use of org.aesh.command.CommandException in project wildfly-core by wildfly.
the class AbstractEnableSSLCommand method validateOptions.
private SSLSecurityBuilder validateOptions(CommandContext ctx) throws CommandException, IOException, OperationFormatException {
if (keystoreName == null && keystorePath == null && !interactive) {
throw new CommandException("One of " + formatOption(OPT_INTERACTIVE) + ", " + formatOption(OPT_KEY_STORE_NAME) + ", " + formatOption(OPT_KEY_STORE_PATH) + " must be set");
}
SSLSecurityBuilder builder = null;
if (keystorePath != null) {
if (keystoreName != null) {
throw new CommandException(formatOption(OPT_KEY_STORE_NAME) + " can't be used with " + formatOption(OPT_KEY_STORE_PATH));
}
File path;
if (keystorePathRelativeTo != null) {
path = new File(keystorePath.getOriginalPath());
} else {
path = keystorePath;
if (!path.exists()) {
throw new CommandException("File " + path + " doesn't exist.");
}
}
KeyStorePathSecurityBuilder kspBuilder = new KeyStorePathSecurityBuilder(path, keystorePassword);
kspBuilder.setRelativeTo(keystorePathRelativeTo).setType(keyStoreType).setName(newKeystoreName);
builder = kspBuilder;
}
if (keystoreName != null) {
if (builder != null) {
invalidUseCase();
}
if (newKeystoreName != null || keystorePassword != null || keyStoreType != null || keystorePathRelativeTo != null || keystorePath != null) {
throw new CommandException("key-store file related options can't be used with " + formatOption(OPT_KEY_STORE_NAME));
}
if (!ElytronUtil.keyStoreExists(ctx, keystoreName)) {
throw new CommandException("key-store " + keystoreName + " doesn't exist");
}
builder = new KeyStoreNameSecurityBuilder(keystoreName);
}
if (interactive) {
// Fully handled by prompting.
if (builder != null) {
invalidUseCase();
}
checkKeyStoreOperationsSupported(ctx, OPT_INTERACTIVE);
builder = new InteractiveSecurityBuilder(getDefaultKeyStoreFileName(ctx), getDefaultTrustStoreFileName(ctx), useLetsEncrypt, caAccount);
}
if (trustedCertificatePath != null) {
checkKeyStoreOperationsSupported(ctx, OPT_TRUSTED_CERTIFICATE_PATH);
if (!trustedCertificatePath.exists()) {
throw new CommandException("The client certificate path " + trustedCertificatePath + " doesn't exist");
}
if (trustStoreName != null) {
throw new CommandException(formatOption(OPT_TRUST_STORE_NAME) + " can't be used when " + formatOption(OPT_TRUSTED_CERTIFICATE_PATH) + " is in use");
}
}
if (trustStoreName != null) {
if (!ElytronUtil.keyStoreExists(ctx, trustStoreName)) {
throw new CommandException("key-store " + trustStoreName + " doesn't exist");
}
}
if (builder != null) {
builder.setTrustedCertificatePath(trustedCertificatePath);
builder.setValidateCertificate(!noTrustedCertificateValidation);
builder.setTrustStoreFileName(trustStoreFileName);
builder.setTrustStoreFilePassword(trustStoreFilePassword);
builder.setTrustStoreName(trustStoreName);
builder.setNewTrustStoreName(newTrustStoreName);
builder.setNewTrustManagerName(newTrustManagerName);
builder.setKeyManagerName(newKeyManagerName);
builder.setSSLContextName(newSslContextName);
}
return builder;
}
use of org.aesh.command.CommandException in project wildfly-core by wildfly.
the class SSLSecurityBuilder method failureOccured.
@Override
public void failureOccured(CommandContext ctx, ModelNode mn) throws CommandException {
StringBuilder builder = new StringBuilder();
boolean failure = false;
// A step failed
if (mn != null) {
String desc = getFailedStepDescription(ctx, mn);
builder.append(desc).append("\n");
failure = true;
}
try {
// REMOVE WHEN WFCORE-3491 is fixed.
if (generatedTrustStore != null) {
ModelNode req = ElytronUtil.removeKeyStore(ctx, generatedTrustStore);
SecurityCommand.execute(ctx, req, SecurityCommand.DEFAULT_FAILURE_CONSUMER, false);
}
} catch (Exception ex) {
builder.append("Error while cleaning up key-stores " + ex).append("\n");
failure = true;
} finally {
try {
doFailureOccured(ctx);
} catch (Exception ex) {
builder.append("Error while cleaning up " + ex);
failure = true;
}
}
if (failure) {
throw new CommandException(builder.toString());
}
}
use of org.aesh.command.CommandException in project wildfly-core by wildfly.
the class SSLSecurityBuilder method buildKeyManager.
private KeyManager buildKeyManager(CommandContext ctx, String ksManagerName, KeyStore keyStore) throws Exception {
boolean lookupExisting = false;
if (ksManagerName == null) {
ksManagerName = DefaultResourceNames.buildDefaultKeyManagerName(ctx, keyStore.getName());
lookupExisting = true;
} else if (ElytronUtil.keyManagerExists(ctx, ksManagerName)) {
throw new CommandException("The key-manager " + ksManagerName + " already exists");
}
String name = null;
boolean exists = false;
// the KeyManager doesn't exist and no name has been provided
if (keyStore.exists() && lookupExisting) {
name = ElytronUtil.findMatchingKeyManager(ctx, keyStore, null, null);
}
if (name == null) {
name = ksManagerName;
final String kmName = name;
addStep(ElytronUtil.addKeyManager(ctx, keyStore, ksManagerName, null, null), new FailureDescProvider() {
@Override
public String stepFailedDescription() {
return "Adding key-manager " + kmName;
}
});
} else {
exists = true;
}
return new KeyManager(name, keyStore, exists);
}
use of org.aesh.command.CommandException in project wildfly-core by wildfly.
the class SSLSecurityBuilder method buildServerSSLContext.
private ServerSSLContext buildServerSSLContext(CommandContext ctx, KeyManager manager, KeyManager trustManager) throws Exception {
boolean lookupExisting = false;
if (sslContextName == null) {
sslContextName = DefaultResourceNames.buildDefaultSSLContextName(ctx, manager.getKeyStore().getName());
lookupExisting = true;
} else if (ElytronUtil.serverSSLContextExists(ctx, sslContextName)) {
throw new CommandException("The ssl-context " + sslContextName + " already exists");
}
List<String> lst = DefaultResourceNames.getDefaultProtocols(ctx);
String name = null;
boolean exists = false;
boolean need = trustManager != null;
// and no name has been provided
if (manager.exists() && lookupExisting) {
ServerSSLContext sslCtx = new ServerSSLContext(null, manager, trustManager, false);
sslCtx.setNeed(need);
sslCtx.setProtocols(lst);
name = ElytronUtil.findMatchingSSLContext(ctx, sslCtx);
}
if (name == null) {
name = sslContextName;
} else {
exists = true;
}
ServerSSLContext sslCtx = new ServerSSLContext(name, manager, trustManager, exists);
sslCtx.setNeed(need);
sslCtx.setProtocols(lst);
if (!exists) {
addStep(ElytronUtil.addServerSSLContext(ctx, sslCtx, sslContextName), new FailureDescProvider() {
@Override
public String stepFailedDescription() {
return "Adding ssl-context " + sslContextName;
}
});
}
return sslCtx;
}
use of org.aesh.command.CommandException in project wildfly-core by wildfly.
the class SSLSecurityBuilder method buildTrustManager.
protected KeyManager buildTrustManager(CommandContext ctx, boolean buildRequest) throws Exception {
KeyManager trustManager = null;
if (trustedCertificate != null || trustStoreName != null) {
KeyStore trustStore = null;
String id = UUID.randomUUID().toString();
// create a new key-store for the trustore and import the certificate.
if (newTrustStoreName == null) {
newTrustStoreName = "trust-store-" + id;
} else if (ElytronUtil.keyStoreExists(ctx, newTrustStoreName)) {
throw new CommandException("The key-store " + newTrustStoreName + " already exists");
}
if (trustStoreName == null) {
if (trustStoreFileName == null) {
trustStoreFileName = "server-" + id + ".trustore";
} else {
List<String> ksNames = ElytronUtil.findMatchingKeyStores(ctx, new File(trustStoreFileName), Util.JBOSS_SERVER_CONFIG_DIR);
if (!ksNames.isEmpty()) {
throw new CommandException("Error, the file " + trustStoreFileName + " is already referenced from " + ksNames + " resources. Use " + SecurityCommand.formatOption(OPT_TRUST_STORE_NAME) + " option or choose another file name.");
}
}
generatedTrustStore = newTrustStoreName;
String password = trustStoreFilePassword == null ? generateRandomPassword() : trustStoreFilePassword;
ModelNode request = ElytronUtil.addKeyStore(ctx, newTrustStoreName, new File(trustStoreFileName), Util.JBOSS_SERVER_CONFIG_DIR, password, ElytronUtil.JKS, false, null);
// REMOVE WHEN WFCORE-3491 is fixed.
if (buildRequest) {
// echo-dmr
addStep(request, NO_DESC);
} else {
SecurityCommand.execute(ctx, request, SecurityCommand.DEFAULT_FAILURE_CONSUMER);
}
trustStore = new KeyStore(newTrustStoreName, password, false);
// import the certificate, hard code that we check against cacert.
ModelNode certImport = ElytronUtil.importCertificate(ctx, trustedCertificate, id, validateCertificate, trustStore, true);
addStep(certImport, new FailureDescProvider() {
@Override
public String stepFailedDescription() {
return "Importing certificate " + trustedCertificate.getAbsolutePath() + " in trust-store " + newTrustStoreName;
}
});
needKeyStoreStore(trustStore.getName());
} else {
trustStore = ElytronUtil.getKeyStore(ctx, trustStoreName);
}
// Create a trust-manager
trustManager = buildTrustManager(ctx, newTrustManagerName, trustStore);
}
return trustManager;
}
Aggregations