Made SSL cert paths configurable.

This commit is contained in:
Gunnar Beutner 2012-04-27 13:12:06 +02:00
parent 5c603ee98b
commit d55965c070
6 changed files with 153 additions and 43 deletions

View File

@ -23,9 +23,6 @@ public:
typedef shared_ptr<ConfigObject> Ptr; typedef shared_ptr<ConfigObject> Ptr;
typedef weak_ptr<ConfigObject> WeakPtr; typedef weak_ptr<ConfigObject> WeakPtr;
typedef map<string, string>::iterator ParameterIterator;
map<string, string> Properties;
ConfigObject(const string& type, const string& name); ConfigObject(const string& type, const string& name);
void SetHive(const weak_ptr<ConfigHive>& hive); void SetHive(const weak_ptr<ConfigHive>& hive);

View File

@ -1,4 +1,11 @@
{ {
"icinga": {
"icinga": {
"privkey": "icinga-c1.key",
"pubkey": "icinga-c1.crt",
"cakey": "ca.crt"
}
},
"component": { "component": {
"configrpc": { "replicate": "0", "configSource": "1" }, "configrpc": { "replicate": "0", "configSource": "1" },
"demo": { "replicate": "0" } "demo": { "replicate": "0" }

View File

@ -2,10 +2,9 @@
using namespace icinga; using namespace icinga;
EndpointManager::EndpointManager(string identity, shared_ptr<SSL_CTX> sslContext) void EndpointManager::SetIdentity(string identity)
{ {
m_Identity = identity; m_Identity = identity;
m_SSLContext = sslContext;
} }
string EndpointManager::GetIdentity(void) const string EndpointManager::GetIdentity(void) const
@ -13,6 +12,16 @@ string EndpointManager::GetIdentity(void) const
return m_Identity; return m_Identity;
} }
void EndpointManager::SetSSLContext(shared_ptr<SSL_CTX> sslContext)
{
m_SSLContext = sslContext;
}
shared_ptr<SSL_CTX> EndpointManager::GetSSLContext(void) const
{
return m_SSLContext;
}
void EndpointManager::AddListener(unsigned short port) void EndpointManager::AddListener(unsigned short port)
{ {
stringstream s; stringstream s;
@ -64,6 +73,9 @@ void EndpointManager::UnregisterServer(JsonRpcServer::Ptr server)
void EndpointManager::RegisterEndpoint(Endpoint::Ptr endpoint) void EndpointManager::RegisterEndpoint(Endpoint::Ptr endpoint)
{ {
if (!endpoint->IsLocal() && endpoint->GetIdentity() != "")
throw InvalidArgumentException("Identity must be empty.");
endpoint->SetEndpointManager(static_pointer_cast<EndpointManager>(shared_from_this())); endpoint->SetEndpointManager(static_pointer_cast<EndpointManager>(shared_from_this()));
m_Endpoints.push_front(endpoint); m_Endpoints.push_front(endpoint);

View File

@ -29,10 +29,12 @@ public:
typedef shared_ptr<EndpointManager> Ptr; typedef shared_ptr<EndpointManager> Ptr;
typedef weak_ptr<EndpointManager> WeakPtr; typedef weak_ptr<EndpointManager> WeakPtr;
EndpointManager(string identity, shared_ptr<SSL_CTX> sslContext); void SetIdentity(string identity);
string GetIdentity(void) const; string GetIdentity(void) const;
void SetSSLContext(shared_ptr<SSL_CTX> sslContext);
shared_ptr<SSL_CTX> GetSSLContext(void) const;
void AddListener(unsigned short port); void AddListener(unsigned short port);
void AddConnection(string host, unsigned short port); void AddConnection(string host, unsigned short port);

View File

@ -22,54 +22,70 @@ int IcingaApplication::Main(const vector<string>& args)
return EXIT_FAILURE; return EXIT_FAILURE;
} }
shared_ptr<X509> cert = Utility::GetX509Certificate("icinga-c1.crt"); m_EndpointManager = make_shared<EndpointManager>();
string identity = Utility::GetCertificateCN(cert);
Application::Log("My identity: " + identity);
shared_ptr<SSL_CTX> sslContext = Utility::MakeSSLContext("icinga-c1.crt", "icinga-c1.key", "ca.crt");
m_EndpointManager = make_shared<EndpointManager>(identity, sslContext);
string componentDirectory = GetExeDirectory() + "/../lib/icinga"; string componentDirectory = GetExeDirectory() + "/../lib/icinga";
AddComponentSearchDir(componentDirectory); AddComponentSearchDir(componentDirectory);
/* register handler for 'component' config objects */
ConfigCollection::Ptr componentCollection = GetConfigHive()->GetCollection("component"); ConfigCollection::Ptr componentCollection = GetConfigHive()->GetCollection("component");
function<int (const EventArgs&)> NewComponentHandler = bind_weak(&IcingaApplication::NewComponentHandler, shared_from_this()); function<int (const EventArgs&)> NewComponentHandler = bind_weak(&IcingaApplication::NewComponentHandler, shared_from_this());
componentCollection->OnObjectCreated += NewComponentHandler; componentCollection->OnObjectCreated += NewComponentHandler;
componentCollection->ForEachObject(NewComponentHandler); componentCollection->ForEachObject(NewComponentHandler);
componentCollection->OnObjectRemoved += bind_weak(&IcingaApplication::DeletedComponentHandler, shared_from_this()); componentCollection->OnObjectRemoved += bind_weak(&IcingaApplication::DeletedComponentHandler, shared_from_this());
ConfigCollection::Ptr listenerCollection = GetConfigHive()->GetCollection("rpclistener"); /* register handler for 'icinga' config objects */
ConfigCollection::Ptr icingaCollection = GetConfigHive()->GetCollection("icinga");
function<int (const EventArgs&)> NewRpcListenerHandler = bind_weak(&IcingaApplication::NewRpcListenerHandler, shared_from_this()); function<int (const EventArgs&)> NewIcingaConfigHandler = bind_weak(&IcingaApplication::NewIcingaConfigHandler, shared_from_this());
listenerCollection->OnObjectCreated += NewRpcListenerHandler; icingaCollection->OnObjectCreated += NewIcingaConfigHandler;
listenerCollection->ForEachObject(NewRpcListenerHandler); icingaCollection->ForEachObject(NewIcingaConfigHandler);
icingaCollection->OnObjectRemoved += bind_weak(&IcingaApplication::DeletedIcingaConfigHandler, shared_from_this());
listenerCollection->OnObjectRemoved += bind_weak(&IcingaApplication::DeletedRpcListenerHandler, shared_from_this());
ConfigCollection::Ptr connectionCollection = GetConfigHive()->GetCollection("rpcconnection");
function<int (const EventArgs&)> NewRpcConnectionHandler = bind_weak(&IcingaApplication::NewRpcConnectionHandler, shared_from_this());
connectionCollection->OnObjectCreated += NewRpcConnectionHandler;
connectionCollection->ForEachObject(NewRpcConnectionHandler);
connectionCollection->OnObjectRemoved += bind_weak(&IcingaApplication::DeletedRpcConnectionHandler, shared_from_this());
SubscriptionComponent::Ptr subscriptionComponent = make_shared<SubscriptionComponent>();
RegisterComponent(subscriptionComponent);
DiscoveryComponent::Ptr discoveryComponent = make_shared<DiscoveryComponent>();
RegisterComponent(discoveryComponent);
/* load config file */
ConfigObject::Ptr fileComponentConfig = make_shared<ConfigObject>("component", "configfile"); ConfigObject::Ptr fileComponentConfig = make_shared<ConfigObject>("component", "configfile");
fileComponentConfig->SetPropertyString("configFilename", args[1]); fileComponentConfig->SetPropertyString("configFilename", args[1]);
fileComponentConfig->SetPropertyInteger("replicate", 0); fileComponentConfig->SetPropertyInteger("replicate", 0);
GetConfigHive()->AddObject(fileComponentConfig); GetConfigHive()->AddObject(fileComponentConfig);
ConfigCollection::Ptr collection = GetConfigHive()->GetCollection("rpclistener"); if (GetPrivateKeyFile().empty())
throw InvalidArgumentException("No private key was specified.");
if (GetPublicKeyFile().empty())
throw InvalidArgumentException("No public certificate was specified.");
if (GetCAKeyFile().empty())
throw InvalidArgumentException("No CA certificate was specified.");
/* set up SSL context */
shared_ptr<X509> cert = Utility::GetX509Certificate(GetPublicKeyFile());
string identity = Utility::GetCertificateCN(cert);
Application::Log("My identity: " + identity);
m_EndpointManager->SetIdentity(identity);
shared_ptr<SSL_CTX> sslContext = Utility::MakeSSLContext(GetPublicKeyFile(), GetPrivateKeyFile(), GetCAKeyFile());
m_EndpointManager->SetSSLContext(sslContext);
/* register handler for 'rpclistener' config objects */
ConfigCollection::Ptr listenerCollection = GetConfigHive()->GetCollection("rpclistener");
function<int (const EventArgs&)> NewRpcListenerHandler = bind_weak(&IcingaApplication::NewRpcListenerHandler, shared_from_this());
listenerCollection->OnObjectCreated += NewRpcListenerHandler;
listenerCollection->ForEachObject(NewRpcListenerHandler);
listenerCollection->OnObjectRemoved += bind_weak(&IcingaApplication::DeletedRpcListenerHandler, shared_from_this());
/* register handle for 'rpcconnection' config objects */
ConfigCollection::Ptr connectionCollection = GetConfigHive()->GetCollection("rpcconnection");
function<int (const EventArgs&)> NewRpcConnectionHandler = bind_weak(&IcingaApplication::NewRpcConnectionHandler, shared_from_this());
connectionCollection->OnObjectCreated += NewRpcConnectionHandler;
connectionCollection->ForEachObject(NewRpcConnectionHandler);
connectionCollection->OnObjectRemoved += bind_weak(&IcingaApplication::DeletedRpcConnectionHandler, shared_from_this());
/* load the subscription component */
SubscriptionComponent::Ptr subscriptionComponent = make_shared<SubscriptionComponent>();
RegisterComponent(subscriptionComponent);
/* load the discovery component */
DiscoveryComponent::Ptr discoveryComponent = make_shared<DiscoveryComponent>();
RegisterComponent(discoveryComponent);
RunEventLoop(); RunEventLoop();
@ -88,13 +104,13 @@ EndpointManager::Ptr IcingaApplication::GetEndpointManager(void)
int IcingaApplication::NewComponentHandler(const EventArgs& ea) int IcingaApplication::NewComponentHandler(const EventArgs& ea)
{ {
string path;
ConfigObject::Ptr object = static_pointer_cast<ConfigObject>(ea.Source); ConfigObject::Ptr object = static_pointer_cast<ConfigObject>(ea.Source);
/* don't allow replicated config objects */ /* don't allow replicated config objects */
if (object->GetReplicated()) if (object->GetReplicated())
return 0; return 0;
string path;
if (!object->GetPropertyString("path", &path)) { if (!object->GetPropertyString("path", &path)) {
#ifdef _WIN32 #ifdef _WIN32
path = object->GetName() + ".dll"; path = object->GetName() + ".dll";
@ -118,23 +134,52 @@ int IcingaApplication::DeletedComponentHandler(const EventArgs& ea)
return 0; return 0;
} }
int IcingaApplication::NewIcingaConfigHandler(const EventArgs& ea)
{
ConfigObject::Ptr object = static_pointer_cast<ConfigObject>(ea.Source);
/* don't allow replicated config objects */
if (object->GetReplicated())
return 0;
string privkey;
if (object->GetPropertyString("privkey", &privkey))
SetPrivateKeyFile(privkey);
string pubkey;
if (object->GetPropertyString("pubkey", &pubkey))
SetPublicKeyFile(pubkey);
string cakey;
if (object->GetPropertyString("cakey", &cakey))
SetCAKeyFile(cakey);
return 0;
}
int IcingaApplication::DeletedIcingaConfigHandler(const EventArgs& ea)
{
throw Exception("Unsupported operation.");
return 0;
}
int IcingaApplication::NewRpcListenerHandler(const EventArgs& ea) int IcingaApplication::NewRpcListenerHandler(const EventArgs& ea)
{ {
ConfigObject::Ptr object = static_pointer_cast<ConfigObject>(ea.Source); ConfigObject::Ptr object = static_pointer_cast<ConfigObject>(ea.Source);
long portValue;
unsigned short port;
/* don't allow replicated config objects */ /* don't allow replicated config objects */
if (object->GetReplicated()) if (object->GetReplicated())
return 0; return 0;
long portValue;
if (!object->GetPropertyInteger("port", &portValue)) if (!object->GetPropertyInteger("port", &portValue))
throw InvalidArgumentException("Parameter 'port' is required for 'rpclistener' objects."); throw InvalidArgumentException("Parameter 'port' is required for 'rpclistener' objects.");
if (portValue < 0 || portValue > USHRT_MAX) if (portValue < 0 || portValue > USHRT_MAX)
throw InvalidArgumentException("Parameter 'port' contains an invalid value."); throw InvalidArgumentException("Parameter 'port' contains an invalid value.");
port = (unsigned short)portValue; unsigned short port = (unsigned short)portValue;
GetEndpointManager()->AddListener(port); GetEndpointManager()->AddListener(port);
@ -181,3 +226,33 @@ int IcingaApplication::DeletedRpcConnectionHandler(const EventArgs& ea)
return 0; return 0;
} }
void IcingaApplication::SetPrivateKeyFile(string privkey)
{
m_PrivateKeyFile = privkey;
}
string IcingaApplication::GetPrivateKeyFile(void) const
{
return m_PrivateKeyFile;
}
void IcingaApplication::SetPublicKeyFile(string pubkey)
{
m_PublicKeyFile = pubkey;
}
string IcingaApplication::GetPublicKeyFile(void) const
{
return m_PublicKeyFile;
}
void IcingaApplication::SetCAKeyFile(string cakey)
{
m_CAKeyFile = cakey;
}
string IcingaApplication::GetCAKeyFile(void) const
{
return m_CAKeyFile;
}

View File

@ -9,9 +9,16 @@ class I2_ICINGA_API IcingaApplication : public Application
private: private:
EndpointManager::Ptr m_EndpointManager; EndpointManager::Ptr m_EndpointManager;
string m_PrivateKeyFile;
string m_PublicKeyFile;
string m_CAKeyFile;
int NewComponentHandler(const EventArgs& ea); int NewComponentHandler(const EventArgs& ea);
int DeletedComponentHandler(const EventArgs& ea); int DeletedComponentHandler(const EventArgs& ea);
int NewIcingaConfigHandler(const EventArgs& ea);
int DeletedIcingaConfigHandler(const EventArgs& ea);
int NewRpcListenerHandler(const EventArgs& ea); int NewRpcListenerHandler(const EventArgs& ea);
int DeletedRpcListenerHandler(const EventArgs& ea); int DeletedRpcListenerHandler(const EventArgs& ea);
@ -19,6 +26,7 @@ private:
int DeletedRpcConnectionHandler(const EventArgs& ea); int DeletedRpcConnectionHandler(const EventArgs& ea);
int TestTimerHandler(const TimerEventArgs& tea); int TestTimerHandler(const TimerEventArgs& tea);
public: public:
typedef shared_ptr<IcingaApplication> Ptr; typedef shared_ptr<IcingaApplication> Ptr;
typedef weak_ptr<IcingaApplication> WeakPtr; typedef weak_ptr<IcingaApplication> WeakPtr;
@ -28,6 +36,15 @@ public:
void PrintUsage(const string& programPath); void PrintUsage(const string& programPath);
EndpointManager::Ptr GetEndpointManager(void); EndpointManager::Ptr GetEndpointManager(void);
void SetPrivateKeyFile(string privkey);
string GetPrivateKeyFile(void) const;
void SetPublicKeyFile(string pubkey);
string GetPublicKeyFile(void) const;
void SetCAKeyFile(string cakey);
string GetCAKeyFile(void) const;
}; };
} }