Implement support for forwarding certificate requests

refs #5450
This commit is contained in:
Gunnar Beutner 2017-09-04 13:18:06 +02:00
parent 03f5ccd252
commit 623208d617
3 changed files with 35 additions and 0 deletions

View File

@ -498,6 +498,8 @@ void ApiListener::SyncClient(const JsonRpcConnection::Ptr& aclient, const Endpoi
<< "Requesting new certificate for this Icinga instance from endpoint '" << endpoint->GetName() << "'."; << "Requesting new certificate for this Icinga instance from endpoint '" << endpoint->GetName() << "'.";
aclient->SendCertificateRequest(); aclient->SendCertificateRequest();
Utility::Glob(Application::GetLocalStateDir() + "/lib/icinga2/pki-requests/*.json", boost::bind(&JsonRpcConnection::SyncCertificateRequest, aclient, MessageOrigin::Ptr(), _1), GlobFile);
} }
/* Make sure that the config updates are synced /* Make sure that the config updates are synced

View File

@ -151,6 +151,8 @@ delayed_request:
Utility::SaveJsonFile(requestPath, 0600, request); Utility::SaveJsonFile(requestPath, 0600, request);
JsonRpcConnection::SyncCertificateRequest(JsonRpcConnection::Ptr(), origin, requestPath);
result->Set("status_code", 2); result->Set("status_code", 2);
result->Set("error", "Certificate request is pending. Waiting for approval from the parent Icinga instance."); result->Set("error", "Certificate request is pending. Waiting for approval from the parent Icinga instance.");
return result; return result;
@ -260,3 +262,32 @@ void JsonRpcConnection::CertificateRequestResponseHandler(const Dictionary::Ptr&
Log(LogInformation, "JsonRpcConnection", "Updating the client certificate for the ApiListener object"); Log(LogInformation, "JsonRpcConnection", "Updating the client certificate for the ApiListener object");
listener->UpdateSSLContext(); listener->UpdateSSLContext();
} }
void JsonRpcConnection::SyncCertificateRequest(const JsonRpcConnection::Ptr& aclient, const MessageOrigin::Ptr& origin, const String& path)
{
Dictionary::Ptr request = Utility::LoadJsonFile(path);
if (request->Contains("cert_response"))
return;
Dictionary::Ptr message = new Dictionary();
message->Set("jsonrpc", "2.0");
message->Set("method", "pki::RequestCertificate");
Dictionary::Ptr params = new Dictionary();
params->Set("cert_request", request->Get("cert_request"));
params->Set("ticket", request->Get("ticket"));
message->Set("params", params);
if (aclient)
JsonRpc::SendMessage(aclient->GetStream(), message);
else {
ApiListener::Ptr listener = ApiListener::GetInstance();
if (!listener)
return;
listener->RelayMessage(origin, Zone::GetLocalZone(), message, false);
}
}

View File

@ -85,6 +85,8 @@ public:
void SendCertificateRequest(void); void SendCertificateRequest(void);
static void SyncCertificateRequest(const JsonRpcConnection::Ptr& aclient, const intrusive_ptr<MessageOrigin>& origin, const String& path);
private: private:
int m_ID; int m_ID;
String m_Identity; String m_Identity;