From: Gunnar Beutner <gunnar.beutner@netways.de>
Date: Thu, 16 Oct 2014 12:33:58 +0000 (+0200)
Subject: Improve auto-completion for the PKI commands
X-Git-Tag: v2.2.0~362
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3e70ede8770fd2fed4ab62bd5b3fe160a6ce9c45;p=icinga2

Improve auto-completion for the PKI commands

refs #7247
---

diff --git a/doc/4-monitoring-remote-systems.md b/doc/4-monitoring-remote-systems.md
index 523a09c95..6bf302c33 100644
--- a/doc/4-monitoring-remote-systems.md
+++ b/doc/4-monitoring-remote-systems.md
@@ -198,7 +198,7 @@ object name.
 Example:
 
     # icinga2 pki new-cert --cn icinga2a --keyfile icinga2a.key --csrfile icinga2a.csr
-    # icinga2 pki sign-csr < icinga2a.csr > icinga2a.crt
+    # icinga2 pki sign-csr --csrfile icinga2a.csr --certfile icinga2a.crt
 
     # vim cluster.conf
 
@@ -242,7 +242,7 @@ Now create a certificate and key file for each node running the following comman
 (replace `icinga2a` with the required hostname):
 
     # icinga2 pki new-cert --cn icinga2a --keyfile icinga2a.key --csrfile icinga2a.csr
-    # icinga2 pki sign-csr < icinga2a.csr > icinga2a.crt
+    # icinga2 pki sign-csr --csrfile icinga2a.csr --certfile icinga2a.crt
 
 Repeat the step for all nodes in your cluster scenario.
 
diff --git a/lib/cli/pkinewcertcommand.cpp b/lib/cli/pkinewcertcommand.cpp
index 3c38cf2b8..012f31994 100644
--- a/lib/cli/pkinewcertcommand.cpp
+++ b/lib/cli/pkinewcertcommand.cpp
@@ -43,9 +43,13 @@ void PKINewCertCommand::InitParameters(boost::program_options::options_descripti
 {
 	visibleDesc.add_options()
 		("cn", po::value<std::string>(), "Common Name")
-		("keyfile", po::value<std::string>(), "Key file path")
-		("csrfile", po::value<std::string>(), "CSR file path (optional)")
-		("certfile", po::value<std::string>(), "Certificate file path (optional)");
+		("keyfile", po::value<std::string>(), "Key file path (output")
+		("csrfile", po::value<std::string>(), "CSR file path (optional, output)")
+		("certfile", po::value<std::string>(), "Certificate file path (optional, output)");
+
+	argCompletionDesc["keyfile"] = BashArgumentCompletion("file");
+	argCompletionDesc["csrfile"] = BashArgumentCompletion("file");
+	argCompletionDesc["certfile"] = BashArgumentCompletion("file");
 }
 
 /**
diff --git a/lib/cli/pkirequestcommand.cpp b/lib/cli/pkirequestcommand.cpp
index e8d9ce81f..04ddd61e0 100644
--- a/lib/cli/pkirequestcommand.cpp
+++ b/lib/cli/pkirequestcommand.cpp
@@ -54,6 +54,12 @@ void PKIRequestCommand::InitParameters(boost::program_options::options_descripti
 	    ("host", po::value<std::string>(), "Icinga 2 host")
 	    ("port", po::value<std::string>(), "Icinga 2 port")
 	    ("ticket", po::value<std::string>(), "Icinga 2 PKI ticket");
+
+	argCompletionDesc["keyfile"] = BashArgumentCompletion("file");
+	argCompletionDesc["certfile"] = BashArgumentCompletion("file");
+	argCompletionDesc["cafile"] = BashArgumentCompletion("file");
+	argCompletionDesc["host"] = BashArgumentCompletion("hostname");
+	argCompletionDesc["port"] = BashArgumentCompletion("service");
 }
 
 /**
diff --git a/lib/cli/pkisigncsrcommand.cpp b/lib/cli/pkisigncsrcommand.cpp
index d5af4d906..a6b2ed09b 100644
--- a/lib/cli/pkisigncsrcommand.cpp
+++ b/lib/cli/pkisigncsrcommand.cpp
@@ -22,6 +22,7 @@
 #include "base/clicommand.hpp"
 #include "base/tlsutility.hpp"
 #include "base/application.hpp"
+#include <fstream>
 
 using namespace icinga;
 namespace po = boost::program_options;
@@ -42,7 +43,12 @@ void PKISignCSRCommand::InitParameters(boost::program_options::options_descripti
     boost::program_options::options_description& hiddenDesc,
     ArgumentCompletionDescription& argCompletionDesc) const
 {
-	/* Command doesn't support any parameters. */
+	visibleDesc.add_options()
+	    ("csrfile", po::value<std::string>(), "CSR file path (input)")
+	    ("certfile", po::value<std::string>(), "Certificate file path (output)");
+
+	argCompletionDesc["csrfile"] = BashArgumentCompletion("file");
+	argCompletionDesc["certfile"] = BashArgumentCompletion("file");
 }
 
 /**
@@ -52,16 +58,28 @@ void PKISignCSRCommand::InitParameters(boost::program_options::options_descripti
  */
 int PKISignCSRCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
 {
+	if (!vm.count("csrfile")) {
+		Log(LogCritical, "cli", "Certificate signing request file path (--csrfile) must be specified.");
+		return 1;
+	}
+
+	if (!vm.count("certfile")) {
+		Log(LogCritical, "cli", "Certificate file path (--certfile) must be specified.");
+		return 1;
+	}
+
 	std::stringstream msgbuf;
 	char errbuf[120];
 
 	InitializeOpenSSL();
 
-	BIO *csrbio = BIO_new_fp(stdin, BIO_NOCLOSE);
+	String csrfile = vm["csrfile"].as<std::string>();
+
+	BIO *csrbio = BIO_new_file(csrfile.CStr(), "r");
 	X509_REQ *req = PEM_read_bio_X509_REQ(csrbio, NULL, NULL, NULL);
 
 	if (!req) {
-		msgbuf << "Could not parse X509 certificate request: " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
+		msgbuf << "Could not read X509 certificate request from '" + csrfile + "': " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
 		Log(LogCritical, "SSL", msgbuf.str());
 		return 1;
 	}
@@ -72,7 +90,18 @@ int PKISignCSRCommand::Run(const boost::program_options::variables_map& vm, cons
 
 	X509_REQ_free(req);
 
-	std::cout << CertificateToString(cert);
+	String certfile = vm["certfile"].as<std::string>();
+
+	std::ofstream fpcert;
+	fpcert.open(certfile.CStr());
+
+	if (!fpcert) {
+		Log(LogCritical, "cli", "Failed to open certificate file '" + certfile + "' for output");
+		return 1;
+	}
+
+	fpcert << CertificateToString(cert);
+	fpcert.close();
 
 	return 0;
 }