From 01e2646fd4d4bac862985127d557a5c3c6104574 Mon Sep 17 00:00:00 2001 From: Gunnar Beutner Date: Tue, 21 Oct 2014 13:54:56 +0200 Subject: [PATCH] Build fix --- lib/cli/CMakeLists.txt | 2 +- lib/cli/agentutility.hpp | 1 + lib/cli/pkirequestcommand.cpp | 18 ++++++++++++++++-- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/lib/cli/CMakeLists.txt b/lib/cli/CMakeLists.txt index 104e109f0..c81d3bb94 100644 --- a/lib/cli/CMakeLists.txt +++ b/lib/cli/CMakeLists.txt @@ -22,7 +22,7 @@ set(cli_SOURCES daemoncommand.cpp featureenablecommand.cpp featuredisablecommand.cpp featurelistcommand.cpp featureutility.cpp objectlistcommand.cpp - pkinewcacommand.cpp pkinewcertcommand.cpp pkisigncsrcommand.cpp pkirequestcommand.cpp pkiticketcommand.cpp + pkinewcacommand.cpp pkinewcertcommand.cpp pkisigncsrcommand.cpp pkirequestcommand.cpp pkisavecertcommand.cpp pkiticketcommand.cpp repositoryobjectcommand.cpp variablegetcommand.cpp variablelistcommand.cpp ) diff --git a/lib/cli/agentutility.hpp b/lib/cli/agentutility.hpp index 488bf0a9a..4f114be4a 100644 --- a/lib/cli/agentutility.hpp +++ b/lib/cli/agentutility.hpp @@ -23,6 +23,7 @@ #include "base/i2-base.hpp" #include "base/dictionary.hpp" #include "base/string.hpp" +#include namespace icinga { diff --git a/lib/cli/pkirequestcommand.cpp b/lib/cli/pkirequestcommand.cpp index 73fd17880..bc37f1290 100644 --- a/lib/cli/pkirequestcommand.cpp +++ b/lib/cli/pkirequestcommand.cpp @@ -46,9 +46,10 @@ void PKIRequestCommand::InitParameters(boost::program_options::options_descripti boost::program_options::options_description& hiddenDesc) const { visibleDesc.add_options() - ("keyfile", po::value(), "Key file path") + ("keyfile", po::value(), "Key file path (input)") ("certfile", po::value(), "Certificate file path (input + output)") ("cafile", po::value(), "CA file path (output)") + ("trustedfile", po::value(), "Trusted certificate file path (input)") ("host", po::value(), "Icinga 2 host") ("port", po::value(), "Icinga 2 port") ("ticket", po::value(), "Icinga 2 PKI ticket"); @@ -56,7 +57,7 @@ void PKIRequestCommand::InitParameters(boost::program_options::options_descripti std::vector PKIRequestCommand::GetArgumentSuggestions(const String& argument, const String& word) const { - if (argument == "keyfile" || argument == "certfile" || argument == "cafile") + if (argument == "keyfile" || argument == "certfile" || argument == "cafile" || argument == "trustedfile") return GetBashCompletionSuggestions("file", word); else if (argument == "host") return GetBashCompletionSuggestions("hostname", word); @@ -93,6 +94,11 @@ int PKIRequestCommand::Run(const boost::program_options::variables_map& vm, cons return 1; } + if (!vm.count("trustedfile")) { + Log(LogCritical, "cli", "Trusted certificate file path (--trustedfile) must be specified."); + return 1; + } + if (!vm.count("ticket")) { Log(LogCritical, "cli", "Ticket (--ticket) must be specified."); return 1; @@ -115,6 +121,14 @@ int PKIRequestCommand::Run(const boost::program_options::variables_map& vm, cons stream->Handshake(); + shared_ptr peerCert = stream->GetPeerCertificate(); + shared_ptr trustedCert = GetX509Certificate(vm["trustedfile"].as()); + + if (CertificateToString(peerCert) != CertificateToString(trustedCert)) { + Log(LogCritical, "cli", "Peer certificate does not match trusted certificate."); + return 1; + } + Dictionary::Ptr request = make_shared(); String msgid = Utility::NewUniqueID(); -- 2.40.0