diff options
Diffstat (limited to 'lib/cli/caremovecommand.cpp')
| -rw-r--r-- | lib/cli/caremovecommand.cpp | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/lib/cli/caremovecommand.cpp b/lib/cli/caremovecommand.cpp new file mode 100644 index 0000000..d894494 --- /dev/null +++ b/lib/cli/caremovecommand.cpp @@ -0,0 +1,93 @@ +/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */ + +#include "cli/caremovecommand.hpp" +#include "base/logger.hpp" +#include "base/application.hpp" +#include "base/tlsutility.hpp" +#include "remote/apilistener.hpp" + +using namespace icinga; + +REGISTER_CLICOMMAND("ca/remove", CARemoveCommand); + +/** + * Provide a long CLI description sentence. + * + * @return text + */ +String CARemoveCommand::GetDescription() const +{ + return "Removes an outstanding certificate request."; +} + +/** + * Provide a short CLI description. + * + * @return text + */ +String CARemoveCommand::GetShortDescription() const +{ + return "removes an outstanding certificate request"; +} + +/** + * Define minimum arguments without key parameter. + * + * @return number of arguments + */ +int CARemoveCommand::GetMinArguments() const +{ + return 1; +} + +/** + * Impersonate as Icinga user. + * + * @return impersonate level + */ +ImpersonationLevel CARemoveCommand::GetImpersonationLevel() const +{ + return ImpersonateIcinga; +} + +/** + * The entry point for the "ca remove" CLI command. + * + * @returns An exit status. + */ +int CARemoveCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const +{ + String fingerPrint = ap[0]; + String requestFile = ApiListener::GetCertificateRequestsDir() + "/" + fingerPrint + ".json"; + + if (!Utility::PathExists(requestFile)) { + Log(LogCritical, "cli") + << "No request exists for fingerprint '" << fingerPrint << "'."; + return 1; + } + + Dictionary::Ptr request = Utility::LoadJsonFile(requestFile); + std::shared_ptr<X509> certRequest = StringToCertificate(request->Get("cert_request")); + + if (!certRequest) { + Log(LogCritical, "cli", "Certificate request is invalid. Could not parse X.509 certificate for the 'cert_request' attribute."); + return 1; + } + + String cn = GetCertificateCN(certRequest); + + if (request->Contains("cert_response")) { + Log(LogCritical, "cli") + << "Certificate request for CN '" << cn << "' already signed, removal is not possible."; + return 1; + } + + Utility::SaveJsonFile(ApiListener::GetCertificateRequestsDir() + "/" + fingerPrint + ".removed", 0600, request); + + Utility::Remove(requestFile); + + Log(LogInformation, "cli") + << "Certificate request for CN " << cn << " removed."; + + return 0; +} |