Dictionary::Ptr result = response->Get("result");
+ if (result->Contains("ca")) {
+ try {
+ StringToCertificate(result->Get("ca"));
+ } catch (const std::exception& ex) {
+ Log(LogCritical, "cli")
+ << "Could not write CA file: " << DiagnosticInformation(ex, false);
+ return 1;
+ }
+
+ Log(LogInformation, "cli")
+ << "Writing CA certificate to file '" << cafile << "'.";
+
+ std::ofstream fpca;
+ fpca.open(cafile.CStr());
+ fpca << result->Get("ca");
+ fpca.close();
+
+ if (fpca.fail()) {
+ Log(LogCritical, "cli")
+ << "Could not open CA certificate file '" << cafile << "' for writing.";
+ return 1;
+ }
+ }
+
if (result->Contains("error")) {
LogSeverity severity;
- if (result->Get("status_code") == 1)
+ Value vstatus;
+
+ if (!result->Get("status_code", &vstatus))
+ vstatus = 1;
+
+ int status = vstatus;
+
+ if (status == 1)
severity = LogCritical;
else {
severity = LogInformation;
Log(severity, "cli")
<< "!!! " << result->Get("error");
- if (result->Get("status_code") == 1)
+ if (status == 1)
return 1;
else {
Log(severity, "cli", "!!!!!!");
return 1;
}
- try {
- StringToCertificate(result->Get("ca"));
- } catch (const std::exception& ex) {
- Log(LogCritical, "cli")
- << "Could not write CA file: " << DiagnosticInformation(ex, false);
- return 1;
- }
+ Log(LogInformation, "cli")
+ << "Writing signed certificate to file '" << certfile << "'.";
std::ofstream fpcert;
fpcert.open(certfile.CStr());
return 1;
}
- Log(LogInformation, "cli")
- << "Writing signed certificate to file '" << certfile << "'.";
-
- std::ofstream fpca;
- fpca.open(cafile.CStr());
- fpca << result->Get("ca");
- fpca.close();
-
- if (fpca.fail()) {
- Log(LogCritical, "cli")
- << "Could not open CA certificate file '" << cafile << "' for writing.";
- return 1;
- }
-
- Log(LogInformation, "cli")
- << "Writing CA certificate to file '" << cafile << "'.";
-
return 0;
}
endpoint->SetSyncing(true);
}
+ Zone::Ptr myZone = Zone::GetLocalZone();
+
+ if (myZone->GetParent() == eZone) {
+ Log(LogInformation, "ApiListener")
+ << "Requesting new certificate for this Icinga instance from endpoint '" << endpoint->GetName() << "'.";
+
+ SendCertificateRequest(aclient);
+ }
+
/* Make sure that the config updates are synced
* before the logs are replayed.
*/
<< "Finished syncing endpoint '" << endpoint->GetName() << "' in zone '" << eZone->GetName() << "'.";
}
+void ApiListener::SendCertificateRequest(const JsonRpcConnection::Ptr& aclient)
+{
+ Dictionary::Ptr message = new Dictionary();
+ message->Set("jsonrpc", "2.0");
+ message->Set("method", "pki::RequestCertificate");
+
+ Dictionary::Ptr params = new Dictionary();
+
+ message->Set("params", params);
+
+ JsonRpc::SendMessage(aclient->GetStream(), message);
+}
+
void ApiListener::ApiTimerHandler(void)
{
double now = Utility::GetTime();
if (!origin->FromClient->IsAuthenticated()) {
String salt = listener->GetTicketSalt();
- if (salt.IsEmpty())
+ String ticket = params->Get("ticket");
+
+ if (salt.IsEmpty() || ticket.IsEmpty())
goto delayed_request;
- String ticket = params->Get("ticket");
String realTicket = PBKDF2_SHA1(origin->FromClient->GetIdentity(), salt, 50000);
if (ticket != realTicket) {
projects / icinga2 / commitdiff