Search in sources :

Example 1 with CommandException

use of org.aesh.command.CommandException in project wildfly-core by wildfly.

the class AbstractEnableSSLCommand method validateOptions.

private SSLSecurityBuilder validateOptions(CommandContext ctx) throws CommandException, IOException, OperationFormatException {
    if (keystoreName == null && keystorePath == null && !interactive) {
        throw new CommandException("One of " + formatOption(OPT_INTERACTIVE) + ", " + formatOption(OPT_KEY_STORE_NAME) + ", " + formatOption(OPT_KEY_STORE_PATH) + " must be set");
    }
    SSLSecurityBuilder builder = null;
    if (keystorePath != null) {
        if (keystoreName != null) {
            throw new CommandException(formatOption(OPT_KEY_STORE_NAME) + " can't be used with " + formatOption(OPT_KEY_STORE_PATH));
        }
        File path;
        if (keystorePathRelativeTo != null) {
            path = new File(keystorePath.getOriginalPath());
        } else {
            path = keystorePath;
            if (!path.exists()) {
                throw new CommandException("File " + path + " doesn't exist.");
            }
        }
        KeyStorePathSecurityBuilder kspBuilder = new KeyStorePathSecurityBuilder(path, keystorePassword);
        kspBuilder.setRelativeTo(keystorePathRelativeTo).setType(keyStoreType).setName(newKeystoreName);
        builder = kspBuilder;
    }
    if (keystoreName != null) {
        if (builder != null) {
            invalidUseCase();
        }
        if (newKeystoreName != null || keystorePassword != null || keyStoreType != null || keystorePathRelativeTo != null || keystorePath != null) {
            throw new CommandException("key-store file related options can't be used with " + formatOption(OPT_KEY_STORE_NAME));
        }
        if (!ElytronUtil.keyStoreExists(ctx, keystoreName)) {
            throw new CommandException("key-store " + keystoreName + " doesn't exist");
        }
        builder = new KeyStoreNameSecurityBuilder(keystoreName);
    }
    if (interactive) {
        // Fully handled by prompting.
        if (builder != null) {
            invalidUseCase();
        }
        checkKeyStoreOperationsSupported(ctx, OPT_INTERACTIVE);
        builder = new InteractiveSecurityBuilder(getDefaultKeyStoreFileName(ctx), getDefaultTrustStoreFileName(ctx), useLetsEncrypt, caAccount);
    }
    if (trustedCertificatePath != null) {
        checkKeyStoreOperationsSupported(ctx, OPT_TRUSTED_CERTIFICATE_PATH);
        if (!trustedCertificatePath.exists()) {
            throw new CommandException("The client certificate path " + trustedCertificatePath + " doesn't exist");
        }
        if (trustStoreName != null) {
            throw new CommandException(formatOption(OPT_TRUST_STORE_NAME) + " can't be used when " + formatOption(OPT_TRUSTED_CERTIFICATE_PATH) + " is in use");
        }
    }
    if (trustStoreName != null) {
        if (!ElytronUtil.keyStoreExists(ctx, trustStoreName)) {
            throw new CommandException("key-store " + trustStoreName + " doesn't exist");
        }
    }
    if (builder != null) {
        builder.setTrustedCertificatePath(trustedCertificatePath);
        builder.setValidateCertificate(!noTrustedCertificateValidation);
        builder.setTrustStoreFileName(trustStoreFileName);
        builder.setTrustStoreFilePassword(trustStoreFilePassword);
        builder.setTrustStoreName(trustStoreName);
        builder.setNewTrustStoreName(newTrustStoreName);
        builder.setNewTrustManagerName(newTrustManagerName);
        builder.setKeyManagerName(newKeyManagerName);
        builder.setSSLContextName(newSslContextName);
    }
    return builder;
}
Also used : InteractiveSecurityBuilder(org.jboss.as.cli.impl.aesh.cmd.security.model.InteractiveSecurityBuilder) KeyStorePathSecurityBuilder(org.jboss.as.cli.impl.aesh.cmd.security.model.KeyStorePathSecurityBuilder) KeyStoreNameSecurityBuilder(org.jboss.as.cli.impl.aesh.cmd.security.model.KeyStoreNameSecurityBuilder) CommandException(org.aesh.command.CommandException) File(java.io.File) RelativeFile(org.jboss.as.cli.impl.aesh.cmd.RelativeFile) SSLSecurityBuilder(org.jboss.as.cli.impl.aesh.cmd.security.model.SSLSecurityBuilder)

Example 2 with CommandException

use of org.aesh.command.CommandException in project wildfly-core by wildfly.

the class SSLSecurityBuilder method failureOccured.

@Override
public void failureOccured(CommandContext ctx, ModelNode mn) throws CommandException {
    StringBuilder builder = new StringBuilder();
    boolean failure = false;
    // A step failed
    if (mn != null) {
        String desc = getFailedStepDescription(ctx, mn);
        builder.append(desc).append("\n");
        failure = true;
    }
    try {
        // REMOVE WHEN WFCORE-3491 is fixed.
        if (generatedTrustStore != null) {
            ModelNode req = ElytronUtil.removeKeyStore(ctx, generatedTrustStore);
            SecurityCommand.execute(ctx, req, SecurityCommand.DEFAULT_FAILURE_CONSUMER, false);
        }
    } catch (Exception ex) {
        builder.append("Error while cleaning up key-stores " + ex).append("\n");
        failure = true;
    } finally {
        try {
            doFailureOccured(ctx);
        } catch (Exception ex) {
            builder.append("Error while cleaning up " + ex);
            failure = true;
        }
    }
    if (failure) {
        throw new CommandException(builder.toString());
    }
}
Also used : CommandException(org.aesh.command.CommandException) ModelNode(org.jboss.dmr.ModelNode) Assert.checkNotNullParamWithNullPointerException(org.wildfly.common.Assert.checkNotNullParamWithNullPointerException) CommandException(org.aesh.command.CommandException)

Example 3 with CommandException

use of org.aesh.command.CommandException in project wildfly-core by wildfly.

the class SSLSecurityBuilder method buildKeyManager.

private KeyManager buildKeyManager(CommandContext ctx, String ksManagerName, KeyStore keyStore) throws Exception {
    boolean lookupExisting = false;
    if (ksManagerName == null) {
        ksManagerName = DefaultResourceNames.buildDefaultKeyManagerName(ctx, keyStore.getName());
        lookupExisting = true;
    } else if (ElytronUtil.keyManagerExists(ctx, ksManagerName)) {
        throw new CommandException("The key-manager " + ksManagerName + " already exists");
    }
    String name = null;
    boolean exists = false;
    // the KeyManager doesn't exist and no name has been provided
    if (keyStore.exists() && lookupExisting) {
        name = ElytronUtil.findMatchingKeyManager(ctx, keyStore, null, null);
    }
    if (name == null) {
        name = ksManagerName;
        final String kmName = name;
        addStep(ElytronUtil.addKeyManager(ctx, keyStore, ksManagerName, null, null), new FailureDescProvider() {

            @Override
            public String stepFailedDescription() {
                return "Adding key-manager " + kmName;
            }
        });
    } else {
        exists = true;
    }
    return new KeyManager(name, keyStore, exists);
}
Also used : CommandException(org.aesh.command.CommandException)

Example 4 with CommandException

use of org.aesh.command.CommandException in project wildfly-core by wildfly.

the class SSLSecurityBuilder method buildServerSSLContext.

private ServerSSLContext buildServerSSLContext(CommandContext ctx, KeyManager manager, KeyManager trustManager) throws Exception {
    boolean lookupExisting = false;
    if (sslContextName == null) {
        sslContextName = DefaultResourceNames.buildDefaultSSLContextName(ctx, manager.getKeyStore().getName());
        lookupExisting = true;
    } else if (ElytronUtil.serverSSLContextExists(ctx, sslContextName)) {
        throw new CommandException("The ssl-context " + sslContextName + " already exists");
    }
    List<String> lst = DefaultResourceNames.getDefaultProtocols(ctx);
    String name = null;
    boolean exists = false;
    boolean need = trustManager != null;
    // and no name has been provided
    if (manager.exists() && lookupExisting) {
        ServerSSLContext sslCtx = new ServerSSLContext(null, manager, trustManager, false);
        sslCtx.setNeed(need);
        sslCtx.setProtocols(lst);
        name = ElytronUtil.findMatchingSSLContext(ctx, sslCtx);
    }
    if (name == null) {
        name = sslContextName;
    } else {
        exists = true;
    }
    ServerSSLContext sslCtx = new ServerSSLContext(name, manager, trustManager, exists);
    sslCtx.setNeed(need);
    sslCtx.setProtocols(lst);
    if (!exists) {
        addStep(ElytronUtil.addServerSSLContext(ctx, sslCtx, sslContextName), new FailureDescProvider() {

            @Override
            public String stepFailedDescription() {
                return "Adding ssl-context " + sslContextName;
            }
        });
    }
    return sslCtx;
}
Also used : CommandException(org.aesh.command.CommandException)

Example 5 with CommandException

use of org.aesh.command.CommandException in project wildfly-core by wildfly.

the class SSLSecurityBuilder method buildTrustManager.

protected KeyManager buildTrustManager(CommandContext ctx, boolean buildRequest) throws Exception {
    KeyManager trustManager = null;
    if (trustedCertificate != null || trustStoreName != null) {
        KeyStore trustStore = null;
        String id = UUID.randomUUID().toString();
        // create a new key-store for the trustore and import the certificate.
        if (newTrustStoreName == null) {
            newTrustStoreName = "trust-store-" + id;
        } else if (ElytronUtil.keyStoreExists(ctx, newTrustStoreName)) {
            throw new CommandException("The key-store " + newTrustStoreName + " already exists");
        }
        if (trustStoreName == null) {
            if (trustStoreFileName == null) {
                trustStoreFileName = "server-" + id + ".trustore";
            } else {
                List<String> ksNames = ElytronUtil.findMatchingKeyStores(ctx, new File(trustStoreFileName), Util.JBOSS_SERVER_CONFIG_DIR);
                if (!ksNames.isEmpty()) {
                    throw new CommandException("Error, the file " + trustStoreFileName + " is already referenced from " + ksNames + " resources. Use " + SecurityCommand.formatOption(OPT_TRUST_STORE_NAME) + " option or choose another file name.");
                }
            }
            generatedTrustStore = newTrustStoreName;
            String password = trustStoreFilePassword == null ? generateRandomPassword() : trustStoreFilePassword;
            ModelNode request = ElytronUtil.addKeyStore(ctx, newTrustStoreName, new File(trustStoreFileName), Util.JBOSS_SERVER_CONFIG_DIR, password, ElytronUtil.JKS, false, null);
            // REMOVE WHEN WFCORE-3491 is fixed.
            if (buildRequest) {
                // echo-dmr
                addStep(request, NO_DESC);
            } else {
                SecurityCommand.execute(ctx, request, SecurityCommand.DEFAULT_FAILURE_CONSUMER);
            }
            trustStore = new KeyStore(newTrustStoreName, password, false);
            // import the certificate, hard code that we check against cacert.
            ModelNode certImport = ElytronUtil.importCertificate(ctx, trustedCertificate, id, validateCertificate, trustStore, true);
            addStep(certImport, new FailureDescProvider() {

                @Override
                public String stepFailedDescription() {
                    return "Importing certificate " + trustedCertificate.getAbsolutePath() + " in trust-store " + newTrustStoreName;
                }
            });
            needKeyStoreStore(trustStore.getName());
        } else {
            trustStore = ElytronUtil.getKeyStore(ctx, trustStoreName);
        }
        // Create a trust-manager
        trustManager = buildTrustManager(ctx, newTrustManagerName, trustStore);
    }
    return trustManager;
}
Also used : CommandException(org.aesh.command.CommandException) ModelNode(org.jboss.dmr.ModelNode) File(java.io.File)

Aggregations

CommandException (org.aesh.command.CommandException)58 ModelNode (org.jboss.dmr.ModelNode)22 IOException (java.io.IOException)20 CommandFormatException (org.jboss.as.cli.CommandFormatException)15 Test (org.junit.Test)14 Path (java.nio.file.Path)12 CommandContext (org.jboss.as.cli.CommandContext)9 File (java.io.File)8 CommandLineException (org.jboss.as.cli.CommandLineException)5 FeaturePackLocation (org.jboss.galleon.universe.FeaturePackLocation)5 InputStream (java.io.InputStream)3 CommandRuntime (org.aesh.command.CommandRuntime)3 OperationFormatException (org.jboss.as.cli.operation.OperationFormatException)3 MavenConfig (org.jboss.galleon.cli.config.mvn.MavenConfig)3 ProvisioningConfig (org.jboss.galleon.config.ProvisioningConfig)3 ByteArrayOutputStream (java.io.ByteArrayOutputStream)2 PrintStream (java.io.PrintStream)2 URI (java.net.URI)2 ArrayList (java.util.ArrayList)2 ZipEntry (java.util.zip.ZipEntry)2