Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #6500 from ajaffie/feature/cli-ca-remove-6049
Implemented `ca remove` cli command + documentation.
- Loading branch information
Showing
13 changed files
with
327 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,93 @@ | |||
/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */ | |||
|
|||
#include "cli/caremovecommand.hpp" | |||
#include "base/logger.hpp" | |||
#include "base/application.hpp" | |||
#include "base/tlsutility.hpp" | |||
#include "remote/apilistener.hpp" | |||
|
|||
using namespace icinga; | |||
|
|||
REGISTER_CLICOMMAND("ca/remove", CARemoveCommand); | |||
|
|||
/** | |||
* Provide a long CLI description sentence. | |||
* | |||
* @return text | |||
*/ | |||
String CARemoveCommand::GetDescription() const | |||
{ | |||
return "Removes an outstanding certificate request."; | |||
} | |||
|
|||
/** | |||
* Provide a short CLI description. | |||
* | |||
* @return text | |||
*/ | |||
String CARemoveCommand::GetShortDescription() const | |||
{ | |||
return "removes an outstanding certificate request"; | |||
} | |||
|
|||
/** | |||
* Define minimum arguments without key parameter. | |||
* | |||
* @return number of arguments | |||
*/ | |||
int CARemoveCommand::GetMinArguments() const | |||
{ | |||
return 1; | |||
} | |||
|
|||
/** | |||
* Impersonate as Icinga user. | |||
* | |||
* @return impersonate level | |||
*/ | |||
ImpersonationLevel CARemoveCommand::GetImpersonationLevel() const | |||
{ | |||
return ImpersonateIcinga; | |||
} | |||
|
|||
/** | |||
* The entry point for the "ca remove" CLI command. | |||
* | |||
* @returns An exit status. | |||
*/ | |||
int CARemoveCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const | |||
{ | |||
String fingerPrint = ap[0]; | |||
String requestFile = ApiListener::GetCertificateRequestsDir() + "/" + fingerPrint + ".json"; | |||
|
|||
if (!Utility::PathExists(requestFile)) { | |||
Log(LogCritical, "cli") | |||
<< "No request exists for fingerprint '" << fingerPrint << "'."; | |||
return 1; | |||
} | |||
|
|||
Dictionary::Ptr request = Utility::LoadJsonFile(requestFile); | |||
std::shared_ptr<X509> certRequest = StringToCertificate(request->Get("cert_request")); | |||
|
|||
if (!certRequest) { | |||
Log(LogCritical, "cli", "Certificate request is invalid. Could not parse X.509 certificate for the 'cert_request' attribute."); | |||
return 1; | |||
} | |||
|
|||
String cn = GetCertificateCN(certRequest); | |||
|
|||
if (request->Contains("cert_response")) { | |||
Log(LogCritical, "cli") | |||
<< "Certificate request for CN '" << cn << "' already signed, removal is not possible."; | |||
return 1; | |||
} | |||
|
|||
Utility::SaveJsonFile(ApiListener::GetCertificateRequestsDir() + "/" + fingerPrint + ".removed", 0600, request); | |||
|
|||
Utility::Remove(requestFile); | |||
|
|||
Log(LogInformation, "cli") | |||
<< "Certificate request for CN " << cn << " removed."; | |||
|
|||
return 0; | |||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,30 @@ | |||
/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */ | |||
|
|||
#ifndef CAREMOVECOMMAND_H | |||
#define CAREMOVECOMMAND_H | |||
|
|||
#include "cli/clicommand.hpp" | |||
|
|||
namespace icinga | |||
{ | |||
|
|||
/** | |||
* The "ca remove" command. | |||
* | |||
* @ingroup cli | |||
*/ | |||
class CARemoveCommand final : public CLICommand | |||
{ | |||
public: | |||
DECLARE_PTR_TYPEDEFS(CARemoveCommand); | |||
|
|||
String GetDescription() const override; | |||
String GetShortDescription() const override; | |||
int GetMinArguments() const override; | |||
ImpersonationLevel GetImpersonationLevel() const override; | |||
int Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const override; | |||
}; | |||
|
|||
} | |||
|
|||
#endif /* CAREMOVECOMMAND_H */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,88 @@ | |||
/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */ | |||
|
|||
#include "cli/carestorecommand.hpp" | |||
#include "base/logger.hpp" | |||
#include "base/application.hpp" | |||
#include "base/tlsutility.hpp" | |||
#include "remote/apilistener.hpp" | |||
|
|||
using namespace icinga; | |||
|
|||
REGISTER_CLICOMMAND("ca/restore", CARestoreCommand); | |||
|
|||
/** | |||
* Provide a long CLI description sentence. | |||
* | |||
* @return text | |||
*/ | |||
String CARestoreCommand::GetDescription() const | |||
{ | |||
return "Restores a previously removed certificate request."; | |||
} | |||
|
|||
/** | |||
* Provide a short CLI description. | |||
* | |||
* @return text | |||
*/ | |||
String CARestoreCommand::GetShortDescription() const | |||
{ | |||
return "restores a removed certificate request"; | |||
} | |||
|
|||
/** | |||
* Define minimum arguments without key parameter. | |||
* | |||
* @return number of arguments | |||
*/ | |||
int CARestoreCommand::GetMinArguments() const | |||
{ | |||
return 1; | |||
} | |||
|
|||
/** | |||
* Impersonate as Icinga user. | |||
* | |||
* @return impersonate level | |||
*/ | |||
ImpersonationLevel CARestoreCommand::GetImpersonationLevel() const | |||
{ | |||
return ImpersonateIcinga; | |||
} | |||
|
|||
/** | |||
* The entry point for the "ca restore" CLI command. | |||
* | |||
* @returns An exit status. | |||
*/ | |||
int CARestoreCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const | |||
{ | |||
String fingerPrint = ap[0]; | |||
String removedRequestFile = ApiListener::GetCertificateRequestsDir() + "/" + fingerPrint + ".removed"; | |||
|
|||
if (!Utility::PathExists(removedRequestFile)) { | |||
Log(LogCritical, "cli") | |||
<< "Cannot find removed fingerprint '" << fingerPrint << "', bailing out."; | |||
return 1; | |||
} | |||
|
|||
Dictionary::Ptr request = Utility::LoadJsonFile(removedRequestFile); | |||
std::shared_ptr<X509> certRequest = StringToCertificate(request->Get("cert_request")); | |||
|
|||
if (!certRequest) { | |||
Log(LogCritical, "cli", "Certificate request is invalid. Could not parse X.509 certificate for the 'cert_request' attribute."); | |||
/* Purge the file when we know that it is broken. */ | |||
Utility::Remove(removedRequestFile); | |||
return 1; | |||
} | |||
|
|||
Utility::SaveJsonFile(ApiListener::GetCertificateRequestsDir() + "/" + fingerPrint + ".json", 0600, request); | |||
|
|||
Utility::Remove(removedRequestFile); | |||
|
|||
Log(LogInformation, "cli") | |||
<< "Restored certificate request for CN '" << GetCertificateCN(certRequest) << "', sign it with:\n" | |||
<< "\"icinga2 ca sign " << fingerPrint << "\""; | |||
|
|||
return 0; | |||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,30 @@ | |||
/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */ | |||
|
|||
#ifndef CARESTORECOMMAND_H | |||
#define CARESTORECOMMAND_H | |||
|
|||
#include "cli/clicommand.hpp" | |||
|
|||
namespace icinga | |||
{ | |||
|
|||
/** | |||
* The "ca restore" command. | |||
* | |||
* @ingroup cli | |||
*/ | |||
class CARestoreCommand final : public CLICommand | |||
{ | |||
public: | |||
DECLARE_PTR_TYPEDEFS(CARestoreCommand); | |||
|
|||
String GetDescription() const override; | |||
String GetShortDescription() const override; | |||
int GetMinArguments() const override; | |||
ImpersonationLevel GetImpersonationLevel() const override; | |||
int Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const override; | |||
}; | |||
|
|||
} | |||
|
|||
#endif /* CASTORECOMMAND_H */ |
Oops, something went wrong.