps.ProcessWifiConfig(&wifiCfgWPA8021xEAPTLS) +// assert.NoError(t, err) +// wifiCfgWPA8021xEAPTLS.AuthenticationMethod = orig +// }) +// t.Run("expect success when handling non-ieee8021x config", func(t *testing.T) { +// lps := setupService(f) +// err := lps.ProcessWifiConfig(&wifiCfgWPA2) +// assert.NoError(t, err) +// }) +// } func TestEnableWifiErrors(t *testing.T) { f := &flags.Flags{} @@ -158,34 +139,7 @@ func TestEnableWifiErrors(t *testing.T) { }) } -func TestGetWifiIeee8021xCerts(t *testing.T) { - f := &flags.Flags{} - t.Run("expect all error paths traversed for coverage", func(t *testing.T) { - lps := setupService(f) - certHandles, keyPairHandles, err := lps.GetWifiIeee8021xCerts() - assert.NoError(t, err) - assert.Equal(t, 2, len(certHandles)) - assert.Equal(t, 1, len(keyPairHandles)) - assert.Equal(t, caCert.X509Certificate, lps.handlesWithCerts["Intel(r) AMT Certificate: Handle: 1"]) - }) -} -func TestRollbackAddedItems(t *testing.T) { - f := &flags.Flags{} - handles := Handles{ - privateKeyHandle: "privateKeyHandle", - clientCertHandle: "clientCertHandle", - rootCertHandle: "rootCertHandle", - } - t.Run("expect all error paths traversed for coverage", func(t *testing.T) { - lps := setupService(f) - lps.RollbackAddedItems(&handles) - }) - t.Run("expect all happy paths traversed for coverage", func(t *testing.T) { - lps := setupService(f) - lps.RollbackAddedItems(&handles) - }) -} func TestSetIeee8021xConfigWithEA(t *testing.T) { tests := []struct { name string diff --git a/internal/local/windows.go b/internal/local/windows.go index 6f3cb4df..9bf9e884 100644 --- a/internal/local/windows.go +++ b/internal/local/windows.go @@ -20,7 +20,7 @@ func (n *RealOSNetworker) RenewDHCPLease() error { err := cmd.Run() if err != nil { log.Error("Error renewing DHCP lease:", err) - return utils.NetworkConfigurationFailed + return utils.WiredConfigurationFailed } return nil } diff --git a/pkg/utils/constants.go b/pkg/utils/constants.go index 00382a70..d8b0eec4 100644 --- a/pkg/utils/constants.go +++ b/pkg/utils/constants.go @@ -103,7 +103,7 @@ var DeactivationFailed = CustomError{Code: 110, Message: "DeactivationFailed"} var UnableToActivate = CustomError{Code: 111, Message: "UnableToActivate"} var WifiConfigurationWithWarnings = CustomError{Code: 112, Message: "WifiConfigurationWithWarnings"} var UnmarshalMessageFailed = CustomError{Code: 113, Message: "UnmarshalMessageFailed"} -var DeleteWifiConfigFailed = CustomError{Code: 114, Message: "DeleteWifiConfigFailed"} +var DeleteConfigsFailed = CustomError{Code: 114, Message: "DeleteConfigsFailed"} var MissingOrIncorrectWifiProfileName = CustomError{Code: 116, Message: "MissingOrIncorrectWifiProfileName"} var MissingIeee8021xConfiguration = CustomError{Code: 117, Message: "MissingIeee8021xConfiguration"} var SetMEBXPasswordFailed = CustomError{Code: 118, Message: "SetMEBXPasswordFailed"} @@ -124,6 +124,8 @@ var ActivationFailedGenerateNonce = CustomError{Code: 132, Message: "ActivationF var ActivationFailedSignString = CustomError{Code: 133, Message: "ActivationFailed", Details: "failed to create signed string"} var ActivationFailedGetControlMode = CustomError{Code: 134, Message: "ActivationFailed", Details: "failed to get control mode"} var ActivationFailedControlMode = CustomError{Code: 135, Message: "ActivationFailed", Details: "recieved invalid control mode"} +var DuplicateKey = CustomError{Code: 136, Message: "DuplicateKey", Details: "Key pair already exists"} +var WiredConfigurationFailed = CustomError{Code: 137, Message: "WiredConfigurationFailed"} // (150-199) Maintenance Errors var SyncClockFailed = CustomError{Code: 150, Message: "SyncClockFailed"}