fix: Check exit code of signing command
This commit is contained in:
parent
a059a60886
commit
f6eacd4d6d
2 changed files with 18 additions and 9 deletions
|
|
@ -33,6 +33,7 @@ import org.springframework.lang.NonNull;
|
|||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.util.CollectionUtils;
|
||||
import org.zeroturnaround.exec.ProcessExecutor;
|
||||
import org.zeroturnaround.exec.ProcessResult;
|
||||
import org.zeroturnaround.exec.StartedProcess;
|
||||
import org.zeroturnaround.exec.stream.slf4j.Slf4jStream;
|
||||
|
||||
|
|
@ -123,13 +124,13 @@ public class OpenSSLCertificateCreator {
|
|||
}
|
||||
|
||||
try (var certAuthority = certificateProvider.requestCertificateUsage(request.getTrustingAuthority())) {
|
||||
Path unsignedCert = createSigningRequest(request, keyFile, tmpDir.resolve("child.csr"), keyPassphrase);
|
||||
Path signingRequest = createSigningRequest(request, keyFile, tmpDir.resolve("child.csr"), keyPassphrase);
|
||||
Path signedCert = signCertificate(
|
||||
request,
|
||||
certAuthority.certificatePath(),
|
||||
certAuthority.certificateKeyPath(),
|
||||
unsignedCert,
|
||||
keyPassphrase
|
||||
passwordProvider.getPasswordFor(certAuthority.fingerprint()),
|
||||
signingRequest
|
||||
);
|
||||
String fingerprint = getCertificateFingerprint(signedCert);
|
||||
passwordProvider.setPasswordFor(fingerprint, keyPassphrase);
|
||||
|
|
@ -356,11 +357,11 @@ public class OpenSSLCertificateCreator {
|
|||
CertificateRequest request,
|
||||
Path caCert,
|
||||
Path caKey,
|
||||
Path csrFile,
|
||||
String certPassword
|
||||
String caKeyPassphrase,
|
||||
Path csrFile
|
||||
) throws CommandLineOperationException, InterruptedException {
|
||||
Path outFile = csrFile.resolveSibling(csrFile.getFileName().toString().replace(".csr", ".crt"));
|
||||
log.atDebug().log("Writing new signed certificate file {}", outFile);
|
||||
log.debug("Writing new signed certificate file {}", outFile);
|
||||
Path extFile = csrFile.resolveSibling(csrFile.getFileName().toString().replace(".csr", ".ext"));
|
||||
|
||||
try {
|
||||
|
|
@ -395,7 +396,8 @@ public class OpenSSLCertificateCreator {
|
|||
|
||||
StartedProcess certGenProc = null;
|
||||
try {
|
||||
certGenProc = new ProcessExecutor()
|
||||
certGenProc =
|
||||
new ProcessExecutor()
|
||||
.command(
|
||||
resolveOpenSSL(),
|
||||
"x509",
|
||||
|
|
@ -409,15 +411,23 @@ public class OpenSSLCertificateCreator {
|
|||
"-CAkey",
|
||||
caKey.toString(),
|
||||
"-CAcreateserial",
|
||||
"-passin",
|
||||
OSSL_ARG_KEY_PW,
|
||||
"-out",
|
||||
outFile.toString(),
|
||||
"-extfile",
|
||||
extFile.toString()
|
||||
)
|
||||
.environment(OSSL_ENV_KEY_PW, caKeyPassphrase)
|
||||
.redirectOutput(Slf4jStream.of(openSSLLogger).asDebug())
|
||||
.redirectError(Slf4jStream.of(openSSLLogger).asError())
|
||||
.start();
|
||||
certGenProc.getFuture().get(30, TimeUnit.SECONDS);
|
||||
ProcessResult result = certGenProc.getFuture().get(30, TimeUnit.SECONDS);
|
||||
// Check exit code
|
||||
if (result.getExitValue() != 0) {
|
||||
throw new CommandLineOperationException("Failed to sign certificate. Exit code: " + result.getExitValue());
|
||||
}
|
||||
|
||||
} catch (IOException | TimeoutException e) {
|
||||
throw new CommandLineOperationException("Failure running OpenSSL x509 command.", e);
|
||||
} catch (ExecutionException e) {
|
||||
|
|
|
|||
|
|
@ -45,7 +45,6 @@ public class OpenSSLCertificateResult implements CertificateUsage {
|
|||
}
|
||||
|
||||
private void cleanupDir(boolean retryOnExit) {
|
||||
|
||||
try {
|
||||
log.info("Cleaning up temporary output directory {}", tmpDir);
|
||||
Files.walkFileTree(tmpDir, Set.of(), Integer.MAX_VALUE, new DeleteRecursiveFileVisitor());
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue