mirror of https://github.com/Icinga/icinga2.git
parent
510e2d622a
commit
abdd4b307b
|
@ -575,6 +575,11 @@ boost::shared_ptr<X509> CreateCertIcingaCA(EVP_PKEY *pubkey, X509_NAME *subject)
|
|||
return CreateCert(pubkey, subject, X509_get_subject_name(cacert.get()), privkey, false);
|
||||
}
|
||||
|
||||
boost::shared_ptr<X509> CreateCertIcingaCA(const boost::shared_ptr<X509>& cert)
|
||||
{
|
||||
return CreateCertIcingaCA(X509_get_pubkey(cert.get()), X509_get_subject_name(cert.get()));
|
||||
}
|
||||
|
||||
String CertificateToString(const boost::shared_ptr<X509>& cert)
|
||||
{
|
||||
BIO *mem = BIO_new(BIO_s_mem());
|
||||
|
|
|
@ -50,6 +50,7 @@ String I2_BASE_API GetIcingaCADir(void);
|
|||
String I2_BASE_API CertificateToString(const boost::shared_ptr<X509>& cert);
|
||||
boost::shared_ptr<X509> I2_BASE_API StringToCertificate(const String& cert);
|
||||
boost::shared_ptr<X509> I2_BASE_API CreateCertIcingaCA(EVP_PKEY *pubkey, X509_NAME *subject);
|
||||
boost::shared_ptr<X509> I2_BASE_API CreateCertIcingaCA(const boost::shared_ptr<X509>& cert);
|
||||
String I2_BASE_API PBKDF2_SHA1(const String& password, const String& salt, int iterations);
|
||||
String I2_BASE_API SHA1(const String& s, bool binary = false);
|
||||
String I2_BASE_API SHA256(const String& s);
|
||||
|
|
|
@ -17,6 +17,7 @@
|
|||
|
||||
set(cli_SOURCES
|
||||
apisetupcommand.cpp apisetuputility.cpp
|
||||
calistcommand.cpp casigncommand.cpp
|
||||
nodeaddcommand.cpp nodeblackandwhitelistcommand.cpp nodelistcommand.cpp noderemovecommand.cpp
|
||||
nodesetcommand.cpp nodesetupcommand.cpp nodeupdateconfigcommand.cpp nodewizardcommand.cpp nodeutility.cpp
|
||||
clicommand.cpp
|
||||
|
|
|
@ -0,0 +1,79 @@
|
|||
/******************************************************************************
|
||||
* Icinga 2 *
|
||||
* Copyright (C) 2012-2017 Icinga Development Team (https://www.icinga.com/) *
|
||||
* *
|
||||
* This program is free software; you can redistribute it and/or *
|
||||
* modify it under the terms of the GNU General Public License *
|
||||
* as published by the Free Software Foundation; either version 2 *
|
||||
* of the License, or (at your option) any later version. *
|
||||
* *
|
||||
* This program is distributed in the hope that it will be useful, *
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
|
||||
* GNU General Public License for more details. *
|
||||
* *
|
||||
* You should have received a copy of the GNU General Public License *
|
||||
* along with this program; if not, write to the Free Software Foundation *
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
|
||||
******************************************************************************/
|
||||
|
||||
#include "cli/calistcommand.hpp"
|
||||
#include "base/logger.hpp"
|
||||
#include "base/application.hpp"
|
||||
#include "base/tlsutility.hpp"
|
||||
|
||||
using namespace icinga;
|
||||
|
||||
REGISTER_CLICOMMAND("ca/list", CAListCommand);
|
||||
|
||||
String CAListCommand::GetDescription(void) const
|
||||
{
|
||||
return "Lists all certificate signing requests.";
|
||||
}
|
||||
|
||||
String CAListCommand::GetShortDescription(void) const
|
||||
{
|
||||
return "lists all certificate signing requests";
|
||||
}
|
||||
|
||||
void CAListCommand::PrintRequest(const String& requestFile)
|
||||
{
|
||||
Dictionary::Ptr request = Utility::LoadJsonFile(requestFile);
|
||||
|
||||
if (!request)
|
||||
return;
|
||||
|
||||
String fingerprint = Utility::BaseName(requestFile);
|
||||
fingerprint = fingerprint.SubStr(0, fingerprint.GetLength() - 5);
|
||||
|
||||
std::cout << "***\n";
|
||||
std::cout << "Fingerprint: " << fingerprint << "\n";
|
||||
|
||||
String certRequestText = request->Get("cert_request");
|
||||
|
||||
boost::shared_ptr<X509> certRequest = StringToCertificate(certRequestText);
|
||||
|
||||
String cn = GetCertificateCN(certRequest);
|
||||
|
||||
String certResponseText = request->Get("cert_response");
|
||||
|
||||
if (!certResponseText.IsEmpty()) {
|
||||
boost::shared_ptr<X509> certResponse = StringToCertificate(certResponseText);
|
||||
}
|
||||
|
||||
std::cout << "CN: " << cn << "\n";
|
||||
std::cout << "Certificate (request): " << certRequestText << "\n";
|
||||
std::cout << "Certificate (response): " << certResponseText << "\n";
|
||||
}
|
||||
|
||||
/**
|
||||
* The entry point for the "ca list" CLI command.
|
||||
*
|
||||
* @returns An exit status.
|
||||
*/
|
||||
int CAListCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
|
||||
{
|
||||
Utility::Glob(Application::GetLocalStateDir() + "/lib/icinga2/pki-requests/*.json", &CAListCommand::PrintRequest, GlobFile);
|
||||
|
||||
return 0;
|
||||
}
|
|
@ -0,0 +1,48 @@
|
|||
/******************************************************************************
|
||||
* Icinga 2 *
|
||||
* Copyright (C) 2012-2017 Icinga Development Team (https://www.icinga.com/) *
|
||||
* *
|
||||
* This program is free software; you can redistribute it and/or *
|
||||
* modify it under the terms of the GNU General Public License *
|
||||
* as published by the Free Software Foundation; either version 2 *
|
||||
* of the License, or (at your option) any later version. *
|
||||
* *
|
||||
* This program is distributed in the hope that it will be useful, *
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
|
||||
* GNU General Public License for more details. *
|
||||
* *
|
||||
* You should have received a copy of the GNU General Public License *
|
||||
* along with this program; if not, write to the Free Software Foundation *
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
|
||||
******************************************************************************/
|
||||
|
||||
#ifndef CALISTCOMMAND_H
|
||||
#define CALISTCOMMAND_H
|
||||
|
||||
#include "cli/clicommand.hpp"
|
||||
|
||||
namespace icinga
|
||||
{
|
||||
|
||||
/**
|
||||
* The "ca list" command.
|
||||
*
|
||||
* @ingroup cli
|
||||
*/
|
||||
class CAListCommand : public CLICommand
|
||||
{
|
||||
public:
|
||||
DECLARE_PTR_TYPEDEFS(CAListCommand);
|
||||
|
||||
virtual String GetDescription(void) const override;
|
||||
virtual String GetShortDescription(void) const override;
|
||||
virtual int Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const override;
|
||||
|
||||
private:
|
||||
static void PrintRequest(const String& requestFile);
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
#endif /* CALISTCOMMAND_H */
|
|
@ -0,0 +1,74 @@
|
|||
/******************************************************************************
|
||||
* Icinga 2 *
|
||||
* Copyright (C) 2012-2017 Icinga Development Team (https://www.icinga.com/) *
|
||||
* *
|
||||
* This program is free software; you can redistribute it and/or *
|
||||
* modify it under the terms of the GNU General Public License *
|
||||
* as published by the Free Software Foundation; either version 2 *
|
||||
* of the License, or (at your option) any later version. *
|
||||
* *
|
||||
* This program is distributed in the hope that it will be useful, *
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
|
||||
* GNU General Public License for more details. *
|
||||
* *
|
||||
* You should have received a copy of the GNU General Public License *
|
||||
* along with this program; if not, write to the Free Software Foundation *
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
|
||||
******************************************************************************/
|
||||
|
||||
#include "cli/casigncommand.hpp"
|
||||
#include "base/logger.hpp"
|
||||
#include "base/application.hpp"
|
||||
#include "base/tlsutility.hpp"
|
||||
|
||||
using namespace icinga;
|
||||
|
||||
REGISTER_CLICOMMAND("ca/sign", CASignCommand);
|
||||
|
||||
String CASignCommand::GetDescription(void) const
|
||||
{
|
||||
return "Signs an outstanding certificate request.";
|
||||
}
|
||||
|
||||
String CASignCommand::GetShortDescription(void) const
|
||||
{
|
||||
return "signs an outstanding certificate request";
|
||||
}
|
||||
|
||||
int CASignCommand::GetMinArguments(void) const
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
|
||||
ImpersonationLevel CASignCommand::GetImpersonationLevel(void) const
|
||||
{
|
||||
return ImpersonateIcinga;
|
||||
}
|
||||
|
||||
/**
|
||||
* The entry point for the "ca sign" CLI command.
|
||||
*
|
||||
* @returns An exit status.
|
||||
*/
|
||||
int CASignCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
|
||||
{
|
||||
String requestFile = Application::GetLocalStateDir() + "/lib/icinga2/pki-requests/" + ap[0] + ".json";
|
||||
|
||||
Dictionary::Ptr request = Utility::LoadJsonFile(requestFile);
|
||||
|
||||
if (!request)
|
||||
return 1;
|
||||
|
||||
String certRequestText = request->Get("cert_request");
|
||||
|
||||
boost::shared_ptr<X509> certRequest = StringToCertificate(certRequestText);
|
||||
|
||||
boost::shared_ptr<X509> certResponse = CreateCertIcingaCA(certRequest);
|
||||
|
||||
request->Set("cert_response", CertificateToString(certResponse));
|
||||
|
||||
Utility::SaveJsonFile(requestFile, 0600, request);
|
||||
|
||||
return 0;
|
||||
}
|
|
@ -0,0 +1,47 @@
|
|||
/******************************************************************************
|
||||
* Icinga 2 *
|
||||
* Copyright (C) 2012-2017 Icinga Development Team (https://www.icinga.com/) *
|
||||
* *
|
||||
* This program is free software; you can redistribute it and/or *
|
||||
* modify it under the terms of the GNU General Public License *
|
||||
* as published by the Free Software Foundation; either version 2 *
|
||||
* of the License, or (at your option) any later version. *
|
||||
* *
|
||||
* This program is distributed in the hope that it will be useful, *
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
|
||||
* GNU General Public License for more details. *
|
||||
* *
|
||||
* You should have received a copy of the GNU General Public License *
|
||||
* along with this program; if not, write to the Free Software Foundation *
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
|
||||
******************************************************************************/
|
||||
|
||||
#ifndef CASIGNCOMMAND_H
|
||||
#define CASIGNCOMMAND_H
|
||||
|
||||
#include "cli/clicommand.hpp"
|
||||
|
||||
namespace icinga
|
||||
{
|
||||
|
||||
/**
|
||||
* The "ca sign" command.
|
||||
*
|
||||
* @ingroup cli
|
||||
*/
|
||||
class CASignCommand : public CLICommand
|
||||
{
|
||||
public:
|
||||
DECLARE_PTR_TYPEDEFS(CASignCommand);
|
||||
|
||||
virtual String GetDescription(void) const override;
|
||||
virtual String GetShortDescription(void) const override;
|
||||
virtual int GetMinArguments(void) const override;
|
||||
virtual ImpersonationLevel GetImpersonationLevel(void) const override;
|
||||
virtual int Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const override;
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
#endif /* CASIGNCOMMAND_H */
|
Loading…
Reference in New Issue