Public/Get-IBCLIApacheCerts.ps1
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 |
function Get-IBCLIApacheCerts { [CmdletBinding()] param( [Parameter( ParameterSetName='NewStream', Mandatory=$true, Position=0, HelpMessage='Enter the Hostname or IP Address of an Infoblox appliance.' )] [ValidateNotNullOrEmpty()] [string] $ComputerName, [Parameter( ParameterSetName='ExistingStream', Mandatory=$true, Position=0, HelpMessage='Enter the ShellStream object returned by Connect-IBCLI.' )] [ValidateNotNull()] [Renci.SshNet.ShellStream] $ShellStream, [Parameter( ParameterSetName='NewStream', Mandatory=$true, Position=1, HelpMessage='Enter the credentials for the appliance.' )] [PSCredential] $Credential, [Parameter( ParameterSetName='NewStream' )] [Switch] $Force ) if ($PSCmdlet.ParameterSetName -eq 'NewStream') { $ShellStream = Connect-IBCLI $ComputerName $Credential -Force:$Force -ErrorAction Stop } Write-Verbose "Fetching 'set apache_https_cert' output from $($ShellStream.Session.ConnectionInfo.Host)" <# There's no 'show apache_https_cert' command, but the 'set' equivalent outputs all the info we need and we can just quit the prompt without making changes. It looks something like this: Current apache certificate: Serial: 73000000313fc79913148368ae000000000031 Common name: ib1test.example.com Available certificates: 1. Serial: 259fb5e9e47c9ea8e64ba3bba692b070 , Common name: infoblox.localdomain 2. Serial: 641ba8024f8a93879a504a49bf58bbef , Common name: infoblox.localdomain 3. Serial: 59b86fe0dc3337606a87ce0dedc09076 , Common name: ib1test.example.com 4. Serial: 73000000313fc79913148368ae000000000031 , Common name: ib1test.example.com Select certificate (1-4) or q to quit: #> try { # make sure this appliance supports the command (NIOS 8.4+) $output = Invoke-IBCLICommand 'help set' $ShellStream if ($null -eq ($output | Where-Object { $_ -like '*set apache_https_cert*' })) { throw "The NIOS version on this appliance does not support the 'set apache_https_cert' command required to get the certificate info." } # # get the command output $output = Invoke-IBCLICommand 'set apache_https_cert' $ShellStream $reCert = '(?<index>\d+)\. [^:]+: (?<serial>\w+) , [^:]+: (?<cn>.+)' $gotCurrent = $false for ($i=0; $i -lt $output.Count; $i++) { $line = $output[$i] if (-not $gotCurrent -and $line -like 'Current apache certificate:*') { $curSerial = $output[$i+1].Trim() $curSerial = $curSerial.Substring($curSerial.IndexOf(':')+1) Write-Verbose $curSerial $curCN = $output[$i+2].Trim() $curCN = $curCN.Substring($curCN.IndexOf(':')+1) Write-Verbose $curCN $i += 2 $gotCurrent = $true continue } if ($gotCurrent -and $line -match $reCert) { $index = $matches['index'] $serial = $matches['serial'] $cn = $matches['cn'] Write-Verbose "$index, $serial, $cn" } } $output = Invoke-IBCLICommand 'q' $ShellStream # $csv = $output[0..($output.length-2)] | ConvertFrom-Csv # $ret = $csv | ?{ $_.public_ip -eq $ip } | # Select ` # @{L='LicenseType';E={$_.license_type}}, ` # @{L='LicenseString';E={$_.license_string}}, ` # @{L='HardwareID';E={$hwid}}, ` # @{L='Expiration';E={ # $outdate = [DateTime]::MinValue # if ([DateTime]::TryParse($_.exp_date,[ref]$outdate)) { # $outdate # } else { # # unparseable usually means 'Permanent' # [DateTime]::MaxValue # } # }} # # inject the type name for each result # $ret | %{ # $_.PSObject.TypeNames.Insert(0,'Dvolve.IBCLI.License') # } # return $ret } finally { # disconnect if we initiated the connection here if ($PSCmdlet.ParameterSetName -eq 'NewStream') { Disconnect-IBCLI $ShellStream } } } |