github.com/vmware/govmomi@v0.51.0/simulator/host_certificate_manager.go (about) 1 // © Broadcom. All Rights Reserved. 2 // The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. 3 // SPDX-License-Identifier: Apache-2.0 4 5 package simulator 6 7 import ( 8 "bytes" 9 "crypto/rand" 10 "crypto/rsa" 11 "crypto/x509" 12 "encoding/pem" 13 "net" 14 15 "github.com/vmware/govmomi/object" 16 "github.com/vmware/govmomi/vim25/methods" 17 "github.com/vmware/govmomi/vim25/mo" 18 "github.com/vmware/govmomi/vim25/soap" 19 "github.com/vmware/govmomi/vim25/types" 20 ) 21 22 type HostCertificateManager struct { 23 mo.HostCertificateManager 24 25 Host *mo.HostSystem 26 } 27 28 func (m *HostCertificateManager) init(r *Registry) { 29 for _, obj := range r.objects { 30 if h, ok := obj.(*HostSystem); ok { 31 if h.ConfigManager.CertificateManager.Value == m.Self.Value { 32 m.Host = &h.HostSystem 33 } 34 } 35 } 36 } 37 38 func NewHostCertificateManager(ctx *Context, h *mo.HostSystem) *HostCertificateManager { 39 m := &HostCertificateManager{Host: h} 40 41 _ = m.InstallServerCertificate(ctx, &types.InstallServerCertificate{ 42 Cert: string(m.Host.Config.Certificate), 43 }) 44 45 return m 46 } 47 48 func (m *HostCertificateManager) InstallServerCertificate(ctx *Context, req *types.InstallServerCertificate) soap.HasFault { 49 body := new(methods.InstallServerCertificateBody) 50 51 var info object.HostCertificateInfo 52 cert := []byte(req.Cert) 53 _, err := info.FromPEM(cert) 54 if err != nil { 55 body.Fault_ = Fault(err.Error(), new(types.HostConfigFault)) 56 return body 57 } 58 59 m.CertificateInfo = info.HostCertificateManagerCertificateInfo 60 61 m.Host.Config.Certificate = cert 62 63 body.Res = new(types.InstallServerCertificateResponse) 64 65 return body 66 } 67 68 func (m *HostCertificateManager) GenerateCertificateSigningRequest(ctx *Context, req *types.GenerateCertificateSigningRequest) soap.HasFault { 69 block, _ := pem.Decode(m.Host.Config.Certificate) 70 cert, err := x509.ParseCertificate(block.Bytes) 71 if err != nil { 72 panic(err) 73 } 74 75 csr := x509.CertificateRequest{ 76 Subject: cert.Subject, 77 SignatureAlgorithm: x509.SHA256WithRSA, 78 } 79 80 if req.UseIpAddressAsCommonName { 81 csr.IPAddresses = []net.IP{net.ParseIP(m.Host.Summary.ManagementServerIp)} 82 } else { 83 csr.DNSNames = []string{m.Host.Name} 84 } 85 86 key, _ := rsa.GenerateKey(rand.Reader, 2048) 87 der, _ := x509.CreateCertificateRequest(rand.Reader, &csr, key) 88 var buf bytes.Buffer 89 err = pem.Encode(&buf, &pem.Block{Type: "CERTIFICATE REQUEST", Bytes: der}) 90 if err != nil { 91 panic(err) 92 } 93 94 return &methods.GenerateCertificateSigningRequestBody{ 95 Res: &types.GenerateCertificateSigningRequestResponse{ 96 Returnval: buf.String(), 97 }, 98 } 99 }