"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "lib/remote/pkiutility.cpp" between
icinga2-2.11.5.tar.gz and icinga2-2.12.0.tar.gz

About: Icinga 2 is an enterprise grade monitoring system which keeps watch over networks and any conceivable network resource.

pkiutility.cpp  (icinga2-2.11.5):pkiutility.cpp  (icinga2-2.12.0)
skipping to change at line 16 skipping to change at line 16
#include "base/io-engine.hpp" #include "base/io-engine.hpp"
#include "base/logger.hpp" #include "base/logger.hpp"
#include "base/application.hpp" #include "base/application.hpp"
#include "base/tcpsocket.hpp" #include "base/tcpsocket.hpp"
#include "base/tlsutility.hpp" #include "base/tlsutility.hpp"
#include "base/console.hpp" #include "base/console.hpp"
#include "base/tlsstream.hpp" #include "base/tlsstream.hpp"
#include "base/tcpsocket.hpp" #include "base/tcpsocket.hpp"
#include "base/json.hpp" #include "base/json.hpp"
#include "base/utility.hpp" #include "base/utility.hpp"
#include "base/convert.hpp"
#include "base/exception.hpp" #include "base/exception.hpp"
#include "remote/jsonrpc.hpp" #include "remote/jsonrpc.hpp"
#include <fstream> #include <fstream>
#include <iostream> #include <iostream>
#include <boost/asio/ssl/context.hpp> #include <boost/asio/ssl/context.hpp>
#include <boost/filesystem/path.hpp> #include <boost/filesystem/path.hpp>
using namespace icinga; using namespace icinga;
int PkiUtility::NewCa() int PkiUtility::NewCa()
skipping to change at line 84 skipping to change at line 85
X509_REQ_free(req); X509_REQ_free(req);
WriteCert(cert, certfile); WriteCert(cert, certfile);
return 0; return 0;
} }
std::shared_ptr<X509> PkiUtility::FetchCert(const String& host, const String& po rt) std::shared_ptr<X509> PkiUtility::FetchCert(const String& host, const String& po rt)
{ {
std::shared_ptr<boost::asio::ssl::context> sslContext; Shared<boost::asio::ssl::context>::Ptr sslContext;
try { try {
sslContext = MakeAsioSslContext(); sslContext = MakeAsioSslContext();
} catch (const std::exception& ex) { } catch (const std::exception& ex) {
Log(LogCritical, "pki") Log(LogCritical, "pki")
<< "Cannot make SSL context."; << "Cannot make SSL context.";
Log(LogDebug, "pki") Log(LogDebug, "pki")
<< "Cannot make SSL context:\n" << DiagnosticInformation (ex); << "Cannot make SSL context:\n" << DiagnosticInformation (ex);
return std::shared_ptr<X509>(); return std::shared_ptr<X509>();
} }
auto stream (std::make_shared<AsioTlsStream>(IoEngine::Get().GetIoContext (), *sslContext, host)); auto stream (Shared<AsioTlsStream>::Make(IoEngine::Get().GetIoContext(), *sslContext, host));
try { try {
Connect(stream->lowest_layer(), host, port); Connect(stream->lowest_layer(), host, port);
} catch (const std::exception& ex) { } catch (const std::exception& ex) {
Log(LogCritical, "pki") Log(LogCritical, "pki")
<< "Cannot connect to host '" << host << "' on port '" << port << "'"; << "Cannot connect to host '" << host << "' on port '" << port << "'";
Log(LogDebug, "pki") Log(LogDebug, "pki")
<< "Cannot connect to host '" << host << "' on port '" << port << "':\n" << DiagnosticInformation(ex); << "Cannot connect to host '" << host << "' on port '" << port << "':\n" << DiagnosticInformation(ex);
return std::shared_ptr<X509>(); return std::shared_ptr<X509>();
} }
skipping to change at line 152 skipping to change at line 153
int PkiUtility::GenTicket(const String& cn, const String& salt, std::ostream& ti cketfp) int PkiUtility::GenTicket(const String& cn, const String& salt, std::ostream& ti cketfp)
{ {
ticketfp << PBKDF2_SHA1(cn, salt, 50000) << "\n"; ticketfp << PBKDF2_SHA1(cn, salt, 50000) << "\n";
return 0; return 0;
} }
int PkiUtility::RequestCertificate(const String& host, const String& port, const String& keyfile, int PkiUtility::RequestCertificate(const String& host, const String& port, const String& keyfile,
const String& certfile, const String& cafile, const std::shared_ptr<X509> & trustedCert, const String& ticket) const String& certfile, const String& cafile, const std::shared_ptr<X509> & trustedCert, const String& ticket)
{ {
std::shared_ptr<boost::asio::ssl::context> sslContext; Shared<boost::asio::ssl::context>::Ptr sslContext;
try { try {
sslContext = MakeAsioSslContext(certfile, keyfile); sslContext = MakeAsioSslContext(certfile, keyfile);
} catch (const std::exception& ex) { } catch (const std::exception& ex) {
Log(LogCritical, "cli") Log(LogCritical, "cli")
<< "Cannot make SSL context for cert path: '" << certfile << "' key path: '" << keyfile << "' ca path: '" << cafile << "'."; << "Cannot make SSL context for cert path: '" << certfile << "' key path: '" << keyfile << "' ca path: '" << cafile << "'.";
Log(LogDebug, "cli") Log(LogDebug, "cli")
<< "Cannot make SSL context for cert path: '" << certfile << "' key path: '" << keyfile << "' ca path: '" << cafile << "':\n" << Diagnos ticInformation(ex); << "Cannot make SSL context for cert path: '" << certfile << "' key path: '" << keyfile << "' ca path: '" << cafile << "':\n" << Diagnos ticInformation(ex);
return 1; return 1;
} }
auto stream (std::make_shared<AsioTlsStream>(IoEngine::Get().GetIoContext (), *sslContext, host)); auto stream (Shared<AsioTlsStream>::Make(IoEngine::Get().GetIoContext(), *sslContext, host));
try { try {
Connect(stream->lowest_layer(), host, port); Connect(stream->lowest_layer(), host, port);
} catch (const std::exception& ex) { } catch (const std::exception& ex) {
Log(LogCritical, "cli") Log(LogCritical, "cli")
<< "Cannot connect to host '" << host << "' on port '" << port << "'"; << "Cannot connect to host '" << host << "' on port '" << port << "'";
Log(LogDebug, "cli") Log(LogDebug, "cli")
<< "Cannot connect to host '" << host << "' on port '" << port << "':\n" << DiagnosticInformation(ex); << "Cannot connect to host '" << host << "' on port '" << port << "':\n" << DiagnosticInformation(ex);
return 1; return 1;
} }
skipping to change at line 324 skipping to change at line 325
return 1; return 1;
} }
return 0; return 0;
} }
String PkiUtility::GetCertificateInformation(const std::shared_ptr<X509>& cert) { String PkiUtility::GetCertificateInformation(const std::shared_ptr<X509>& cert) {
BIO *out = BIO_new(BIO_s_mem()); BIO *out = BIO_new(BIO_s_mem());
String pre; String pre;
pre = "\n Subject: "; pre = "\n Version: " + Convert::ToString(GetCertificateVersio
n(cert));
BIO_write(out, pre.CStr(), pre.GetLength());
pre = "\n Subject: ";
BIO_write(out, pre.CStr(), pre.GetLength()); BIO_write(out, pre.CStr(), pre.GetLength());
X509_NAME_print_ex(out, X509_get_subject_name(cert.get()), 0, XN_FLAG_ONE LINE & ~ASN1_STRFLGS_ESC_MSB); X509_NAME_print_ex(out, X509_get_subject_name(cert.get()), 0, XN_FLAG_ONE LINE & ~ASN1_STRFLGS_ESC_MSB);
pre = "\n Issuer: "; pre = "\n Issuer: ";
BIO_write(out, pre.CStr(), pre.GetLength()); BIO_write(out, pre.CStr(), pre.GetLength());
X509_NAME_print_ex(out, X509_get_issuer_name(cert.get()), 0, XN_FLAG_ONEL INE & ~ASN1_STRFLGS_ESC_MSB); X509_NAME_print_ex(out, X509_get_issuer_name(cert.get()), 0, XN_FLAG_ONEL INE & ~ASN1_STRFLGS_ESC_MSB);
pre = "\n Valid From: "; pre = "\n Valid From: ";
BIO_write(out, pre.CStr(), pre.GetLength()); BIO_write(out, pre.CStr(), pre.GetLength());
ASN1_TIME_print(out, X509_get_notBefore(cert.get())); ASN1_TIME_print(out, X509_get_notBefore(cert.get()));
pre = "\n Valid Until: "; pre = "\n Valid Until: ";
BIO_write(out, pre.CStr(), pre.GetLength()); BIO_write(out, pre.CStr(), pre.GetLength());
ASN1_TIME_print(out, X509_get_notAfter(cert.get())); ASN1_TIME_print(out, X509_get_notAfter(cert.get()));
pre = "\n Fingerprint: "; pre = "\n Serial: ";
BIO_write(out, pre.CStr(), pre.GetLength());
ASN1_INTEGER *asn1_serial = X509_get_serialNumber(cert.get());
for (int i = 0; i < asn1_serial->length; i++) {
BIO_printf(out, "%02x%c", asn1_serial->data[i], ((i + 1 == asn1_s
erial->length) ? '\n' : ':'));
}
pre = "\n Signature Algorithm: " + GetSignatureAlgorithm(cert);
BIO_write(out, pre.CStr(), pre.GetLength());
pre = "\n Subject Alt Names: " + GetSubjectAltNames(cert)->Join(" ");
BIO_write(out, pre.CStr(), pre.GetLength());
pre = "\n Fingerprint: ";
BIO_write(out, pre.CStr(), pre.GetLength()); BIO_write(out, pre.CStr(), pre.GetLength());
unsigned char md[EVP_MAX_MD_SIZE]; unsigned char md[EVP_MAX_MD_SIZE];
unsigned int diglen; unsigned int diglen;
X509_digest(cert.get(), EVP_sha1(), md, &diglen); X509_digest(cert.get(), EVP_sha256(), md, &diglen);
char *data; char *data;
long length = BIO_get_mem_data(out, &data); long length = BIO_get_mem_data(out, &data);
std::stringstream info; std::stringstream info;
info << String(data, data + length); info << String(data, data + length);
BIO_free(out); BIO_free(out);
for (unsigned int i = 0; i < diglen; i++) { for (unsigned int i = 0; i < diglen; i++) {
 End of changes. 11 change blocks. 
10 lines changed or deleted 29 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)