tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Refactor PkiUtility class 

refs #5450
This commit is contained in:
Gunnar Beutner 2017-09-05 14:44:56 +02:00
parent 1e7860f2b1
commit c02742925e
16 changed files with 98 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/cli/CMakeLists.txt
View File

@ -26,7 +26,6 @@ set(cli_SOURCES
featureenablecommand.cpp featuredisablecommand.cpp featurelistcommand.cpp featureutility.cpp
objectlistcommand.cpp objectlistutility.cpp
pkinewcacommand.cpp pkinewcertcommand.cpp pkisigncsrcommand.cpp pkirequestcommand.cpp pkisavecertcommand.cpp pkiticketcommand.cpp
pkiutility.cpp
repositoryclearchangescommand.cpp repositorycommitcommand.cpp repositoryobjectcommand.cpp repositoryutility.cpp
variablegetcommand.cpp variablelistcommand.cpp variableutility.cpp
troubleshootcommand.cpp

2
lib/cli/apisetuputility.cpp
View File

@ -18,10 +18,10 @@
******************************************************************************/
#include "cli/apisetuputility.hpp"
#include "cli/pkiutility.hpp"
#include "cli/nodeutility.hpp"
#include "cli/featureutility.hpp"
#include "remote/apilistener.hpp"
#include "remote/pkiutility.hpp"
#include "base/logger.hpp"
#include "base/console.hpp"
#include "base/application.hpp"

53
lib/cli/calistcommand.cpp
View File

@ -19,6 +19,7 @@
#include "cli/calistcommand.hpp"
#include "remote/apilistener.hpp"
#include "remote/pkiutility.hpp"
#include "base/logger.hpp"
#include "base/application.hpp"
#include "base/tlsutility.hpp"
@ -46,51 +47,6 @@ void CAListCommand::InitParameters(boost::program_options::options_description&
("json", "encode output as JSON")
;
}
static void CollectRequestHandler(const Dictionary::Ptr& requests, const String& requestFile)
{
Dictionary::Ptr request = Utility::LoadJsonFile(requestFile);
if (!request)
return;
Dictionary::Ptr result = new Dictionary();
String fingerprint = Utility::BaseName(requestFile);
fingerprint = fingerprint.SubStr(0, fingerprint.GetLength() - 5);
String certRequestText = request->Get("cert_request");
result->Set("cert_request", certRequestText);
Value vcertResponseText;
if (request->Get("cert_response", &vcertResponseText)) {
String certResponseText = vcertResponseText;
result->Set("cert_response", certResponseText);
}
boost::shared_ptr<X509> certRequest = StringToCertificate(certRequestText);
time_t now;
time(&now);
ASN1_TIME *tm = ASN1_TIME_adj(NULL, now, 0, 0);
int day, sec;
ASN1_TIME_diff(&day, &sec, tm, X509_get_notBefore(certRequest.get()));
result->Set("timestamp", static_cast<double>(now) + day * 24 * 60 * 60 + sec);
BIO *out = BIO_new(BIO_s_mem());
X509_NAME_print_ex(out, X509_get_subject_name(certRequest.get()), 0, XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB);
char *data;
long length;
length = BIO_get_mem_data(out, &data);
result->Set("subject", String(data, data + length));
BIO_free(out);
requests->Set(fingerprint, result);
}
/**
* The entry point for the "ca list" CLI command.
@ -99,12 +55,7 @@ static void CollectRequestHandler(const Dictionary::Ptr& requests, const String&
*/
int CAListCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
{
Dictionary::Ptr requests = new Dictionary();
String requestDir = ApiListener::GetPkiRequestsDir();
if (Utility::PathExists(requestDir))
Utility::Glob(requestDir + "/*.json", boost::bind(&CollectRequestHandler, requests, _1), GlobFile);
Dictionary::Ptr requests = PkiUtility::GetCertificateRequests();
if (vm.count("json"))
std::cout << JsonEncode(requests);

2
lib/cli/nodesetupcommand.cpp
View File

@ -20,9 +20,9 @@
#include "cli/nodesetupcommand.hpp"
#include "cli/nodeutility.hpp"
#include "cli/featureutility.hpp"
#include "cli/pkiutility.hpp"
#include "cli/apisetuputility.hpp"
#include "remote/apilistener.hpp"
#include "remote/pkiutility.hpp"
#include "base/logger.hpp"
#include "base/console.hpp"
#include "base/application.hpp"

2
lib/cli/nodewizardcommand.cpp
View File

@ -19,10 +19,10 @@
#include "cli/nodewizardcommand.hpp"
#include "cli/nodeutility.hpp"
#include "cli/pkiutility.hpp"
#include "cli/featureutility.hpp"
#include "cli/apisetuputility.hpp"
#include "remote/apilistener.hpp"
#include "remote/pkiutility.hpp"
#include "base/logger.hpp"
#include "base/console.hpp"
#include "base/application.hpp"

2
lib/cli/pkinewcacommand.cpp
View File

@ -18,7 +18,7 @@
******************************************************************************/
#include "cli/pkinewcacommand.hpp"
#include "cli/pkiutility.hpp"
#include "remote/pkiutility.hpp"
#include "base/logger.hpp"
using namespace icinga;

2
lib/cli/pkinewcertcommand.cpp
View File

@ -18,7 +18,7 @@
******************************************************************************/
#include "cli/pkinewcertcommand.hpp"
#include "cli/pkiutility.hpp"
#include "remote/pkiutility.hpp"
#include "base/logger.hpp"
using namespace icinga;

2
lib/cli/pkirequestcommand.cpp
View File

@ -18,7 +18,7 @@
******************************************************************************/
#include "cli/pkirequestcommand.hpp"
#include "cli/pkiutility.hpp"
#include "remote/pkiutility.hpp"
#include "base/logger.hpp"
#include "base/tlsutility.hpp"
#include <iostream>

2
lib/cli/pkisavecertcommand.cpp
View File

@ -18,7 +18,7 @@
******************************************************************************/
#include "cli/pkisavecertcommand.hpp"
#include "cli/pkiutility.hpp"
#include "remote/pkiutility.hpp"
#include "base/logger.hpp"
#include "base/tlsutility.hpp"

2
lib/cli/pkisigncsrcommand.cpp
View File

@ -18,7 +18,7 @@
******************************************************************************/
#include "cli/pkisigncsrcommand.hpp"
#include "cli/pkiutility.hpp"
#include "remote/pkiutility.hpp"
#include "base/logger.hpp"
using namespace icinga;

2
lib/cli/pkiticketcommand.cpp
View File

@ -18,7 +18,7 @@
******************************************************************************/
#include "cli/pkiticketcommand.hpp"
#include "cli/pkiutility.hpp"
#include "remote/pkiutility.hpp"
#include "cli/variableutility.hpp"
#include "base/logger.hpp"
#include <iostream>

21
lib/icinga/apiactions.cpp
View File

@ -27,6 +27,7 @@
#include "icinga/notificationcommand.hpp"
#include "remote/apiaction.hpp"
#include "remote/apilistener.hpp"
#include "remote/pkiutility.hpp"
#include "remote/httputility.hpp"
#include "base/utility.hpp"
#include "base/convert.hpp"
@ -47,6 +48,8 @@ REGISTER_APIACTION(remove_downtime, "Service;Host;Downtime", &ApiActions::Remove
REGISTER_APIACTION(shutdown_process, "", &ApiActions::ShutdownProcess);
REGISTER_APIACTION(restart_process, "", &ApiActions::RestartProcess);
REGISTER_APIACTION(generate_ticket, "", &ApiActions::GenerateTicket);
REGISTER_APIACTION(list_ca_requests, "", &ApiActions::ListCARequests);
REGISTER_APIACTION(sign_ca_request, "", &ApiActions::SignCARequest);
Dictionary::Ptr ApiActions::CreateResult(int code, const String& status,
const Dictionary::Ptr& additional)
@ -456,3 +459,21 @@ Dictionary::Ptr ApiActions::GenerateTicket(const ConfigObject::Ptr&,
return ApiActions::CreateResult(200, "Generated PKI ticket '" + ticket + "' for common name '"
+ cn + "'.", additional);
}
Dictionary::Ptr ApiActions::ListCARequests(const ConfigObject::Ptr&,
const Dictionary::Ptr& params)
{
Dictionary::Ptr additional = new Dictionary();
additional->Set("requests", PkiUtility::GetCertificateRequests());
return ApiActions::CreateResult(200, "Listing all CA requests.", additional);
}
Dictionary::Ptr ApiActions::SignCARequest(const ConfigObject::Ptr&,
const Dictionary::Ptr& params)
{
if (!params->Contains("fingerprint"))
return ApiActions::CreateResult(400, "Option 'fingerprint' is required.");
}

2
lib/icinga/apiactions.hpp
View File

@ -46,6 +46,8 @@ public:
static Dictionary::Ptr ShutdownProcess(const ConfigObject::Ptr& object, const Dictionary::Ptr& params);
static Dictionary::Ptr RestartProcess(const ConfigObject::Ptr& object, const Dictionary::Ptr& params);
static Dictionary::Ptr GenerateTicket(const ConfigObject::Ptr& object, const Dictionary::Ptr& params);
static Dictionary::Ptr ListCARequests(const ConfigObject::Ptr& object, const Dictionary::Ptr& params);
static Dictionary::Ptr SignCARequest(const ConfigObject::Ptr& object, const Dictionary::Ptr& params);
private:
static Dictionary::Ptr CreateResult(int code, const String& status, const Dictionary::Ptr& additional = Dictionary::Ptr());

1
lib/remote/CMakeLists.txt
View File

@ -30,6 +30,7 @@ set(remote_SOURCES
httpchunkedencoding.cpp httpclientconnection.cpp httpserverconnection.cpp httphandler.cpp httprequest.cpp httpresponse.cpp
httputility.cpp infohandler.cpp jsonrpc.cpp jsonrpcconnection.cpp jsonrpcconnection-heartbeat.cpp jsonrpcconnection-pki.cpp
messageorigin.cpp modifyobjecthandler.cpp statushandler.cpp objectqueryhandler.cpp templatequeryhandler.cpp
pkiutility.cpp
typequeryhandler.cpp url.cpp variablequeryhandler.cpp zone.cpp zone.thpp
)

61
lib/cli/pkiutility.cpp → lib/remote/pkiutility.cpp
View File

@ -17,8 +17,7 @@
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
******************************************************************************/
#include "cli/pkiutility.hpp"
#include "cli/clicommand.hpp"
#include "remote/pkiutility.hpp"
#include "remote/apilistener.hpp"
#include "base/logger.hpp"
#include "base/application.hpp"
@ -369,3 +368,61 @@ String PkiUtility::GetCertificateInformation(const boost::shared_ptr<X509>& cert
return info.str();
}
static void CollectRequestHandler(const Dictionary::Ptr& requests, const String& requestFile)
{
Dictionary::Ptr request = Utility::LoadJsonFile(requestFile);
if (!request)
return;
Dictionary::Ptr result = new Dictionary();
String fingerprint = Utility::BaseName(requestFile);
fingerprint = fingerprint.SubStr(0, fingerprint.GetLength() - 5);
String certRequestText = request->Get("cert_request");
result->Set("cert_request", certRequestText);
Value vcertResponseText;
if (request->Get("cert_response", &vcertResponseText)) {
String certResponseText = vcertResponseText;
result->Set("cert_response", certResponseText);
}
boost::shared_ptr<X509> certRequest = StringToCertificate(certRequestText);
time_t now;
time(&now);
ASN1_TIME *tm = ASN1_TIME_adj(NULL, now, 0, 0);
int day, sec;
ASN1_TIME_diff(&day, &sec, tm, X509_get_notBefore(certRequest.get()));
result->Set("timestamp", static_cast<double>(now) + day * 24 * 60 * 60 + sec);
BIO *out = BIO_new(BIO_s_mem());
X509_NAME_print_ex(out, X509_get_subject_name(certRequest.get()), 0, XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB);
char *data;
long length;
length = BIO_get_mem_data(out, &data);
result->Set("subject", String(data, data + length));
BIO_free(out);
requests->Set(fingerprint, result);
}
Dictionary::Ptr PkiUtility::GetCertificateRequests(void)
{
Dictionary::Ptr requests = new Dictionary();
String requestDir = ApiListener::GetPkiRequestsDir();
if (Utility::PathExists(requestDir))
Utility::Glob(requestDir + "/*.json", boost::bind(&CollectRequestHandler, requests, _1), GlobFile);
return requests;
}

8
lib/cli/pkiutility.hpp → lib/remote/pkiutility.hpp
View File

@ -20,8 +20,7 @@
#ifndef PKIUTILITY_H
#define PKIUTILITY_H
#include "base/i2-base.hpp"
#include "cli/i2-cli.hpp"
#include "remote/i2-remote.hpp"
#include "base/dictionary.hpp"
#include "base/string.hpp"
#include <openssl/x509v3.h>
@ -30,9 +29,9 @@ namespace icinga
{
/**
* @ingroup cli
* @ingroup remote
*/
class I2_CLI_API PkiUtility
class I2_REMOTE_API PkiUtility
{
public:
static int NewCa(void);
@ -45,6 +44,7 @@ public:
const String& certfile, const String& cafile, const boost::shared_ptr<X509>& trustedcert,
const String& ticket = String());
static String GetCertificateInformation(const boost::shared_ptr<X509>& certificate);
static Dictionary::Ptr GetCertificateRequests(void);
private:
PkiUtility(void);