Refactor PkiUtility class

refs #5450

lib/cli/CMakeLists.txt

@@ -26,7 +26,6 @@ set(cli_SOURCES
   featureenablecommand.cpp featuredisablecommand.cpp featurelistcommand.cpp featureutility.cpp
   objectlistcommand.cpp objectlistutility.cpp
   pkinewcacommand.cpp pkinewcertcommand.cpp pkisigncsrcommand.cpp pkirequestcommand.cpp pkisavecertcommand.cpp pkiticketcommand.cpp
-  pkiutility.cpp
   repositoryclearchangescommand.cpp repositorycommitcommand.cpp repositoryobjectcommand.cpp repositoryutility.cpp
   variablegetcommand.cpp variablelistcommand.cpp variableutility.cpp
   troubleshootcommand.cpp

lib/cli/apisetuputility.cpp

@@ -18,10 +18,10 @@
  ******************************************************************************/
 
 #include "cli/apisetuputility.hpp"
-#include "cli/pkiutility.hpp"
 #include "cli/nodeutility.hpp"
 #include "cli/featureutility.hpp"
 #include "remote/apilistener.hpp"
+#include "remote/pkiutility.hpp"
 #include "base/logger.hpp"
 #include "base/console.hpp"
 #include "base/application.hpp"

lib/cli/calistcommand.cpp

@@ -19,6 +19,7 @@
 
 #include "cli/calistcommand.hpp"
 #include "remote/apilistener.hpp"
+#include "remote/pkiutility.hpp"
 #include "base/logger.hpp"
 #include "base/application.hpp"
 #include "base/tlsutility.hpp"
@@ -46,51 +47,6 @@ void CAListCommand::InitParameters(boost::program_options::options_description&
 		("json", "encode output as JSON")
 	;
 }
-static void CollectRequestHandler(const Dictionary::Ptr& requests, const String& requestFile)
-{
-	Dictionary::Ptr request = Utility::LoadJsonFile(requestFile);
-
-	if (!request)
-		return;
-
-	Dictionary::Ptr result = new Dictionary();
-
-	String fingerprint = Utility::BaseName(requestFile);
-	fingerprint = fingerprint.SubStr(0, fingerprint.GetLength() - 5);
-
-	String certRequestText = request->Get("cert_request");
-	result->Set("cert_request", certRequestText);
-
-	Value vcertResponseText;
-
-	if (request->Get("cert_response", &vcertResponseText)) {
-		String certResponseText = vcertResponseText;
-		result->Set("cert_response", certResponseText);
-	}
-
-	boost::shared_ptr<X509> certRequest = StringToCertificate(certRequestText);
-
-	time_t now;
-	time(&now);
-	ASN1_TIME *tm = ASN1_TIME_adj(NULL, now, 0, 0);
-
-	int day, sec;
-	ASN1_TIME_diff(&day, &sec, tm, X509_get_notBefore(certRequest.get()));
-
-	result->Set("timestamp",  static_cast<double>(now) + day * 24 * 60 * 60 + sec);
-
-	BIO *out = BIO_new(BIO_s_mem());
-	X509_NAME_print_ex(out, X509_get_subject_name(certRequest.get()), 0, XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB);
-
-	char *data;
-	long length;
-	length = BIO_get_mem_data(out, &data);
-
-	result->Set("subject", String(data, data + length));
-	BIO_free(out);
-
-	requests->Set(fingerprint, result);
-}
 
 /**
  * The entry point for the "ca list" CLI command.
@@ -99,12 +55,7 @@ static void CollectRequestHandler(const Dictionary::Ptr& requests, const String&
  */
 int CAListCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
 {
-	Dictionary::Ptr requests = new Dictionary();
+	Dictionary::Ptr requests = PkiUtility::GetCertificateRequests();
-
-	String requestDir = ApiListener::GetPkiRequestsDir();
-
-	if (Utility::PathExists(requestDir))
-		Utility::Glob(requestDir + "/*.json", boost::bind(&CollectRequestHandler, requests, _1), GlobFile);
 
 	if (vm.count("json"))
 		std::cout << JsonEncode(requests);

lib/cli/nodesetupcommand.cpp

@@ -20,9 +20,9 @@
 #include "cli/nodesetupcommand.hpp"
 #include "cli/nodeutility.hpp"
 #include "cli/featureutility.hpp"
-#include "cli/pkiutility.hpp"
 #include "cli/apisetuputility.hpp"
 #include "remote/apilistener.hpp"
+#include "remote/pkiutility.hpp"
 #include "base/logger.hpp"
 #include "base/console.hpp"
 #include "base/application.hpp"

lib/cli/nodewizardcommand.cpp

@@ -19,10 +19,10 @@
 
 #include "cli/nodewizardcommand.hpp"
 #include "cli/nodeutility.hpp"
-#include "cli/pkiutility.hpp"
 #include "cli/featureutility.hpp"
 #include "cli/apisetuputility.hpp"
 #include "remote/apilistener.hpp"
+#include "remote/pkiutility.hpp"
 #include "base/logger.hpp"
 #include "base/console.hpp"
 #include "base/application.hpp"

lib/cli/pkinewcacommand.cpp

@@ -18,7 +18,7 @@
  ******************************************************************************/
 
 #include "cli/pkinewcacommand.hpp"
-#include "cli/pkiutility.hpp"
+#include "remote/pkiutility.hpp"
 #include "base/logger.hpp"
 
 using namespace icinga;

lib/cli/pkinewcertcommand.cpp

@@ -18,7 +18,7 @@
  ******************************************************************************/
 
 #include "cli/pkinewcertcommand.hpp"
-#include "cli/pkiutility.hpp"
+#include "remote/pkiutility.hpp"
 #include "base/logger.hpp"
 
 using namespace icinga;

lib/cli/pkirequestcommand.cpp

@@ -18,7 +18,7 @@
  ******************************************************************************/
 
 #include "cli/pkirequestcommand.hpp"
-#include "cli/pkiutility.hpp"
+#include "remote/pkiutility.hpp"
 #include "base/logger.hpp"
 #include "base/tlsutility.hpp"
 #include <iostream>

lib/cli/pkisavecertcommand.cpp

@@ -18,7 +18,7 @@
  ******************************************************************************/
 
 #include "cli/pkisavecertcommand.hpp"
-#include "cli/pkiutility.hpp"
+#include "remote/pkiutility.hpp"
 #include "base/logger.hpp"
 #include "base/tlsutility.hpp"
 

lib/cli/pkisigncsrcommand.cpp

@@ -18,7 +18,7 @@
  ******************************************************************************/
 
 #include "cli/pkisigncsrcommand.hpp"
-#include "cli/pkiutility.hpp"
+#include "remote/pkiutility.hpp"
 #include "base/logger.hpp"
 
 using namespace icinga;

lib/cli/pkiticketcommand.cpp

@@ -18,7 +18,7 @@
  ******************************************************************************/
 
 #include "cli/pkiticketcommand.hpp"
-#include "cli/pkiutility.hpp"
+#include "remote/pkiutility.hpp"
 #include "cli/variableutility.hpp"
 #include "base/logger.hpp"
 #include <iostream>

lib/icinga/apiactions.cpp

@@ -27,6 +27,7 @@
 #include "icinga/notificationcommand.hpp"
 #include "remote/apiaction.hpp"
 #include "remote/apilistener.hpp"
+#include "remote/pkiutility.hpp"
 #include "remote/httputility.hpp"
 #include "base/utility.hpp"
 #include "base/convert.hpp"
@@ -47,6 +48,8 @@ REGISTER_APIACTION(remove_downtime, "Service;Host;Downtime", &ApiActions::Remove
 REGISTER_APIACTION(shutdown_process, "", &ApiActions::ShutdownProcess);
 REGISTER_APIACTION(restart_process, "", &ApiActions::RestartProcess);
 REGISTER_APIACTION(generate_ticket, "", &ApiActions::GenerateTicket);
+REGISTER_APIACTION(list_ca_requests, "", &ApiActions::ListCARequests);
+REGISTER_APIACTION(sign_ca_request, "", &ApiActions::SignCARequest);
 
 Dictionary::Ptr ApiActions::CreateResult(int code, const String& status,
     const Dictionary::Ptr& additional)
@@ -456,3 +459,21 @@ Dictionary::Ptr ApiActions::GenerateTicket(const ConfigObject::Ptr&,
 	return ApiActions::CreateResult(200, "Generated PKI ticket '" + ticket + "' for common name '"
 	    + cn + "'.", additional);
 }
+
+Dictionary::Ptr ApiActions::ListCARequests(const ConfigObject::Ptr&,
+    const Dictionary::Ptr& params)
+{
+	Dictionary::Ptr additional = new Dictionary();
+	additional->Set("requests", PkiUtility::GetCertificateRequests());
+
+	return ApiActions::CreateResult(200, "Listing all CA requests.", additional);
+}
+
+Dictionary::Ptr ApiActions::SignCARequest(const ConfigObject::Ptr&,
+    const Dictionary::Ptr& params)
+{
+	if (!params->Contains("fingerprint"))
+		return ApiActions::CreateResult(400, "Option 'fingerprint' is required.");
+
+	
+}

lib/icinga/apiactions.hpp

@@ -46,6 +46,8 @@ public:
 	static Dictionary::Ptr ShutdownProcess(const ConfigObject::Ptr& object, const Dictionary::Ptr& params);
 	static Dictionary::Ptr RestartProcess(const ConfigObject::Ptr& object, const Dictionary::Ptr& params);
 	static Dictionary::Ptr GenerateTicket(const ConfigObject::Ptr& object, const Dictionary::Ptr& params);
+	static Dictionary::Ptr ListCARequests(const ConfigObject::Ptr& object, const Dictionary::Ptr& params);
+	static Dictionary::Ptr SignCARequest(const ConfigObject::Ptr& object, const Dictionary::Ptr& params);
 
 private:
 	static Dictionary::Ptr CreateResult(int code, const String& status, const Dictionary::Ptr& additional = Dictionary::Ptr());

lib/remote/CMakeLists.txt

@@ -30,6 +30,7 @@ set(remote_SOURCES
   httpchunkedencoding.cpp httpclientconnection.cpp httpserverconnection.cpp httphandler.cpp httprequest.cpp httpresponse.cpp
   httputility.cpp infohandler.cpp jsonrpc.cpp jsonrpcconnection.cpp jsonrpcconnection-heartbeat.cpp jsonrpcconnection-pki.cpp
   messageorigin.cpp modifyobjecthandler.cpp statushandler.cpp objectqueryhandler.cpp templatequeryhandler.cpp
+  pkiutility.cpp
   typequeryhandler.cpp url.cpp variablequeryhandler.cpp zone.cpp zone.thpp
 )
 

lib/remote/pkiutility.cpp

@@ -17,8 +17,7 @@
  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
  ******************************************************************************/
 
-#include "cli/pkiutility.hpp"
+#include "remote/pkiutility.hpp"
-#include "cli/clicommand.hpp"
 #include "remote/apilistener.hpp"
 #include "base/logger.hpp"
 #include "base/application.hpp"
@@ -369,3 +368,61 @@ String PkiUtility::GetCertificateInformation(const boost::shared_ptr<X509>& cert
 
 	return info.str();
 }
+
+static void CollectRequestHandler(const Dictionary::Ptr& requests, const String& requestFile)
+{
+	Dictionary::Ptr request = Utility::LoadJsonFile(requestFile);
+
+	if (!request)
+		return;
+
+	Dictionary::Ptr result = new Dictionary();
+
+	String fingerprint = Utility::BaseName(requestFile);
+	fingerprint = fingerprint.SubStr(0, fingerprint.GetLength() - 5);
+
+	String certRequestText = request->Get("cert_request");
+	result->Set("cert_request", certRequestText);
+
+	Value vcertResponseText;
+
+	if (request->Get("cert_response", &vcertResponseText)) {
+		String certResponseText = vcertResponseText;
+		result->Set("cert_response", certResponseText);
+	}
+
+	boost::shared_ptr<X509> certRequest = StringToCertificate(certRequestText);
+
+	time_t now;
+	time(&now);
+	ASN1_TIME *tm = ASN1_TIME_adj(NULL, now, 0, 0);
+
+	int day, sec;
+	ASN1_TIME_diff(&day, &sec, tm, X509_get_notBefore(certRequest.get()));
+
+	result->Set("timestamp",  static_cast<double>(now) + day * 24 * 60 * 60 + sec);
+
+	BIO *out = BIO_new(BIO_s_mem());
+	X509_NAME_print_ex(out, X509_get_subject_name(certRequest.get()), 0, XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB);
+
+	char *data;
+	long length;
+	length = BIO_get_mem_data(out, &data);
+
+	result->Set("subject", String(data, data + length));
+	BIO_free(out);
+
+	requests->Set(fingerprint, result);
+}
+
+Dictionary::Ptr PkiUtility::GetCertificateRequests(void)
+{
+	Dictionary::Ptr requests = new Dictionary();
+
+	String requestDir = ApiListener::GetPkiRequestsDir();
+
+	if (Utility::PathExists(requestDir))
+		Utility::Glob(requestDir + "/*.json", boost::bind(&CollectRequestHandler, requests, _1), GlobFile);
+
+	return requests;
+}

lib/remote/pkiutility.hpp

@@ -20,8 +20,7 @@
 #ifndef PKIUTILITY_H
 #define PKIUTILITY_H
 
-#include "base/i2-base.hpp"
+#include "remote/i2-remote.hpp"
-#include "cli/i2-cli.hpp"
 #include "base/dictionary.hpp"
 #include "base/string.hpp"
 #include <openssl/x509v3.h>
@@ -30,9 +29,9 @@ namespace icinga
 {
 
 /**
- * @ingroup cli
+ * @ingroup remote
  */
-class I2_CLI_API PkiUtility
+class I2_REMOTE_API PkiUtility
 {
 public:
 	static int NewCa(void);
@@ -45,6 +44,7 @@ public:
 	    const String& certfile, const String& cafile, const boost::shared_ptr<X509>& trustedcert,
 	    const String& ticket = String());
 	static String GetCertificateInformation(const boost::shared_ptr<X509>& certificate);
+	static Dictionary::Ptr GetCertificateRequests(void);
 
 private:
 	PkiUtility(void);