return CreateCert(pubkey, subject, X509_get_subject_name(cacert.get()), privkey, false);
}
+boost::shared_ptr<X509> CreateCertIcingaCA(const boost::shared_ptr<X509>& cert)
+{
+ return CreateCertIcingaCA(X509_get_pubkey(cert.get()), X509_get_subject_name(cert.get()));
+}
+
String CertificateToString(const boost::shared_ptr<X509>& cert)
{
BIO *mem = BIO_new(BIO_s_mem());
String I2_BASE_API CertificateToString(const boost::shared_ptr<X509>& cert);
boost::shared_ptr<X509> I2_BASE_API StringToCertificate(const String& cert);
boost::shared_ptr<X509> I2_BASE_API CreateCertIcingaCA(EVP_PKEY *pubkey, X509_NAME *subject);
+boost::shared_ptr<X509> I2_BASE_API CreateCertIcingaCA(const boost::shared_ptr<X509>& cert);
String I2_BASE_API PBKDF2_SHA1(const String& password, const String& salt, int iterations);
String I2_BASE_API SHA1(const String& s, bool binary = false);
String I2_BASE_API SHA256(const String& s);
set(cli_SOURCES
apisetupcommand.cpp apisetuputility.cpp
+ calistcommand.cpp casigncommand.cpp
nodeaddcommand.cpp nodeblackandwhitelistcommand.cpp nodelistcommand.cpp noderemovecommand.cpp
nodesetcommand.cpp nodesetupcommand.cpp nodeupdateconfigcommand.cpp nodewizardcommand.cpp nodeutility.cpp
clicommand.cpp
--- /dev/null
+/******************************************************************************
+ * Icinga 2 *
+ * Copyright (C) 2012-2017 Icinga Development Team (https://www.icinga.com/) *
+ * *
+ * This program is free software; you can redistribute it and/or *
+ * modify it under the terms of the GNU General Public License *
+ * as published by the Free Software Foundation; either version 2 *
+ * of the License, or (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the Free Software Foundation *
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
+ ******************************************************************************/
+
+#include "cli/calistcommand.hpp"
+#include "base/logger.hpp"
+#include "base/application.hpp"
+#include "base/tlsutility.hpp"
+
+using namespace icinga;
+
+REGISTER_CLICOMMAND("ca/list", CAListCommand);
+
+String CAListCommand::GetDescription(void) const
+{
+ return "Lists all certificate signing requests.";
+}
+
+String CAListCommand::GetShortDescription(void) const
+{
+ return "lists all certificate signing requests";
+}
+
+void CAListCommand::PrintRequest(const String& requestFile)
+{
+ Dictionary::Ptr request = Utility::LoadJsonFile(requestFile);
+
+ if (!request)
+ return;
+
+ String fingerprint = Utility::BaseName(requestFile);
+ fingerprint = fingerprint.SubStr(0, fingerprint.GetLength() - 5);
+
+ std::cout << "***\n";
+ std::cout << "Fingerprint: " << fingerprint << "\n";
+
+ String certRequestText = request->Get("cert_request");
+
+ boost::shared_ptr<X509> certRequest = StringToCertificate(certRequestText);
+
+ String cn = GetCertificateCN(certRequest);
+
+ String certResponseText = request->Get("cert_response");
+
+ if (!certResponseText.IsEmpty()) {
+ boost::shared_ptr<X509> certResponse = StringToCertificate(certResponseText);
+ }
+
+ std::cout << "CN: " << cn << "\n";
+ std::cout << "Certificate (request): " << certRequestText << "\n";
+ std::cout << "Certificate (response): " << certResponseText << "\n";
+}
+
+/**
+ * The entry point for the "ca list" CLI command.
+ *
+ * @returns An exit status.
+ */
+int CAListCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
+{
+ Utility::Glob(Application::GetLocalStateDir() + "/lib/icinga2/pki-requests/*.json", &CAListCommand::PrintRequest, GlobFile);
+
+ return 0;
+}
--- /dev/null
+/******************************************************************************
+ * Icinga 2 *
+ * Copyright (C) 2012-2017 Icinga Development Team (https://www.icinga.com/) *
+ * *
+ * This program is free software; you can redistribute it and/or *
+ * modify it under the terms of the GNU General Public License *
+ * as published by the Free Software Foundation; either version 2 *
+ * of the License, or (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the Free Software Foundation *
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
+ ******************************************************************************/
+
+#ifndef CALISTCOMMAND_H
+#define CALISTCOMMAND_H
+
+#include "cli/clicommand.hpp"
+
+namespace icinga
+{
+
+/**
+ * The "ca list" command.
+ *
+ * @ingroup cli
+ */
+class CAListCommand : public CLICommand
+{
+public:
+ DECLARE_PTR_TYPEDEFS(CAListCommand);
+
+ virtual String GetDescription(void) const override;
+ virtual String GetShortDescription(void) const override;
+ virtual int Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const override;
+
+private:
+ static void PrintRequest(const String& requestFile);
+};
+
+}
+
+#endif /* CALISTCOMMAND_H */
--- /dev/null
+/******************************************************************************
+ * Icinga 2 *
+ * Copyright (C) 2012-2017 Icinga Development Team (https://www.icinga.com/) *
+ * *
+ * This program is free software; you can redistribute it and/or *
+ * modify it under the terms of the GNU General Public License *
+ * as published by the Free Software Foundation; either version 2 *
+ * of the License, or (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the Free Software Foundation *
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
+ ******************************************************************************/
+
+#include "cli/casigncommand.hpp"
+#include "base/logger.hpp"
+#include "base/application.hpp"
+#include "base/tlsutility.hpp"
+
+using namespace icinga;
+
+REGISTER_CLICOMMAND("ca/sign", CASignCommand);
+
+String CASignCommand::GetDescription(void) const
+{
+ return "Signs an outstanding certificate request.";
+}
+
+String CASignCommand::GetShortDescription(void) const
+{
+ return "signs an outstanding certificate request";
+}
+
+int CASignCommand::GetMinArguments(void) const
+{
+ return 1;
+}
+
+ImpersonationLevel CASignCommand::GetImpersonationLevel(void) const
+{
+ return ImpersonateIcinga;
+}
+
+/**
+ * The entry point for the "ca sign" CLI command.
+ *
+ * @returns An exit status.
+ */
+int CASignCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
+{
+ String requestFile = Application::GetLocalStateDir() + "/lib/icinga2/pki-requests/" + ap[0] + ".json";
+
+ Dictionary::Ptr request = Utility::LoadJsonFile(requestFile);
+
+ if (!request)
+ return 1;
+
+ String certRequestText = request->Get("cert_request");
+
+ boost::shared_ptr<X509> certRequest = StringToCertificate(certRequestText);
+
+ boost::shared_ptr<X509> certResponse = CreateCertIcingaCA(certRequest);
+
+ request->Set("cert_response", CertificateToString(certResponse));
+
+ Utility::SaveJsonFile(requestFile, 0600, request);
+
+ return 0;
+}
--- /dev/null
+/******************************************************************************
+ * Icinga 2 *
+ * Copyright (C) 2012-2017 Icinga Development Team (https://www.icinga.com/) *
+ * *
+ * This program is free software; you can redistribute it and/or *
+ * modify it under the terms of the GNU General Public License *
+ * as published by the Free Software Foundation; either version 2 *
+ * of the License, or (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the Free Software Foundation *
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
+ ******************************************************************************/
+
+#ifndef CASIGNCOMMAND_H
+#define CASIGNCOMMAND_H
+
+#include "cli/clicommand.hpp"
+
+namespace icinga
+{
+
+/**
+ * The "ca sign" command.
+ *
+ * @ingroup cli
+ */
+class CASignCommand : public CLICommand
+{
+public:
+ DECLARE_PTR_TYPEDEFS(CASignCommand);
+
+ virtual String GetDescription(void) const override;
+ virtual String GetShortDescription(void) const override;
+ virtual int GetMinArguments(void) const override;
+ virtual ImpersonationLevel GetImpersonationLevel(void) const override;
+ virtual int Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const override;
+};
+
+}
+
+#endif /* CASIGNCOMMAND_H */
projects / icinga2 / commitdiff