🚧 Fix issue where cert cleanup fails
- Delete temp directory using FileTree visitor recursively - Update CertificateRequestBuilder to accept subject info directly from builder
This commit is contained in:
parent
98a6556bf9
commit
b5571aa2e5
6 changed files with 124 additions and 87 deletions
|
|
@ -33,25 +33,25 @@ public class OpenSSLCertificateCreator {
|
|||
|
||||
private static String buildSubjectArg(CertificateRequest request) {
|
||||
String certSubject = OPENSSL_CERT_SUBJECT_TEMPLATE.replace("ISO-COUNTRY", request.getSubject()
|
||||
.getCountry())
|
||||
.replace("STATE", request.getSubject()
|
||||
.getState())
|
||||
.replace("LOCALITY", request.getSubject()
|
||||
.getLocality())
|
||||
.replace("ORGANIZATION", request.getSubject()
|
||||
.getOrganization())
|
||||
.replace("COMMON-NAME", request.getCommonName());
|
||||
.getCountry())
|
||||
.replace("STATE", request.getSubject()
|
||||
.getState())
|
||||
.replace("LOCALITY", request.getSubject()
|
||||
.getLocality())
|
||||
.replace("ORGANIZATION", request.getSubject()
|
||||
.getOrganization())
|
||||
.replace("COMMON-NAME", request.getCommonName());
|
||||
|
||||
if (StringUtils.isNotBlank(request.getSubject()
|
||||
.getOrganizationalUnit())) {
|
||||
.getOrganizationalUnit())) {
|
||||
certSubject += "/OU=" + request.getSubject()
|
||||
.getOrganizationalUnit();
|
||||
.getOrganizationalUnit();
|
||||
}
|
||||
|
||||
if (StringUtils.isNotBlank(request.getSubject()
|
||||
.getEmailAddress())) {
|
||||
.getEmailAddress())) {
|
||||
certSubject += "/emailAddress=" + request.getSubject()
|
||||
.getEmailAddress();
|
||||
.getEmailAddress();
|
||||
}
|
||||
return certSubject;
|
||||
}
|
||||
|
|
@ -72,23 +72,23 @@ public class OpenSSLCertificateCreator {
|
|||
|
||||
private Path createKeyfile(CertificateRequest request, Path tmpDir) throws CommandLineOperationException, InterruptedException {
|
||||
Path keyFile = tmpDir.resolve("root.key")
|
||||
.toAbsolutePath();
|
||||
.toAbsolutePath();
|
||||
LOGGER.atDebug()
|
||||
.log("Writing new certificate key to {}", keyFile);
|
||||
.log("Writing new certificate key to {}", keyFile);
|
||||
|
||||
try {
|
||||
StartedProcess keygenProc = new ProcessExecutor().command(resolveOpenSSL(), "genrsa", "-out",
|
||||
keyFile.toString(),
|
||||
"-passout", "env:KEY_PASS",
|
||||
Integer.toString(request.getRequestedKeyLength()))
|
||||
.environment("KEY_PASS", request.getOid())
|
||||
.redirectOutput(Slf4jStream.ofCaller()
|
||||
.asDebug())
|
||||
.redirectError(Slf4jStream.ofCaller()
|
||||
.asError())
|
||||
.start();
|
||||
keyFile.toString(),
|
||||
"-passout", "env:KEY_PASS",
|
||||
Integer.toString(request.getRequestedKeyLength()))
|
||||
.environment("KEY_PASS", request.getOid())
|
||||
.redirectOutput(Slf4jStream.ofCaller()
|
||||
.asDebug())
|
||||
.redirectError(Slf4jStream.ofCaller()
|
||||
.asError())
|
||||
.start();
|
||||
keygenProc.getFuture()
|
||||
.get();
|
||||
.get();
|
||||
} catch (IOException e) {
|
||||
throw new CommandLineOperationException("Failure running OpenSSL keygen command.", e);
|
||||
} catch (ExecutionException e) {
|
||||
|
|
@ -99,30 +99,30 @@ public class OpenSSLCertificateCreator {
|
|||
|
||||
private Path createCertificate(CertificateRequest request, Path tmpDir) throws CommandLineOperationException, InterruptedException {
|
||||
Path keyFile = tmpDir.resolve("root.key")
|
||||
.toAbsolutePath();
|
||||
.toAbsolutePath();
|
||||
Path certFile = tmpDir.resolve("root.crt")
|
||||
.toAbsolutePath();
|
||||
.toAbsolutePath();
|
||||
LOGGER.atDebug()
|
||||
.log("Writing new certificate file {}", certFile);
|
||||
.log("Writing new certificate file {}", certFile);
|
||||
|
||||
String certSubject = buildSubjectArg(request);
|
||||
try {
|
||||
StartedProcess keygenProc = new ProcessExecutor().command(resolveOpenSSL(), "req", "x509", "-new", "-nodes",
|
||||
"-key", keyFile.toString(), "-sha256", "-days",
|
||||
Integer.toString(
|
||||
request.getRequestedValidityDays()),
|
||||
"-out",
|
||||
certFile.toString(),
|
||||
"-passout", "env:KEY_PASS", "-utf8", "-subj",
|
||||
certSubject)
|
||||
.environment("KEY_PASS", request.getOid())
|
||||
.redirectOutput(Slf4jStream.ofCaller()
|
||||
.asDebug())
|
||||
.redirectError(Slf4jStream.ofCaller()
|
||||
.asError())
|
||||
.start();
|
||||
StartedProcess keygenProc = new ProcessExecutor().command(resolveOpenSSL(), "req", "-new", "-nodes",
|
||||
"-key", keyFile.toString(), "-sha256", "-days",
|
||||
Integer.toString(
|
||||
request.getRequestedValidityDays()),
|
||||
"-out",
|
||||
certFile.toString(),
|
||||
"-passout", "env:KEY_PASS", "-utf8", "-subj",
|
||||
certSubject)
|
||||
.environment("KEY_PASS", request.getOid())
|
||||
.redirectOutput(Slf4jStream.ofCaller()
|
||||
.asDebug())
|
||||
.redirectError(Slf4jStream.ofCaller()
|
||||
.asError())
|
||||
.start();
|
||||
keygenProc.getFuture()
|
||||
.get();
|
||||
.get();
|
||||
} catch (IOException e) {
|
||||
throw new CommandLineOperationException("Failure running OpenSSL req command.", e);
|
||||
} catch (ExecutionException e) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue