use of org.jboss.as.cli.impl.aesh.cmd.security.model.SSLSecurityBuilder in project wildfly-core by wildfly.
the class AbstractEnableSSLCommand method validateOptions.
private SSLSecurityBuilder validateOptions(CommandContext ctx) throws CommandException, IOException, OperationFormatException {
if (keystoreName == null && keystorePath == null && !interactive) {
throw new CommandException("One of " + formatOption(OPT_INTERACTIVE) + ", " + formatOption(OPT_KEY_STORE_NAME) + ", " + formatOption(OPT_KEY_STORE_PATH) + " must be set");
}
SSLSecurityBuilder builder = null;
if (keystorePath != null) {
if (keystoreName != null) {
throw new CommandException(formatOption(OPT_KEY_STORE_NAME) + " can't be used with " + formatOption(OPT_KEY_STORE_PATH));
}
File path;
if (keystorePathRelativeTo != null) {
path = new File(keystorePath.getOriginalPath());
} else {
path = keystorePath;
if (!path.exists()) {
throw new CommandException("File " + path + " doesn't exist.");
}
}
KeyStorePathSecurityBuilder kspBuilder = new KeyStorePathSecurityBuilder(path, keystorePassword);
kspBuilder.setRelativeTo(keystorePathRelativeTo).setType(keyStoreType).setName(newKeystoreName);
builder = kspBuilder;
}
if (keystoreName != null) {
if (builder != null) {
invalidUseCase();
}
if (newKeystoreName != null || keystorePassword != null || keyStoreType != null || keystorePathRelativeTo != null || keystorePath != null) {
throw new CommandException("key-store file related options can't be used with " + formatOption(OPT_KEY_STORE_NAME));
}
if (!ElytronUtil.keyStoreExists(ctx, keystoreName)) {
throw new CommandException("key-store " + keystoreName + " doesn't exist");
}
builder = new KeyStoreNameSecurityBuilder(keystoreName);
}
if (interactive) {
// Fully handled by prompting.
if (builder != null) {
invalidUseCase();
}
checkKeyStoreOperationsSupported(ctx, OPT_INTERACTIVE);
builder = new InteractiveSecurityBuilder(getDefaultKeyStoreFileName(ctx), getDefaultTrustStoreFileName(ctx), useLetsEncrypt, caAccount);
}
if (trustedCertificatePath != null) {
checkKeyStoreOperationsSupported(ctx, OPT_TRUSTED_CERTIFICATE_PATH);
if (!trustedCertificatePath.exists()) {
throw new CommandException("The client certificate path " + trustedCertificatePath + " doesn't exist");
}
if (trustStoreName != null) {
throw new CommandException(formatOption(OPT_TRUST_STORE_NAME) + " can't be used when " + formatOption(OPT_TRUSTED_CERTIFICATE_PATH) + " is in use");
}
}
if (trustStoreName != null) {
if (!ElytronUtil.keyStoreExists(ctx, trustStoreName)) {
throw new CommandException("key-store " + trustStoreName + " doesn't exist");
}
}
if (builder != null) {
builder.setTrustedCertificatePath(trustedCertificatePath);
builder.setValidateCertificate(!noTrustedCertificateValidation);
builder.setTrustStoreFileName(trustStoreFileName);
builder.setTrustStoreFilePassword(trustStoreFilePassword);
builder.setTrustStoreName(trustStoreName);
builder.setNewTrustStoreName(newTrustStoreName);
builder.setNewTrustManagerName(newTrustManagerName);
builder.setKeyManagerName(newKeyManagerName);
builder.setSSLContextName(newSslContextName);
}
return builder;
}
use of org.jboss.as.cli.impl.aesh.cmd.security.model.SSLSecurityBuilder in project wildfly-core by wildfly.
the class AbstractEnableSSLCommand method buildSecurityRequest.
private SSLSecurityBuilder buildSecurityRequest(CommandContext context, CLICommandInvocation commandInvocation) throws Exception {
SSLSecurityBuilder builder = validateOptions(context);
if (builder instanceof InteractiveSecurityBuilder) {
((InteractiveSecurityBuilder) builder).setCommandInvocation(commandInvocation);
}
builder.buildRequest(context, commandInvocation == null);
secure(context, builder);
return builder;
}
use of org.jboss.as.cli.impl.aesh.cmd.security.model.SSLSecurityBuilder in project wildfly-core by wildfly.
the class AbstractEnableSSLCommand method execute.
@Override
public CommandResult execute(CLICommandInvocation commandInvocation) throws CommandException, InterruptedException {
CommandContext ctx = commandInvocation.getCommandContext();
String target = getTarget(ctx);
try {
if (isSSLEnabled(ctx)) {
throw new CommandException("SSL is already enabled for " + target);
}
} catch (Exception ex) {
throw new CommandException(ex.getLocalizedMessage(), ex);
}
SSLSecurityBuilder builder;
try {
builder = buildSecurityRequest(ctx, commandInvocation);
} catch (Exception ex) {
throw new CommandException(ex.getLocalizedMessage());
}
try {
SecurityCommand.execute(ctx, builder.buildExecutableRequest(ctx), builder, noReload);
} catch (Exception ex) {
if (ex instanceof CommandException) {
throw (CommandException) ex;
} else {
throw new CommandException(ex.getLocalizedMessage());
}
}
commandInvocation.getCommandContext().printLine("SSL enabled for " + target);
commandInvocation.getCommandContext().printLine("ssl-context is " + builder.getServerSSLContext().getName());
commandInvocation.getCommandContext().printLine("key-manager is " + builder.getServerSSLContext().getKeyManager().getName());
commandInvocation.getCommandContext().printLine("key-store is " + builder.getServerSSLContext().getKeyManager().getKeyStore().getName());
return CommandResult.SUCCESS;
}
Aggregations