fix: Check exit code of signing command
This commit is contained in:
parent
a059a60886
commit
f6eacd4d6d
2 changed files with 18 additions and 9 deletions
|
|
@ -33,6 +33,7 @@ import org.springframework.lang.NonNull;
|
||||||
import org.springframework.stereotype.Service;
|
import org.springframework.stereotype.Service;
|
||||||
import org.springframework.util.CollectionUtils;
|
import org.springframework.util.CollectionUtils;
|
||||||
import org.zeroturnaround.exec.ProcessExecutor;
|
import org.zeroturnaround.exec.ProcessExecutor;
|
||||||
|
import org.zeroturnaround.exec.ProcessResult;
|
||||||
import org.zeroturnaround.exec.StartedProcess;
|
import org.zeroturnaround.exec.StartedProcess;
|
||||||
import org.zeroturnaround.exec.stream.slf4j.Slf4jStream;
|
import org.zeroturnaround.exec.stream.slf4j.Slf4jStream;
|
||||||
|
|
||||||
|
|
@ -123,13 +124,13 @@ public class OpenSSLCertificateCreator {
|
||||||
}
|
}
|
||||||
|
|
||||||
try (var certAuthority = certificateProvider.requestCertificateUsage(request.getTrustingAuthority())) {
|
try (var certAuthority = certificateProvider.requestCertificateUsage(request.getTrustingAuthority())) {
|
||||||
Path unsignedCert = createSigningRequest(request, keyFile, tmpDir.resolve("child.csr"), keyPassphrase);
|
Path signingRequest = createSigningRequest(request, keyFile, tmpDir.resolve("child.csr"), keyPassphrase);
|
||||||
Path signedCert = signCertificate(
|
Path signedCert = signCertificate(
|
||||||
request,
|
request,
|
||||||
certAuthority.certificatePath(),
|
certAuthority.certificatePath(),
|
||||||
certAuthority.certificateKeyPath(),
|
certAuthority.certificateKeyPath(),
|
||||||
unsignedCert,
|
passwordProvider.getPasswordFor(certAuthority.fingerprint()),
|
||||||
keyPassphrase
|
signingRequest
|
||||||
);
|
);
|
||||||
String fingerprint = getCertificateFingerprint(signedCert);
|
String fingerprint = getCertificateFingerprint(signedCert);
|
||||||
passwordProvider.setPasswordFor(fingerprint, keyPassphrase);
|
passwordProvider.setPasswordFor(fingerprint, keyPassphrase);
|
||||||
|
|
@ -356,11 +357,11 @@ public class OpenSSLCertificateCreator {
|
||||||
CertificateRequest request,
|
CertificateRequest request,
|
||||||
Path caCert,
|
Path caCert,
|
||||||
Path caKey,
|
Path caKey,
|
||||||
Path csrFile,
|
String caKeyPassphrase,
|
||||||
String certPassword
|
Path csrFile
|
||||||
) throws CommandLineOperationException, InterruptedException {
|
) throws CommandLineOperationException, InterruptedException {
|
||||||
Path outFile = csrFile.resolveSibling(csrFile.getFileName().toString().replace(".csr", ".crt"));
|
Path outFile = csrFile.resolveSibling(csrFile.getFileName().toString().replace(".csr", ".crt"));
|
||||||
log.atDebug().log("Writing new signed certificate file {}", outFile);
|
log.debug("Writing new signed certificate file {}", outFile);
|
||||||
Path extFile = csrFile.resolveSibling(csrFile.getFileName().toString().replace(".csr", ".ext"));
|
Path extFile = csrFile.resolveSibling(csrFile.getFileName().toString().replace(".csr", ".ext"));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
|
@ -395,7 +396,8 @@ public class OpenSSLCertificateCreator {
|
||||||
|
|
||||||
StartedProcess certGenProc = null;
|
StartedProcess certGenProc = null;
|
||||||
try {
|
try {
|
||||||
certGenProc = new ProcessExecutor()
|
certGenProc =
|
||||||
|
new ProcessExecutor()
|
||||||
.command(
|
.command(
|
||||||
resolveOpenSSL(),
|
resolveOpenSSL(),
|
||||||
"x509",
|
"x509",
|
||||||
|
|
@ -409,15 +411,23 @@ public class OpenSSLCertificateCreator {
|
||||||
"-CAkey",
|
"-CAkey",
|
||||||
caKey.toString(),
|
caKey.toString(),
|
||||||
"-CAcreateserial",
|
"-CAcreateserial",
|
||||||
|
"-passin",
|
||||||
|
OSSL_ARG_KEY_PW,
|
||||||
"-out",
|
"-out",
|
||||||
outFile.toString(),
|
outFile.toString(),
|
||||||
"-extfile",
|
"-extfile",
|
||||||
extFile.toString()
|
extFile.toString()
|
||||||
)
|
)
|
||||||
|
.environment(OSSL_ENV_KEY_PW, caKeyPassphrase)
|
||||||
.redirectOutput(Slf4jStream.of(openSSLLogger).asDebug())
|
.redirectOutput(Slf4jStream.of(openSSLLogger).asDebug())
|
||||||
.redirectError(Slf4jStream.of(openSSLLogger).asError())
|
.redirectError(Slf4jStream.of(openSSLLogger).asError())
|
||||||
.start();
|
.start();
|
||||||
certGenProc.getFuture().get(30, TimeUnit.SECONDS);
|
ProcessResult result = certGenProc.getFuture().get(30, TimeUnit.SECONDS);
|
||||||
|
// Check exit code
|
||||||
|
if (result.getExitValue() != 0) {
|
||||||
|
throw new CommandLineOperationException("Failed to sign certificate. Exit code: " + result.getExitValue());
|
||||||
|
}
|
||||||
|
|
||||||
} catch (IOException | TimeoutException e) {
|
} catch (IOException | TimeoutException e) {
|
||||||
throw new CommandLineOperationException("Failure running OpenSSL x509 command.", e);
|
throw new CommandLineOperationException("Failure running OpenSSL x509 command.", e);
|
||||||
} catch (ExecutionException e) {
|
} catch (ExecutionException e) {
|
||||||
|
|
|
||||||
|
|
@ -45,7 +45,6 @@ public class OpenSSLCertificateResult implements CertificateUsage {
|
||||||
}
|
}
|
||||||
|
|
||||||
private void cleanupDir(boolean retryOnExit) {
|
private void cleanupDir(boolean retryOnExit) {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
log.info("Cleaning up temporary output directory {}", tmpDir);
|
log.info("Cleaning up temporary output directory {}", tmpDir);
|
||||||
Files.walkFileTree(tmpDir, Set.of(), Integer.MAX_VALUE, new DeleteRecursiveFileVisitor());
|
Files.walkFileTree(tmpDir, Set.of(), Integer.MAX_VALUE, new DeleteRecursiveFileVisitor());
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue