Made SSL cert paths configurable.

diff --git a/base/configobject.h b/base/configobject.h
index bea58f0d9affeebc54c7cfb682051deb0bb41a58..1caee2eb3ab706651eecfbabf8c44bf970b2517b 100644 (file)
--- a/base/configobject.h
+++ b/base/configobject.h
@@ -23,9 +23,6 @@ public:
        typedef shared_ptr<ConfigObject> Ptr;
        typedef weak_ptr<ConfigObject> WeakPtr;
 
-       typedef map<string, string>::iterator ParameterIterator;
-       map<string, string> Properties;
-
        ConfigObject(const string& type, const string& name);
 
        void SetHive(const weak_ptr<ConfigHive>& hive);

diff --git a/icinga-app/icinga.conf b/icinga-app/icinga.conf
index 621a96513dd6ced45aba25b2deca42e3cc93a4ef..04916d95f276b1f902bbd24159e19cf404e0f10e 100644 (file)
--- a/icinga-app/icinga.conf
+++ b/icinga-app/icinga.conf
@@ -1,4 +1,11 @@
 {
+       "icinga": {
+               "icinga": {
+                       "privkey": "icinga-c1.key",
+                       "pubkey": "icinga-c1.crt",
+                       "cakey": "ca.crt"
+               }
+       },
        "component": {
                "configrpc": { "replicate": "0", "configSource": "1" },
                "demo": { "replicate": "0" }

diff --git a/icinga/endpointmanager.cpp b/icinga/endpointmanager.cpp
index 76d094da95d3311b290c35ba45a24a6a096556fa..dd05c96e7f4b95ecac2d18b499441e5df6d60262 100644 (file)
--- a/icinga/endpointmanager.cpp
+++ b/icinga/endpointmanager.cpp
@@ -2,10 +2,9 @@
 
 using namespace icinga;
 
-EndpointManager::EndpointManager(string identity, shared_ptr<SSL_CTX> sslContext)
+void EndpointManager::SetIdentity(string identity)
 {
        m_Identity = identity;
-       m_SSLContext = sslContext;
 }
 
 string EndpointManager::GetIdentity(void) const
@@ -13,6 +12,16 @@ string EndpointManager::GetIdentity(void) const
        return m_Identity;
 }
 
+void EndpointManager::SetSSLContext(shared_ptr<SSL_CTX> sslContext)
+{
+       m_SSLContext = sslContext;
+}
+
+shared_ptr<SSL_CTX> EndpointManager::GetSSLContext(void) const
+{
+       return m_SSLContext;
+}
+
 void EndpointManager::AddListener(unsigned short port)
 {
        stringstream s;
@@ -64,6 +73,9 @@ void EndpointManager::UnregisterServer(JsonRpcServer::Ptr server)
 
 void EndpointManager::RegisterEndpoint(Endpoint::Ptr endpoint)
 {
+       if (!endpoint->IsLocal() && endpoint->GetIdentity() != "")
+               throw InvalidArgumentException("Identity must be empty.");
+
        endpoint->SetEndpointManager(static_pointer_cast<EndpointManager>(shared_from_this()));
        m_Endpoints.push_front(endpoint);
 

diff --git a/icinga/endpointmanager.h b/icinga/endpointmanager.h
index 864d31246260a0771e0216e5b62039ae925ec1b6..a51459dd7ac241355107ff959c3b13c402fb7c80 100644 (file)
--- a/icinga/endpointmanager.h
+++ b/icinga/endpointmanager.h
@@ -29,10 +29,12 @@ public:
        typedef shared_ptr<EndpointManager> Ptr;
        typedef weak_ptr<EndpointManager> WeakPtr;
 
-       EndpointManager(string identity, shared_ptr<SSL_CTX> sslContext);
-
+       void SetIdentity(string identity);
        string GetIdentity(void) const;
 
+       void SetSSLContext(shared_ptr<SSL_CTX> sslContext);
+       shared_ptr<SSL_CTX> GetSSLContext(void) const;
+
        void AddListener(unsigned short port);
        void AddConnection(string host, unsigned short port);
 

diff --git a/icinga/icingaapplication.cpp b/icinga/icingaapplication.cpp
index ff1408607f21871c0213de3996917216d774900e..567dd8f1b635968b271987bb753db5b3a7f961ab 100644 (file)
--- a/icinga/icingaapplication.cpp
+++ b/icinga/icingaapplication.cpp
@@ -22,55 +22,71 @@ int IcingaApplication::Main(const vector<string>& args)
                return EXIT_FAILURE;
        }
 
-       shared_ptr<X509> cert = Utility::GetX509Certificate("icinga-c1.crt");
-       string identity = Utility::GetCertificateCN(cert);
-
-       Application::Log("My identity: " + identity);
-
-       shared_ptr<SSL_CTX> sslContext = Utility::MakeSSLContext("icinga-c1.crt", "icinga-c1.key", "ca.crt");
-
-       m_EndpointManager = make_shared<EndpointManager>(identity, sslContext);
+       m_EndpointManager = make_shared<EndpointManager>();
 
        string componentDirectory = GetExeDirectory() + "/../lib/icinga";
        AddComponentSearchDir(componentDirectory);
 
+       /* register handler for 'component' config objects */
        ConfigCollection::Ptr componentCollection = GetConfigHive()->GetCollection("component");
-
        function<int (const EventArgs&)> NewComponentHandler = bind_weak(&IcingaApplication::NewComponentHandler, shared_from_this());
        componentCollection->OnObjectCreated += NewComponentHandler;
        componentCollection->ForEachObject(NewComponentHandler);
-
        componentCollection->OnObjectRemoved += bind_weak(&IcingaApplication::DeletedComponentHandler, shared_from_this());
 
-       ConfigCollection::Ptr listenerCollection = GetConfigHive()->GetCollection("rpclistener");
+       /* register handler for 'icinga' config objects */
+       ConfigCollection::Ptr icingaCollection = GetConfigHive()->GetCollection("icinga");
+       function<int (const EventArgs&)> NewIcingaConfigHandler = bind_weak(&IcingaApplication::NewIcingaConfigHandler, shared_from_this());
+       icingaCollection->OnObjectCreated += NewIcingaConfigHandler;
+       icingaCollection->ForEachObject(NewIcingaConfigHandler);
+       icingaCollection->OnObjectRemoved += bind_weak(&IcingaApplication::DeletedIcingaConfigHandler, shared_from_this());
+
+       /* load config file */
+       ConfigObject::Ptr fileComponentConfig = make_shared<ConfigObject>("component", "configfile");
+       fileComponentConfig->SetPropertyString("configFilename", args[1]);
+       fileComponentConfig->SetPropertyInteger("replicate", 0);
+       GetConfigHive()->AddObject(fileComponentConfig);
+
+       if (GetPrivateKeyFile().empty())
+               throw InvalidArgumentException("No private key was specified.");
+
+       if (GetPublicKeyFile().empty())
+               throw InvalidArgumentException("No public certificate was specified.");
+
+       if (GetCAKeyFile().empty())
+               throw InvalidArgumentException("No CA certificate was specified.");
+
+       /* set up SSL context */
+       shared_ptr<X509> cert = Utility::GetX509Certificate(GetPublicKeyFile());
+       string identity = Utility::GetCertificateCN(cert);
+       Application::Log("My identity: " + identity);
+       m_EndpointManager->SetIdentity(identity);
 
+       shared_ptr<SSL_CTX> sslContext = Utility::MakeSSLContext(GetPublicKeyFile(), GetPrivateKeyFile(), GetCAKeyFile());
+       m_EndpointManager->SetSSLContext(sslContext);
+
+       /* register handler for 'rpclistener' config objects */
+       ConfigCollection::Ptr listenerCollection = GetConfigHive()->GetCollection("rpclistener");
        function<int (const EventArgs&)> NewRpcListenerHandler = bind_weak(&IcingaApplication::NewRpcListenerHandler, shared_from_this());
        listenerCollection->OnObjectCreated += NewRpcListenerHandler;
        listenerCollection->ForEachObject(NewRpcListenerHandler);
-
        listenerCollection->OnObjectRemoved += bind_weak(&IcingaApplication::DeletedRpcListenerHandler, shared_from_this());
 
+       /* register handle for 'rpcconnection' config objects */
        ConfigCollection::Ptr connectionCollection = GetConfigHive()->GetCollection("rpcconnection");
-
        function<int (const EventArgs&)> NewRpcConnectionHandler = bind_weak(&IcingaApplication::NewRpcConnectionHandler, shared_from_this());
        connectionCollection->OnObjectCreated += NewRpcConnectionHandler;
        connectionCollection->ForEachObject(NewRpcConnectionHandler);
-
        connectionCollection->OnObjectRemoved += bind_weak(&IcingaApplication::DeletedRpcConnectionHandler, shared_from_this());
 
+       /* load the subscription component */
        SubscriptionComponent::Ptr subscriptionComponent = make_shared<SubscriptionComponent>();
        RegisterComponent(subscriptionComponent);
 
+       /* load the discovery component */
        DiscoveryComponent::Ptr discoveryComponent = make_shared<DiscoveryComponent>();
        RegisterComponent(discoveryComponent);
 
-       ConfigObject::Ptr fileComponentConfig = make_shared<ConfigObject>("component", "configfile");
-       fileComponentConfig->SetPropertyString("configFilename", args[1]);
-       fileComponentConfig->SetPropertyInteger("replicate", 0);
-       GetConfigHive()->AddObject(fileComponentConfig);
-
-       ConfigCollection::Ptr collection = GetConfigHive()->GetCollection("rpclistener");
-
        RunEventLoop();
 
        return EXIT_SUCCESS;
@@ -88,13 +104,13 @@ EndpointManager::Ptr IcingaApplication::GetEndpointManager(void)
 
 int IcingaApplication::NewComponentHandler(const EventArgs& ea)
 {
-       string path;
        ConfigObject::Ptr object = static_pointer_cast<ConfigObject>(ea.Source);
        
        /* don't allow replicated config objects */
        if (object->GetReplicated())
                return 0;
 
+       string path;
        if (!object->GetPropertyString("path", &path)) {
 #ifdef _WIN32
                path = object->GetName() + ".dll";
@@ -118,23 +134,52 @@ int IcingaApplication::DeletedComponentHandler(const EventArgs& ea)
        return 0;
 }
 
+int IcingaApplication::NewIcingaConfigHandler(const EventArgs& ea)
+{
+       ConfigObject::Ptr object = static_pointer_cast<ConfigObject>(ea.Source);
+       
+       /* don't allow replicated config objects */
+       if (object->GetReplicated())
+               return 0;
+
+       string privkey;
+       if (object->GetPropertyString("privkey", &privkey))
+               SetPrivateKeyFile(privkey);
+
+       string pubkey;
+       if (object->GetPropertyString("pubkey", &pubkey))
+               SetPublicKeyFile(pubkey);
+
+       string cakey;
+       if (object->GetPropertyString("cakey", &cakey))
+               SetCAKeyFile(cakey);
+
+       return 0;
+}
+
+int IcingaApplication::DeletedIcingaConfigHandler(const EventArgs& ea)
+{
+       throw Exception("Unsupported operation.");
+
+       return 0;
+}
+
 int IcingaApplication::NewRpcListenerHandler(const EventArgs& ea)
 {
        ConfigObject::Ptr object = static_pointer_cast<ConfigObject>(ea.Source);
-       long portValue;
-       unsigned short port;
 
        /* don't allow replicated config objects */
        if (object->GetReplicated())
                return 0;
 
+       long portValue;
        if (!object->GetPropertyInteger("port", &portValue))
                throw InvalidArgumentException("Parameter 'port' is required for 'rpclistener' objects.");
 
        if (portValue < 0 || portValue > USHRT_MAX)
                throw InvalidArgumentException("Parameter 'port' contains an invalid value.");
 
-       port = (unsigned short)portValue;
+       unsigned short port = (unsigned short)portValue;
 
        GetEndpointManager()->AddListener(port);
 
@@ -181,3 +226,33 @@ int IcingaApplication::DeletedRpcConnectionHandler(const EventArgs& ea)
 
        return 0;
 }
+
+void IcingaApplication::SetPrivateKeyFile(string privkey)
+{
+       m_PrivateKeyFile = privkey;
+}
+
+string IcingaApplication::GetPrivateKeyFile(void) const
+{
+       return m_PrivateKeyFile;
+}
+
+void IcingaApplication::SetPublicKeyFile(string pubkey)
+{
+       m_PublicKeyFile = pubkey;
+}
+
+string IcingaApplication::GetPublicKeyFile(void) const
+{
+       return m_PublicKeyFile;
+}
+
+void IcingaApplication::SetCAKeyFile(string cakey)
+{
+       m_CAKeyFile = cakey;
+}
+
+string IcingaApplication::GetCAKeyFile(void) const
+{
+       return m_CAKeyFile;
+}

diff --git a/icinga/icingaapplication.h b/icinga/icingaapplication.h
index 6904e3dac30a32bae5a9bb00b66485063e311258..49a2f6b6db5fcac7d135080ca04871ca5ff8d3cd 100644 (file)
--- a/icinga/icingaapplication.h
+++ b/icinga/icingaapplication.h
@@ -9,9 +9,16 @@ class I2_ICINGA_API IcingaApplication : public Application
 private:
        EndpointManager::Ptr m_EndpointManager;
 
+       string m_PrivateKeyFile;
+       string m_PublicKeyFile;
+       string m_CAKeyFile;
+
        int NewComponentHandler(const EventArgs& ea);
        int DeletedComponentHandler(const EventArgs& ea);
 
+       int NewIcingaConfigHandler(const EventArgs& ea);
+       int DeletedIcingaConfigHandler(const EventArgs& ea);
+
        int NewRpcListenerHandler(const EventArgs& ea);
        int DeletedRpcListenerHandler(const EventArgs& ea);
 
@@ -19,6 +26,7 @@ private:
        int DeletedRpcConnectionHandler(const EventArgs& ea);
 
        int TestTimerHandler(const TimerEventArgs& tea);
+
 public:
        typedef shared_ptr<IcingaApplication> Ptr;
        typedef weak_ptr<IcingaApplication> WeakPtr;
@@ -28,6 +36,15 @@ public:
        void PrintUsage(const string& programPath);
 
        EndpointManager::Ptr GetEndpointManager(void);
+
+       void SetPrivateKeyFile(string privkey);
+       string GetPrivateKeyFile(void) const;
+
+       void SetPublicKeyFile(string pubkey);
+       string GetPublicKeyFile(void) const;
+
+       void SetCAKeyFile(string cakey);
+       string GetCAKeyFile(void) const;
 };
 
 }