]> granicus.if.org Git - icinga2/commitdiff
CLI: Update ca remove/restore commands from my review
authorMichael Friedrich <michael.friedrich@icinga.com>
Fri, 10 May 2019 15:33:28 +0000 (17:33 +0200)
committerMichael Friedrich <michael.friedrich@icinga.com>
Fri, 7 Jun 2019 08:33:55 +0000 (10:33 +0200)
lib/cli/caremovecommand.cpp
lib/cli/caremovecommand.hpp
lib/cli/carestorecommand.cpp
lib/cli/carestorecommand.hpp
lib/cli/casigncommand.cpp

index b833750f90c1ff932bd30efb6338685970b4309f..30f1bf1dddf44cfb13099c77c3c5e4119bac1d56 100644 (file)
@@ -1,27 +1,10 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/caremovecommand.hpp"
-#include "remote/apilistener.hpp"
 #include "base/logger.hpp"
 #include "base/application.hpp"
 #include "base/tlsutility.hpp"
+#include "remote/apilistener.hpp"
 
 using namespace icinga;
 
@@ -54,11 +37,12 @@ ImpersonationLevel CARemoveCommand::GetImpersonationLevel() const
  */
 int CARemoveCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
 {
-       String requestFile = ApiListener::GetCertificateRequestsDir() + "/" + ap[0] + ".json";
+       String fingerPrint = ap[0];
+       String requestFile = ApiListener::GetCertificateRequestsDir() + "/" + fingerPrint + ".json";
 
        if (!Utility::PathExists(requestFile)) {
                Log(LogCritical, "cli")
-                       << "No request exists for fingerprint '" << ap[0] << "'.";
+                       << "No request exists for fingerprint '" << fingerPrint << "'.";
                return 1;
        }
 
@@ -69,17 +53,21 @@ int CARemoveCommand::Run(const boost::program_options::variables_map& vm, const
                Log(LogCritical, "cli", "Certificate request is invalid. Could not parse X.509 certificate for the 'cert_request' attribute.");
                return 1;
        }
+
+       String cn = GetCertificateCN(certRequest);
+
        if (request->Contains("cert_response")) {
-               Log(LogCritical, "cli", "Certificate request already signed, you cannot remove it.");
+               Log(LogCritical, "cli")
+                       << "Certificate request for CN '" << cn << "' already signed, removal is not possible.";
                return 1;
        }
 
-       Utility::SaveJsonFile(ApiListener::GetCertificateRequestsDir() + "/" + ap[0] + ".removed", 0600, request);
-       if(remove(requestFile.CStr()) != 0)
-               return 1;
+       Utility::SaveJsonFile(ApiListener::GetCertificateRequestsDir() + "/" + fingerPrint + ".removed", 0600, request);
+
+       Utility::Remove(requestFile);
 
        Log(LogInformation, "cli")
-               << "Certificate for CN " << GetCertificateCN(certRequest) << " removed.";
+               << "Certificate request for CN " << cn << " removed.";
 
        return 0;
 }
index fabfd697477a2aa79f8f0fabc84ea846b678e4bd..2da92d39e74255ea8050a693004548e919cc2e3e 100644 (file)
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CAREMOVECOMMAND_H
 #define CAREMOVECOMMAND_H
@@ -44,4 +27,4 @@ public:
 
 }
 
-#endif /* CASIGNCOMMAND_H */
+#endif /* CAREMOVECOMMAND_H */
index 8a01acb91d5e86418fe155487f7ad36b110e878d..75ab2149eef1c358db7dfcfae01a27465e3e2b11 100644 (file)
@@ -1,27 +1,10 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/carestorecommand.hpp"
-#include "remote/apilistener.hpp"
 #include "base/logger.hpp"
 #include "base/application.hpp"
 #include "base/tlsutility.hpp"
+#include "remote/apilistener.hpp"
 
 using namespace icinga;
 
@@ -54,29 +37,32 @@ ImpersonationLevel CARestoreCommand::GetImpersonationLevel() const
  */
 int CARestoreCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
 {
-       String requestFile = ApiListener::GetCertificateRequestsDir() + "/" + ap[0] + ".removed";
+       String fingerPrint = ap[0];
+       String removedRequestFile = ApiListener::GetCertificateRequestsDir() + "/" + fingerPrint + ".removed";
 
-       if (!Utility::PathExists(requestFile)) {
+       if (!Utility::PathExists(removedRequestFile)) {
                Log(LogCritical, "cli")
-                       << "No removed request exists for fingerprint '" << ap[0] << "'.";
+                       << "Cannot find removed fingerprint '" << fingerPrint << "', bailing out.";
                return 1;
        }
 
-       Dictionary::Ptr request = Utility::LoadJsonFile(requestFile);
+       Dictionary::Ptr request = Utility::LoadJsonFile(removedRequestFile);
        std::shared_ptr<X509> certRequest = StringToCertificate(request->Get("cert_request"));
 
        if (!certRequest) {
                Log(LogCritical, "cli", "Certificate request is invalid. Could not parse X.509 certificate for the 'cert_request' attribute.");
+               /* Purge the file when we know that it is broken. */
+               Utility::Remove(removedRequestFile);
                return 1;
        }
 
-       Utility::SaveJsonFile(ApiListener::GetCertificateRequestsDir() + "/" + ap[0] + ".json", 0600, request);
-       if(remove(requestFile.CStr()) != 0)
-               return 1;
+       Utility::SaveJsonFile(ApiListener::GetCertificateRequestsDir() + "/" + fingerPrint + ".json", 0600, request);
+
+       Utility::Remove(removedRequestFile);
 
        Log(LogInformation, "cli")
-               << "Certificate " << GetCertificateCN(certRequest) << " restored, you can now sign it using:\n"
-               << "\"icinga2 ca sign " << ap[0] << "\"";
+               << "Restored certificate request for CN '" << GetCertificateCN(certRequest) << "', sign it with:\n"
+               << "\"icinga2 ca sign " << fingerPrint << "\"";
 
        return 0;
 }
index 9f2378500c59408087a7a47b4ec9bbf0c69bc4df..74a27dff642dba05d8f4f28a4a0a27f13cbd0680 100644 (file)
@@ -1,21 +1,4 @@
-/******************************************************************************
- * Icinga 2                                                                   *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
- *                                                                            *
- * This program is free software; you can redistribute it and/or              *
- * modify it under the terms of the GNU General Public License                *
- * as published by the Free Software Foundation; either version 2             *
- * of the License, or (at your option) any later version.                     *
- *                                                                            *
- * This program is distributed in the hope that it will be useful,            *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- * GNU General Public License for more details.                               *
- *                                                                            *
- * You should have received a copy of the GNU General Public License          *
- * along with this program; if not, write to the Free Software Foundation     *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #ifndef CARESTORECOMMAND_H
 #define CARESTORECOMMAND_H
@@ -44,4 +27,4 @@ public:
 
 }
 
-#endif /* CASIGNCOMMAND_H */
+#endif /* CASTORECOMMAND_H */
index a6b547d981290ce1f30b5d6b2ae48b983fd2b72a..368b378f01a77d245fb3530b5995b25e1809a7f5 100644 (file)
@@ -1,10 +1,10 @@
 /* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
 
 #include "cli/casigncommand.hpp"
-#include "remote/apilistener.hpp"
 #include "base/logger.hpp"
 #include "base/application.hpp"
 #include "base/tlsutility.hpp"
+#include "remote/apilistener.hpp"
 
 using namespace icinga;