From 6aa2e0c36b264704664e131706e3156f680bdf92 Mon Sep 17 00:00:00 2001
From: Andrew Jaffie <ajaffie@gmail.com>
Date: Wed, 8 Aug 2018 12:09:41 -0400
Subject: [PATCH] Added ca restore command+docs to undo effects of ca remove

---
 doc/06-distributed-monitoring.md |  2 +
 doc/11-cli-commands.md           |  3 ++
 lib/cli/CMakeLists.txt           |  1 +
 lib/cli/carestorecommand.cpp     | 73 ++++++++++++++++++++++++++++++++
 lib/cli/carestorecommand.hpp     | 47 ++++++++++++++++++++
 5 files changed, 126 insertions(+)
 create mode 100644 lib/cli/carestorecommand.cpp
 create mode 100644 lib/cli/carestorecommand.hpp

diff --git a/doc/06-distributed-monitoring.md b/doc/06-distributed-monitoring.md
index 41e0468fd..fd1b1fd60 100644
--- a/doc/06-distributed-monitoring.md
+++ b/doc/06-distributed-monitoring.md
@@ -458,6 +458,8 @@ syntax as the `ca sign` command.
 [root@pym ~]# icinga2 ca remove 5c31ca0e2269c10363a97e40e3f2b2cd56493f9194d5b1852541b835970da46e
 information/cli: Certificate 5c31ca0e2269c10363a97e40e3f2b2cd56493f9194d5b1852541b835970da46e removed.
 ```
+If you want to restore a certificate you have removed, you can use `ca restore`.
+
 
 ## Client/Satellite Setup <a id="distributed-monitoring-setup-satellite-client"></a>
 
diff --git a/doc/11-cli-commands.md b/doc/11-cli-commands.md
index f9197f0ee..ca5e227c4 100644
--- a/doc/11-cli-commands.md
+++ b/doc/11-cli-commands.md
@@ -21,6 +21,7 @@ Usage:
 Supported commands:
   * api setup (setup for API)
   * ca list (lists all certificate signing requests)
+  * ca restore (restores a removed certificate request)
   * ca remove (removes an outstanding certificate request)  
   * ca sign (signs an outstanding certificate request)
   * console (Icinga debug console)
@@ -186,6 +187,8 @@ Usage:
 Supported commands:
   * ca list (lists all certificate signing requests)
   * ca sign (signs an outstanding certificate request)
+  * ca restore (restores a removed certificate request)
+  * ca remove (removes an outstanding certificate request)
 
 Global options:
   -h [ --help ]             show this help message
diff --git a/lib/cli/CMakeLists.txt b/lib/cli/CMakeLists.txt
index 980429171..a87ee0e39 100644
--- a/lib/cli/CMakeLists.txt
+++ b/lib/cli/CMakeLists.txt
@@ -5,6 +5,7 @@ set(cli_SOURCES
   apisetupcommand.cpp apisetupcommand.hpp
   apisetuputility.cpp apisetuputility.hpp
   calistcommand.cpp calistcommand.hpp
+  carestorecommand.cpp carestorecommand.hpp
   caremovecommand.cpp caremovecommand.hpp
   casigncommand.cpp casigncommand.hpp
   clicommand.cpp clicommand.hpp
diff --git a/lib/cli/carestorecommand.cpp b/lib/cli/carestorecommand.cpp
new file mode 100644
index 000000000..0a232a84d
--- /dev/null
+++ b/lib/cli/carestorecommand.cpp
@@ -0,0 +1,73 @@
+/******************************************************************************
+ * Icinga 2                                                                   *
+ * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
+ *                                                                            *
+ * This program is free software; you can redistribute it and/or              *
+ * modify it under the terms of the GNU General Public License                *
+ * as published by the Free Software Foundation; either version 2             *
+ * of the License, or (at your option) any later version.                     *
+ *                                                                            *
+ * This program is distributed in the hope that it will be useful,            *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
+ * GNU General Public License for more details.                               *
+ *                                                                            *
+ * You should have received a copy of the GNU General Public License          *
+ * along with this program; if not, write to the Free Software Foundation     *
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
+ ******************************************************************************/
+
+#include "cli/carestorecommand.hpp"
+#include "remote/apilistener.hpp"
+#include "base/logger.hpp"
+#include "base/application.hpp"
+#include "base/tlsutility.hpp"
+
+using namespace icinga;
+
+REGISTER_CLICOMMAND("ca/restore", CARestoreCommand);
+
+String CARestoreCommand::GetDescription() const
+{
+	return "Restores a previously removed certificate request.";
+}
+
+String CARestoreCommand::GetShortDescription() const
+{
+	return "restores a removed certificate request";
+}
+
+int CARestoreCommand::GetMinArguments() const
+{
+	return 1;
+}
+
+ImpersonationLevel CARestoreCommand::GetImpersonationLevel() const
+{
+	return ImpersonateIcinga;
+}
+
+/**
+ * The entry point for the "ca restore" CLI command.
+ *
+ * @returns An exit status.
+ */
+int CARestoreCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
+{
+	String requestFile = ApiListener::GetCertificateRequestsDir() + "/" + ap[0] + ".removed";
+
+	if (!Utility::PathExists(requestFile)) {
+		Log(LogCritical, "cli")
+			<< "No removed request exists for fingerprint '" << ap[0] << "'.";
+		return 1;
+	}
+	Utility::SaveJsonFile(ApiListener::GetCertificateRequestsDir() + "/" + ap[0] + ".json", 700, Utility::LoadJsonFile(requestFile));
+	if(remove(requestFile.CStr()) != 0)
+		return 1;
+
+	Log(LogInformation, "cli")
+		<< "Certificate " << ap[0] << " restored, you can now sign it using:\n"
+	       	<< "\"icinga2 ca sign " << ap[0] << "\"";
+
+	return 0;
+}
diff --git a/lib/cli/carestorecommand.hpp b/lib/cli/carestorecommand.hpp
new file mode 100644
index 000000000..9f2378500
--- /dev/null
+++ b/lib/cli/carestorecommand.hpp
@@ -0,0 +1,47 @@
+/******************************************************************************
+ * Icinga 2                                                                   *
+ * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
+ *                                                                            *
+ * This program is free software; you can redistribute it and/or              *
+ * modify it under the terms of the GNU General Public License                *
+ * as published by the Free Software Foundation; either version 2             *
+ * of the License, or (at your option) any later version.                     *
+ *                                                                            *
+ * This program is distributed in the hope that it will be useful,            *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
+ * GNU General Public License for more details.                               *
+ *                                                                            *
+ * You should have received a copy of the GNU General Public License          *
+ * along with this program; if not, write to the Free Software Foundation     *
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
+ ******************************************************************************/
+
+#ifndef CARESTORECOMMAND_H
+#define CARESTORECOMMAND_H
+
+#include "cli/clicommand.hpp"
+
+namespace icinga
+{
+
+/**
+ * The "ca restore" command.
+ *
+ * @ingroup cli
+ */
+class CARestoreCommand final : public CLICommand
+{
+public:
+	DECLARE_PTR_TYPEDEFS(CARestoreCommand);
+
+	String GetDescription() const override;
+	String GetShortDescription() const override;
+	int GetMinArguments() const override;
+	ImpersonationLevel GetImpersonationLevel() const override;
+	int Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const override;
+};
+
+}
+
+#endif /* CASIGNCOMMAND_H */
-- 
2.40.0