From ce88e89cc04a7e7aebc7088ef1c5e4cff42ef504 Mon Sep 17 00:00:00 2001
From: Michael Friedrich <michael.friedrich@icinga.com>
Date: Wed, 6 Sep 2017 14:38:35 +0200
Subject: [PATCH] Fix wrong cert path for CLI commands

refs #5450
---
 lib/cli/nodesetupcommand.cpp         | 12 ++++++------
 lib/cli/nodewizardcommand.cpp        | 16 ++++++++--------
 lib/remote/jsonrpcconnection-pki.cpp |  3 ++-
 3 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/lib/cli/nodesetupcommand.cpp b/lib/cli/nodesetupcommand.cpp
index 895815d994b..c3422785bc9 100644
--- a/lib/cli/nodesetupcommand.cpp
+++ b/lib/cli/nodesetupcommand.cpp
@@ -176,9 +176,9 @@ int NodeSetupCommand::SetupMaster(const boost::program_options::variables_map& v
 	    << " * The API listener is used for distributed monitoring setups.\n"
 	    << " */\n"
 	    << "object ApiListener \"api\" {\n"
-	    << "  cert_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".crt\"\n"
-	    << "  key_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".key\"\n"
-	    << "  ca_path = LocalStateDir + \"/lib/icinga2/pki/ca.crt\"\n";
+	    << "  cert_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".crt\"\n"
+	    << "  key_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".key\"\n"
+	    << "  ca_path = LocalStateDir + \"/lib/icinga2/certs/ca.crt\"\n";
 
 	if (vm.count("listen")) {
 		std::vector<String> tokens;
@@ -380,9 +380,9 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm,
 	    << " * The API listener is used for distributed monitoring setups.\n"
 	    << " */\n"
 	    << "object ApiListener \"api\" {\n"
-	    << "  cert_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".crt\"\n"
-	    << "  key_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".key\"\n"
-	    << "  ca_path = LocalStateDir + \"/lib/icinga2/pki/ca.crt\"\n";
+	    << "  cert_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".crt\"\n"
+	    << "  key_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".key\"\n"
+	    << "  ca_path = LocalStateDir + \"/lib/icinga2/certs/ca.crt\"\n";
 
 	if (vm.count("listen")) {
 		std::vector<String> tokens;
diff --git a/lib/cli/nodewizardcommand.cpp b/lib/cli/nodewizardcommand.cpp
index 91e89b6212f..37c9d68bb8a 100644
--- a/lib/cli/nodewizardcommand.cpp
+++ b/lib/cli/nodewizardcommand.cpp
@@ -92,7 +92,7 @@ int NodeWizardCommand::Run(const boost::program_options::variables_map& vm,
 	 * 5. Local CA
 	 * 6. New self signed certificate
 	 * 7. Request signed certificate from master
-	 * 8. copy key information to /var/lib/icinga2/pki
+	 * 8. copy key information to /var/lib/icinga2/certs
 	 * 9. enable ApiListener feature
 	 * 10. generate zones.conf with endpoints and zone objects
 	 * 11. set NodeName = cn in constants.conf
@@ -407,9 +407,9 @@ int NodeWizardCommand::Run(const boost::program_options::variables_map& vm,
 		    << " * The API listener is used for distributed monitoring setups.\n"
 		    << " */\n"
 		    << "object ApiListener \"api\" {\n"
-		    << "  cert_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".crt\"\n"
-		    << "  key_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".key\"\n"
-		    << "  ca_path = LocalStateDir + \"/lib/icinga2/pki/ca.crt\"\n"
+		    << "  cert_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".crt\"\n"
+		    << "  key_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".key\"\n"
+		    << "  ca_path = LocalStateDir + \"/lib/icinga2/certs/ca.crt\"\n"
 		    << "\n"
 		    << "  accept_config = " << accept_config << "\n"
 		    << "  accept_commands = " << accept_commands << "\n";
@@ -455,7 +455,7 @@ int NodeWizardCommand::Run(const boost::program_options::variables_map& vm,
 		NodeUtility::UpdateConstant("NodeName", cn);
 		NodeUtility::UpdateConstant("ZoneName", cn);
 
-		String ticketPath = Application::GetLocalStateDir() + "/lib/icinga2/pki/ticket";
+		String ticketPath = ApiListener::GetCertsDir() + "/ticket";
 
 		String tempTicketPath = Utility::CreateTempFile(ticketPath + ".XXXXXX", 0600, fp);
 
@@ -553,9 +553,9 @@ int NodeWizardCommand::Run(const boost::program_options::variables_map& vm,
 		    << " * The API listener is used for distributed monitoring setups.\n"
 		    << " */\n"
 		    << "object ApiListener \"api\" {\n"
-		    << "  cert_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".crt\"\n"
-		    << "  key_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".key\"\n"
-		    << "  ca_path = LocalStateDir + \"/lib/icinga2/pki/ca.crt\"\n";
+		    << "  cert_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".crt\"\n"
+		    << "  key_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".key\"\n"
+		    << "  ca_path = LocalStateDir + \"/lib/icinga2/certs/ca.crt\"\n";
 
 		if (!bind_host.IsEmpty())
 			fp << "  bind_host = \"" << bind_host << "\"\n";
diff --git a/lib/remote/jsonrpcconnection-pki.cpp b/lib/remote/jsonrpcconnection-pki.cpp
index e14be3feb12..fee37a30f54 100644
--- a/lib/remote/jsonrpcconnection-pki.cpp
+++ b/lib/remote/jsonrpcconnection-pki.cpp
@@ -324,7 +324,8 @@ Value UpdateCertificateHandler(const MessageOrigin::Ptr& origin, const Dictionar
 		    << boost::errinfo_file_name(tempCertPath));
 	}
 
-	String ticketPath = Application::GetLocalStateDir() + "/lib/icinga2/pki/ticket";
+	/* Remove ticket for successful signing request. */
+	String ticketPath = ApiListener::GetCertsDir() + "/ticket";
 
 	if (unlink(ticketPath.CStr()) < 0 && errno != ENOENT) {
 		BOOST_THROW_EXCEPTION(posix_error()