From c02742925e68ef21f3349b5846f23e480ca2295e Mon Sep 17 00:00:00 2001 From: Gunnar Beutner Date: Tue, 5 Sep 2017 14:44:56 +0200 Subject: [PATCH] Refactor PkiUtility class refs #5450 --- lib/cli/CMakeLists.txt | 1 - lib/cli/apisetuputility.cpp | 2 +- lib/cli/calistcommand.cpp | 53 +------------------------- lib/cli/nodesetupcommand.cpp | 2 +- lib/cli/nodewizardcommand.cpp | 2 +- lib/cli/pkinewcacommand.cpp | 2 +- lib/cli/pkinewcertcommand.cpp | 2 +- lib/cli/pkirequestcommand.cpp | 2 +- lib/cli/pkisavecertcommand.cpp | 2 +- lib/cli/pkisigncsrcommand.cpp | 2 +- lib/cli/pkiticketcommand.cpp | 2 +- lib/icinga/apiactions.cpp | 21 ++++++++++ lib/icinga/apiactions.hpp | 2 + lib/remote/CMakeLists.txt | 1 + lib/{cli => remote}/pkiutility.cpp | 61 +++++++++++++++++++++++++++++- lib/{cli => remote}/pkiutility.hpp | 8 ++-- 16 files changed, 98 insertions(+), 67 deletions(-) rename lib/{cli => remote}/pkiutility.cpp (86%) rename lib/{cli => remote}/pkiutility.hpp (94%) diff --git a/lib/cli/CMakeLists.txt b/lib/cli/CMakeLists.txt index 05ec67762..bf706e2eb 100644 --- a/lib/cli/CMakeLists.txt +++ b/lib/cli/CMakeLists.txt @@ -26,7 +26,6 @@ set(cli_SOURCES featureenablecommand.cpp featuredisablecommand.cpp featurelistcommand.cpp featureutility.cpp objectlistcommand.cpp objectlistutility.cpp pkinewcacommand.cpp pkinewcertcommand.cpp pkisigncsrcommand.cpp pkirequestcommand.cpp pkisavecertcommand.cpp pkiticketcommand.cpp - pkiutility.cpp repositoryclearchangescommand.cpp repositorycommitcommand.cpp repositoryobjectcommand.cpp repositoryutility.cpp variablegetcommand.cpp variablelistcommand.cpp variableutility.cpp troubleshootcommand.cpp diff --git a/lib/cli/apisetuputility.cpp b/lib/cli/apisetuputility.cpp index 6a1885e32..35b63a2b1 100644 --- a/lib/cli/apisetuputility.cpp +++ b/lib/cli/apisetuputility.cpp @@ -18,10 +18,10 @@ ******************************************************************************/ #include "cli/apisetuputility.hpp" -#include "cli/pkiutility.hpp" #include "cli/nodeutility.hpp" #include "cli/featureutility.hpp" #include "remote/apilistener.hpp" +#include "remote/pkiutility.hpp" #include "base/logger.hpp" #include "base/console.hpp" #include "base/application.hpp" diff --git a/lib/cli/calistcommand.cpp b/lib/cli/calistcommand.cpp index b538b772f..e44717188 100644 --- a/lib/cli/calistcommand.cpp +++ b/lib/cli/calistcommand.cpp @@ -19,6 +19,7 @@ #include "cli/calistcommand.hpp" #include "remote/apilistener.hpp" +#include "remote/pkiutility.hpp" #include "base/logger.hpp" #include "base/application.hpp" #include "base/tlsutility.hpp" @@ -46,51 +47,6 @@ void CAListCommand::InitParameters(boost::program_options::options_description& ("json", "encode output as JSON") ; } -static void CollectRequestHandler(const Dictionary::Ptr& requests, const String& requestFile) -{ - Dictionary::Ptr request = Utility::LoadJsonFile(requestFile); - - if (!request) - return; - - Dictionary::Ptr result = new Dictionary(); - - String fingerprint = Utility::BaseName(requestFile); - fingerprint = fingerprint.SubStr(0, fingerprint.GetLength() - 5); - - String certRequestText = request->Get("cert_request"); - result->Set("cert_request", certRequestText); - - Value vcertResponseText; - - if (request->Get("cert_response", &vcertResponseText)) { - String certResponseText = vcertResponseText; - result->Set("cert_response", certResponseText); - } - - boost::shared_ptr certRequest = StringToCertificate(certRequestText); - - time_t now; - time(&now); - ASN1_TIME *tm = ASN1_TIME_adj(NULL, now, 0, 0); - - int day, sec; - ASN1_TIME_diff(&day, &sec, tm, X509_get_notBefore(certRequest.get())); - - result->Set("timestamp", static_cast(now) + day * 24 * 60 * 60 + sec); - - BIO *out = BIO_new(BIO_s_mem()); - X509_NAME_print_ex(out, X509_get_subject_name(certRequest.get()), 0, XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB); - - char *data; - long length; - length = BIO_get_mem_data(out, &data); - - result->Set("subject", String(data, data + length)); - BIO_free(out); - - requests->Set(fingerprint, result); -} /** * The entry point for the "ca list" CLI command. @@ -99,12 +55,7 @@ static void CollectRequestHandler(const Dictionary::Ptr& requests, const String& */ int CAListCommand::Run(const boost::program_options::variables_map& vm, const std::vector& ap) const { - Dictionary::Ptr requests = new Dictionary(); - - String requestDir = ApiListener::GetPkiRequestsDir(); - - if (Utility::PathExists(requestDir)) - Utility::Glob(requestDir + "/*.json", boost::bind(&CollectRequestHandler, requests, _1), GlobFile); + Dictionary::Ptr requests = PkiUtility::GetCertificateRequests(); if (vm.count("json")) std::cout << JsonEncode(requests); diff --git a/lib/cli/nodesetupcommand.cpp b/lib/cli/nodesetupcommand.cpp index 140cad998..e02e9f6da 100644 --- a/lib/cli/nodesetupcommand.cpp +++ b/lib/cli/nodesetupcommand.cpp @@ -20,9 +20,9 @@ #include "cli/nodesetupcommand.hpp" #include "cli/nodeutility.hpp" #include "cli/featureutility.hpp" -#include "cli/pkiutility.hpp" #include "cli/apisetuputility.hpp" #include "remote/apilistener.hpp" +#include "remote/pkiutility.hpp" #include "base/logger.hpp" #include "base/console.hpp" #include "base/application.hpp" diff --git a/lib/cli/nodewizardcommand.cpp b/lib/cli/nodewizardcommand.cpp index 0253a06e2..fd841af21 100644 --- a/lib/cli/nodewizardcommand.cpp +++ b/lib/cli/nodewizardcommand.cpp @@ -19,10 +19,10 @@ #include "cli/nodewizardcommand.hpp" #include "cli/nodeutility.hpp" -#include "cli/pkiutility.hpp" #include "cli/featureutility.hpp" #include "cli/apisetuputility.hpp" #include "remote/apilistener.hpp" +#include "remote/pkiutility.hpp" #include "base/logger.hpp" #include "base/console.hpp" #include "base/application.hpp" diff --git a/lib/cli/pkinewcacommand.cpp b/lib/cli/pkinewcacommand.cpp index e381b2a12..69d0465f3 100644 --- a/lib/cli/pkinewcacommand.cpp +++ b/lib/cli/pkinewcacommand.cpp @@ -18,7 +18,7 @@ ******************************************************************************/ #include "cli/pkinewcacommand.hpp" -#include "cli/pkiutility.hpp" +#include "remote/pkiutility.hpp" #include "base/logger.hpp" using namespace icinga; diff --git a/lib/cli/pkinewcertcommand.cpp b/lib/cli/pkinewcertcommand.cpp index 706c67d2d..9f4ac9e8f 100644 --- a/lib/cli/pkinewcertcommand.cpp +++ b/lib/cli/pkinewcertcommand.cpp @@ -18,7 +18,7 @@ ******************************************************************************/ #include "cli/pkinewcertcommand.hpp" -#include "cli/pkiutility.hpp" +#include "remote/pkiutility.hpp" #include "base/logger.hpp" using namespace icinga; diff --git a/lib/cli/pkirequestcommand.cpp b/lib/cli/pkirequestcommand.cpp index bbbf629a8..0e3dead6f 100644 --- a/lib/cli/pkirequestcommand.cpp +++ b/lib/cli/pkirequestcommand.cpp @@ -18,7 +18,7 @@ ******************************************************************************/ #include "cli/pkirequestcommand.hpp" -#include "cli/pkiutility.hpp" +#include "remote/pkiutility.hpp" #include "base/logger.hpp" #include "base/tlsutility.hpp" #include diff --git a/lib/cli/pkisavecertcommand.cpp b/lib/cli/pkisavecertcommand.cpp index 9249ae8e7..f823f643e 100644 --- a/lib/cli/pkisavecertcommand.cpp +++ b/lib/cli/pkisavecertcommand.cpp @@ -18,7 +18,7 @@ ******************************************************************************/ #include "cli/pkisavecertcommand.hpp" -#include "cli/pkiutility.hpp" +#include "remote/pkiutility.hpp" #include "base/logger.hpp" #include "base/tlsutility.hpp" diff --git a/lib/cli/pkisigncsrcommand.cpp b/lib/cli/pkisigncsrcommand.cpp index 233a29401..a20507661 100644 --- a/lib/cli/pkisigncsrcommand.cpp +++ b/lib/cli/pkisigncsrcommand.cpp @@ -18,7 +18,7 @@ ******************************************************************************/ #include "cli/pkisigncsrcommand.hpp" -#include "cli/pkiutility.hpp" +#include "remote/pkiutility.hpp" #include "base/logger.hpp" using namespace icinga; diff --git a/lib/cli/pkiticketcommand.cpp b/lib/cli/pkiticketcommand.cpp index 7eea4bbb1..3ae977668 100644 --- a/lib/cli/pkiticketcommand.cpp +++ b/lib/cli/pkiticketcommand.cpp @@ -18,7 +18,7 @@ ******************************************************************************/ #include "cli/pkiticketcommand.hpp" -#include "cli/pkiutility.hpp" +#include "remote/pkiutility.hpp" #include "cli/variableutility.hpp" #include "base/logger.hpp" #include diff --git a/lib/icinga/apiactions.cpp b/lib/icinga/apiactions.cpp index 198bc9929..8d76dab36 100644 --- a/lib/icinga/apiactions.cpp +++ b/lib/icinga/apiactions.cpp @@ -27,6 +27,7 @@ #include "icinga/notificationcommand.hpp" #include "remote/apiaction.hpp" #include "remote/apilistener.hpp" +#include "remote/pkiutility.hpp" #include "remote/httputility.hpp" #include "base/utility.hpp" #include "base/convert.hpp" @@ -47,6 +48,8 @@ REGISTER_APIACTION(remove_downtime, "Service;Host;Downtime", &ApiActions::Remove REGISTER_APIACTION(shutdown_process, "", &ApiActions::ShutdownProcess); REGISTER_APIACTION(restart_process, "", &ApiActions::RestartProcess); REGISTER_APIACTION(generate_ticket, "", &ApiActions::GenerateTicket); +REGISTER_APIACTION(list_ca_requests, "", &ApiActions::ListCARequests); +REGISTER_APIACTION(sign_ca_request, "", &ApiActions::SignCARequest); Dictionary::Ptr ApiActions::CreateResult(int code, const String& status, const Dictionary::Ptr& additional) @@ -456,3 +459,21 @@ Dictionary::Ptr ApiActions::GenerateTicket(const ConfigObject::Ptr&, return ApiActions::CreateResult(200, "Generated PKI ticket '" + ticket + "' for common name '" + cn + "'.", additional); } + +Dictionary::Ptr ApiActions::ListCARequests(const ConfigObject::Ptr&, + const Dictionary::Ptr& params) +{ + Dictionary::Ptr additional = new Dictionary(); + additional->Set("requests", PkiUtility::GetCertificateRequests()); + + return ApiActions::CreateResult(200, "Listing all CA requests.", additional); +} + +Dictionary::Ptr ApiActions::SignCARequest(const ConfigObject::Ptr&, + const Dictionary::Ptr& params) +{ + if (!params->Contains("fingerprint")) + return ApiActions::CreateResult(400, "Option 'fingerprint' is required."); + + +} diff --git a/lib/icinga/apiactions.hpp b/lib/icinga/apiactions.hpp index 8bfcd8a4e..a1787b27c 100644 --- a/lib/icinga/apiactions.hpp +++ b/lib/icinga/apiactions.hpp @@ -46,6 +46,8 @@ public: static Dictionary::Ptr ShutdownProcess(const ConfigObject::Ptr& object, const Dictionary::Ptr& params); static Dictionary::Ptr RestartProcess(const ConfigObject::Ptr& object, const Dictionary::Ptr& params); static Dictionary::Ptr GenerateTicket(const ConfigObject::Ptr& object, const Dictionary::Ptr& params); + static Dictionary::Ptr ListCARequests(const ConfigObject::Ptr& object, const Dictionary::Ptr& params); + static Dictionary::Ptr SignCARequest(const ConfigObject::Ptr& object, const Dictionary::Ptr& params); private: static Dictionary::Ptr CreateResult(int code, const String& status, const Dictionary::Ptr& additional = Dictionary::Ptr()); diff --git a/lib/remote/CMakeLists.txt b/lib/remote/CMakeLists.txt index 349091e00..32538deb1 100644 --- a/lib/remote/CMakeLists.txt +++ b/lib/remote/CMakeLists.txt @@ -30,6 +30,7 @@ set(remote_SOURCES httpchunkedencoding.cpp httpclientconnection.cpp httpserverconnection.cpp httphandler.cpp httprequest.cpp httpresponse.cpp httputility.cpp infohandler.cpp jsonrpc.cpp jsonrpcconnection.cpp jsonrpcconnection-heartbeat.cpp jsonrpcconnection-pki.cpp messageorigin.cpp modifyobjecthandler.cpp statushandler.cpp objectqueryhandler.cpp templatequeryhandler.cpp + pkiutility.cpp typequeryhandler.cpp url.cpp variablequeryhandler.cpp zone.cpp zone.thpp ) diff --git a/lib/cli/pkiutility.cpp b/lib/remote/pkiutility.cpp similarity index 86% rename from lib/cli/pkiutility.cpp rename to lib/remote/pkiutility.cpp index c1325aafd..f3eef9d36 100644 --- a/lib/cli/pkiutility.cpp +++ b/lib/remote/pkiutility.cpp @@ -17,8 +17,7 @@ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. * ******************************************************************************/ -#include "cli/pkiutility.hpp" -#include "cli/clicommand.hpp" +#include "remote/pkiutility.hpp" #include "remote/apilistener.hpp" #include "base/logger.hpp" #include "base/application.hpp" @@ -369,3 +368,61 @@ String PkiUtility::GetCertificateInformation(const boost::shared_ptr& cert return info.str(); } + +static void CollectRequestHandler(const Dictionary::Ptr& requests, const String& requestFile) +{ + Dictionary::Ptr request = Utility::LoadJsonFile(requestFile); + + if (!request) + return; + + Dictionary::Ptr result = new Dictionary(); + + String fingerprint = Utility::BaseName(requestFile); + fingerprint = fingerprint.SubStr(0, fingerprint.GetLength() - 5); + + String certRequestText = request->Get("cert_request"); + result->Set("cert_request", certRequestText); + + Value vcertResponseText; + + if (request->Get("cert_response", &vcertResponseText)) { + String certResponseText = vcertResponseText; + result->Set("cert_response", certResponseText); + } + + boost::shared_ptr certRequest = StringToCertificate(certRequestText); + + time_t now; + time(&now); + ASN1_TIME *tm = ASN1_TIME_adj(NULL, now, 0, 0); + + int day, sec; + ASN1_TIME_diff(&day, &sec, tm, X509_get_notBefore(certRequest.get())); + + result->Set("timestamp", static_cast(now) + day * 24 * 60 * 60 + sec); + + BIO *out = BIO_new(BIO_s_mem()); + X509_NAME_print_ex(out, X509_get_subject_name(certRequest.get()), 0, XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB); + + char *data; + long length; + length = BIO_get_mem_data(out, &data); + + result->Set("subject", String(data, data + length)); + BIO_free(out); + + requests->Set(fingerprint, result); +} + +Dictionary::Ptr PkiUtility::GetCertificateRequests(void) +{ + Dictionary::Ptr requests = new Dictionary(); + + String requestDir = ApiListener::GetPkiRequestsDir(); + + if (Utility::PathExists(requestDir)) + Utility::Glob(requestDir + "/*.json", boost::bind(&CollectRequestHandler, requests, _1), GlobFile); + + return requests; +} diff --git a/lib/cli/pkiutility.hpp b/lib/remote/pkiutility.hpp similarity index 94% rename from lib/cli/pkiutility.hpp rename to lib/remote/pkiutility.hpp index 830de9d46..078722873 100644 --- a/lib/cli/pkiutility.hpp +++ b/lib/remote/pkiutility.hpp @@ -20,8 +20,7 @@ #ifndef PKIUTILITY_H #define PKIUTILITY_H -#include "base/i2-base.hpp" -#include "cli/i2-cli.hpp" +#include "remote/i2-remote.hpp" #include "base/dictionary.hpp" #include "base/string.hpp" #include @@ -30,9 +29,9 @@ namespace icinga { /** - * @ingroup cli + * @ingroup remote */ -class I2_CLI_API PkiUtility +class I2_REMOTE_API PkiUtility { public: static int NewCa(void); @@ -45,6 +44,7 @@ public: const String& certfile, const String& cafile, const boost::shared_ptr& trustedcert, const String& ticket = String()); static String GetCertificateInformation(const boost::shared_ptr& certificate); + static Dictionary::Ptr GetCertificateRequests(void); private: PkiUtility(void); -- 2.50.1