/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */ #include "cli/carestorecommand.hpp" #include "base/logger.hpp" #include "base/application.hpp" #include "base/tlsutility.hpp" #include "remote/apilistener.hpp" using namespace icinga; REGISTER_CLICOMMAND("ca/restore", CARestoreCommand); /** * Provide a long CLI description sentence. * * @return text */ String CARestoreCommand::GetDescription() const { return "Restores a previously removed certificate request."; } /** * Provide a short CLI description. * * @return text */ String CARestoreCommand::GetShortDescription() const { return "restores a removed certificate request"; } /** * Define minimum arguments without key parameter. * * @return number of arguments */ int CARestoreCommand::GetMinArguments() const { return 1; } /** * Impersonate as Icinga user. * * @return impersonate level */ ImpersonationLevel CARestoreCommand::GetImpersonationLevel() const { return ImpersonateIcinga; } /** * The entry point for the "ca restore" CLI command. * * @returns An exit status. */ int CARestoreCommand::Run(const boost::program_options::variables_map& vm, const std::vector& ap) const { String fingerPrint = ap[0]; String removedRequestFile = ApiListener::GetCertificateRequestsDir() + "/" + fingerPrint + ".removed"; if (!Utility::PathExists(removedRequestFile)) { Log(LogCritical, "cli") << "Cannot find removed fingerprint '" << fingerPrint << "', bailing out."; return 1; } Dictionary::Ptr request = Utility::LoadJsonFile(removedRequestFile); std::shared_ptr certRequest = StringToCertificate(request->Get("cert_request")); if (!certRequest) { Log(LogCritical, "cli", "Certificate request is invalid. Could not parse X.509 certificate for the 'cert_request' attribute."); /* Purge the file when we know that it is broken. */ Utility::Remove(removedRequestFile); return 1; } Utility::SaveJsonFile(ApiListener::GetCertificateRequestsDir() + "/" + fingerPrint + ".json", 0600, request); Utility::Remove(removedRequestFile); Log(LogInformation, "cli") << "Restored certificate request for CN '" << GetCertificateCN(certRequest) << "', sign it with:\n" << "\"icinga2 ca sign " << fingerPrint << "\""; return 0; }