1 /* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
3 #include "cli/pkisavecertcommand.hpp"
4 #include "remote/pkiutility.hpp"
5 #include "base/logger.hpp"
6 #include "base/tlsutility.hpp"
7 #include "base/console.hpp"
10 using namespace icinga;
11 namespace po = boost::program_options;
13 REGISTER_CLICOMMAND("pki/save-cert", PKISaveCertCommand);
15 String PKISaveCertCommand::GetDescription() const
17 return "Saves another Icinga 2 instance's certificate.";
20 String PKISaveCertCommand::GetShortDescription() const
22 return "saves another Icinga 2 instance's certificate";
25 void PKISaveCertCommand::InitParameters(boost::program_options::options_description& visibleDesc,
26 boost::program_options::options_description& hiddenDesc) const
28 visibleDesc.add_options()
29 ("key", po::value<std::string>(), "Key file path (input), obsolete")
30 ("cert", po::value<std::string>(), "Certificate file path (input), obsolete")
31 ("trustedcert", po::value<std::string>(), "Trusted certificate file path (output)")
32 ("host", po::value<std::string>(), "Icinga 2 host")
33 ("port", po::value<std::string>()->default_value("5665"), "Icinga 2 port");
36 std::vector<String> PKISaveCertCommand::GetArgumentSuggestions(const String& argument, const String& word) const
38 if (argument == "key" || argument == "cert" || argument == "trustedcert")
39 return GetBashCompletionSuggestions("file", word);
40 else if (argument == "host")
41 return GetBashCompletionSuggestions("hostname", word);
42 else if (argument == "port")
43 return GetBashCompletionSuggestions("service", word);
45 return CLICommand::GetArgumentSuggestions(argument, word);
49 * The entry point for the "pki save-cert" CLI command.
51 * @returns An exit status.
53 int PKISaveCertCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
55 if (!vm.count("host")) {
56 Log(LogCritical, "cli", "Icinga 2 host (--host) must be specified.");
60 if (!vm.count("trustedcert")) {
61 Log(LogCritical, "cli", "Trusted certificate output file path (--trustedcert) must be specified.");
65 String host = vm["host"].as<std::string>();
66 String port = vm["port"].as<std::string>();
68 Log(LogInformation, "cli")
69 << "Retrieving X.509 certificate for '" << host << ":" << port << "'.";
71 std::shared_ptr<X509> cert = PkiUtility::FetchCert(host, port);
74 Log(LogCritical, "cli", "Failed to fetch certificate from host.");
78 std::cout << PkiUtility::GetCertificateInformation(cert) << "\n";
79 std::cout << ConsoleColorTag(Console_ForegroundRed)
81 << "*** You have to ensure that this certificate actually matches the parent\n"
82 << "*** instance's certificate in order to avoid man-in-the-middle attacks.\n"
84 << ConsoleColorTag(Console_Normal);
86 return PkiUtility::WriteCert(cert, vm["trustedcert"].as<std::string>());