tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-07-31 01:24:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Log messages now use CN, file permissions fixed, ca remove now will not remove CSR's that have already been signed.

Browse Source
This commit is contained in:
Andrew Jaffie 2018-08-08 14:59:58 -04:00 committed by Michael Friedrich
parent 6aa2e0c36b
commit d95feb4950
3 changed files with 27 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/cli/CMakeLists.txt
View File

@ -5,8 +5,8 @@ set(cli_SOURCES
apisetupcommand.cpp apisetupcommand.hpp apisetupcommand.cpp apisetupcommand.hpp
apisetuputility.cpp apisetuputility.hpp apisetuputility.cpp apisetuputility.hpp
calistcommand.cpp calistcommand.hpp calistcommand.cpp calistcommand.hpp
carestorecommand.cpp carestorecommand.hpp
caremovecommand.cpp caremovecommand.hpp caremovecommand.cpp caremovecommand.hpp
carestorecommand.cpp carestorecommand.hpp
casigncommand.cpp casigncommand.hpp casigncommand.cpp casigncommand.hpp
clicommand.cpp clicommand.hpp clicommand.cpp clicommand.hpp
consolecommand.cpp consolecommand.hpp consolecommand.cpp consolecommand.hpp

17
lib/cli/caremovecommand.cpp
View File

@ -61,12 +61,25 @@ int CARemoveCommand::Run(const boost::program_options::variables_map& vm, const
<< "No request exists for fingerprint '" << ap[0] << "'."; << "No request exists for fingerprint '" << ap[0] << "'.";
return 1; return 1;
} }
Utility::SaveJsonFile(ApiListener::GetCertificateRequestsDir() + "/" + ap[0] + ".removed", 700, Utility::LoadJsonFile(requestFile));
Dictionary::Ptr request = Utility::LoadJsonFile(requestFile);
std::shared_ptr<X509> certRequest = StringToCertificate(request->Get("cert_request"));
if (!certRequest) {
Log(LogCritical, "cli", "Certificate request is invalid. Could not parse X.509 certificate for the 'cert_request' attribute.");
return 1;
}
if (request->Contains("cert_response")) {
Log(LogCritical, "cli", "Certificate request already signed, you cannot remove it.");
return 1;
}
Utility::SaveJsonFile(ApiListener::GetCertificateRequestsDir() + "/" + ap[0] + ".removed", 0600, request);
if(remove(requestFile.CStr()) != 0) if(remove(requestFile.CStr()) != 0)
return 1; return 1;
Log(LogInformation, "cli") Log(LogInformation, "cli")
<< "Certificate " << ap[0] << " removed."; << "Certificate for CN " << GetCertificateCN(certRequest) << " removed.";
return 0; return 0;
} }

13
lib/cli/carestorecommand.cpp
View File

@ -61,12 +61,21 @@ int CARestoreCommand::Run(const boost::program_options::variables_map& vm, const
<< "No removed request exists for fingerprint '" << ap[0] << "'."; << "No removed request exists for fingerprint '" << ap[0] << "'.";
return 1; return 1;
} }
Utility::SaveJsonFile(ApiListener::GetCertificateRequestsDir() + "/" + ap[0] + ".json", 700, Utility::LoadJsonFile(requestFile));
Dictionary::Ptr request = Utility::LoadJsonFile(requestFile);
std::shared_ptr<X509> certRequest = StringToCertificate(request->Get("cert_request"));
if (!certRequest) {
Log(LogCritical, "cli", "Certificate request is invalid. Could not parse X.509 certificate for the 'cert_request' attribute.");
return 1;
}
Utility::SaveJsonFile(ApiListener::GetCertificateRequestsDir() + "/" + ap[0] + ".json", 0600, request);
if(remove(requestFile.CStr()) != 0) if(remove(requestFile.CStr()) != 0)
return 1; return 1;
Log(LogInformation, "cli") Log(LogInformation, "cli")
<< "Certificate " << ap[0] << " restored, you can now sign it using:\n" << "Certificate " << GetCertificateCN(certRequest) << " restored, you can now sign it using:\n"
<< "\"icinga2 ca sign " << ap[0] << "\""; << "\"icinga2 ca sign " << ap[0] << "\"";
return 0; return 0;