Build fix

diff --git a/lib/cli/CMakeLists.txt b/lib/cli/CMakeLists.txt
index 104e109f0f97e030d780cc819d33703feccbbee6..c81d3bb94b378c644cf0dfc2f4572ba8eed3b0d8 100644 (file)
--- a/lib/cli/CMakeLists.txt
+++ b/lib/cli/CMakeLists.txt
@@ -22,7 +22,7 @@ set(cli_SOURCES
   daemoncommand.cpp
   featureenablecommand.cpp featuredisablecommand.cpp featurelistcommand.cpp featureutility.cpp
   objectlistcommand.cpp
-  pkinewcacommand.cpp pkinewcertcommand.cpp pkisigncsrcommand.cpp pkirequestcommand.cpp pkiticketcommand.cpp
+  pkinewcacommand.cpp pkinewcertcommand.cpp pkisigncsrcommand.cpp pkirequestcommand.cpp pkisavecertcommand.cpp pkiticketcommand.cpp
   repositoryobjectcommand.cpp
   variablegetcommand.cpp variablelistcommand.cpp
 )

diff --git a/lib/cli/agentutility.hpp b/lib/cli/agentutility.hpp
index 488bf0a9ac87fd873de20721b4a1cebb9a8e2c0d..4f114be4aea8459ca91d2872213190a4ee804bb7 100644 (file)
--- a/lib/cli/agentutility.hpp
+++ b/lib/cli/agentutility.hpp
@@ -23,6 +23,7 @@
 #include "base/i2-base.hpp"
 #include "base/dictionary.hpp"
 #include "base/string.hpp"
+#include <vector>
 
 namespace icinga
 {

diff --git a/lib/cli/pkirequestcommand.cpp b/lib/cli/pkirequestcommand.cpp
index 73fd17880d0b28562aa92a7d1cbd7c9d39c8ff7b..bc37f1290cea2d0a793b4a76a72a2dbb01335a19 100644 (file)
--- a/lib/cli/pkirequestcommand.cpp
+++ b/lib/cli/pkirequestcommand.cpp
@@ -46,9 +46,10 @@ void PKIRequestCommand::InitParameters(boost::program_options::options_descripti
     boost::program_options::options_description& hiddenDesc) const
 {
        visibleDesc.add_options()
-           ("keyfile", po::value<std::string>(), "Key file path")
+           ("keyfile", po::value<std::string>(), "Key file path (input)")
            ("certfile", po::value<std::string>(), "Certificate file path (input + output)")
            ("cafile", po::value<std::string>(), "CA file path (output)")
+           ("trustedfile", po::value<std::string>(), "Trusted certificate file path (input)")
            ("host", po::value<std::string>(), "Icinga 2 host")
            ("port", po::value<std::string>(), "Icinga 2 port")
            ("ticket", po::value<std::string>(), "Icinga 2 PKI ticket");
@@ -56,7 +57,7 @@ void PKIRequestCommand::InitParameters(boost::program_options::options_descripti
 
 std::vector<String> PKIRequestCommand::GetArgumentSuggestions(const String& argument, const String& word) const
 {
-       if (argument == "keyfile" || argument == "certfile" || argument == "cafile")
+       if (argument == "keyfile" || argument == "certfile" || argument == "cafile" || argument == "trustedfile")
                return GetBashCompletionSuggestions("file", word);
        else if (argument == "host")
                return GetBashCompletionSuggestions("hostname", word);
@@ -93,6 +94,11 @@ int PKIRequestCommand::Run(const boost::program_options::variables_map& vm, cons
                return 1;
        }
 
+       if (!vm.count("trustedfile")) {
+               Log(LogCritical, "cli", "Trusted certificate file path (--trustedfile) must be specified.");
+               return 1;
+       }
+
        if (!vm.count("ticket")) {
                Log(LogCritical, "cli", "Ticket (--ticket) must be specified.");
                return 1;
@@ -115,6 +121,14 @@ int PKIRequestCommand::Run(const boost::program_options::variables_map& vm, cons
 
        stream->Handshake();
 
+       shared_ptr<X509> peerCert = stream->GetPeerCertificate();
+       shared_ptr<X509> trustedCert = GetX509Certificate(vm["trustedfile"].as<std::string>());
+
+       if (CertificateToString(peerCert) != CertificateToString(trustedCert)) {
+               Log(LogCritical, "cli", "Peer certificate does not match trusted certificate.");
+               return 1;
+       }
+
        Dictionary::Ptr request = make_shared<Dictionary>();
 
        String msgid = Utility::NewUniqueID();