CLI: Allow to list removed CSRs with 'ca list'

2019-05-10 17:57:42 +02:00 · 2019-05-10 17:57:42 +02:00 · b32d818d1b
parent a35828a6ff
commit b32d818d1b
4 changed files with 15 additions and 6 deletions
--- a/doc/11-cli-commands.md
+++ b/doc/11-cli-commands.md
@ -236,6 +236,7 @@ Command options:
  --all                     List all certificate signing requests, including
                            signed. Note: Old requests are automatically
                            cleaned by Icinga after 1 week.
+  --removed                 List all removed CSRs (for use with 'ca restore')
  --json                    encode output as JSON

 Report bugs at <https://github.com/Icinga/icinga2>
--- a/lib/cli/calistcommand.cpp
+++ b/lib/cli/calistcommand.cpp
@ -29,6 +29,7 @@ void CAListCommand::InitParameters(boost::program_options::options_description&
 {
 	visibleDesc.add_options()
 		("all", "List all certificate signing requests, including signed. Note: Old requests are automatically cleaned by Icinga after 1 week.")
+		("removed", "List all removed CSRs (for use with 'ca restore')")
 		("json", "encode output as JSON");
 }

@ -39,7 +40,7 @@ void CAListCommand::InitParameters(boost::program_options::options_description&
 */
 int CAListCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
 {
-	Dictionary::Ptr requests = PkiUtility::GetCertificateRequests();
+	Dictionary::Ptr requests = PkiUtility::GetCertificateRequests(vm.count("removed"));

 	if (vm.count("json"))
 		std::cout << JsonEncode(requests);
--- a/lib/remote/pkiutility.cpp
+++ b/lib/remote/pkiutility.cpp
@ -18,6 +18,7 @@
 #include <fstream>
 #include <iostream>
 #include <boost/asio/ssl/context.hpp>
+#include <boost/filesystem/path.hpp>

 using namespace icinga;

@ -368,8 +369,9 @@ static void CollectRequestHandler(const Dictionary::Ptr& requests, const String&

 	Dictionary::Ptr result = new Dictionary();

-	String fingerprint = Utility::BaseName(requestFile);
-	fingerprint = fingerprint.SubStr(0, fingerprint.GetLength() - 5);
+	namespace fs = boost::filesystem;
+	fs::path file(requestFile.Begin(), requestFile.End());
+	String fingerprint = file.stem().string();

 	String certRequestText = request->Get("cert_request");
 	result->Set("cert_request", certRequestText);
@ -414,14 +416,19 @@ static void CollectRequestHandler(const Dictionary::Ptr& requests, const String&
 	requests->Set(fingerprint, result);
 }

-Dictionary::Ptr PkiUtility::GetCertificateRequests()
+Dictionary::Ptr PkiUtility::GetCertificateRequests(bool removed)
 {
 	Dictionary::Ptr requests = new Dictionary();

 	String requestDir = ApiListener::GetCertificateRequestsDir();
+	String ext = "json";
+
+	if (removed)
+		ext = "removed";

 	if (Utility::PathExists(requestDir))
-		Utility::Glob(requestDir + "/*.json", std::bind(&CollectRequestHandler, requests, _1), GlobFile);
+		Utility::Glob(requestDir + "/*." + ext, std::bind(&CollectRequestHandler, requests, _1), GlobFile);

 	return requests;
 }
+
--- a/lib/remote/pkiutility.hpp
+++ b/lib/remote/pkiutility.hpp
@ -29,7 +29,7 @@ public:
 		const String& certfile, const String& cafile, const std::shared_ptr<X509>& trustedcert,
 		const String& ticket = String());
 	static String GetCertificateInformation(const std::shared_ptr<X509>& certificate);
-	static Dictionary::Ptr GetCertificateRequests();
+	static Dictionary::Ptr GetCertificateRequests(bool removed = false);

 private:
 	PkiUtility();