Implement support for forwarding certificate requests

refs #5450

diff --git a/lib/remote/apilistener.cpp b/lib/remote/apilistener.cpp
index d298bbe1e903c6c7609998a6eb1d398446ec03ad..e7bee884c8212078a906b3ab4986dda7604fb7ae 100644 (file)
--- a/lib/remote/apilistener.cpp
+++ b/lib/remote/apilistener.cpp
@@ -498,6 +498,8 @@ void ApiListener::SyncClient(const JsonRpcConnection::Ptr& aclient, const Endpoi
                            << "Requesting new certificate for this Icinga instance from endpoint '" << endpoint->GetName() << "'.";
 
                        aclient->SendCertificateRequest();
+
+                       Utility::Glob(Application::GetLocalStateDir() + "/lib/icinga2/pki-requests/*.json", boost::bind(&JsonRpcConnection::SyncCertificateRequest, aclient, MessageOrigin::Ptr(), _1), GlobFile);
                }
 
                /* Make sure that the config updates are synced

diff --git a/lib/remote/jsonrpcconnection-pki.cpp b/lib/remote/jsonrpcconnection-pki.cpp
index 8c221ee7fe3cc841fc07f7bfe711e6bf850f4683..3110b53a4184a9481c6fe3f82de40a8965063fad 100644 (file)
--- a/lib/remote/jsonrpcconnection-pki.cpp
+++ b/lib/remote/jsonrpcconnection-pki.cpp
@@ -151,6 +151,8 @@ delayed_request:
 
        Utility::SaveJsonFile(requestPath, 0600, request);
 
+       JsonRpcConnection::SyncCertificateRequest(JsonRpcConnection::Ptr(), origin, requestPath);
+
        result->Set("status_code", 2);
        result->Set("error", "Certificate request is pending. Waiting for approval from the parent Icinga instance.");
        return result;
@@ -260,3 +262,32 @@ void JsonRpcConnection::CertificateRequestResponseHandler(const Dictionary::Ptr&
        Log(LogInformation, "JsonRpcConnection", "Updating the client certificate for the ApiListener object");
        listener->UpdateSSLContext();
 }
+
+void JsonRpcConnection::SyncCertificateRequest(const JsonRpcConnection::Ptr& aclient, const MessageOrigin::Ptr& origin, const String& path)
+{
+       Dictionary::Ptr request = Utility::LoadJsonFile(path);
+
+       if (request->Contains("cert_response"))
+               return;
+
+       Dictionary::Ptr message = new Dictionary();
+       message->Set("jsonrpc", "2.0");
+       message->Set("method", "pki::RequestCertificate");
+
+       Dictionary::Ptr params = new Dictionary();
+       params->Set("cert_request", request->Get("cert_request"));
+       params->Set("ticket", request->Get("ticket"));
+
+       message->Set("params", params);
+
+       if (aclient)
+               JsonRpc::SendMessage(aclient->GetStream(), message);
+       else {
+               ApiListener::Ptr listener = ApiListener::GetInstance();
+
+               if (!listener)
+                       return;
+
+               listener->RelayMessage(origin, Zone::GetLocalZone(), message, false);
+       }
+}

diff --git a/lib/remote/jsonrpcconnection.hpp b/lib/remote/jsonrpcconnection.hpp
index d8d2a863a400f1345de79c914a3f4b053ea92cdd..0ab1465af7be3d652df0296a0d90f0c12aa256a0 100644 (file)
--- a/lib/remote/jsonrpcconnection.hpp
+++ b/lib/remote/jsonrpcconnection.hpp
@@ -85,6 +85,8 @@ public:
 
        void SendCertificateRequest(void);
 
+       static void SyncCertificateRequest(const JsonRpcConnection::Ptr& aclient, const intrusive_ptr<MessageOrigin>& origin, const String& path);
+
 private:
        int m_ID;
        String m_Identity;