github.com/vmware/govmomi@v0.51.0/object/host_certificate_manager.go (about) 1 // © Broadcom. All Rights Reserved. 2 // The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. 3 // SPDX-License-Identifier: Apache-2.0 4 5 package object 6 7 import ( 8 "context" 9 10 "github.com/vmware/govmomi/fault" 11 "github.com/vmware/govmomi/property" 12 "github.com/vmware/govmomi/vim25" 13 "github.com/vmware/govmomi/vim25/methods" 14 "github.com/vmware/govmomi/vim25/mo" 15 "github.com/vmware/govmomi/vim25/types" 16 ) 17 18 // HostCertificateManager provides helper methods around the HostSystem.ConfigManager.CertificateManager 19 type HostCertificateManager struct { 20 Common 21 Host *HostSystem 22 } 23 24 // NewHostCertificateManager creates a new HostCertificateManager helper 25 func NewHostCertificateManager(c *vim25.Client, ref types.ManagedObjectReference, host types.ManagedObjectReference) *HostCertificateManager { 26 return &HostCertificateManager{ 27 Common: NewCommon(c, ref), 28 Host: NewHostSystem(c, host), 29 } 30 } 31 32 // CertificateInfo wraps the host CertificateManager certificateInfo property with the HostCertificateInfo helper. 33 // The ThumbprintSHA1 field is set to HostSystem.Summary.Config.SslThumbprint if the host system is managed by a vCenter. 34 func (m HostCertificateManager) CertificateInfo(ctx context.Context) (*HostCertificateInfo, error) { 35 var hs mo.HostSystem 36 var cm mo.HostCertificateManager 37 38 pc := property.DefaultCollector(m.Client()) 39 40 err := pc.RetrieveOne(ctx, m.Reference(), []string{"certificateInfo"}, &cm) 41 if err != nil { 42 return nil, err 43 } 44 45 _ = pc.RetrieveOne(ctx, m.Host.Reference(), []string{"summary.config.sslThumbprint"}, &hs) 46 47 return &HostCertificateInfo{ 48 HostCertificateManagerCertificateInfo: cm.CertificateInfo, 49 ThumbprintSHA1: hs.Summary.Config.SslThumbprint, 50 }, nil 51 } 52 53 // GenerateCertificateSigningRequest requests the host system to generate a certificate-signing request (CSR) for itself. 54 // The CSR is then typically provided to a Certificate Authority to sign and issue the SSL certificate for the host system. 55 // Use InstallServerCertificate to import this certificate. 56 func (m HostCertificateManager) GenerateCertificateSigningRequest(ctx context.Context, useIPAddressAsCommonName bool) (string, error) { 57 req := types.GenerateCertificateSigningRequest{ 58 This: m.Reference(), 59 UseIpAddressAsCommonName: useIPAddressAsCommonName, 60 } 61 62 res, err := methods.GenerateCertificateSigningRequest(ctx, m.Client(), &req) 63 if err != nil { 64 return "", err 65 } 66 67 return res.Returnval, nil 68 } 69 70 // GenerateCertificateSigningRequestByDn requests the host system to generate a certificate-signing request (CSR) for itself. 71 // Alternative version similar to GenerateCertificateSigningRequest but takes a Distinguished Name (DN) as a parameter. 72 func (m HostCertificateManager) GenerateCertificateSigningRequestByDn(ctx context.Context, distinguishedName string) (string, error) { 73 req := types.GenerateCertificateSigningRequestByDn{ 74 This: m.Reference(), 75 DistinguishedName: distinguishedName, 76 } 77 78 res, err := methods.GenerateCertificateSigningRequestByDn(ctx, m.Client(), &req) 79 if err != nil { 80 return "", err 81 } 82 83 return res.Returnval, nil 84 } 85 86 // InstallServerCertificate imports the given SSL certificate to the host system. 87 func (m HostCertificateManager) InstallServerCertificate(ctx context.Context, cert string) error { 88 req := types.InstallServerCertificate{ 89 This: m.Reference(), 90 Cert: cert, 91 } 92 93 _, err := methods.InstallServerCertificate(ctx, m.Client(), &req) 94 if err != nil { 95 return err 96 } 97 98 // NotifyAffectedService is internal, not exposing as we don't have a use case other than with InstallServerCertificate 99 // Without this call, hostd needs to be restarted to use the updated certificate 100 // Note: using Refresh as it has the same struct/signature, we just need to use different xml name tags 101 body := struct { 102 Req *types.Refresh `xml:"urn:vim25 NotifyAffectedServices,omitempty"` 103 Res *types.RefreshResponse `xml:"urn:vim25 NotifyAffectedServicesResponse,omitempty"` 104 methods.RefreshBody 105 }{ 106 Req: &types.Refresh{This: m.Reference()}, 107 } 108 109 err = m.Client().RoundTrip(ctx, &body, &body) 110 if err != nil && fault.Is(err, &types.MethodNotFound{}) { 111 return nil 112 } 113 return err 114 } 115 116 // ListCACertificateRevocationLists returns the SSL CRLs of Certificate Authorities that are trusted by the host system. 117 func (m HostCertificateManager) ListCACertificateRevocationLists(ctx context.Context) ([]string, error) { 118 req := types.ListCACertificateRevocationLists{ 119 This: m.Reference(), 120 } 121 122 res, err := methods.ListCACertificateRevocationLists(ctx, m.Client(), &req) 123 if err != nil { 124 return nil, err 125 } 126 127 return res.Returnval, nil 128 } 129 130 // ListCACertificates returns the SSL certificates of Certificate Authorities that are trusted by the host system. 131 func (m HostCertificateManager) ListCACertificates(ctx context.Context) ([]string, error) { 132 req := types.ListCACertificates{ 133 This: m.Reference(), 134 } 135 136 res, err := methods.ListCACertificates(ctx, m.Client(), &req) 137 if err != nil { 138 return nil, err 139 } 140 141 return res.Returnval, nil 142 } 143 144 // ReplaceCACertificatesAndCRLs replaces the trusted CA certificates and CRL used by the host system. 145 // These determine whether the server can verify the identity of an external entity. 146 func (m HostCertificateManager) ReplaceCACertificatesAndCRLs(ctx context.Context, caCert []string, caCrl []string) error { 147 req := types.ReplaceCACertificatesAndCRLs{ 148 This: m.Reference(), 149 CaCert: caCert, 150 CaCrl: caCrl, 151 } 152 153 _, err := methods.ReplaceCACertificatesAndCRLs(ctx, m.Client(), &req) 154 return err 155 }