From c2196871211305f49764645df88e08e8739f540e Mon Sep 17 00:00:00 2001
From: Michael Friedrich <michael.friedrich@netways.de>
Date: Mon, 9 Feb 2015 14:19:26 +0100
Subject: [PATCH] Create certificate backups in 'node setup'

fixes #8399
---
 lib/cli/nodesetupcommand.cpp | 76 ++++++++++++++++++------------------
 1 file changed, 38 insertions(+), 38 deletions(-)

diff --git a/lib/cli/nodesetupcommand.cpp b/lib/cli/nodesetupcommand.cpp
index fba342dc9..e0d1a38e0 100644
--- a/lib/cli/nodesetupcommand.cpp
+++ b/lib/cli/nodesetupcommand.cpp
@@ -150,6 +150,11 @@ int NodeSetupCommand::SetupMaster(const boost::program_options::variables_map& v
 	String key = pki_path + "/" + cn + ".key";
 	String csr = pki_path + "/" + cn + ".csr";
 
+	if (Utility::PathExists(key))
+		NodeUtility::CreateBackupFile(key, true);
+	if (Utility::PathExists(csr))
+		NodeUtility::CreateBackupFile(csr);
+
 	if (PkiUtility::NewCert(cn, key, csr, "") > 0) {
 		Log(LogCritical, "cli", "Failed to create self-signed certificate");
 		return 1;
@@ -159,6 +164,9 @@ int NodeSetupCommand::SetupMaster(const boost::program_options::variables_map& v
 
 	String cert = pki_path + "/" + cn + ".crt";
 
+	if (Utility::PathExists(cert))
+		NodeUtility::CreateBackupFile(cert);
+
 	if (PkiUtility::SignCsr(csr, cert) != 0) {
 		Log(LogCritical, "cli", "Could not sign CSR.");
 		return 1;
@@ -178,33 +186,21 @@ int NodeSetupCommand::SetupMaster(const boost::program_options::variables_map& v
 	Utility::CopyFile(ca, target_ca);
 
 	/* fix permissions: root -> icinga daemon user */
-	if (!Utility::SetFileOwnership(ca_path, user, group)) {
-		Log(LogWarning, "cli")
-		    << "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << ca_path << "'. Verify it yourself!";
-	}
-	if (!Utility::SetFileOwnership(ca, user, group)) {
-		Log(LogWarning, "cli")
-		    << "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << ca << "'. Verify it yourself!";
-	}
-	if (!Utility::SetFileOwnership(ca_key, user, group)) {
-		Log(LogWarning, "cli")
-		    << "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << ca_key << "'. Verify it yourself!";
-	}
-	if (!Utility::SetFileOwnership(serial, user, group)) {
-		Log(LogWarning, "cli")
-		    << "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << serial << "'. Verify it yourself!";
-	}
-	if (!Utility::SetFileOwnership(target_ca, user, group)) {
-		Log(LogWarning, "cli")
-		    << "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << target_ca << "'. Verify it yourself!";
-	}
-	if (!Utility::SetFileOwnership(key, user, group)) {
-		Log(LogWarning, "cli")
-		    << "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << key << "'. Verify it yourself!";
-	}
-	if (!Utility::SetFileOwnership(csr, user, group)) {
-		Log(LogWarning, "cli")
-		    << "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << csr << "'. Verify it yourself!";
+	std::vector<String> files;
+	files.push_back(ca_path);
+	files.push_back(ca);
+	files.push_back(ca_key);
+	files.push_back(serial);
+	files.push_back(target_ca);
+	files.push_back(key);
+	files.push_back(csr);
+	files.push_back(cert);
+
+	BOOST_FOREACH(const String& file, files) {
+		if (!Utility::SetFileOwnership(file, user, group)) {
+			Log(LogWarning, "cli")
+			    << "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << file << "'. Verify it yourself!";
+		}
 	}
 
 	/* read zones.conf and update with zone + endpoint information */
@@ -383,23 +379,27 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm,
 		    << "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << pki_path << "'. Verify it yourself!";
 	}
 
+	if (Utility::PathExists(key))
+		NodeUtility::CreateBackupFile(key, true);
+	if (Utility::PathExists(cert))
+		NodeUtility::CreateBackupFile(cert);
+
 	if (PkiUtility::NewCert(cn, key, String(), cert) != 0) {
 		Log(LogCritical, "cli", "Failed to generate new self-signed certificate.");
 		return 1;
 	}
 
 	/* fix permissions: root -> icinga daemon user */
-	if (!Utility::SetFileOwnership(ca, user, group)) {
-		Log(LogWarning, "cli")
-		    << "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << ca << "'. Verify it yourself!";
-	}
-	if (!Utility::SetFileOwnership(cert, user, group)) {
-		Log(LogWarning, "cli")
-		    << "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << cert << "'. Verify it yourself!";
-	}
-	if (!Utility::SetFileOwnership(key, user, group)) {
-		Log(LogWarning, "cli")
-		    << "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << key << "'. Verify it yourself!";
+	std::vector<String> files;
+	files.push_back(ca);
+	files.push_back(key);
+	files.push_back(cert);
+
+	BOOST_FOREACH(const String& file, files) {
+		if (!Utility::SetFileOwnership(file, user, group)) {
+			Log(LogWarning, "cli")
+			    << "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << file << "'. Verify it yourself!";
+		}
 	}
 
 	Log(LogInformation, "cli", "Requesting a signed certificate from the master.");