From 88e57f7fd4d18fdfff8d7493e2536b554b471ce0 Mon Sep 17 00:00:00 2001 From: Gunnar Beutner Date: Thu, 7 Sep 2017 15:31:38 +0200 Subject: [PATCH] Implement support for cleaning up certificate requests refs #5450 --- lib/remote/apilistener.cpp | 34 +++++++++++++++++++++++++++- lib/remote/apilistener.hpp | 2 ++ lib/remote/jsonrpcconnection-pki.cpp | 1 - 3 files changed, 35 insertions(+), 2 deletions(-) diff --git a/lib/remote/apilistener.cpp b/lib/remote/apilistener.cpp index 2f00d6da6..4adfcfa42 100644 --- a/lib/remote/apilistener.cpp +++ b/lib/remote/apilistener.cpp @@ -204,6 +204,12 @@ void ApiListener::Start(bool runtimeCreated) m_AuthorityTimer->SetInterval(30); m_AuthorityTimer->Start(); + m_CleanupCertificateRequestsTimer = new Timer(); + m_CleanupCertificateRequestsTimer->OnTimerExpired.connect(boost::bind(&ApiListener::CleanupCertificateRequestsTimerHandler, this)); + m_CleanupCertificateRequestsTimer->SetInterval(3600); + m_CleanupCertificateRequestsTimer->Start(); + m_CleanupCertificateRequestsTimer->Reschedule(0); + OnMasterChanged(true); } @@ -642,7 +648,6 @@ void ApiListener::ApiTimerHandler(void) << "Setting log position for identity '" << endpoint->GetName() << "': " << Utility::FormatDateTime("%Y/%m/%d %H:%M:%S", ts); } - } void ApiListener::ApiReconnectTimerHandler(void) @@ -714,6 +719,33 @@ void ApiListener::ApiReconnectTimerHandler(void) << "Connected endpoints: " << Utility::NaturalJoin(names); } +static void CleanupCertificateRequest(const String& path, double expiryTime) +{ +#ifndef _WIN32 + struct stat statbuf; + if (lstat(path.CStr(), &statbuf) < 0) + return; +#else /* _WIN32 */ + struct _stat statbuf; + if (_stat(path.CStr(), &statbuf) < 0) + return; +#endif /* _WIN32 */ + + if (statbuf.st_mtime < expiryTime) + (void) unlink(path.CStr()); +} + +void ApiListener::CleanupCertificateRequestsTimerHandler(void) +{ + String requestsDir = GetCertificateRequestsDir(); + + if (Utility::PathExists(requestsDir)) { + /* remove certificate requests that are older than a week */ + double expiryTime = Utility::GetTime() - 7 * 24 * 60 * 60; + Utility::Glob(requestsDir + "/*.json", boost::bind(&CleanupCertificateRequest, _1, expiryTime), GlobFile); + } +} + void ApiListener::RelayMessage(const MessageOrigin::Ptr& origin, const ConfigObject::Ptr& secobj, const Dictionary::Ptr& message, bool log) { diff --git a/lib/remote/apilistener.hpp b/lib/remote/apilistener.hpp index 72861f980..665f96d27 100644 --- a/lib/remote/apilistener.hpp +++ b/lib/remote/apilistener.hpp @@ -120,12 +120,14 @@ private: Timer::Ptr m_Timer; Timer::Ptr m_ReconnectTimer; Timer::Ptr m_AuthorityTimer; + Timer::Ptr m_CleanupCertificateRequestsTimer; Endpoint::Ptr m_LocalEndpoint; static ApiListener::Ptr m_Instance; void ApiTimerHandler(void); void ApiReconnectTimerHandler(void); + void CleanupCertificateRequestsTimerHandler(void); bool AddListener(const String& node, const String& service); void AddConnection(const Endpoint::Ptr& endpoint); diff --git a/lib/remote/jsonrpcconnection-pki.cpp b/lib/remote/jsonrpcconnection-pki.cpp index 713767e5e..1852c9024 100644 --- a/lib/remote/jsonrpcconnection-pki.cpp +++ b/lib/remote/jsonrpcconnection-pki.cpp @@ -187,7 +187,6 @@ Value RequestCertificateHandler(const MessageOrigin::Ptr& origin, const Dictiona goto delayed_request; } - /* Send the signed certificate update. */ Log(LogInformation, "JsonRpcConnection") << "Sending certificate response for CN '" << cn << "' to endpoint '" << client->GetIdentity() << "'.";