blob: 502036830e7e03c4434d8aab77a9e5e468949d04 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
#include "cli/carestorecommand.hpp"
#include "base/logger.hpp"
#include "base/application.hpp"
#include "base/tlsutility.hpp"
#include "remote/apilistener.hpp"
using namespace icinga;
REGISTER_CLICOMMAND("ca/restore", CARestoreCommand);
/**
* Provide a long CLI description sentence.
*
* @return text
*/
String CARestoreCommand::GetDescription() const
{
return "Restores a previously removed certificate request.";
}
/**
* Provide a short CLI description.
*
* @return text
*/
String CARestoreCommand::GetShortDescription() const
{
return "restores a removed certificate request";
}
/**
* Define minimum arguments without key parameter.
*
* @return number of arguments
*/
int CARestoreCommand::GetMinArguments() const
{
return 1;
}
/**
* Impersonate as Icinga user.
*
* @return impersonate level
*/
ImpersonationLevel CARestoreCommand::GetImpersonationLevel() const
{
return ImpersonateIcinga;
}
/**
* The entry point for the "ca restore" CLI command.
*
* @returns An exit status.
*/
int CARestoreCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
{
String fingerPrint = ap[0];
String removedRequestFile = ApiListener::GetCertificateRequestsDir() + "/" + fingerPrint + ".removed";
if (!Utility::PathExists(removedRequestFile)) {
Log(LogCritical, "cli")
<< "Cannot find removed fingerprint '" << fingerPrint << "', bailing out.";
return 1;
}
Dictionary::Ptr request = Utility::LoadJsonFile(removedRequestFile);
std::shared_ptr<X509> certRequest = StringToCertificate(request->Get("cert_request"));
if (!certRequest) {
Log(LogCritical, "cli", "Certificate request is invalid. Could not parse X.509 certificate for the 'cert_request' attribute.");
/* Purge the file when we know that it is broken. */
Utility::Remove(removedRequestFile);
return 1;
}
Utility::SaveJsonFile(ApiListener::GetCertificateRequestsDir() + "/" + fingerPrint + ".json", 0600, request);
Utility::Remove(removedRequestFile);
Log(LogInformation, "cli")
<< "Restored certificate request for CN '" << GetCertificateCN(certRequest) << "', sign it with:\n"
<< "\"icinga2 ca sign " << fingerPrint << "\"";
return 0;
}
|
