mirror of https://github.com/Icinga/icinga2.git
parent
1e7860f2b1
commit
c02742925e
|
@ -26,7 +26,6 @@ set(cli_SOURCES
|
||||||
featureenablecommand.cpp featuredisablecommand.cpp featurelistcommand.cpp featureutility.cpp
|
featureenablecommand.cpp featuredisablecommand.cpp featurelistcommand.cpp featureutility.cpp
|
||||||
objectlistcommand.cpp objectlistutility.cpp
|
objectlistcommand.cpp objectlistutility.cpp
|
||||||
pkinewcacommand.cpp pkinewcertcommand.cpp pkisigncsrcommand.cpp pkirequestcommand.cpp pkisavecertcommand.cpp pkiticketcommand.cpp
|
pkinewcacommand.cpp pkinewcertcommand.cpp pkisigncsrcommand.cpp pkirequestcommand.cpp pkisavecertcommand.cpp pkiticketcommand.cpp
|
||||||
pkiutility.cpp
|
|
||||||
repositoryclearchangescommand.cpp repositorycommitcommand.cpp repositoryobjectcommand.cpp repositoryutility.cpp
|
repositoryclearchangescommand.cpp repositorycommitcommand.cpp repositoryobjectcommand.cpp repositoryutility.cpp
|
||||||
variablegetcommand.cpp variablelistcommand.cpp variableutility.cpp
|
variablegetcommand.cpp variablelistcommand.cpp variableutility.cpp
|
||||||
troubleshootcommand.cpp
|
troubleshootcommand.cpp
|
||||||
|
|
|
@ -18,10 +18,10 @@
|
||||||
******************************************************************************/
|
******************************************************************************/
|
||||||
|
|
||||||
#include "cli/apisetuputility.hpp"
|
#include "cli/apisetuputility.hpp"
|
||||||
#include "cli/pkiutility.hpp"
|
|
||||||
#include "cli/nodeutility.hpp"
|
#include "cli/nodeutility.hpp"
|
||||||
#include "cli/featureutility.hpp"
|
#include "cli/featureutility.hpp"
|
||||||
#include "remote/apilistener.hpp"
|
#include "remote/apilistener.hpp"
|
||||||
|
#include "remote/pkiutility.hpp"
|
||||||
#include "base/logger.hpp"
|
#include "base/logger.hpp"
|
||||||
#include "base/console.hpp"
|
#include "base/console.hpp"
|
||||||
#include "base/application.hpp"
|
#include "base/application.hpp"
|
||||||
|
|
|
@ -19,6 +19,7 @@
|
||||||
|
|
||||||
#include "cli/calistcommand.hpp"
|
#include "cli/calistcommand.hpp"
|
||||||
#include "remote/apilistener.hpp"
|
#include "remote/apilistener.hpp"
|
||||||
|
#include "remote/pkiutility.hpp"
|
||||||
#include "base/logger.hpp"
|
#include "base/logger.hpp"
|
||||||
#include "base/application.hpp"
|
#include "base/application.hpp"
|
||||||
#include "base/tlsutility.hpp"
|
#include "base/tlsutility.hpp"
|
||||||
|
@ -46,51 +47,6 @@ void CAListCommand::InitParameters(boost::program_options::options_description&
|
||||||
("json", "encode output as JSON")
|
("json", "encode output as JSON")
|
||||||
;
|
;
|
||||||
}
|
}
|
||||||
static void CollectRequestHandler(const Dictionary::Ptr& requests, const String& requestFile)
|
|
||||||
{
|
|
||||||
Dictionary::Ptr request = Utility::LoadJsonFile(requestFile);
|
|
||||||
|
|
||||||
if (!request)
|
|
||||||
return;
|
|
||||||
|
|
||||||
Dictionary::Ptr result = new Dictionary();
|
|
||||||
|
|
||||||
String fingerprint = Utility::BaseName(requestFile);
|
|
||||||
fingerprint = fingerprint.SubStr(0, fingerprint.GetLength() - 5);
|
|
||||||
|
|
||||||
String certRequestText = request->Get("cert_request");
|
|
||||||
result->Set("cert_request", certRequestText);
|
|
||||||
|
|
||||||
Value vcertResponseText;
|
|
||||||
|
|
||||||
if (request->Get("cert_response", &vcertResponseText)) {
|
|
||||||
String certResponseText = vcertResponseText;
|
|
||||||
result->Set("cert_response", certResponseText);
|
|
||||||
}
|
|
||||||
|
|
||||||
boost::shared_ptr<X509> certRequest = StringToCertificate(certRequestText);
|
|
||||||
|
|
||||||
time_t now;
|
|
||||||
time(&now);
|
|
||||||
ASN1_TIME *tm = ASN1_TIME_adj(NULL, now, 0, 0);
|
|
||||||
|
|
||||||
int day, sec;
|
|
||||||
ASN1_TIME_diff(&day, &sec, tm, X509_get_notBefore(certRequest.get()));
|
|
||||||
|
|
||||||
result->Set("timestamp", static_cast<double>(now) + day * 24 * 60 * 60 + sec);
|
|
||||||
|
|
||||||
BIO *out = BIO_new(BIO_s_mem());
|
|
||||||
X509_NAME_print_ex(out, X509_get_subject_name(certRequest.get()), 0, XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB);
|
|
||||||
|
|
||||||
char *data;
|
|
||||||
long length;
|
|
||||||
length = BIO_get_mem_data(out, &data);
|
|
||||||
|
|
||||||
result->Set("subject", String(data, data + length));
|
|
||||||
BIO_free(out);
|
|
||||||
|
|
||||||
requests->Set(fingerprint, result);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The entry point for the "ca list" CLI command.
|
* The entry point for the "ca list" CLI command.
|
||||||
|
@ -99,12 +55,7 @@ static void CollectRequestHandler(const Dictionary::Ptr& requests, const String&
|
||||||
*/
|
*/
|
||||||
int CAListCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
|
int CAListCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
|
||||||
{
|
{
|
||||||
Dictionary::Ptr requests = new Dictionary();
|
Dictionary::Ptr requests = PkiUtility::GetCertificateRequests();
|
||||||
|
|
||||||
String requestDir = ApiListener::GetPkiRequestsDir();
|
|
||||||
|
|
||||||
if (Utility::PathExists(requestDir))
|
|
||||||
Utility::Glob(requestDir + "/*.json", boost::bind(&CollectRequestHandler, requests, _1), GlobFile);
|
|
||||||
|
|
||||||
if (vm.count("json"))
|
if (vm.count("json"))
|
||||||
std::cout << JsonEncode(requests);
|
std::cout << JsonEncode(requests);
|
||||||
|
|
|
@ -20,9 +20,9 @@
|
||||||
#include "cli/nodesetupcommand.hpp"
|
#include "cli/nodesetupcommand.hpp"
|
||||||
#include "cli/nodeutility.hpp"
|
#include "cli/nodeutility.hpp"
|
||||||
#include "cli/featureutility.hpp"
|
#include "cli/featureutility.hpp"
|
||||||
#include "cli/pkiutility.hpp"
|
|
||||||
#include "cli/apisetuputility.hpp"
|
#include "cli/apisetuputility.hpp"
|
||||||
#include "remote/apilistener.hpp"
|
#include "remote/apilistener.hpp"
|
||||||
|
#include "remote/pkiutility.hpp"
|
||||||
#include "base/logger.hpp"
|
#include "base/logger.hpp"
|
||||||
#include "base/console.hpp"
|
#include "base/console.hpp"
|
||||||
#include "base/application.hpp"
|
#include "base/application.hpp"
|
||||||
|
|
|
@ -19,10 +19,10 @@
|
||||||
|
|
||||||
#include "cli/nodewizardcommand.hpp"
|
#include "cli/nodewizardcommand.hpp"
|
||||||
#include "cli/nodeutility.hpp"
|
#include "cli/nodeutility.hpp"
|
||||||
#include "cli/pkiutility.hpp"
|
|
||||||
#include "cli/featureutility.hpp"
|
#include "cli/featureutility.hpp"
|
||||||
#include "cli/apisetuputility.hpp"
|
#include "cli/apisetuputility.hpp"
|
||||||
#include "remote/apilistener.hpp"
|
#include "remote/apilistener.hpp"
|
||||||
|
#include "remote/pkiutility.hpp"
|
||||||
#include "base/logger.hpp"
|
#include "base/logger.hpp"
|
||||||
#include "base/console.hpp"
|
#include "base/console.hpp"
|
||||||
#include "base/application.hpp"
|
#include "base/application.hpp"
|
||||||
|
|
|
@ -18,7 +18,7 @@
|
||||||
******************************************************************************/
|
******************************************************************************/
|
||||||
|
|
||||||
#include "cli/pkinewcacommand.hpp"
|
#include "cli/pkinewcacommand.hpp"
|
||||||
#include "cli/pkiutility.hpp"
|
#include "remote/pkiutility.hpp"
|
||||||
#include "base/logger.hpp"
|
#include "base/logger.hpp"
|
||||||
|
|
||||||
using namespace icinga;
|
using namespace icinga;
|
||||||
|
|
|
@ -18,7 +18,7 @@
|
||||||
******************************************************************************/
|
******************************************************************************/
|
||||||
|
|
||||||
#include "cli/pkinewcertcommand.hpp"
|
#include "cli/pkinewcertcommand.hpp"
|
||||||
#include "cli/pkiutility.hpp"
|
#include "remote/pkiutility.hpp"
|
||||||
#include "base/logger.hpp"
|
#include "base/logger.hpp"
|
||||||
|
|
||||||
using namespace icinga;
|
using namespace icinga;
|
||||||
|
|
|
@ -18,7 +18,7 @@
|
||||||
******************************************************************************/
|
******************************************************************************/
|
||||||
|
|
||||||
#include "cli/pkirequestcommand.hpp"
|
#include "cli/pkirequestcommand.hpp"
|
||||||
#include "cli/pkiutility.hpp"
|
#include "remote/pkiutility.hpp"
|
||||||
#include "base/logger.hpp"
|
#include "base/logger.hpp"
|
||||||
#include "base/tlsutility.hpp"
|
#include "base/tlsutility.hpp"
|
||||||
#include <iostream>
|
#include <iostream>
|
||||||
|
|
|
@ -18,7 +18,7 @@
|
||||||
******************************************************************************/
|
******************************************************************************/
|
||||||
|
|
||||||
#include "cli/pkisavecertcommand.hpp"
|
#include "cli/pkisavecertcommand.hpp"
|
||||||
#include "cli/pkiutility.hpp"
|
#include "remote/pkiutility.hpp"
|
||||||
#include "base/logger.hpp"
|
#include "base/logger.hpp"
|
||||||
#include "base/tlsutility.hpp"
|
#include "base/tlsutility.hpp"
|
||||||
|
|
||||||
|
|
|
@ -18,7 +18,7 @@
|
||||||
******************************************************************************/
|
******************************************************************************/
|
||||||
|
|
||||||
#include "cli/pkisigncsrcommand.hpp"
|
#include "cli/pkisigncsrcommand.hpp"
|
||||||
#include "cli/pkiutility.hpp"
|
#include "remote/pkiutility.hpp"
|
||||||
#include "base/logger.hpp"
|
#include "base/logger.hpp"
|
||||||
|
|
||||||
using namespace icinga;
|
using namespace icinga;
|
||||||
|
|
|
@ -18,7 +18,7 @@
|
||||||
******************************************************************************/
|
******************************************************************************/
|
||||||
|
|
||||||
#include "cli/pkiticketcommand.hpp"
|
#include "cli/pkiticketcommand.hpp"
|
||||||
#include "cli/pkiutility.hpp"
|
#include "remote/pkiutility.hpp"
|
||||||
#include "cli/variableutility.hpp"
|
#include "cli/variableutility.hpp"
|
||||||
#include "base/logger.hpp"
|
#include "base/logger.hpp"
|
||||||
#include <iostream>
|
#include <iostream>
|
||||||
|
|
|
@ -27,6 +27,7 @@
|
||||||
#include "icinga/notificationcommand.hpp"
|
#include "icinga/notificationcommand.hpp"
|
||||||
#include "remote/apiaction.hpp"
|
#include "remote/apiaction.hpp"
|
||||||
#include "remote/apilistener.hpp"
|
#include "remote/apilistener.hpp"
|
||||||
|
#include "remote/pkiutility.hpp"
|
||||||
#include "remote/httputility.hpp"
|
#include "remote/httputility.hpp"
|
||||||
#include "base/utility.hpp"
|
#include "base/utility.hpp"
|
||||||
#include "base/convert.hpp"
|
#include "base/convert.hpp"
|
||||||
|
@ -47,6 +48,8 @@ REGISTER_APIACTION(remove_downtime, "Service;Host;Downtime", &ApiActions::Remove
|
||||||
REGISTER_APIACTION(shutdown_process, "", &ApiActions::ShutdownProcess);
|
REGISTER_APIACTION(shutdown_process, "", &ApiActions::ShutdownProcess);
|
||||||
REGISTER_APIACTION(restart_process, "", &ApiActions::RestartProcess);
|
REGISTER_APIACTION(restart_process, "", &ApiActions::RestartProcess);
|
||||||
REGISTER_APIACTION(generate_ticket, "", &ApiActions::GenerateTicket);
|
REGISTER_APIACTION(generate_ticket, "", &ApiActions::GenerateTicket);
|
||||||
|
REGISTER_APIACTION(list_ca_requests, "", &ApiActions::ListCARequests);
|
||||||
|
REGISTER_APIACTION(sign_ca_request, "", &ApiActions::SignCARequest);
|
||||||
|
|
||||||
Dictionary::Ptr ApiActions::CreateResult(int code, const String& status,
|
Dictionary::Ptr ApiActions::CreateResult(int code, const String& status,
|
||||||
const Dictionary::Ptr& additional)
|
const Dictionary::Ptr& additional)
|
||||||
|
@ -456,3 +459,21 @@ Dictionary::Ptr ApiActions::GenerateTicket(const ConfigObject::Ptr&,
|
||||||
return ApiActions::CreateResult(200, "Generated PKI ticket '" + ticket + "' for common name '"
|
return ApiActions::CreateResult(200, "Generated PKI ticket '" + ticket + "' for common name '"
|
||||||
+ cn + "'.", additional);
|
+ cn + "'.", additional);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Dictionary::Ptr ApiActions::ListCARequests(const ConfigObject::Ptr&,
|
||||||
|
const Dictionary::Ptr& params)
|
||||||
|
{
|
||||||
|
Dictionary::Ptr additional = new Dictionary();
|
||||||
|
additional->Set("requests", PkiUtility::GetCertificateRequests());
|
||||||
|
|
||||||
|
return ApiActions::CreateResult(200, "Listing all CA requests.", additional);
|
||||||
|
}
|
||||||
|
|
||||||
|
Dictionary::Ptr ApiActions::SignCARequest(const ConfigObject::Ptr&,
|
||||||
|
const Dictionary::Ptr& params)
|
||||||
|
{
|
||||||
|
if (!params->Contains("fingerprint"))
|
||||||
|
return ApiActions::CreateResult(400, "Option 'fingerprint' is required.");
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
|
@ -46,6 +46,8 @@ public:
|
||||||
static Dictionary::Ptr ShutdownProcess(const ConfigObject::Ptr& object, const Dictionary::Ptr& params);
|
static Dictionary::Ptr ShutdownProcess(const ConfigObject::Ptr& object, const Dictionary::Ptr& params);
|
||||||
static Dictionary::Ptr RestartProcess(const ConfigObject::Ptr& object, const Dictionary::Ptr& params);
|
static Dictionary::Ptr RestartProcess(const ConfigObject::Ptr& object, const Dictionary::Ptr& params);
|
||||||
static Dictionary::Ptr GenerateTicket(const ConfigObject::Ptr& object, const Dictionary::Ptr& params);
|
static Dictionary::Ptr GenerateTicket(const ConfigObject::Ptr& object, const Dictionary::Ptr& params);
|
||||||
|
static Dictionary::Ptr ListCARequests(const ConfigObject::Ptr& object, const Dictionary::Ptr& params);
|
||||||
|
static Dictionary::Ptr SignCARequest(const ConfigObject::Ptr& object, const Dictionary::Ptr& params);
|
||||||
|
|
||||||
private:
|
private:
|
||||||
static Dictionary::Ptr CreateResult(int code, const String& status, const Dictionary::Ptr& additional = Dictionary::Ptr());
|
static Dictionary::Ptr CreateResult(int code, const String& status, const Dictionary::Ptr& additional = Dictionary::Ptr());
|
||||||
|
|
|
@ -30,6 +30,7 @@ set(remote_SOURCES
|
||||||
httpchunkedencoding.cpp httpclientconnection.cpp httpserverconnection.cpp httphandler.cpp httprequest.cpp httpresponse.cpp
|
httpchunkedencoding.cpp httpclientconnection.cpp httpserverconnection.cpp httphandler.cpp httprequest.cpp httpresponse.cpp
|
||||||
httputility.cpp infohandler.cpp jsonrpc.cpp jsonrpcconnection.cpp jsonrpcconnection-heartbeat.cpp jsonrpcconnection-pki.cpp
|
httputility.cpp infohandler.cpp jsonrpc.cpp jsonrpcconnection.cpp jsonrpcconnection-heartbeat.cpp jsonrpcconnection-pki.cpp
|
||||||
messageorigin.cpp modifyobjecthandler.cpp statushandler.cpp objectqueryhandler.cpp templatequeryhandler.cpp
|
messageorigin.cpp modifyobjecthandler.cpp statushandler.cpp objectqueryhandler.cpp templatequeryhandler.cpp
|
||||||
|
pkiutility.cpp
|
||||||
typequeryhandler.cpp url.cpp variablequeryhandler.cpp zone.cpp zone.thpp
|
typequeryhandler.cpp url.cpp variablequeryhandler.cpp zone.cpp zone.thpp
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -17,8 +17,7 @@
|
||||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
|
||||||
******************************************************************************/
|
******************************************************************************/
|
||||||
|
|
||||||
#include "cli/pkiutility.hpp"
|
#include "remote/pkiutility.hpp"
|
||||||
#include "cli/clicommand.hpp"
|
|
||||||
#include "remote/apilistener.hpp"
|
#include "remote/apilistener.hpp"
|
||||||
#include "base/logger.hpp"
|
#include "base/logger.hpp"
|
||||||
#include "base/application.hpp"
|
#include "base/application.hpp"
|
||||||
|
@ -369,3 +368,61 @@ String PkiUtility::GetCertificateInformation(const boost::shared_ptr<X509>& cert
|
||||||
|
|
||||||
return info.str();
|
return info.str();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void CollectRequestHandler(const Dictionary::Ptr& requests, const String& requestFile)
|
||||||
|
{
|
||||||
|
Dictionary::Ptr request = Utility::LoadJsonFile(requestFile);
|
||||||
|
|
||||||
|
if (!request)
|
||||||
|
return;
|
||||||
|
|
||||||
|
Dictionary::Ptr result = new Dictionary();
|
||||||
|
|
||||||
|
String fingerprint = Utility::BaseName(requestFile);
|
||||||
|
fingerprint = fingerprint.SubStr(0, fingerprint.GetLength() - 5);
|
||||||
|
|
||||||
|
String certRequestText = request->Get("cert_request");
|
||||||
|
result->Set("cert_request", certRequestText);
|
||||||
|
|
||||||
|
Value vcertResponseText;
|
||||||
|
|
||||||
|
if (request->Get("cert_response", &vcertResponseText)) {
|
||||||
|
String certResponseText = vcertResponseText;
|
||||||
|
result->Set("cert_response", certResponseText);
|
||||||
|
}
|
||||||
|
|
||||||
|
boost::shared_ptr<X509> certRequest = StringToCertificate(certRequestText);
|
||||||
|
|
||||||
|
time_t now;
|
||||||
|
time(&now);
|
||||||
|
ASN1_TIME *tm = ASN1_TIME_adj(NULL, now, 0, 0);
|
||||||
|
|
||||||
|
int day, sec;
|
||||||
|
ASN1_TIME_diff(&day, &sec, tm, X509_get_notBefore(certRequest.get()));
|
||||||
|
|
||||||
|
result->Set("timestamp", static_cast<double>(now) + day * 24 * 60 * 60 + sec);
|
||||||
|
|
||||||
|
BIO *out = BIO_new(BIO_s_mem());
|
||||||
|
X509_NAME_print_ex(out, X509_get_subject_name(certRequest.get()), 0, XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB);
|
||||||
|
|
||||||
|
char *data;
|
||||||
|
long length;
|
||||||
|
length = BIO_get_mem_data(out, &data);
|
||||||
|
|
||||||
|
result->Set("subject", String(data, data + length));
|
||||||
|
BIO_free(out);
|
||||||
|
|
||||||
|
requests->Set(fingerprint, result);
|
||||||
|
}
|
||||||
|
|
||||||
|
Dictionary::Ptr PkiUtility::GetCertificateRequests(void)
|
||||||
|
{
|
||||||
|
Dictionary::Ptr requests = new Dictionary();
|
||||||
|
|
||||||
|
String requestDir = ApiListener::GetPkiRequestsDir();
|
||||||
|
|
||||||
|
if (Utility::PathExists(requestDir))
|
||||||
|
Utility::Glob(requestDir + "/*.json", boost::bind(&CollectRequestHandler, requests, _1), GlobFile);
|
||||||
|
|
||||||
|
return requests;
|
||||||
|
}
|
|
@ -20,8 +20,7 @@
|
||||||
#ifndef PKIUTILITY_H
|
#ifndef PKIUTILITY_H
|
||||||
#define PKIUTILITY_H
|
#define PKIUTILITY_H
|
||||||
|
|
||||||
#include "base/i2-base.hpp"
|
#include "remote/i2-remote.hpp"
|
||||||
#include "cli/i2-cli.hpp"
|
|
||||||
#include "base/dictionary.hpp"
|
#include "base/dictionary.hpp"
|
||||||
#include "base/string.hpp"
|
#include "base/string.hpp"
|
||||||
#include <openssl/x509v3.h>
|
#include <openssl/x509v3.h>
|
||||||
|
@ -30,9 +29,9 @@ namespace icinga
|
||||||
{
|
{
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @ingroup cli
|
* @ingroup remote
|
||||||
*/
|
*/
|
||||||
class I2_CLI_API PkiUtility
|
class I2_REMOTE_API PkiUtility
|
||||||
{
|
{
|
||||||
public:
|
public:
|
||||||
static int NewCa(void);
|
static int NewCa(void);
|
||||||
|
@ -45,6 +44,7 @@ public:
|
||||||
const String& certfile, const String& cafile, const boost::shared_ptr<X509>& trustedcert,
|
const String& certfile, const String& cafile, const boost::shared_ptr<X509>& trustedcert,
|
||||||
const String& ticket = String());
|
const String& ticket = String());
|
||||||
static String GetCertificateInformation(const boost::shared_ptr<X509>& certificate);
|
static String GetCertificateInformation(const boost::shared_ptr<X509>& certificate);
|
||||||
|
static Dictionary::Ptr GetCertificateRequests(void);
|
||||||
|
|
||||||
private:
|
private:
|
||||||
PkiUtility(void);
|
PkiUtility(void);
|
Loading…
Reference in New Issue