Implement support for cleaning up certificate requests

refs #5450
Icinga · Sep 12, 2017 · 88e57f7 · 88e57f7
1 parent 0a85977
commit 88e57f7
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 2 deletions.
diff --git a/lib/remote/apilistener.cpp b/lib/remote/apilistener.cpp
@@ -204,6 +204,12 @@ void ApiListener::Start(bool runtimeCreated)
 	m_AuthorityTimer->SetInterval(30);
 	m_AuthorityTimer->Start();
 
+	m_CleanupCertificateRequestsTimer = new Timer();
+	m_CleanupCertificateRequestsTimer->OnTimerExpired.connect(boost::bind(&ApiListener::CleanupCertificateRequestsTimerHandler, this));
+	m_CleanupCertificateRequestsTimer->SetInterval(3600);
+	m_CleanupCertificateRequestsTimer->Start();
+	m_CleanupCertificateRequestsTimer->Reschedule(0);
+
 	OnMasterChanged(true);
 }
 
@@ -642,7 +648,6 @@ void ApiListener::ApiTimerHandler(void)
 		    << "Setting log position for identity '" << endpoint->GetName() << "': "
 		    << Utility::FormatDateTime("%Y/%m/%d %H:%M:%S", ts);
 	}
-
 }
 
 void ApiListener::ApiReconnectTimerHandler(void)
@@ -714,6 +719,33 @@ void ApiListener::ApiReconnectTimerHandler(void)
 	    << "Connected endpoints: " << Utility::NaturalJoin(names);
 }
 
+static void CleanupCertificateRequest(const String& path, double expiryTime)
+{
+#ifndef _WIN32
+	struct stat statbuf;
+	if (lstat(path.CStr(), &statbuf) < 0)
+		return;
+#else /* _WIN32 */
+	struct _stat statbuf;
+	if (_stat(path.CStr(), &statbuf) < 0)
+		return;
+#endif /* _WIN32 */
+
+	if (statbuf.st_mtime < expiryTime)
+		(void) unlink(path.CStr());
+}
+
+void ApiListener::CleanupCertificateRequestsTimerHandler(void)
+{
+	String requestsDir = GetCertificateRequestsDir();
+
+	if (Utility::PathExists(requestsDir)) {
+		/* remove certificate requests that are older than a week */
+		double expiryTime = Utility::GetTime() - 7 * 24 * 60 * 60;
+		Utility::Glob(requestsDir + "/*.json", boost::bind(&CleanupCertificateRequest, _1, expiryTime), GlobFile);
+	}
+}
+
 void ApiListener::RelayMessage(const MessageOrigin::Ptr& origin,
     const ConfigObject::Ptr& secobj, const Dictionary::Ptr& message, bool log)
 {

diff --git a/lib/remote/apilistener.hpp b/lib/remote/apilistener.hpp
@@ -120,12 +120,14 @@ class I2_REMOTE_API ApiListener : public ObjectImpl<ApiListener>
 	Timer::Ptr m_Timer;
 	Timer::Ptr m_ReconnectTimer;
 	Timer::Ptr m_AuthorityTimer;
+	Timer::Ptr m_CleanupCertificateRequestsTimer;
 	Endpoint::Ptr m_LocalEndpoint;
 
 	static ApiListener::Ptr m_Instance;
 
 	void ApiTimerHandler(void);
 	void ApiReconnectTimerHandler(void);
+	void CleanupCertificateRequestsTimerHandler(void);
 
 	bool AddListener(const String& node, const String& service);
 	void AddConnection(const Endpoint::Ptr& endpoint);

diff --git a/lib/remote/jsonrpcconnection-pki.cpp b/lib/remote/jsonrpcconnection-pki.cpp
@@ -187,7 +187,6 @@ Value RequestCertificateHandler(const MessageOrigin::Ptr& origin, const Dictiona
 		goto delayed_request;
 	}
 
-
 	/* Send the signed certificate update. */
 	Log(LogInformation, "JsonRpcConnection")
 	    << "Sending certificate response for CN '" << cn << "' to endpoint '" << client->GetIdentity() << "'.";