Log messages now use CN, file permissions fixed, ca remove now will not remove CSR...

diff --git a/lib/cli/CMakeLists.txt b/lib/cli/CMakeLists.txt
index a87ee0e391b33d59a81a19ce37bfed5d22e6a02b..38756b5ce112cc6e5122e089718afde2260b41a8 100644 (file)
--- a/lib/cli/CMakeLists.txt
+++ b/lib/cli/CMakeLists.txt
@@ -5,8 +5,8 @@ set(cli_SOURCES
   apisetupcommand.cpp apisetupcommand.hpp
   apisetuputility.cpp apisetuputility.hpp
   calistcommand.cpp calistcommand.hpp
-  carestorecommand.cpp carestorecommand.hpp
   caremovecommand.cpp caremovecommand.hpp
+  carestorecommand.cpp carestorecommand.hpp
   casigncommand.cpp casigncommand.hpp
   clicommand.cpp clicommand.hpp
   consolecommand.cpp consolecommand.hpp

diff --git a/lib/cli/caremovecommand.cpp b/lib/cli/caremovecommand.cpp
index a174d9e579705cb373533f69e78654dd676e9ccf..b833750f90c1ff932bd30efb6338685970b4309f 100644 (file)
--- a/lib/cli/caremovecommand.cpp
+++ b/lib/cli/caremovecommand.cpp
@@ -61,12 +61,25 @@ int CARemoveCommand::Run(const boost::program_options::variables_map& vm, const
                        << "No request exists for fingerprint '" << ap[0] << "'.";
                return 1;
        }
-       Utility::SaveJsonFile(ApiListener::GetCertificateRequestsDir() + "/" + ap[0] + ".removed", 700, Utility::LoadJsonFile(requestFile));
+
+       Dictionary::Ptr request = Utility::LoadJsonFile(requestFile);
+       std::shared_ptr<X509> certRequest = StringToCertificate(request->Get("cert_request"));
+
+       if (!certRequest) {
+               Log(LogCritical, "cli", "Certificate request is invalid. Could not parse X.509 certificate for the 'cert_request' attribute.");
+               return 1;
+       }
+       if (request->Contains("cert_response")) {
+               Log(LogCritical, "cli", "Certificate request already signed, you cannot remove it.");
+               return 1;
+       }
+
+       Utility::SaveJsonFile(ApiListener::GetCertificateRequestsDir() + "/" + ap[0] + ".removed", 0600, request);
        if(remove(requestFile.CStr()) != 0)
                return 1;
 
        Log(LogInformation, "cli")
-               << "Certificate " << ap[0] << " removed.";
+               << "Certificate for CN " << GetCertificateCN(certRequest) << " removed.";
 
        return 0;
 }

diff --git a/lib/cli/carestorecommand.cpp b/lib/cli/carestorecommand.cpp
index 0a232a84d6f9460b8c0a308e73f22978fd763e98..8a01acb91d5e86418fe155487f7ad36b110e878d 100644 (file)
--- a/lib/cli/carestorecommand.cpp
+++ b/lib/cli/carestorecommand.cpp
@@ -61,12 +61,21 @@ int CARestoreCommand::Run(const boost::program_options::variables_map& vm, const
                        << "No removed request exists for fingerprint '" << ap[0] << "'.";
                return 1;
        }
-       Utility::SaveJsonFile(ApiListener::GetCertificateRequestsDir() + "/" + ap[0] + ".json", 700, Utility::LoadJsonFile(requestFile));
+
+       Dictionary::Ptr request = Utility::LoadJsonFile(requestFile);
+       std::shared_ptr<X509> certRequest = StringToCertificate(request->Get("cert_request"));
+
+       if (!certRequest) {
+               Log(LogCritical, "cli", "Certificate request is invalid. Could not parse X.509 certificate for the 'cert_request' attribute.");
+               return 1;
+       }
+
+       Utility::SaveJsonFile(ApiListener::GetCertificateRequestsDir() + "/" + ap[0] + ".json", 0600, request);
        if(remove(requestFile.CStr()) != 0)
                return 1;
 
        Log(LogInformation, "cli")
-               << "Certificate " << ap[0] << " restored, you can now sign it using:\n"
+               << "Certificate " << GetCertificateCN(certRequest) << " restored, you can now sign it using:\n"
                << "\"icinga2 ca sign " << ap[0] << "\"";
 
        return 0;