Implement support for cleaning up certificate requests

refs #5450
This commit is contained in:
Gunnar Beutner 2017-09-07 15:31:38 +02:00
parent 0a85977831
commit 88e57f7fd4
3 changed files with 35 additions and 2 deletions

View File

@ -204,6 +204,12 @@ void ApiListener::Start(bool runtimeCreated)
m_AuthorityTimer->SetInterval(30); m_AuthorityTimer->SetInterval(30);
m_AuthorityTimer->Start(); m_AuthorityTimer->Start();
m_CleanupCertificateRequestsTimer = new Timer();
m_CleanupCertificateRequestsTimer->OnTimerExpired.connect(boost::bind(&ApiListener::CleanupCertificateRequestsTimerHandler, this));
m_CleanupCertificateRequestsTimer->SetInterval(3600);
m_CleanupCertificateRequestsTimer->Start();
m_CleanupCertificateRequestsTimer->Reschedule(0);
OnMasterChanged(true); OnMasterChanged(true);
} }
@ -642,7 +648,6 @@ void ApiListener::ApiTimerHandler(void)
<< "Setting log position for identity '" << endpoint->GetName() << "': " << "Setting log position for identity '" << endpoint->GetName() << "': "
<< Utility::FormatDateTime("%Y/%m/%d %H:%M:%S", ts); << Utility::FormatDateTime("%Y/%m/%d %H:%M:%S", ts);
} }
} }
void ApiListener::ApiReconnectTimerHandler(void) void ApiListener::ApiReconnectTimerHandler(void)
@ -714,6 +719,33 @@ void ApiListener::ApiReconnectTimerHandler(void)
<< "Connected endpoints: " << Utility::NaturalJoin(names); << "Connected endpoints: " << Utility::NaturalJoin(names);
} }
static void CleanupCertificateRequest(const String& path, double expiryTime)
{
#ifndef _WIN32
struct stat statbuf;
if (lstat(path.CStr(), &statbuf) < 0)
return;
#else /* _WIN32 */
struct _stat statbuf;
if (_stat(path.CStr(), &statbuf) < 0)
return;
#endif /* _WIN32 */
if (statbuf.st_mtime < expiryTime)
(void) unlink(path.CStr());
}
void ApiListener::CleanupCertificateRequestsTimerHandler(void)
{
String requestsDir = GetCertificateRequestsDir();
if (Utility::PathExists(requestsDir)) {
/* remove certificate requests that are older than a week */
double expiryTime = Utility::GetTime() - 7 * 24 * 60 * 60;
Utility::Glob(requestsDir + "/*.json", boost::bind(&CleanupCertificateRequest, _1, expiryTime), GlobFile);
}
}
void ApiListener::RelayMessage(const MessageOrigin::Ptr& origin, void ApiListener::RelayMessage(const MessageOrigin::Ptr& origin,
const ConfigObject::Ptr& secobj, const Dictionary::Ptr& message, bool log) const ConfigObject::Ptr& secobj, const Dictionary::Ptr& message, bool log)
{ {

View File

@ -120,12 +120,14 @@ private:
Timer::Ptr m_Timer; Timer::Ptr m_Timer;
Timer::Ptr m_ReconnectTimer; Timer::Ptr m_ReconnectTimer;
Timer::Ptr m_AuthorityTimer; Timer::Ptr m_AuthorityTimer;
Timer::Ptr m_CleanupCertificateRequestsTimer;
Endpoint::Ptr m_LocalEndpoint; Endpoint::Ptr m_LocalEndpoint;
static ApiListener::Ptr m_Instance; static ApiListener::Ptr m_Instance;
void ApiTimerHandler(void); void ApiTimerHandler(void);
void ApiReconnectTimerHandler(void); void ApiReconnectTimerHandler(void);
void CleanupCertificateRequestsTimerHandler(void);
bool AddListener(const String& node, const String& service); bool AddListener(const String& node, const String& service);
void AddConnection(const Endpoint::Ptr& endpoint); void AddConnection(const Endpoint::Ptr& endpoint);

View File

@ -187,7 +187,6 @@ Value RequestCertificateHandler(const MessageOrigin::Ptr& origin, const Dictiona
goto delayed_request; goto delayed_request;
} }
/* Send the signed certificate update. */ /* Send the signed certificate update. */
Log(LogInformation, "JsonRpcConnection") Log(LogInformation, "JsonRpcConnection")
<< "Sending certificate response for CN '" << cn << "' to endpoint '" << client->GetIdentity() << "'."; << "Sending certificate response for CN '" << cn << "' to endpoint '" << client->GetIdentity() << "'.";