Public/Get-IBCLIApacheCerts.ps1
|
function Get-IBCLIApacheCerts { [CmdletBinding()] param( [Parameter( ParameterSetName='NewStream', Mandatory=$true, Position=0, HelpMessage='Enter the Hostname or IP Address of an Infoblox appliance.' )] [ValidateNotNullOrEmpty()] [string] $ComputerName, [Parameter( ParameterSetName='ExistingStream', Mandatory=$true, Position=0, HelpMessage='Enter the ShellStream object returned by Connect-IBCLI.' )] [ValidateNotNull()] [Renci.SshNet.ShellStream] $ShellStream, [Parameter( ParameterSetName='NewStream', Mandatory=$true, Position=1, HelpMessage='Enter the credentials for the appliance.' )] [PSCredential] $Credential, [Parameter( ParameterSetName='NewStream' )] [Switch] $Force ) if ($PSCmdlet.ParameterSetName -eq 'NewStream') { $ShellStream = Connect-IBCLI $ComputerName $Credential -Force:$Force -ErrorAction Stop } Write-Verbose "Fetching 'set apache_https_cert' output from $($ShellStream.Session.ConnectionInfo.Host)" <# There's no 'show apache_https_cert' command, but the 'set' equivalent outputs all the info we need and we can just quit the prompt without making changes. It looks something like this: Current apache certificate: Serial: 73000000313fc79913148368ae000000000031 Common name: ib1test.example.com Available certificates: 1. Serial: 259fb5e9e47c9ea8e64ba3bba692b070 , Common name: infoblox.localdomain 2. Serial: 641ba8024f8a93879a504a49bf58bbef , Common name: infoblox.localdomain 3. Serial: 59b86fe0dc3337606a87ce0dedc09076 , Common name: ib1test.example.com 4. Serial: 73000000313fc79913148368ae000000000031 , Common name: ib1test.example.com Select certificate (1-4) or q to quit: #> try { # make sure this appliance supports the command (NIOS 8.4+) $output = Invoke-IBCLICommand 'help set' $ShellStream if ($null -eq ($output | Where-Object { $_ -like '*set apache_https_cert*' })) { throw "The NIOS version on this appliance does not support the 'set apache_https_cert' command required to get the certificate info." } # # get the command output $output = Invoke-IBCLICommand 'set apache_https_cert' $ShellStream $reCert = '(?<index>\d+)\. [^:]+: (?<serial>\w+) , [^:]+: (?<cn>.+)' $gotCurrent = $false for ($i=0; $i -lt $output.Count; $i++) { $line = $output[$i] if (-not $gotCurrent -and $line -like 'Current apache certificate:*') { $curSerial = $output[$i+1].Trim() $curSerial = $curSerial.Substring($curSerial.IndexOf(':')+1) Write-Verbose $curSerial $curCN = $output[$i+2].Trim() $curCN = $curCN.Substring($curCN.IndexOf(':')+1) Write-Verbose $curCN $i += 2 $gotCurrent = $true continue } if ($gotCurrent -and $line -match $reCert) { $index = $matches['index'] $serial = $matches['serial'] $cn = $matches['cn'] Write-Verbose "$index, $serial, $cn" } } $output = Invoke-IBCLICommand 'q' $ShellStream # $csv = $output[0..($output.length-2)] | ConvertFrom-Csv # $ret = $csv | ?{ $_.public_ip -eq $ip } | # Select ` # @{L='LicenseType';E={$_.license_type}}, ` # @{L='LicenseString';E={$_.license_string}}, ` # @{L='HardwareID';E={$hwid}}, ` # @{L='Expiration';E={ # $outdate = [DateTime]::MinValue # if ([DateTime]::TryParse($_.exp_date,[ref]$outdate)) { # $outdate # } else { # # unparseable usually means 'Permanent' # [DateTime]::MaxValue # } # }} # # inject the type name for each result # $ret | %{ # $_.PSObject.TypeNames.Insert(0,'Dvolve.IBCLI.License') # } # return $ret } finally { # disconnect if we initiated the connection here if ($PSCmdlet.ParameterSetName -eq 'NewStream') { Disconnect-IBCLI $ShellStream } } } |