Skip to content

Commit

Permalink
Add missing files
Browse files Browse the repository at this point in the history 
refs #7247
  • Loading branch information
@gunnarbeutner
gunnarbeutner committed Oct 16, 2014
1 parent f433679 commit 5549472
Show file tree
Hide file tree
Showing 4 changed files with 340 additions and 0 deletions.
166 changes: 166 additions & 0 deletions lib/cli/pkirequestcommand.cpp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,166 @@
/******************************************************************************
* Icinga 2 *
* Copyright (C) 2012-2014 Icinga Development Team (http://www.icinga.org) *
* *
* This program is free software; you can redistribute it and/or *
* modify it under the terms of the GNU General Public License *
* as published by the Free Software Foundation; either version 2 *
* of the License, or (at your option) any later version. *
* *
* This program is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* GNU General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with this program; if not, write to the Free Software Foundation *
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
******************************************************************************/

#include "cli/pkirequestcommand.hpp"
#include "remote/jsonrpc.hpp"
#include "base/logger_fwd.hpp"
#include "base/clicommand.hpp"
#include "base/tlsutility.hpp"
#include "base/tlsstream.hpp"
#include "base/tcpsocket.hpp"
#include "base/utility.hpp"
#include "base/application.hpp"
#include <fstream>

using namespace icinga;
namespace po = boost::program_options;

REGISTER_CLICOMMAND("pki/request", PKIRequestCommand);

String PKIRequestCommand::GetDescription(void) const
{
return "Sends a PKI request to Icinga 2.";
}

String PKIRequestCommand::GetShortDescription(void) const
{
return "requests a certificate";
}

void PKIRequestCommand::InitParameters(boost::program_options::options_description& visibleDesc,
boost::program_options::options_description& hiddenDesc,
ArgumentCompletionDescription& argCompletionDesc) const
{
visibleDesc.add_options()
("keyfile", po::value<std::string>(), "Key file path")
("certfile", po::value<std::string>(), "Certificate file path (input + output)")
("cafile", po::value<std::string>(), "CA file path (output)")
("host", po::value<std::string>(), "Icinga 2 host")
("port", po::value<std::string>(), "Icinga 2 port")
("ticket", po::value<std::string>(), "Icinga 2 PKI ticket");
}

/**
* The entry point for the "pki request" CLI command.
*
* @returns An exit status.
*/
int PKIRequestCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
{
if (!vm.count("host")) {
Log(LogCritical, "cli", "Icinga 2 host (--host) must be specified.");
return 1;
}

if (!vm.count("keyfile")) {
Log(LogCritical, "cli", "Key file path (--keyfile) must be specified.");
return 1;
}

if (!vm.count("certfile")) {
Log(LogCritical, "cli", "Certificate file path (--certfile) must be specified.");
return 1;
}

if (!vm.count("cafile")) {
Log(LogCritical, "cli", "CA certificate file path (--cafile) must be specified.");
return 1;
}

if (!vm.count("ticket")) {
Log(LogCritical, "cli", "Ticket (--ticket) must be specified.");
return 1;
}

TcpSocket::Ptr client = make_shared<TcpSocket>();

String port = "5665";

if (vm.count("port"))
port = vm["port"].as<std::string>();

client->Connect(vm["host"].as<std::string>(), port);

String certfile = vm["certfile"].as<std::string>();

shared_ptr<SSL_CTX> sslContext = MakeSSLContext(certfile, vm["keyfile"].as<std::string>());

TlsStream::Ptr stream = make_shared<TlsStream>(client, RoleClient, sslContext);

stream->Handshake();

Dictionary::Ptr request = make_shared<Dictionary>();

String msgid = Utility::NewUniqueID();

request->Set("jsonrpc", "2.0");
request->Set("id", msgid);
request->Set("method", "pki::RequestCertificate");

Dictionary::Ptr params = make_shared<Dictionary>();
params->Set("ticket", String(vm["ticket"].as<std::string>()));

request->Set("params", params);

JsonRpc::SendMessage(stream, request);

Dictionary::Ptr response;

for (;;) {
response = JsonRpc::ReadMessage(stream);

if (response->Get("id") != msgid)
continue;

break;
}

Dictionary::Ptr result = response->Get("result");

if (result->Contains("error")) {
Log(LogCritical, "cli", result->Get("error"));
return 1;
}

String cafile = vm["cafile"].as<std::string>();

std::ofstream fpcert;
fpcert.open(certfile.CStr());

if (!fpcert) {
Log(LogCritical, "cli", "Could not open certificate file '" + certfile + "' for writing.");
return 1;
}

fpcert << result->Get("cert");
fpcert.close();

std::ofstream fpca;
fpca.open(cafile.CStr());

if (!fpcert) {
Log(LogCritical, "cli", "Could not open CA certificate file '" + cafile + "' for writing.");
return 1;
}

fpca << result->Get("ca");
fpca.close();

return 0;
}
50 changes: 50 additions & 0 deletions lib/cli/pkirequestcommand.hpp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
/******************************************************************************
* Icinga 2 *
* Copyright (C) 2012-2014 Icinga Development Team (http://www.icinga.org) *
* *
* This program is free software; you can redistribute it and/or *
* modify it under the terms of the GNU General Public License *
* as published by the Free Software Foundation; either version 2 *
* of the License, or (at your option) any later version. *
* *
* This program is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* GNU General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with this program; if not, write to the Free Software Foundation *
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
******************************************************************************/

#ifndef PKIREQUESTCOMMAND_H
#define PKIREQUESTCOMMAND_H

#include "base/qstring.hpp"
#include "base/clicommand.hpp"

namespace icinga
{

/**
* The "pki request" command.
*
* @ingroup cli
*/
class PKIRequestCommand : public CLICommand
{
public:
DECLARE_PTR_TYPEDEFS(PKIRequestCommand);

virtual String GetDescription(void) const;
virtual String GetShortDescription(void) const;
virtual void InitParameters(boost::program_options::options_description& visibleDesc,
boost::program_options::options_description& hiddenDesc,
ArgumentCompletionDescription& argCompletionDesc) const;
virtual int Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const;

};

}

#endif /* PKIREQUESTCOMMAND_H */
74 changes: 74 additions & 0 deletions lib/cli/pkiticketcommand.cpp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
/******************************************************************************
* Icinga 2 *
* Copyright (C) 2012-2014 Icinga Development Team (http://www.icinga.org) *
* *
* This program is free software; you can redistribute it and/or *
* modify it under the terms of the GNU General Public License *
* as published by the Free Software Foundation; either version 2 *
* of the License, or (at your option) any later version. *
* *
* This program is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* GNU General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with this program; if not, write to the Free Software Foundation *
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
******************************************************************************/

#include "cli/pkiticketcommand.hpp"
#include "remote/jsonrpc.hpp"
#include "base/logger_fwd.hpp"
#include "base/clicommand.hpp"
#include "base/tlsutility.hpp"
#include "base/tlsstream.hpp"
#include "base/tcpsocket.hpp"
#include "base/utility.hpp"
#include "base/application.hpp"

using namespace icinga;
namespace po = boost::program_options;

REGISTER_CLICOMMAND("pki/ticket", PKITicketCommand);

String PKITicketCommand::GetDescription(void) const
{
return "Generates an Icinga 2 ticket";
}

String PKITicketCommand::GetShortDescription(void) const
{
return "generates a ticket";
}

void PKITicketCommand::InitParameters(boost::program_options::options_description& visibleDesc,
boost::program_options::options_description& hiddenDesc,
ArgumentCompletionDescription& argCompletionDesc) const
{
visibleDesc.add_options()
("cn", po::value<std::string>(), "Certificate common name")
("salt", po::value<std::string>(), "Ticket salt");
}

/**
* The entry point for the "pki ticket" CLI command.
*
* @returns An exit status.
*/
int PKITicketCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
{
if (!vm.count("cn")) {
Log(LogCritical, "cli", "Common name (--cn) must be specified.");
return 1;
}

if (!vm.count("salt")) {
Log(LogCritical, "cli", "Ticket salt (--salt) must be specified.");
return 1;
}

std::cout << PBKDF2_SHA512(vm["cn"].as<std::string>(), vm["salt"].as<std::string>(), 50000) << std::endl;

return 0;
}
50 changes: 50 additions & 0 deletions lib/cli/pkiticketcommand.hpp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
/******************************************************************************
* Icinga 2 *
* Copyright (C) 2012-2014 Icinga Development Team (http://www.icinga.org) *
* *
* This program is free software; you can redistribute it and/or *
* modify it under the terms of the GNU General Public License *
* as published by the Free Software Foundation; either version 2 *
* of the License, or (at your option) any later version. *
* *
* This program is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* GNU General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with this program; if not, write to the Free Software Foundation *
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
******************************************************************************/

#ifndef PKITICKETCOMMAND_H
#define PKITICKETCOMMAND_H

#include "base/qstring.hpp"
#include "base/clicommand.hpp"

namespace icinga
{

/**
* The "pki ticket" command.
*
* @ingroup cli
*/
class PKITicketCommand : public CLICommand
{
public:
DECLARE_PTR_TYPEDEFS(PKITicketCommand);

virtual String GetDescription(void) const;
virtual String GetShortDescription(void) const;
virtual void InitParameters(boost::program_options::options_description& visibleDesc,
boost::program_options::options_description& hiddenDesc,
ArgumentCompletionDescription& argCompletionDesc) const;
virtual int Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const;

};

}

#endif /* PKITICKETCOMMAND_H */

0 comments on commit 5549472

Please sign in to comment.