chore: Add version logging for OpenSSL
This commit is contained in:
parent
f2ed523285
commit
d271be988f
4 changed files with 58 additions and 33 deletions
|
|
@ -3,7 +3,6 @@ package de.mlessmann.certassist.openssl;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Objects;
|
import java.util.Objects;
|
||||||
import java.util.stream.Stream;
|
import java.util.stream.Stream;
|
||||||
|
|
||||||
import lombok.Builder;
|
import lombok.Builder;
|
||||||
import lombok.Getter;
|
import lombok.Getter;
|
||||||
|
|
||||||
|
|
@ -17,11 +16,13 @@ public class CertificateRequestExtension {
|
||||||
|
|
||||||
public CertificateRequestExtensionBuilder alternativeNames(String... altNames) {
|
public CertificateRequestExtensionBuilder alternativeNames(String... altNames) {
|
||||||
Objects.requireNonNull(altNames, "Alternative names must not be null (but can be empty)");
|
Objects.requireNonNull(altNames, "Alternative names must not be null (but can be empty)");
|
||||||
this.alternativeNames = Stream.of(altNames)
|
this.alternativeNames =
|
||||||
.filter(Objects::nonNull)
|
Stream
|
||||||
.map(String::trim)
|
.of(altNames)
|
||||||
.map(name -> name.replaceAll("^DNS:", ""))
|
.filter(Objects::nonNull)
|
||||||
.toList();
|
.map(String::trim)
|
||||||
|
.map(name -> name.replaceAll("^DNS:", ""))
|
||||||
|
.toList();
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,7 @@ import java.nio.file.StandardOpenOption;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Optional;
|
import java.util.Optional;
|
||||||
import java.util.concurrent.ExecutionException;
|
import java.util.concurrent.ExecutionException;
|
||||||
|
import java.util.concurrent.atomic.AtomicBoolean;
|
||||||
import java.util.concurrent.atomic.AtomicInteger;
|
import java.util.concurrent.atomic.AtomicInteger;
|
||||||
import java.util.regex.Matcher;
|
import java.util.regex.Matcher;
|
||||||
import java.util.regex.Pattern;
|
import java.util.regex.Pattern;
|
||||||
|
|
@ -49,6 +50,7 @@ public class OpenSSLCertificateCreator {
|
||||||
private static final Pattern FINGERPRINT_EXTRACTOR = Pattern.compile(
|
private static final Pattern FINGERPRINT_EXTRACTOR = Pattern.compile(
|
||||||
"^(?<algo>[0-9a-zA-Z]+) (?i)Fingerprint(?-i)=(?<finger>[a-z:A-Z0-9]+)"
|
"^(?<algo>[0-9a-zA-Z]+) (?i)Fingerprint(?-i)=(?<finger>[a-z:A-Z0-9]+)"
|
||||||
);
|
);
|
||||||
|
private final AtomicBoolean versionLogged = new AtomicBoolean(false);
|
||||||
|
|
||||||
private final ExecutableResolver executableResolver;
|
private final ExecutableResolver executableResolver;
|
||||||
private final CertificatePasswordProvider passwordProvider;
|
private final CertificatePasswordProvider passwordProvider;
|
||||||
|
|
@ -426,7 +428,7 @@ public class OpenSSLCertificateCreator {
|
||||||
if (infoResult.getExitValue() != 0) {
|
if (infoResult.getExitValue() != 0) {
|
||||||
log.debug("Certificate info command output:\n{}", output);
|
log.debug("Certificate info command output:\n{}", output);
|
||||||
throw new CommandLineOperationException(
|
throw new CommandLineOperationException(
|
||||||
"Failed to get info of path. Exit code: %d".formatted(infoResult.getExitValue())
|
"Failed to get info of path. Exit code: %d".formatted(infoResult.getExitValue())
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
return getCertificateInfo(output.lines().toArray(String[]::new));
|
return getCertificateInfo(output.lines().toArray(String[]::new));
|
||||||
|
|
@ -437,7 +439,28 @@ public class OpenSSLCertificateCreator {
|
||||||
|
|
||||||
private String resolveOpenSSL() throws CommandLineOperationException {
|
private String resolveOpenSSL() throws CommandLineOperationException {
|
||||||
try {
|
try {
|
||||||
return executableResolver.getOpenSSLPath();
|
String path = executableResolver.getOpenSSLPath();
|
||||||
|
if (!versionLogged.get()) {
|
||||||
|
try {
|
||||||
|
StartedProcess versionProc = new ProcessExecutor()
|
||||||
|
.command(path, "version")
|
||||||
|
.readOutput(true)
|
||||||
|
.redirectError(Slf4jStream.ofCaller().asError())
|
||||||
|
.start();
|
||||||
|
var versionResult = versionProc.getFuture().get();
|
||||||
|
if (versionResult.getExitValue() != 0) {
|
||||||
|
throw new CommandLineOperationException(
|
||||||
|
"Failed to get OpenSSL version. Exit code: " + versionResult.getExitValue()
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
log.info("Using OpenSSL version: {}", versionResult.getOutput().getUTF8());
|
||||||
|
versionLogged.set(true);
|
||||||
|
} catch (IOException | InterruptedException | ExecutionException e) {
|
||||||
|
throw new CommandLineOperationException("Failed to get OpenSSL version", e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return path;
|
||||||
} catch (UnresolvableCLIDependency e) {
|
} catch (UnresolvableCLIDependency e) {
|
||||||
throw new CommandLineOperationException(e);
|
throw new CommandLineOperationException(e);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,17 +1,16 @@
|
||||||
package de.mlessmann.certassist;
|
package de.mlessmann.certassist;
|
||||||
|
|
||||||
|
import static org.assertj.core.api.Assertions.assertThat;
|
||||||
|
|
||||||
import de.mlessmann.certassist.openssl.CertificateRequest;
|
import de.mlessmann.certassist.openssl.CertificateRequest;
|
||||||
import de.mlessmann.certassist.openssl.CertificateRequestExtension;
|
import de.mlessmann.certassist.openssl.CertificateRequestExtension;
|
||||||
import de.mlessmann.certassist.openssl.CertificateSubject;
|
import de.mlessmann.certassist.openssl.CertificateSubject;
|
||||||
import de.mlessmann.certassist.service.CertificateCreationService;
|
import de.mlessmann.certassist.service.CertificateCreationService;
|
||||||
|
import java.nio.file.Path;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.boot.test.context.SpringBootTest;
|
import org.springframework.boot.test.context.SpringBootTest;
|
||||||
|
|
||||||
import java.nio.file.Path;
|
|
||||||
|
|
||||||
import static org.assertj.core.api.Assertions.assertThat;
|
|
||||||
|
|
||||||
@SpringBootTest
|
@SpringBootTest
|
||||||
public class CertificateServiceTest {
|
public class CertificateServiceTest {
|
||||||
|
|
||||||
|
|
@ -20,18 +19,20 @@ public class CertificateServiceTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void testCanCreateCertificate() {
|
void testCanCreateCertificate() {
|
||||||
var request = CertificateRequest.builder()
|
var request = CertificateRequest
|
||||||
.type(CertificateRequest.RequestType.STANDALONE_CERTIFICATE)
|
.builder()
|
||||||
.subject(
|
.type(CertificateRequest.RequestType.STANDALONE_CERTIFICATE)
|
||||||
CertificateSubject.builder()
|
.subject(
|
||||||
.commonName("cert.creation")
|
CertificateSubject
|
||||||
.country("DE")
|
.builder()
|
||||||
.state("SH")
|
.commonName("cert.creation")
|
||||||
.locality("HH")
|
.country("DE")
|
||||||
.organization("Crazy-Cats")
|
.state("SH")
|
||||||
)
|
.locality("HH")
|
||||||
.extension(CertificateRequestExtension.builder().alternativeNames("test2.home", "test3.home"))
|
.organization("Crazy-Cats")
|
||||||
.build();
|
)
|
||||||
|
.extension(CertificateRequestExtension.builder().alternativeNames("test2.home", "test3.home"))
|
||||||
|
.build();
|
||||||
var cert = certificateService.createCertificate(request);
|
var cert = certificateService.createCertificate(request);
|
||||||
assertThat(cert).isNotNull();
|
assertThat(cert).isNotNull();
|
||||||
assertThat(cert.getId()).isGreaterThan("0");
|
assertThat(cert.getId()).isGreaterThan("0");
|
||||||
|
|
@ -40,8 +41,11 @@ public class CertificateServiceTest {
|
||||||
@Test
|
@Test
|
||||||
void testCanImportCertificate() {
|
void testCanImportCertificate() {
|
||||||
Path certDir = TestOpenSSLCertificateCreator.TEST_CERT_PATH;
|
Path certDir = TestOpenSSLCertificateCreator.TEST_CERT_PATH;
|
||||||
var importedCert = certificateService.importCertificate(certDir.resolve("x509forImport.pem"),
|
var importedCert = certificateService.importCertificate(
|
||||||
certDir.resolve("x509forImport.key.pem"), TestOpenSSLCertificateCreator.TEST_CERT_PASSPHRASE);
|
certDir.resolve("x509forImport.pem"),
|
||||||
|
certDir.resolve("x509forImport.key.pem"),
|
||||||
|
TestOpenSSLCertificateCreator.TEST_CERT_PASSPHRASE
|
||||||
|
);
|
||||||
assertThat(importedCert).isNotNull();
|
assertThat(importedCert).isNotNull();
|
||||||
assertThat(importedCert.getId()).isGreaterThan("0");
|
assertThat(importedCert.getId()).isGreaterThan("0");
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -66,10 +66,7 @@ class TestOpenSSLCertificateCreator {
|
||||||
.locality("HH")
|
.locality("HH")
|
||||||
.organization("Crazy-Cats")
|
.organization("Crazy-Cats")
|
||||||
)
|
)
|
||||||
.extension(
|
.extension(CertificateRequestExtension.builder().alternativeNames("test2.local", "test3.local"))
|
||||||
CertificateRequestExtension.builder()
|
|
||||||
.alternativeNames("test2.local", "test3.local")
|
|
||||||
)
|
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
var spiedCert = spy(cert);
|
var spiedCert = spy(cert);
|
||||||
|
|
@ -91,9 +88,9 @@ class TestOpenSSLCertificateCreator {
|
||||||
CertificateProvider certificateProvider = mock(CertificateProvider.class);
|
CertificateProvider certificateProvider = mock(CertificateProvider.class);
|
||||||
ExecutableResolver executableResolver = new ExecutableResolver();
|
ExecutableResolver executableResolver = new ExecutableResolver();
|
||||||
var certificateCreator = new OpenSSLCertificateCreator(
|
var certificateCreator = new OpenSSLCertificateCreator(
|
||||||
executableResolver,
|
executableResolver,
|
||||||
passwordProvider,
|
passwordProvider,
|
||||||
certificateProvider
|
certificateProvider
|
||||||
);
|
);
|
||||||
|
|
||||||
var request = certificateCreator.getCertificateInfo(TEST_CERT_PATH.resolve("x509forImportCA.pem"));
|
var request = certificateCreator.getCertificateInfo(TEST_CERT_PATH.resolve("x509forImportCA.pem"));
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue