openwrt login

1curl -XPOST  curl --location -v --request POST 'https://10-233-76-144.default.pod.cluster.local/cgi-bin/luci/?luci_username=root&luci_password=root1' --cacert ./ca.pem
2
3  # Cert is the cnf-default-cert, must use the h
4curl --location -v --request POST 'https://10-233-76-144.default.pod.cluster.local/cgi-bin/luci/' \
5--header 'Content-Type: application/x-www-form-urlencoded' \
6--data-urlencode 'luci_username=root' \
7--data-urlencode 'luci_password=root1' \
8--cacert ./ca.pem 

Create CSR

1curl -XGET 'https://10-233-76-144.default.pod.cluster.local/cgi-bin/luci/sdewan/nat/v1/nats' --cacert ./ca.pem 
1curl -XGET 'https://10-233-76-144.default.pod.cluster.local/cgi-bin/luci/sdewan/pkcs11/v1/crs' --cacert ./ca.pem 
 1#!/bin/bash
 2
 3set -x
 4
 5cnf_ip="10-233-76-144.default.pod.cluster.local"
 6cert_label="node-1"
 7cert_subject="/CN=node-1"
 8
 9# you alway a same csr, even you try many times
10curl --location --request POST "https://${cnf_ip}/cgi-bin/luci/sdewan/pkcs11/v1/crs" \
11--header 'Content-Type: application/json' \
12--data-raw "{
13    \"cert\": {
14        \"key_pair\": {
15            \"key_type\": \"rsa:2048\",
16            \"label\": \"${cert_label}\",
17            \"id\": \"0001\"
18        },
19        \"subject\": \"${cert_subject}\",
20        \"pem\": \"\"
21    }
22}" --cert ca.pem | tee  new.csr
23
24openssl x509 -req -days 365 -CA caCert.pem -CAkey caKey.pem -set_serial 1 -in new.csr -out client.crt
25
26cert="-----BEGIN CERTIFICATE-----\n$(cat client.crt|awk "NR>1{print $1}"|sed '$d'|tr -d "\n")\n-----END CERTIFICATE-----"
27
28curl --location --request POST "https://${cnf_ip}/cgi-bin/luci/sdewan/pkcs11/v1/cert" \
29--header 'Content-Type: application/json' \
30--data-raw "{
31    \"token\": {
32        \"label\": \"sdewan-sgx\",
33        \"slot\": 0,
34        \"so_pin\": \"12345678\",
35        \"pin\": \"12345678\"
36    },
37    \"cert\": {
38        \"key_pair\": {
39            \"key_type\": \"rsa:2048\",
40            \"label\": \"node-1\",
41            \"id\": \"12345678\"
42        },
43        \"subject\": \"/CN=node-1\",
44        \"pem\": \"${cert}\"
45    }
46}"
 1pkcs11-tool --module /lib/x86_64-linux-gnu/pkcs11/p11-kit-client.so -L
 2    2  pkcs11-tool --module /usr/local/lib/libp11sgx.so  --login --pin 12345678  -O
 3    3  pkcs11-tool --module /usr/local/lib/libp11sgx.so  --login --pin 12345678  -b --type cert --label node-1
 4    4  pkcs11-tool --module /usr/local/lib/libp11sgx.so  -L
 5    5  pkcs11-tool --module /usr/local/lib/libp11sgx.so  --login --pin 12345678  -b --type cert --label node-1 --slot 0x7bfa3749
 6    6  pkcs11-tool --module /usr/local/lib/libp11sgx.so  -L
 7    7  pkcs11-tool --module /usr/local/lib/libp11sgx.so  --login --pin 12345678  -O
 8    8  pkcs11-tool --module /usr/local/lib/libp11sgx.so  --login --pin 12345678  -b --type cert --label node-1 --slot 0x7bfa3749
 9    9  pkcs11-tool --module /usr/local/lib/libp11sgx.so  --login --pin 12345678  -O
10   10  pkcs11-tool --module /usr/local/lib/libp11sgx.so  --login --pin 12345678  -b --type cert --label node-1 --slot 0x7bfa3749
11   11  pkcs11-tool --module /usr/local/lib/libp11sgx.so  --login --pin 12345678  -O
12   12  pkcs11-tool --help > help
13   13  vi help
14   14  apt update
15   15  apt install vim
16   16  ls
17   17  vi help
18   18  -O
19   19  pkcs11-tool --module /usr/local/lib/libp11sgx.so  --login --pin 12345678  -O
20   20  pkcs11-tool --module /usr/local/lib/libp11sgx.so  --login --pin 12345678  -b --type cert --label node-1 --slot 0x7bfa3749
21   21  pkcs11-tool --module /usr/local/lib/libp11sgx.so  --login --pin 12345678  -O
22   22  pkcs11-tool --module /usr/local/lib/libp11sgx.so  -L
23   23  pkcs11-tool --module /usr/local/lib/libp11sgx.so  --login --pin 12345678  -O
24   24  pkcs11-tool --module /usr/local/lib/libp11sgx.so  --login --pin 12345678  -b --type cert --label node-1 --token sdewan-sgx
25   25  pkcs11-tool --module /usr/local/lib/libp11sgx.so  --login --pin 12345678  -O
26   26  pkcs11-tool --module /usr/local/lib/libp11sgx.so  --login --pin 12345678  -b --type cert --label node-1 --token sdewan-sgx
27
28
29
30 certificatesigningrequests.certificates.k8s.io