diff --git a/lib/cli/apisetuputility.cpp b/lib/cli/apisetuputility.cpp index c5a9c928a..6a1885e32 100644 --- a/lib/cli/apisetuputility.cpp +++ b/lib/cli/apisetuputility.cpp @@ -21,6 +21,7 @@ #include "cli/pkiutility.hpp" #include "cli/nodeutility.hpp" #include "cli/featureutility.hpp" +#include "remote/apilistener.hpp" #include "base/logger.hpp" #include "base/console.hpp" #include "base/application.hpp" @@ -68,7 +69,7 @@ bool ApiSetupUtility::SetupMasterCertificates(const String& cn) if (PkiUtility::NewCa() > 0) Log(LogWarning, "cli", "Found CA, skipping and using the existing one."); - String pki_path = PkiUtility::GetPkiPath(); + String pki_path = ApiListener::GetPkiDir(); Utility::MkDirP(pki_path, 0700); String user = ScriptGlobal::Get("RunAsUser"); @@ -116,7 +117,7 @@ bool ApiSetupUtility::SetupMasterCertificates(const String& cn) } /* Copy CA certificate to /etc/icinga2/pki */ - String ca_path = PkiUtility::GetLocalCaPath(); + String ca_path = ApiListener::GetCaDir(); String ca = ca_path + "/ca.crt"; String ca_key = ca_path + "/ca.key"; String target_ca = pki_path + "/ca.crt"; diff --git a/lib/cli/calistcommand.cpp b/lib/cli/calistcommand.cpp index 5cab64b6e..b538b772f 100644 --- a/lib/cli/calistcommand.cpp +++ b/lib/cli/calistcommand.cpp @@ -18,6 +18,7 @@ ******************************************************************************/ #include "cli/calistcommand.hpp" +#include "remote/apilistener.hpp" #include "base/logger.hpp" #include "base/application.hpp" #include "base/tlsutility.hpp" @@ -100,7 +101,7 @@ int CAListCommand::Run(const boost::program_options::variables_map& vm, const st { Dictionary::Ptr requests = new Dictionary(); - String requestDir = Application::GetLocalStateDir() + "/lib/icinga2/pki-requests"; + String requestDir = ApiListener::GetPkiRequestsDir(); if (Utility::PathExists(requestDir)) Utility::Glob(requestDir + "/*.json", boost::bind(&CollectRequestHandler, requests, _1), GlobFile); diff --git a/lib/cli/casigncommand.cpp b/lib/cli/casigncommand.cpp index 6ca2ff55d..a61bb2cc7 100644 --- a/lib/cli/casigncommand.cpp +++ b/lib/cli/casigncommand.cpp @@ -18,6 +18,7 @@ ******************************************************************************/ #include "cli/casigncommand.hpp" +#include "remote/apilistener.hpp" #include "base/logger.hpp" #include "base/application.hpp" #include "base/tlsutility.hpp" @@ -53,7 +54,7 @@ ImpersonationLevel CASignCommand::GetImpersonationLevel(void) const */ int CASignCommand::Run(const boost::program_options::variables_map& vm, const std::vector& ap) const { - String requestFile = Application::GetLocalStateDir() + "/lib/icinga2/pki-requests/" + ap[0] + ".json"; + String requestFile = ApiListener::GetPkiRequestsDir() + "/" + ap[0] + ".json"; if (!Utility::PathExists(requestFile)) { Log(LogCritical, "cli") diff --git a/lib/cli/nodesetupcommand.cpp b/lib/cli/nodesetupcommand.cpp index 635d21bde..140cad998 100644 --- a/lib/cli/nodesetupcommand.cpp +++ b/lib/cli/nodesetupcommand.cpp @@ -22,6 +22,7 @@ #include "cli/featureutility.hpp" #include "cli/pkiutility.hpp" #include "cli/apisetuputility.hpp" +#include "remote/apilistener.hpp" #include "base/logger.hpp" #include "base/console.hpp" #include "base/application.hpp" @@ -130,7 +131,7 @@ int NodeSetupCommand::SetupMaster(const boost::program_options::variables_map& v cn = vm["cn"].as(); /* check whether the user wants to generate a new certificate or not */ - String existing_path = PkiUtility::GetPkiPath() + "/" + cn + ".crt"; + String existing_path = ApiListener::GetPkiDir() + "/" + cn + ".crt"; Log(LogInformation, "cli") << "Checking for existing certificates for common name '" << cn << "'..."; @@ -305,7 +306,7 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm, /* pki request a signed certificate from the master */ - String pki_path = PkiUtility::GetPkiPath(); + String pki_path = ApiListener::GetPkiDir(); Utility::MkDirP(pki_path, 0700); String user = ScriptGlobal::Get("RunAsUser"); @@ -440,7 +441,7 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm, NodeUtility::UpdateConstant("NodeName", cn); NodeUtility::UpdateConstant("ZoneName", vm["zone"].as()); - String ticketPath = Application::GetLocalStateDir() + "/lib/icinga2/pki/ticket"; + String ticketPath = ApiListener::GetPkiDir() + "/ticket"; String tempTicketPath = Utility::CreateTempFile(ticketPath + ".XXXXXX", 0600, fp); diff --git a/lib/cli/nodewizardcommand.cpp b/lib/cli/nodewizardcommand.cpp index b15cbf4fa..0253a06e2 100644 --- a/lib/cli/nodewizardcommand.cpp +++ b/lib/cli/nodewizardcommand.cpp @@ -22,6 +22,7 @@ #include "cli/pkiutility.hpp" #include "cli/featureutility.hpp" #include "cli/apisetuputility.hpp" +#include "remote/apilistener.hpp" #include "base/logger.hpp" #include "base/console.hpp" #include "base/application.hpp" @@ -229,7 +230,7 @@ wizard_endpoint_loop_start: } /* workaround for fetching the master cert */ - String pki_path = PkiUtility::GetPkiPath(); + String pki_path = ApiListener::GetPkiDir(); Utility::MkDirP(pki_path, 0700); String user = ScriptGlobal::Get("RunAsUser"); @@ -497,7 +498,7 @@ wizard_ticket: cn = cn.Trim(); /* check whether the user wants to generate a new certificate or not */ - String existing_path = PkiUtility::GetPkiPath() + "/" + cn + ".crt"; + String existing_path = ApiListener::GetPkiDir() + "/" + cn + ".crt"; std::cout << ConsoleColorTag(Console_Normal) << "Checking for existing certificates for common name '" << cn << "'...\n"; diff --git a/lib/cli/pkiutility.cpp b/lib/cli/pkiutility.cpp index fffb51bfd..c1325aafd 100644 --- a/lib/cli/pkiutility.cpp +++ b/lib/cli/pkiutility.cpp @@ -19,6 +19,7 @@ #include "cli/pkiutility.hpp" #include "cli/clicommand.hpp" +#include "remote/apilistener.hpp" #include "base/logger.hpp" #include "base/application.hpp" #include "base/tlsutility.hpp" @@ -34,19 +35,9 @@ using namespace icinga; -String PkiUtility::GetPkiPath(void) -{ - return Application::GetLocalStateDir() + "/lib/icinga2/pki"; -} - -String PkiUtility::GetLocalCaPath(void) -{ - return Application::GetLocalStateDir() + "/lib/icinga2/ca"; -} - int PkiUtility::NewCa(void) { - String caDir = GetLocalCaPath(); + String caDir = ApiListener::GetCaDir(); String caCertFile = caDir + "/ca.crt"; String caKeyFile = caDir + "/ca.key"; diff --git a/lib/cli/pkiutility.hpp b/lib/cli/pkiutility.hpp index 2a3b1b7c4..830de9d46 100644 --- a/lib/cli/pkiutility.hpp +++ b/lib/cli/pkiutility.hpp @@ -35,9 +35,6 @@ namespace icinga class I2_CLI_API PkiUtility { public: - static String GetPkiPath(void); - static String GetLocalCaPath(void); - static int NewCa(void); static int NewCert(const String& cn, const String& keyfile, const String& csrfile, const String& certfile); static int SignCsr(const String& csrfile, const String& certfile); diff --git a/lib/remote/apilistener.cpp b/lib/remote/apilistener.cpp index 6baabaff2..e3a25b8f4 100644 --- a/lib/remote/apilistener.cpp +++ b/lib/remote/apilistener.cpp @@ -55,6 +55,26 @@ ApiListener::ApiListener(void) m_SyncQueue.SetName("ApiListener, SyncQueue"); } +String ApiListener::GetApiDir(void) +{ + return Application::GetLocalStateDir() + "/lib/icinga2/api/"; +} + +String ApiListener::GetPkiDir(void) +{ + return Application::GetLocalStateDir() + "/lib/icinga2/pki/"; +} + +String ApiListener::GetCaDir(void) +{ + return Application::GetLocalStateDir() + "/lib/icinga2/ca/"; +} + +String ApiListener::GetPkiRequestsDir(void) +{ + return Application::GetLocalStateDir() + "/lib/icinga2/pki-requests/"; +} + void ApiListener::OnConfigLoaded(void) { if (m_Instance) @@ -499,8 +519,8 @@ void ApiListener::SyncClient(const JsonRpcConnection::Ptr& aclient, const Endpoi JsonRpcConnection::SendCertificateRequest(aclient, MessageOrigin::Ptr(), String()); - if (Utility::PathExists(Application::GetLocalStateDir() + "/lib/icinga2/pki-requests")) - Utility::Glob(Application::GetLocalStateDir() + "/lib/icinga2/pki-requests/*.json", boost::bind(&JsonRpcConnection::SendCertificateRequest, aclient, MessageOrigin::Ptr(), _1), GlobFile); + if (Utility::PathExists(ApiListener::GetPkiRequestsDir())) + Utility::Glob(ApiListener::GetPkiRequestsDir() + "/*.json", boost::bind(&JsonRpcConnection::SendCertificateRequest, aclient, MessageOrigin::Ptr(), _1), GlobFile); } /* Make sure that the config updates are synced @@ -888,11 +908,6 @@ void ApiListener::SyncRelayMessage(const MessageOrigin::Ptr& origin, PersistMessage(message, secobj); } -String ApiListener::GetApiDir(void) -{ - return Application::GetLocalStateDir() + "/lib/icinga2/api/"; -} - /* must hold m_LogLock */ void ApiListener::OpenLogFile(void) { diff --git a/lib/remote/apilistener.hpp b/lib/remote/apilistener.hpp index d302247a6..57e9db267 100644 --- a/lib/remote/apilistener.hpp +++ b/lib/remote/apilistener.hpp @@ -59,17 +59,20 @@ public: ApiListener(void); - static ApiListener::Ptr GetInstance(void); + static String GetApiDir(void); + static String GetPkiDir(void); + static String GetCaDir(void); + static String GetPkiRequestsDir(void); void UpdateSSLContext(void); + static ApiListener::Ptr GetInstance(void); + Endpoint::Ptr GetMaster(void) const; bool IsMaster(void) const; Endpoint::Ptr GetLocalEndpoint(void) const; - static String GetApiDir(void); - void SyncSendMessage(const Endpoint::Ptr& endpoint, const Dictionary::Ptr& message); void RelayMessage(const MessageOrigin::Ptr& origin, const ConfigObject::Ptr& secobj, const Dictionary::Ptr& message, bool log); diff --git a/lib/remote/jsonrpcconnection-pki.cpp b/lib/remote/jsonrpcconnection-pki.cpp index 6687cea4e..2d5ee5edb 100644 --- a/lib/remote/jsonrpcconnection-pki.cpp +++ b/lib/remote/jsonrpcconnection-pki.cpp @@ -91,7 +91,7 @@ Value RequestCertificateHandler(const MessageOrigin::Ptr& origin, const Dictiona result->Set("fingerprint_request", certFingerprint); - String requestDir = Application::GetLocalStateDir() + "/lib/icinga2/pki-requests"; + String requestDir = ApiListener::GetPkiRequestsDir(); String requestPath = requestDir + "/" + certFingerprint + ".json"; result->Set("ca", CertificateToString(cacert)); @@ -265,7 +265,7 @@ Value UpdateCertificateHandler(const MessageOrigin::Ptr& origin, const Dictionar return Empty; } - String requestDir = Application::GetLocalStateDir() + "/lib/icinga2/pki-requests"; + String requestDir = ApiListener::GetPkiRequestsDir(); String requestPath = requestDir + "/" + certFingerprint + ".json"; std::cout << requestPath << "\n";