Mark.TwoFive/home-cert-assistant
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Wiki Activity Actions

🚧 Fix issue where cert cleanup fails

Browse source 
- Delete temp directory using FileTree visitor recursively
- Update CertificateRequestBuilder to accept subject info directly from
  builder
This commit is contained in:
Magnus Leßmann (@MarkL4YG) 2024-11-17 18:13:50 +01:00
parent 98a6556bf9
commit b5571aa2e5
6 changed files with 124 additions and 87 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

47
src/main/java/de/mlessmann/certassist/DeleteRecursiveFileVisitor.java Normal file
View file

@ -0,0 +1,47 @@
package de.mlessmann.certassist;
import org.slf4j.Logger;
import org.springframework.lang.NonNull;
import java.io.IOException;
import java.nio.file.FileVisitResult;
import java.nio.file.FileVisitor;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.attribute.BasicFileAttributes;
import static org.slf4j.LoggerFactory.getLogger;
public class DeleteRecursiveFileVisitor implements FileVisitor<Path> {
private static final Logger LOGGER = getLogger(DeleteRecursiveFileVisitor.class);
@NonNull
@Override
public FileVisitResult preVisitDirectory(Path dir, @NonNull BasicFileAttributes attrs) throws IOException {
return FileVisitResult.CONTINUE;
}
@NonNull
@Override
public FileVisitResult visitFile(Path file, @NonNull BasicFileAttributes attrs) throws IOException {
LOGGER.trace("Deleting file {}", file);
Files.delete(file);
return FileVisitResult.CONTINUE;
}
@NonNull
@Override
public FileVisitResult visitFileFailed(Path file, @NonNull IOException exc) throws IOException {
LOGGER.error("Could not delete file {}", file, exc);
throw exc;
}
@NonNull
@Override
public FileVisitResult postVisitDirectory(Path dir, IOException exc) throws IOException {
LOGGER.trace("Deleting directory {}", dir);
Files.delete(dir);
return FileVisitResult.CONTINUE;
}
}

33
src/main/java/de/mlessmann/certassist/except/UnresolvableCLIDependency.java
View file

@ -1,17 +1,16 @@
package de.mlessmann.certassist.except; package de.mlessmann.certassist.except;
import lombok.Getter; import lombok.Getter;
public class UnresolvableCLIDependency extends Exception { @Getter
public class UnresolvableCLIDependency extends Exception {
@Getter
private final String executableName; private final String executableName;
@Getter private final String propertyName;
private final String propertyName;
public UnresolvableCLIDependency(String executableName, String propertyName) {
public UnresolvableCLIDependency(String executableName, String propertyName) { super("Could not resolve executable for '%s'. (Use property '%s' to point the application directly to the executable.)".formatted(executableName, propertyName));
super("Could not resolve executable for '%s'. (Use property '%s' to point the application directly to the executable.)".formatted(executableName, propertyName)); this.executableName = executableName;
this.executableName = executableName; this.propertyName = propertyName;
this.propertyName = propertyName; }
} }
}

34
src/main/java/de/mlessmann/certassist/openssl/CertificateRequest.java
View file

@ -1,50 +1,36 @@
package de.mlessmann.certassist.openssl; package de.mlessmann.certassist.openssl;
import lombok.Builder; import lombok.Builder;
import lombok.Getter; import lombok.Data;
import lombok.Setter;
import java.util.UUID; import java.util.UUID;
@Data
@Builder @Builder
public class CertificateRequest { public class CertificateRequest {
@Getter
@Setter
@Builder.Default @Builder.Default
private String oid = UUID.randomUUID().toString(); private String oid = UUID.randomUUID().toString();
@Getter
@Setter
private RequestType type; private RequestType type;
@Getter
@Setter
private String commonName; private String commonName;
@Getter
@Setter
private String trustingAuthority; private String trustingAuthority;
@Getter
@Setter
@Builder.Default @Builder.Default
private int requestedKeyLength = 4096; private int requestedKeyLength = 4096;
@Getter
@Setter
@Builder.Default @Builder.Default
private int requestedValidityDays = 365; private int requestedValidityDays = 365;
private CertificateSubject subject;
@Getter
@Setter
@Builder.Default
private CertificateSubject subject = CertificateSubject.builder().build();
public enum RequestType { public enum RequestType {
ROOT_AUTHORITY, ROOT_AUTHORITY,
STANDALONE_CERTIFICATE, STANDALONE_CERTIFICATE,
NORMAL_CERTIFICATE NORMAL_CERTIFICATE
} }
public static class CertificateRequestBuilder {
public CertificateRequestBuilder subject(CertificateSubject.CertificateSubjectBuilder builder) {
this.subject = builder.build();
return this;
}
}
} }

84
src/main/java/de/mlessmann/certassist/openssl/OpenSSLCertificateCreator.java
View file

@ -33,25 +33,25 @@ public class OpenSSLCertificateCreator {
private static String buildSubjectArg(CertificateRequest request) { private static String buildSubjectArg(CertificateRequest request) {
String certSubject = OPENSSL_CERT_SUBJECT_TEMPLATE.replace("ISO-COUNTRY", request.getSubject() String certSubject = OPENSSL_CERT_SUBJECT_TEMPLATE.replace("ISO-COUNTRY", request.getSubject()
.getCountry()) .getCountry())
.replace("STATE", request.getSubject() .replace("STATE", request.getSubject()
.getState()) .getState())
.replace("LOCALITY", request.getSubject() .replace("LOCALITY", request.getSubject()
.getLocality()) .getLocality())
.replace("ORGANIZATION", request.getSubject() .replace("ORGANIZATION", request.getSubject()
.getOrganization()) .getOrganization())
.replace("COMMON-NAME", request.getCommonName()); .replace("COMMON-NAME", request.getCommonName());
if (StringUtils.isNotBlank(request.getSubject() if (StringUtils.isNotBlank(request.getSubject()
.getOrganizationalUnit())) { .getOrganizationalUnit())) {
certSubject += "/OU=" + request.getSubject() certSubject += "/OU=" + request.getSubject()
.getOrganizationalUnit(); .getOrganizationalUnit();
} }
if (StringUtils.isNotBlank(request.getSubject() if (StringUtils.isNotBlank(request.getSubject()
.getEmailAddress())) { .getEmailAddress())) {
certSubject += "/emailAddress=" + request.getSubject() certSubject += "/emailAddress=" + request.getSubject()
.getEmailAddress(); .getEmailAddress();
} }
return certSubject; return certSubject;
} }
@ -72,23 +72,23 @@ public class OpenSSLCertificateCreator {
private Path createKeyfile(CertificateRequest request, Path tmpDir) throws CommandLineOperationException, InterruptedException { private Path createKeyfile(CertificateRequest request, Path tmpDir) throws CommandLineOperationException, InterruptedException {
Path keyFile = tmpDir.resolve("root.key") Path keyFile = tmpDir.resolve("root.key")
.toAbsolutePath(); .toAbsolutePath();
LOGGER.atDebug() LOGGER.atDebug()
.log("Writing new certificate key to {}", keyFile); .log("Writing new certificate key to {}", keyFile);
try { try {
StartedProcess keygenProc = new ProcessExecutor().command(resolveOpenSSL(), "genrsa", "-out", StartedProcess keygenProc = new ProcessExecutor().command(resolveOpenSSL(), "genrsa", "-out",
keyFile.toString(), keyFile.toString(),
"-passout", "env:KEY_PASS", "-passout", "env:KEY_PASS",
Integer.toString(request.getRequestedKeyLength())) Integer.toString(request.getRequestedKeyLength()))
.environment("KEY_PASS", request.getOid()) .environment("KEY_PASS", request.getOid())
.redirectOutput(Slf4jStream.ofCaller() .redirectOutput(Slf4jStream.ofCaller()
.asDebug()) .asDebug())
.redirectError(Slf4jStream.ofCaller() .redirectError(Slf4jStream.ofCaller()
.asError()) .asError())
.start(); .start();
keygenProc.getFuture() keygenProc.getFuture()
.get(); .get();
} catch (IOException e) { } catch (IOException e) {
throw new CommandLineOperationException("Failure running OpenSSL keygen command.", e); throw new CommandLineOperationException("Failure running OpenSSL keygen command.", e);
} catch (ExecutionException e) { } catch (ExecutionException e) {
@ -99,30 +99,30 @@ public class OpenSSLCertificateCreator {
private Path createCertificate(CertificateRequest request, Path tmpDir) throws CommandLineOperationException, InterruptedException { private Path createCertificate(CertificateRequest request, Path tmpDir) throws CommandLineOperationException, InterruptedException {
Path keyFile = tmpDir.resolve("root.key") Path keyFile = tmpDir.resolve("root.key")
.toAbsolutePath(); .toAbsolutePath();
Path certFile = tmpDir.resolve("root.crt") Path certFile = tmpDir.resolve("root.crt")
.toAbsolutePath(); .toAbsolutePath();
LOGGER.atDebug() LOGGER.atDebug()
.log("Writing new certificate file {}", certFile); .log("Writing new certificate file {}", certFile);
String certSubject = buildSubjectArg(request); String certSubject = buildSubjectArg(request);
try { try {
StartedProcess keygenProc = new ProcessExecutor().command(resolveOpenSSL(), "req", "x509", "-new", "-nodes", StartedProcess keygenProc = new ProcessExecutor().command(resolveOpenSSL(), "req", "-new", "-nodes",
"-key", keyFile.toString(), "-sha256", "-days", "-key", keyFile.toString(), "-sha256", "-days",
Integer.toString( Integer.toString(
request.getRequestedValidityDays()), request.getRequestedValidityDays()),
"-out", "-out",
certFile.toString(), certFile.toString(),
"-passout", "env:KEY_PASS", "-utf8", "-subj", "-passout", "env:KEY_PASS", "-utf8", "-subj",
certSubject) certSubject)
.environment("KEY_PASS", request.getOid()) .environment("KEY_PASS", request.getOid())
.redirectOutput(Slf4jStream.ofCaller() .redirectOutput(Slf4jStream.ofCaller()
.asDebug()) .asDebug())
.redirectError(Slf4jStream.ofCaller() .redirectError(Slf4jStream.ofCaller()
.asError()) .asError())
.start(); .start();
keygenProc.getFuture() keygenProc.getFuture()
.get(); .get();
} catch (IOException e) { } catch (IOException e) {
throw new CommandLineOperationException("Failure running OpenSSL req command.", e); throw new CommandLineOperationException("Failure running OpenSSL req command.", e);
} catch (ExecutionException e) { } catch (ExecutionException e) {

4
src/main/java/de/mlessmann/certassist/openssl/OpenSSLCertificateResult.java
View file

@ -1,10 +1,12 @@
package de.mlessmann.certassist.openssl; package de.mlessmann.certassist.openssl;
import de.mlessmann.certassist.DeleteRecursiveFileVisitor;
import org.slf4j.Logger; import org.slf4j.Logger;
import java.io.IOException; import java.io.IOException;
import java.nio.file.Files; import java.nio.file.Files;
import java.nio.file.Path; import java.nio.file.Path;
import java.util.Set;
import static org.slf4j.LoggerFactory.getLogger; import static org.slf4j.LoggerFactory.getLogger;
@ -21,6 +23,6 @@ public class OpenSSLCertificateResult implements AutoCloseable {
@Override @Override
public void close() throws IOException { public void close() throws IOException {
LOGGER.info("Cleaning up temporary output directory {}", tmpDir); LOGGER.info("Cleaning up temporary output directory {}", tmpDir);
Files.deleteIfExists(tmpDir); Files.walkFileTree(tmpDir, Set.of(), Integer.MAX_VALUE, new DeleteRecursiveFileVisitor());
} }
} }

9
src/test/java/de/mlessmann/certassist/TestOpenSSLCertificateCreator.java
View file

@ -2,6 +2,7 @@ package de.mlessmann.certassist;
import de.mlessmann.certassist.openssl.CertificateRequest; import de.mlessmann.certassist.openssl.CertificateRequest;
import de.mlessmann.certassist.openssl.CertificateRequest.RequestType; import de.mlessmann.certassist.openssl.CertificateRequest.RequestType;
import de.mlessmann.certassist.openssl.CertificateSubject;
import de.mlessmann.certassist.openssl.OpenSSLCertificateCreator; import de.mlessmann.certassist.openssl.OpenSSLCertificateCreator;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@ -19,9 +20,11 @@ public class TestOpenSSLCertificateCreator {
@Test @Test
void testCertificateCreation() throws Exception { void testCertificateCreation() throws Exception {
CertificateRequest certRequest = CertificateRequest.builder() CertificateRequest certRequest = CertificateRequest.builder()
.commonName("test.home") .commonName("test.home")
.type(RequestType.STANDALONE_CERTIFICATE) .type(RequestType.STANDALONE_CERTIFICATE)
.build(); .subject(CertificateSubject.builder().country("DE").state("SH")
.locality("").organization("Crazy-Cats"))
.build();
try (var cert = openSSLCertificateCreator.createCertificate(certRequest)) { try (var cert = openSSLCertificateCreator.createCertificate(certRequest)) {
System.out.println("Certificate created: " + cert); System.out.println("Certificate created: " + cert);