Skip to content

Commit

Permalink
ApiListener#Start(): auto-renew CA on its owner
Browse files Browse the repository at this point in the history
otherwise it would expire.
  • Loading branch information
Al2Klimov committed Nov 6, 2023
1 parent 4cef2a9 commit b3315a4
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 1 deletion.
32 changes: 31 additions & 1 deletion lib/remote/apilistener.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -248,7 +248,12 @@ void ApiListener::Start(bool runtimeCreated)

if (Utility::PathExists(GetIcingaCADir() + "/ca.key")) {
RenewOwnCert();
m_RenewOwnCertTimer->OnTimerExpired.connect([this](const Timer * const&) { RenewOwnCert(); });
RenewCA();

m_RenewOwnCertTimer->OnTimerExpired.connect([this](const Timer * const&) {
RenewOwnCert();
RenewCA();
});
} else {
m_RenewOwnCertTimer->OnTimerExpired.connect([this](const Timer * const&) {
JsonRpcConnection::SendCertificateRequest(nullptr, nullptr, String());
Expand Down Expand Up @@ -329,6 +334,31 @@ void ApiListener::RenewOwnCert()
UpdateSSLContext();
}

void ApiListener::RenewCA()
{
auto certPath (GetCaDir() + "/ca.crt");
auto cert (GetX509Certificate(certPath));

if (IsCertUptodate(cert)) {
return;
}

Log(LogInformation, "ApiListener")
<< "Our CA will expire soon, but we own it. Renewing.";

cert = RenewCert(cert, true);

if (!cert) {
return;
}

auto certStr (CertificateToString(cert));

AtomicFile::Write(GetDefaultCaPath(), 0644, certStr);
AtomicFile::Write(certPath, 0644, certStr);
UpdateSSLContext();
}

void ApiListener::Stop(bool runtimeDeleted)
{
m_ApiPackageIntegrityTimer->Stop(true);
Expand Down
1 change: 1 addition & 0 deletions lib/remote/apilistener.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -227,6 +227,7 @@ class ApiListener final : public ObjectImpl<ApiListener>
void SyncLocalZoneDirs() const;
void SyncLocalZoneDir(const Zone::Ptr& zone) const;
void RenewOwnCert();
void RenewCA();

void SendConfigUpdate(const JsonRpcConnection::Ptr& aclient);

Expand Down

0 comments on commit b3315a4

Please sign in to comment.