feat: move http client to tls

Signed-off-by: Suraj Shirvankar <[email protected]>

sztp-agent/cmd/daemon.go

@@ -59,7 +59,7 @@ func Daemon() *cobra.Command {
 					return fmt.Errorf("must not be folder: %q", filePath)
 				}
 			}
-			client := secureagent.NewHttpClient(bootstrapTrustAnchorCert, deviceEndEntityCert, devicePrivateKey)
+			client := secureagent.NewHTTPClient(bootstrapTrustAnchorCert, deviceEndEntityCert, devicePrivateKey)
 			a := secureagent.NewAgent(bootstrapURL, serialNumber, dhcpLeaseFile, devicePassword, devicePrivateKey, deviceEndEntityCert, bootstrapTrustAnchorCert, &client)
 			return a.RunCommandDaemon()
 		},

sztp-agent/cmd/disable.go

@@ -34,7 +34,7 @@ func Disable() *cobra.Command {
 		Use:   "disable",
 		Short: "Run the disable command",
 		RunE: func(_ *cobra.Command, _ []string) error {
-			client := secureagent.NewHttpClient(bootstrapTrustAnchorCert, deviceEndEntityCert, devicePrivateKey)
+			client := secureagent.NewHTTPClient(bootstrapTrustAnchorCert, deviceEndEntityCert, devicePrivateKey)
 			a := secureagent.NewAgent(bootstrapURL, serialNumber, dhcpLeaseFile, devicePassword, devicePrivateKey, deviceEndEntityCert, bootstrapTrustAnchorCert, &client)
 			return a.RunCommandDisable()
 		},

sztp-agent/cmd/enable.go

@@ -34,7 +34,7 @@ func Enable() *cobra.Command {
 		Use:   "enable",
 		Short: "Run the enable command",
 		RunE: func(_ *cobra.Command, _ []string) error {
-			client := secureagent.NewHttpClient(bootstrapTrustAnchorCert, deviceEndEntityCert, devicePrivateKey)
+			client := secureagent.NewHTTPClient(bootstrapTrustAnchorCert, deviceEndEntityCert, devicePrivateKey)
 			a := secureagent.NewAgent(bootstrapURL, serialNumber, dhcpLeaseFile, devicePassword, devicePrivateKey, deviceEndEntityCert, bootstrapTrustAnchorCert, &client)
 			return a.RunCommandEnable()
 		},

sztp-agent/cmd/run.go

@@ -59,7 +59,7 @@ func Run() *cobra.Command {
 					return fmt.Errorf("must not be folder: %q", filePath)
 				}
 			}
-			client := secureagent.NewHttpClient(bootstrapTrustAnchorCert, deviceEndEntityCert, devicePrivateKey)
+			client := secureagent.NewHTTPClient(bootstrapTrustAnchorCert, deviceEndEntityCert, devicePrivateKey)
 			a := secureagent.NewAgent(bootstrapURL, serialNumber, dhcpLeaseFile, devicePassword, devicePrivateKey, deviceEndEntityCert, bootstrapTrustAnchorCert, &client)
 			return a.RunCommand()
 		},

sztp-agent/cmd/status.go

@@ -34,7 +34,7 @@ func Status() *cobra.Command {
 		Use:   "status",
 		Short: "Run the status command",
 		RunE: func(_ *cobra.Command, _ []string) error {
-			client := secureagent.NewHttpClient(bootstrapTrustAnchorCert, deviceEndEntityCert, devicePrivateKey)
+			client := secureagent.NewHTTPClient(bootstrapTrustAnchorCert, deviceEndEntityCert, devicePrivateKey)
 			a := secureagent.NewAgent(bootstrapURL, serialNumber, dhcpLeaseFile, devicePassword, devicePrivateKey, deviceEndEntityCert, bootstrapTrustAnchorCert, &client)
 			return a.RunCommandStatus()
 		},

sztp-agent/pkg/secureagent/agent.go

@@ -10,10 +10,7 @@ Copyright (C) 2022 Red Hat.
 package secureagent
 
 import (
-	"crypto/tls"
-	"crypto/x509"
 	"net/http"
-	"os"
 )
 
 const (
@@ -184,25 +181,3 @@ func (a *Agent) SetContentTypeReq(ct string) {
 func (a *Agent) SetProgressJSON(p ProgressJSON) {
 	a.ProgressJSON = p
 }
-
-func NewHttpClient(bootstrapTrustAnchorCert string, deviceEndEntityCert string, devicePrivateKey string) http.Client {
-	caCert, _ := os.ReadFile(bootstrapTrustAnchorCert)
-	caCertPool := x509.NewCertPool()
-	caCertPool.AppendCertsFromPEM(caCert)
-	cert, _ := tls.LoadX509KeyPair(deviceEndEntityCert, devicePrivateKey)
-	client := http.Client{
-		CheckRedirect: func(r *http.Request, _ []*http.Request) error {
-			r.URL.Opaque = r.URL.Path
-			return nil
-		},
-		Transport: &http.Transport{
-			TLSClientConfig: &tls.Config{
-				//nolint:gosec
-				InsecureSkipVerify: true, // TODO: remove skip verify
-				RootCAs:            caCertPool,
-				Certificates:       []tls.Certificate{cert},
-			},
-		},
-	}
-	return client
-}

sztp-agent/pkg/secureagent/configuration.go

@@ -0,0 +1,94 @@
+package secureagent
+
+import (
+	"encoding/base64"
+	"log"
+	"os"
+	"os/exec"
+)
+
+func (a *Agent) copyConfigurationFile() error {
+	log.Println("[INFO] Starting the Copy Configuration.")
+	_ = a.doReportProgress(ProgressTypeConfigInitiated, "Configuration Initiated")
+	// Copy the configuration file to the device
+	file, err := os.Create(ARTIFACTS_PATH + a.BootstrapServerOnboardingInfo.IetfSztpConveyedInfoOnboardingInformation.InfoTimestampReference + "-config")
+	if err != nil {
+		log.Println("[ERROR] creating the configuration file", err.Error())
+		return err
+	}
+	defer func() {
+		if err := file.Close(); err != nil {
+			log.Println("[ERROR] Error when closing:", err)
+		}
+	}()
+
+	plainTest, _ := base64.StdEncoding.DecodeString(a.BootstrapServerOnboardingInfo.IetfSztpConveyedInfoOnboardingInformation.Configuration)
+	_, err = file.WriteString(string(plainTest))
+	if err != nil {
+		log.Println("[ERROR] writing the configuration file", err.Error())
+		return err
+	}
+	// nolint:gosec
+	err = os.Chmod(ARTIFACTS_PATH+a.BootstrapServerOnboardingInfo.IetfSztpConveyedInfoOnboardingInformation.InfoTimestampReference+"-config", 0744)
+	if err != nil {
+		log.Println("[ERROR] changing the configuration file permission", err.Error())
+		return err
+	}
+	log.Println("[INFO] Configuration file copied successfully")
+	_ = a.doReportProgress(ProgressTypeConfigComplete, "Configuration Complete")
+	return nil
+}
+
+func (a *Agent) launchScriptsConfiguration(typeOf string) error {
+	var script, scriptName string
+	var reportStart, reportEnd ProgressType
+	switch typeOf {
+	case "post":
+		script = a.BootstrapServerOnboardingInfo.IetfSztpConveyedInfoOnboardingInformation.PostConfigurationScript
+		scriptName = "post"
+		reportStart = ProgressTypePostScriptInitiated
+		reportEnd = ProgressTypePostScriptComplete
+	default: // pre or default
+		script = a.BootstrapServerOnboardingInfo.IetfSztpConveyedInfoOnboardingInformation.PreConfigurationScript
+		scriptName = "pre"
+		reportStart = ProgressTypePreScriptInitiated
+		reportEnd = ProgressTypePreScriptComplete
+	}
+	log.Println("[INFO] Starting the " + scriptName + "-configuration.")
+	_ = a.doReportProgress(reportStart, "Report starting")
+	// nolint:gosec
+	file, err := os.Create(ARTIFACTS_PATH + a.BootstrapServerOnboardingInfo.IetfSztpConveyedInfoOnboardingInformation.InfoTimestampReference + scriptName + "configuration.sh")
+	if err != nil {
+		log.Println("[ERROR] creating the "+scriptName+"-configuration script", err.Error())
+		return err
+	}
+	defer func() {
+		if err := file.Close(); err != nil {
+			log.Println("[ERROR] Error when closing:", err)
+		}
+	}()
+
+	plainTest, _ := base64.StdEncoding.DecodeString(script)
+	_, err = file.WriteString(string(plainTest))
+	if err != nil {
+		log.Println("[ERROR] writing the "+scriptName+"-configuration script", err.Error())
+		return err
+	}
+	// nolint:gosec
+	err = os.Chmod(ARTIFACTS_PATH+a.BootstrapServerOnboardingInfo.IetfSztpConveyedInfoOnboardingInformation.InfoTimestampReference+scriptName+"configuration.sh", 0755)
+	if err != nil {
+		log.Println("[ERROR] changing the "+scriptName+"-configuration script permission", err.Error())
+		return err
+	}
+	log.Println("[INFO] " + scriptName + "-configuration script created successfully")
+	cmd := exec.Command("/bin/sh", ARTIFACTS_PATH+a.BootstrapServerOnboardingInfo.IetfSztpConveyedInfoOnboardingInformation.InfoTimestampReference+scriptName+"configuration.sh") //nolint:gosec
+	out, err := cmd.Output()
+	if err != nil {
+		log.Println("[ERROR] running the "+scriptName+"-configuration script", err.Error())
+		return err
+	}
+	log.Println(string(out)) // remove it
+	_ = a.doReportProgress(reportEnd, "Report end")
+	log.Println("[INFO] " + scriptName + "-Configuration script executed successfully")
+	return nil
+}