diff options
Diffstat (limited to 'lib/cli/carestorecommand.cpp')
| -rw-r--r-- | lib/cli/carestorecommand.cpp | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/lib/cli/carestorecommand.cpp b/lib/cli/carestorecommand.cpp new file mode 100644 index 0000000..5020368 --- /dev/null +++ b/lib/cli/carestorecommand.cpp @@ -0,0 +1,88 @@ +/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */ + +#include "cli/carestorecommand.hpp" +#include "base/logger.hpp" +#include "base/application.hpp" +#include "base/tlsutility.hpp" +#include "remote/apilistener.hpp" + +using namespace icinga; + +REGISTER_CLICOMMAND("ca/restore", CARestoreCommand); + +/** + * Provide a long CLI description sentence. + * + * @return text + */ +String CARestoreCommand::GetDescription() const +{ + return "Restores a previously removed certificate request."; +} + +/** + * Provide a short CLI description. + * + * @return text + */ +String CARestoreCommand::GetShortDescription() const +{ + return "restores a removed certificate request"; +} + +/** + * Define minimum arguments without key parameter. + * + * @return number of arguments + */ +int CARestoreCommand::GetMinArguments() const +{ + return 1; +} + +/** + * Impersonate as Icinga user. + * + * @return impersonate level + */ +ImpersonationLevel CARestoreCommand::GetImpersonationLevel() const +{ + return ImpersonateIcinga; +} + +/** + * The entry point for the "ca restore" CLI command. + * + * @returns An exit status. + */ +int CARestoreCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const +{ + String fingerPrint = ap[0]; + String removedRequestFile = ApiListener::GetCertificateRequestsDir() + "/" + fingerPrint + ".removed"; + + if (!Utility::PathExists(removedRequestFile)) { + Log(LogCritical, "cli") + << "Cannot find removed fingerprint '" << fingerPrint << "', bailing out."; + return 1; + } + + Dictionary::Ptr request = Utility::LoadJsonFile(removedRequestFile); + std::shared_ptr<X509> certRequest = StringToCertificate(request->Get("cert_request")); + + if (!certRequest) { + Log(LogCritical, "cli", "Certificate request is invalid. Could not parse X.509 certificate for the 'cert_request' attribute."); + /* Purge the file when we know that it is broken. */ + Utility::Remove(removedRequestFile); + return 1; + } + + Utility::SaveJsonFile(ApiListener::GetCertificateRequestsDir() + "/" + fingerPrint + ".json", 0600, request); + + Utility::Remove(removedRequestFile); + + Log(LogInformation, "cli") + << "Restored certificate request for CN '" << GetCertificateCN(certRequest) << "', sign it with:\n" + << "\"icinga2 ca sign " << fingerPrint << "\""; + + return 0; +} |