2019-02-25 14:48:22 +01:00
|
|
|
/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
|
2014-10-21 11:44:21 +02:00
|
|
|
|
|
|
|
#include "cli/pkisavecertcommand.hpp"
|
2017-09-05 14:44:56 +02:00
|
|
|
#include "remote/pkiutility.hpp"
|
2014-10-21 11:44:21 +02:00
|
|
|
#include "base/logger.hpp"
|
2015-11-24 17:01:46 +01:00
|
|
|
#include "base/tlsutility.hpp"
|
2017-09-06 13:15:56 +02:00
|
|
|
#include "base/console.hpp"
|
2017-10-02 13:49:42 +02:00
|
|
|
#include <iostream>
|
2014-10-21 11:44:21 +02:00
|
|
|
|
|
|
|
using namespace icinga;
|
|
|
|
namespace po = boost::program_options;
|
|
|
|
|
|
|
|
REGISTER_CLICOMMAND("pki/save-cert", PKISaveCertCommand);
|
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
String PKISaveCertCommand::GetDescription() const
|
2014-10-21 11:44:21 +02:00
|
|
|
{
|
|
|
|
return "Saves another Icinga 2 instance's certificate.";
|
|
|
|
}
|
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
String PKISaveCertCommand::GetShortDescription() const
|
2014-10-21 11:44:21 +02:00
|
|
|
{
|
|
|
|
return "saves another Icinga 2 instance's certificate";
|
|
|
|
}
|
|
|
|
|
|
|
|
void PKISaveCertCommand::InitParameters(boost::program_options::options_description& visibleDesc,
|
2017-12-19 15:50:05 +01:00
|
|
|
boost::program_options::options_description& hiddenDesc) const
|
2014-10-21 11:44:21 +02:00
|
|
|
{
|
|
|
|
visibleDesc.add_options()
|
2017-12-19 15:50:05 +01:00
|
|
|
("key", po::value<std::string>(), "Key file path (input), obsolete")
|
|
|
|
("cert", po::value<std::string>(), "Certificate file path (input), obsolete")
|
|
|
|
("trustedcert", po::value<std::string>(), "Trusted certificate file path (output)")
|
|
|
|
("host", po::value<std::string>(), "Icinga 2 host")
|
|
|
|
("port", po::value<std::string>()->default_value("5665"), "Icinga 2 port");
|
2014-10-21 11:44:21 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
std::vector<String> PKISaveCertCommand::GetArgumentSuggestions(const String& argument, const String& word) const
|
|
|
|
{
|
2014-10-22 15:36:39 +02:00
|
|
|
if (argument == "key" || argument == "cert" || argument == "trustedcert")
|
2014-10-21 11:44:21 +02:00
|
|
|
return GetBashCompletionSuggestions("file", word);
|
|
|
|
else if (argument == "host")
|
|
|
|
return GetBashCompletionSuggestions("hostname", word);
|
|
|
|
else if (argument == "port")
|
|
|
|
return GetBashCompletionSuggestions("service", word);
|
|
|
|
else
|
|
|
|
return CLICommand::GetArgumentSuggestions(argument, word);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* The entry point for the "pki save-cert" CLI command.
|
|
|
|
*
|
|
|
|
* @returns An exit status.
|
|
|
|
*/
|
|
|
|
int PKISaveCertCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
|
|
|
|
{
|
|
|
|
if (!vm.count("host")) {
|
|
|
|
Log(LogCritical, "cli", "Icinga 2 host (--host) must be specified.");
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2014-10-22 15:36:39 +02:00
|
|
|
if (!vm.count("trustedcert")) {
|
|
|
|
Log(LogCritical, "cli", "Trusted certificate output file path (--trustedcert) must be specified.");
|
2014-10-21 11:44:21 +02:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2017-09-06 13:15:56 +02:00
|
|
|
String host = vm["host"].as<std::string>();
|
|
|
|
String port = vm["port"].as<std::string>();
|
|
|
|
|
|
|
|
Log(LogInformation, "cli")
|
2017-12-19 15:50:05 +01:00
|
|
|
<< "Retrieving X.509 certificate for '" << host << ":" << port << "'.";
|
2017-09-06 13:15:56 +02:00
|
|
|
|
2017-11-21 13:20:55 +01:00
|
|
|
std::shared_ptr<X509> cert = PkiUtility::FetchCert(host, port);
|
2014-10-21 11:44:21 +02:00
|
|
|
|
2015-11-24 17:01:46 +01:00
|
|
|
if (!cert) {
|
2017-09-06 13:15:56 +02:00
|
|
|
Log(LogCritical, "cli", "Failed to fetch certificate from host.");
|
2015-11-24 17:01:46 +01:00
|
|
|
return 1;
|
|
|
|
}
|
2014-10-21 11:44:21 +02:00
|
|
|
|
2017-09-06 13:15:56 +02:00
|
|
|
std::cout << PkiUtility::GetCertificateInformation(cert) << "\n";
|
|
|
|
std::cout << ConsoleColorTag(Console_ForegroundRed)
|
2017-12-19 15:50:05 +01:00
|
|
|
<< "***\n"
|
|
|
|
<< "*** You have to ensure that this certificate actually matches the parent\n"
|
|
|
|
<< "*** instance's certificate in order to avoid man-in-the-middle attacks.\n"
|
|
|
|
<< "***\n\n"
|
|
|
|
<< ConsoleColorTag(Console_Normal);
|
2017-09-06 13:15:56 +02:00
|
|
|
|
2015-11-24 17:01:46 +01:00
|
|
|
return PkiUtility::WriteCert(cert, vm["trustedcert"].as<std::string>());
|
2014-10-21 11:44:21 +02:00
|
|
|
}
|