r2350 - in /limal-head/limal-ca-mgm: package/ src/ testsuite/ testsuite/single.out/
Author: mcalmer
Date: Fri Oct 12 17:53:17 2007
New Revision: 2350
URL: http://svn.opensuse.org/viewcvs/limal?rev=2350&view=rev
Log:
- improve error reporting from openssl commands
- add Exception tests
Modified:
limal-head/limal-ca-mgm/package/limal-ca-mgm.changes
limal-head/limal-ca-mgm/src/OpenSSLUtils.cpp
limal-head/limal-ca-mgm/src/Utils.cpp
limal-head/limal-ca-mgm/src/Utils.hpp
limal-head/limal-ca-mgm/testsuite/ConvertTest.cc
limal-head/limal-ca-mgm/testsuite/perl-CertificateExceptionTest.single
limal-head/limal-ca-mgm/testsuite/single.out/ConvertTest.err
limal-head/limal-ca-mgm/testsuite/single.out/ConvertTest.out
limal-head/limal-ca-mgm/testsuite/single.out/perl-CertificateExceptionTest.out
Modified: limal-head/limal-ca-mgm/package/limal-ca-mgm.changes
URL: http://svn.opensuse.org/viewcvs/limal/limal-head/limal-ca-mgm/package/limal-ca-mgm.changes?rev=2350&r1=2349&r2=2350&view=diff
==============================================================================
--- limal-head/limal-ca-mgm/package/limal-ca-mgm.changes (original)
+++ limal-head/limal-ca-mgm/package/limal-ca-mgm.changes Fri Oct 12 17:53:17 2007
@@ -1,4 +1,10 @@
-------------------------------------------------------------------
+Fri Oct 12 17:52:14 CEST 2007 - mc@suse.de
+
+- improve error reporting from openssl commands
+- add Exception tests
+
+-------------------------------------------------------------------
Fri Sep 28 16:18:14 CEST 2007 - mc@suse.de
- version 1.4.0
Modified: limal-head/limal-ca-mgm/src/OpenSSLUtils.cpp
URL: http://svn.opensuse.org/viewcvs/limal/limal-head/limal-ca-mgm/src/OpenSSLUtils.cpp?rev=2350&r1=2349&r2=2350&view=diff
==============================================================================
--- limal-head/limal-ca-mgm/src/OpenSSLUtils.cpp (original)
+++ limal-head/limal-ca-mgm/src/OpenSSLUtils.cpp Fri Oct 12 17:53:17 2007
@@ -85,78 +85,83 @@
}
}
- void
- OpenSSLUtils::createRSAKey(const String &outFile,
- const String &password,
- UInt32 bits,
- const String &cryptAlgorithm)
- {
- blocxx::String debugCmd;
+void
+OpenSSLUtils::createRSAKey(const String &outFile,
+ const String &password,
+ UInt32 bits,
+ const String &cryptAlgorithm)
+{
+ blocxx::String debugCmd;
- debugCmd += m_cmd + " ";
- debugCmd += "genrsa ";
- debugCmd += "-out ";
- debugCmd += outFile + " ";
+ debugCmd += m_cmd + " ";
+ debugCmd += "genrsa ";
+ debugCmd += "-out ";
+ debugCmd += outFile + " ";
- if(!cryptAlgorithm.empty())
- {
- debugCmd += "-passout env:pass ";
- debugCmd += "-" + cryptAlgorithm + " ";
- }
+ if(!cryptAlgorithm.empty())
+ {
+ debugCmd += "-passout env:pass ";
+ debugCmd += "-" + cryptAlgorithm + " ";
+ }
- debugCmd += String(bits);
+ debugCmd += String(bits);
- StringArray cmd = PerlRegEx("\\s").split(debugCmd);
+ StringArray cmd = PerlRegEx("\\s").split(debugCmd);
- LOGIT_DEBUG("Command: " << debugCmd);
+ LOGIT_DEBUG("Command: " << debugCmd);
- blocxx::EnvVars env;
- env.addVar("PATH", "/usr/bin/");
- env.addVar("RANDFILE", m_rand);
+ blocxx::EnvVars env;
+ env.addVar("PATH", "/usr/bin/");
+ env.addVar("RANDFILE", m_rand);
- env.addVar("pass", password);
+ env.addVar("pass", password);
- blocxx::String stdOutput;
- blocxx::String errOutput;
- int status = -1;
+ blocxx::String stdOutput;
+ blocxx::String errOutput;
+ int status = -1;
- try
- {
- status = wrapExecuteProcessAndGatherOutput(cmd, stdOutput,
- errOutput, env);
- }
- catch(blocxx::Exception& e)
- {
- LOGIT_ERROR( "openssl exception:" << e);
- }
- if(status != 0)
- {
- LOGIT_ERROR("openssl status:" << blocxx::String(status));
- LOGIT_ERROR("openssl stderr:" << errOutput);
- LOGIT_DEBUG("openssl stdout:" << stdOutput);
- BLOCXX_THROW(limal::RuntimeException,
- Format(__("Command returned '%1' : %2"),
- status, errOutput).c_str());
- }
+ try
+ {
+ status = wrapExecuteProcessAndGatherOutput(cmd, stdOutput,
+ errOutput, env);
+ }
+ catch(blocxx::Exception& e)
+ {
+ LOGIT_ERROR( "openssl exception:" << e);
+ BLOCXX_THROW_SUBEX(limal::RuntimeException,
+ __("Executing openssl command failed."), e);
+ }
+ if(status != 0)
+ {
+ LOGIT_ERROR("openssl status:" << blocxx::String(status));
+ LOGIT_ERROR("openssl stderr:" << errOutput);
+ LOGIT_DEBUG("openssl stdout:" << stdOutput);
- if(!errOutput.empty())
- {
- LOGIT_DEBUG("openssl stderr:" << errOutput);
- }
- if(!stdOutput.empty())
- {
- LOGIT_DEBUG("openssl stdout:" << stdOutput);
- }
+ StringArray sa = errOutput.tokenize("\n\r");
+ String msg = (sa.empty()? "" : sa[0]);
+ BLOCXX_THROW(limal::RuntimeException,
+ Format(__("openssl command failed: %1"), msg).c_str());
}
-void OpenSSLUtils::createRequest(const DNObject &dn,
- const String &outFile,
- const String &keyFile,
- const String &password,
- const String &extension,
- FormatType outForm,
- const String &challengePassword,
- const String &unstructuredName)
+ if(!errOutput.empty())
+ {
+ LOGIT_DEBUG("openssl stderr:" << errOutput);
+ }
+ if(!stdOutput.empty())
+ {
+ LOGIT_DEBUG("openssl stdout:" << stdOutput);
+ }
+}
+
+void
+OpenSSLUtils::createRequest(const DNObject &dn,
+ const String &outFile,
+ const String &keyFile,
+ const String &password,
+ const String &extension,
+ FormatType outForm,
+ const String &challengePassword,
+ const String &unstructuredName)
{
blocxx::String debugCmd;
@@ -168,7 +173,7 @@
{
LOGIT_ERROR("No valid keyfile specified");
BLOCXX_THROW(limal::ValueException,
- __("No valid key file specified."));
+ __("No valid key file specified."));
}
debugCmd += "-config ";
@@ -225,20 +230,25 @@
try
{
status = wrapExecuteProcessAndGatherOutput(cmd, stdOutput,
- errOutput, env,
- -1, -1, stdInput);
+ errOutput, env,
+ -1, -1, stdInput);
}
catch(blocxx::Exception& e)
{
LOGIT_ERROR( "openssl exception:" << e);
+ BLOCXX_THROW_SUBEX(limal::RuntimeException,
+ __("Executing openssl command failed."), e);
}
if(status != 0)
{
LOGIT_ERROR("openssl status:" << blocxx::String(status));
LOGIT_ERROR("openssl stderr:" << errOutput);
LOGIT_DEBUG("openssl stdout:" << stdOutput);
+
+ StringArray sa = errOutput.tokenize("\n\r");
+ String msg = (sa.empty()? "" : sa[0]);
BLOCXX_THROW(limal::RuntimeException,
- Format(__("Command returned '%1' : %2"), status, errOutput).c_str());
+ Format(__("openssl command failed: %1"), msg).c_str());
}
if(!errOutput.empty())
@@ -253,19 +263,19 @@
void
OpenSSLUtils::createSelfSignedCertificate(const String &outFile,
- const String &keyFile,
- const String &requestFile,
- const String &password,
- const String &extension,
- UInt32 days,
- bool noEmailDN)
+ const String &keyFile,
+ const String &requestFile,
+ const String &password,
+ const String &extension,
+ UInt32 days,
+ bool noEmailDN)
{
path::PathInfo pi(keyFile);
if(!pi.exists() || !pi.isFile())
{
LOGIT_ERROR("No valid keyfile specified");
BLOCXX_THROW(limal::ValueException,
- __("No valid key file specified."));
+ __("No valid key file specified."));
}
pi.stat(requestFile);
@@ -273,7 +283,7 @@
{
LOGIT_ERROR("No valid request file specified");
BLOCXX_THROW(limal::ValueException,
- __("No valid request file specified."));
+ __("No valid request file specified."));
}
blocxx::String debugCmd;
@@ -319,19 +329,24 @@
try
{
status = wrapExecuteProcessAndGatherOutput(cmd, stdOutput,
- errOutput, env);
+ errOutput, env);
}
catch(blocxx::Exception& e)
{
LOGIT_ERROR( "openssl exception:" << e);
+ BLOCXX_THROW_SUBEX(limal::RuntimeException,
+ __("Executing openssl command failed."), e);
}
if(status != 0)
{
LOGIT_ERROR("openssl status:" << blocxx::String(status));
LOGIT_ERROR("openssl stderr:" << errOutput);
LOGIT_DEBUG("openssl stdout:" << stdOutput);
+
+ StringArray sa = errOutput.tokenize("\n\r");
+ String msg = (sa.empty()? "" : sa[0]);
BLOCXX_THROW(limal::RuntimeException,
- Format(__("Command returned '%1' : %2"), status, errOutput).c_str());
+ Format(__("openssl command failed: %1"), msg).c_str());
}
if(!errOutput.empty())
@@ -346,24 +361,24 @@
void
OpenSSLUtils::signRequest(const String &requestFile,
- const String &outFile,
- const String &caKeyFile,
- const String &caPassword,
- const String &extension,
- const String &startDate,
- const String &endDate,
- const String &caSection,
- const String &outDir,
- bool noEmailDN,
- bool noUniqueDN,
- bool noText)
+ const String &outFile,
+ const String &caKeyFile,
+ const String &caPassword,
+ const String &extension,
+ const String &startDate,
+ const String &endDate,
+ const String &caSection,
+ const String &outDir,
+ bool noEmailDN,
+ bool noUniqueDN,
+ bool noText)
{
path::PathInfo pi(caKeyFile);
if(!pi.exists() || !pi.isFile())
{
LOGIT_ERROR("No valid keyfile specified");
BLOCXX_THROW(limal::ValueException,
- __("No valid key file specified."));
+ __("No valid key file specified."));
}
pi.stat(requestFile);
@@ -371,7 +386,7 @@
{
LOGIT_ERROR("No valid request file specified");
BLOCXX_THROW(limal::ValueException,
- __("No valid request file specified."));
+ __("No valid request file specified."));
}
blocxx::String debugCmd;
@@ -438,19 +453,24 @@
try
{
status = wrapExecuteProcessAndGatherOutput(cmd, stdOutput,
- errOutput, env);
+ errOutput, env);
}
catch(blocxx::Exception& e)
{
LOGIT_ERROR( "openssl exception:" << e);
+ BLOCXX_THROW_SUBEX(limal::RuntimeException,
+ __("Executing openssl command failed."), e);
}
if(status != 0)
{
LOGIT_ERROR("openssl status:" << blocxx::String(status));
LOGIT_ERROR("openssl stderr:" << errOutput);
LOGIT_DEBUG("openssl stdout:" << stdOutput);
+
+ StringArray sa = errOutput.tokenize("\n\r");
+ String msg = (sa.empty()? "" : sa[0]);
BLOCXX_THROW(limal::RuntimeException,
- Format(__("Command returned '%1' : %2"), status, errOutput).c_str());
+ Format(__("openssl command failed: %1"), msg).c_str());
}
if(!errOutput.empty())
@@ -465,18 +485,18 @@
void
OpenSSLUtils::revokeCertificate(const blocxx::String &caCertFile,
- const blocxx::String &caKeyFile,
- const blocxx::String &caPassword,
- const blocxx::String &certFile,
- const CRLReason &reason,
- bool noUniqueDN)
+ const blocxx::String &caKeyFile,
+ const blocxx::String &caPassword,
+ const blocxx::String &certFile,
+ const CRLReason &reason,
+ bool noUniqueDN)
{
path::PathInfo pi(caKeyFile);
if(!pi.exists() || !pi.isFile())
{
LOGIT_ERROR("No valid keyfile specified");
BLOCXX_THROW(limal::ValueException,
- __("No valid key file specified."));
+ __("No valid key file specified."));
}
pi.stat(caCertFile);
@@ -484,7 +504,7 @@
{
LOGIT_ERROR("No valid CA certificate file specified");
BLOCXX_THROW(limal::ValueException,
- __("No valid CA certificate file specified."));
+ __("No valid CA certificate file specified."));
}
pi.stat(certFile);
@@ -492,7 +512,7 @@
{
LOGIT_ERROR("No valid certificate file specified");
BLOCXX_THROW(limal::ValueException,
- __("No valid certificate file specified."));
+ __("No valid certificate file specified."));
}
blocxx::String debugCmd;
@@ -571,19 +591,24 @@
try
{
status = wrapExecuteProcessAndGatherOutput(cmd, stdOutput,
- errOutput, env);
+ errOutput, env);
}
catch(blocxx::Exception& e)
{
LOGIT_ERROR( "openssl exception:" << e);
+ BLOCXX_THROW_SUBEX(limal::RuntimeException,
+ __("Executing openssl command failed."), e);
}
if(status != 0)
{
LOGIT_ERROR("openssl status:" << blocxx::String(status));
LOGIT_ERROR("openssl stderr:" << errOutput);
LOGIT_DEBUG("openssl stdout:" << stdOutput);
+
+ StringArray sa = errOutput.tokenize("\n\r");
+ String msg = (sa.empty()? "" : sa[0]);
BLOCXX_THROW(limal::RuntimeException,
- Format(__("Command returned '%1' : %2"), status, errOutput).c_str());
+ Format(__("openssl command failed: %1"), msg).c_str());
}
if(!errOutput.empty())
@@ -598,19 +623,19 @@
void
OpenSSLUtils::issueCRL(const blocxx::String &caCertFile,
- const blocxx::String &caKeyFile,
- const blocxx::String &caPassword,
- blocxx::UInt32 hours,
- const blocxx::String &outfile,
- const blocxx::String &extension,
- bool noUniqueDN)
+ const blocxx::String &caKeyFile,
+ const blocxx::String &caPassword,
+ blocxx::UInt32 hours,
+ const blocxx::String &outfile,
+ const blocxx::String &extension,
+ bool noUniqueDN)
{
path::PathInfo pi(caKeyFile);
if(!pi.exists() || !pi.isFile())
{
LOGIT_ERROR("No valid keyfile specified");
BLOCXX_THROW(limal::ValueException,
- __("No valid key file specified."));
+ __("No valid key file specified."));
}
pi.stat(caCertFile);
@@ -618,7 +643,7 @@
{
LOGIT_ERROR("No valid CA certificate file specified");
BLOCXX_THROW(limal::ValueException,
- __("No valid CA certificate file specified."));
+ __("No valid CA certificate file specified."));
}
blocxx::String debugCmd;
@@ -666,19 +691,24 @@
try
{
status = wrapExecuteProcessAndGatherOutput(cmd, stdOutput,
- errOutput, env);
+ errOutput, env);
}
catch(blocxx::Exception& e)
{
LOGIT_ERROR( "openssl exception:" << e);
+ BLOCXX_THROW_SUBEX(limal::RuntimeException,
+ __("Executing openssl command failed."), e);
}
if(status != 0)
{
LOGIT_ERROR("openssl status:" << blocxx::String(status));
LOGIT_ERROR("openssl stderr:" << errOutput);
LOGIT_DEBUG("openssl stdout:" << stdOutput);
+
+ StringArray sa = errOutput.tokenize("\n\r");
+ String msg = (sa.empty()? "" : sa[0]);
BLOCXX_THROW(limal::RuntimeException,
- Format(__("Command returned '%1' : %2"), status, errOutput).c_str());
+ Format(__("openssl command failed: %1"), msg).c_str());
}
if(!errOutput.empty())
@@ -693,15 +723,15 @@
void
OpenSSLUtils::updateDB(const blocxx::String &caCertFile,
- const blocxx::String &caKeyFile,
- const blocxx::String &caPassword)
+ const blocxx::String &caKeyFile,
+ const blocxx::String &caPassword)
{
path::PathInfo pi(caKeyFile);
if(!pi.exists() || !pi.isFile())
{
LOGIT_ERROR("No valid keyfile specified");
BLOCXX_THROW(limal::ValueException,
- __("No valid key file specified."));
+ __("No valid key file specified."));
}
pi.stat(caCertFile);
@@ -709,7 +739,7 @@
{
LOGIT_ERROR("No valid CA certificate file specified");
BLOCXX_THROW(limal::ValueException,
- __("No valid CA certificate file specified."));
+ __("No valid CA certificate file specified."));
}
blocxx::String debugCmd;
@@ -743,11 +773,13 @@
try
{
status = wrapExecuteProcessAndGatherOutput(cmd, stdOutput,
- errOutput, env);
+ errOutput, env);
}
catch(blocxx::Exception& e)
{
LOGIT_ERROR( "openssl exception:" << e);
+ BLOCXX_THROW_SUBEX(limal::RuntimeException,
+ __("Executing openssl command failed."), e);
}
PerlRegEx r("error");
@@ -757,8 +789,11 @@
LOGIT_ERROR("openssl status:" << blocxx::String(status));
LOGIT_ERROR("openssl stderr:" << errOutput);
LOGIT_DEBUG("openssl stdout:" << stdOutput);
+
+ StringArray sa = errOutput.tokenize("\n\r");
+ String msg = (sa.empty()? "" : sa[0]);
BLOCXX_THROW(limal::RuntimeException,
- Format(__("Command returned '%1' : %2"), status, errOutput).c_str());
+ Format(__("openssl command failed: %1"), msg).c_str());
}
if(!errOutput.empty())
@@ -773,16 +808,16 @@
blocxx::String
OpenSSLUtils::verify(const blocxx::String &certFile,
- const blocxx::String &caPath,
- bool crlCheck,
- const blocxx::String &purpose)
+ const blocxx::String &caPath,
+ bool crlCheck,
+ const blocxx::String &purpose)
{
path::PathInfo pi(certFile);
if(!pi.exists() || !pi.isFile())
{
LOGIT_ERROR("No valid certificate file specified");
BLOCXX_THROW(limal::ValueException,
- __("No valid certificate file specified."));
+ __("No valid certificate file specified."));
}
pi.stat(caPath);
@@ -790,7 +825,7 @@
{
LOGIT_ERROR("No valid CA directory specified");
BLOCXX_THROW(limal::ValueException,
- __("No valid CA directory specified."));
+ __("No valid CA directory specified."));
}
blocxx::String debugCmd;
@@ -827,11 +862,13 @@
try
{
status = wrapExecuteProcessAndGatherOutput(cmd, stdOutput,
- errOutput, env);
+ errOutput, env);
}
catch(blocxx::Exception& e)
{
LOGIT_ERROR( "openssl exception:" << e);
+ BLOCXX_THROW_SUBEX(limal::RuntimeException,
+ __("Executing openssl command failed."), e);
}
StringArray lines = PerlRegEx("\n").split(stdOutput);
@@ -906,11 +943,13 @@
try
{
status = wrapExecuteProcessAndGatherOutput(cmd, stdOutput,
- errOutput, env);
+ errOutput, env);
}
catch(blocxx::Exception& e)
{
LOGIT_ERROR( "openssl exception:" << e);
+ BLOCXX_THROW_SUBEX(limal::RuntimeException,
+ __("Executing openssl command failed."), e);
}
StringArray lines = PerlRegEx("\n").split(errOutput);
@@ -934,21 +973,21 @@
}
}
LOGIT_ERROR(Format("Show certificate status with serial '%1' failed.(%2)",
- serial, status).toString());
+ serial, status).toString());
if(!errOutput.empty())
{
LOGIT_ERROR("openssl stderr:" << errOutput);
}
BLOCXX_THROW(limal::RuntimeException,
- Format(__("Showing certificate status with serial %1 failed (%2)."),
- serial, status).c_str());
+ Format(__("Showing certificate status with serial %1 failed (%2)."),
+ serial, status).c_str());
}
bool
OpenSSLUtils::checkKey(const blocxx::String &caName,
- const blocxx::String &password,
- const blocxx::String &certificateName,
- const blocxx::String &repository)
+ const blocxx::String &password,
+ const blocxx::String &certificateName,
+ const blocxx::String &repository)
{
String keyFile;
@@ -965,7 +1004,7 @@
{
LOGIT_ERROR("Can not parse certificate name");
BLOCXX_THROW(limal::RuntimeException,
- __("Cannot parse the certificate name."));
+ __("Cannot parse the certificate name."));
}
keyFile = repository + "/" + caName + "/keys/" + sa[1] + ".key";
@@ -976,7 +1015,7 @@
{
LOGIT_ERROR("Keyfile does not exist");
BLOCXX_THROW(limal::SystemException,
- __("The key file does not exist."));
+ __("The key file does not exist."));
}
blocxx::String debugCmd;
@@ -1003,11 +1042,13 @@
try
{
status = wrapExecuteProcessAndGatherOutput(cmd, stdOutput,
- errOutput, env);
+ errOutput, env);
}
catch(blocxx::Exception& e)
{
LOGIT_ERROR( "openssl exception:" << e);
+ BLOCXX_THROW_SUBEX(limal::RuntimeException,
+ __("Executing openssl command failed."), e);
}
if(status == 0)
{
@@ -1026,18 +1067,19 @@
limal::ByteBuffer
OpenSSLUtils::x509Convert(const ByteBuffer &certificate,
- FormatType inform,
- FormatType outform )
+ FormatType inform,
+ FormatType outform )
{
// FIXME: use tmp file
blocxx::String inFileName(::tempnam("/tmp/", "x509I"));
blocxx::String outFileName(::tempnam("/tmp/", "x509O"));
LocalManagement::writeFile(certificate, inFileName,
- false, 0600);
+ false, 0600);
blocxx::String debugCmd;
-
+ bool foundError = false;
+
debugCmd += limal::ca_mgm::OPENSSL_COMMAND + " ";
debugCmd += "x509 ";
debugCmd += "-nameopt ";
@@ -1084,41 +1126,57 @@
try
{
status = wrapExecuteProcessAndGatherOutput(cmd, stdOutput,
- errOutput, env);
+ errOutput, env);
}
catch(blocxx::Exception& e)
{
LOGIT_ERROR( "openssl exception:" << e);
+ path::removeFile(inFileName);
+ path::removeFile(outFileName);
+ BLOCXX_THROW_SUBEX(limal::RuntimeException,
+ __("Executing openssl command failed."), e);
}
if(status != 0)
{
LOGIT_INFO( "openssl status:" << blocxx::String(status));
+ foundError = true;
}
if(!errOutput.empty())
{
LOGIT_ERROR("openssl stderr:" << errOutput);
+ foundError = true;
}
if(!stdOutput.empty())
{
LOGIT_DEBUG("openssl stdout:" << stdOutput);
}
-
+
+ if(foundError)
+ {
+ path::removeFile(inFileName);
+ path::removeFile(outFileName);
+
+ StringArray sa = errOutput.tokenize("\n\r");
+ String msg = (sa.empty()? "" : sa[0]);
+ BLOCXX_THROW(limal::RuntimeException,
+ Format(__("openssl command failed: %1"), msg).c_str());
+ }
+
ByteBuffer out = LocalManagement::readFile(outFileName);
path::removeFile(inFileName);
path::removeFile(outFileName);
-
+
return out;
}
-
limal::ByteBuffer
OpenSSLUtils::rsaConvert(const ByteBuffer &key,
- FormatType inform,
- FormatType outform,
- const String &inPassword,
- const String &outPassword,
- const String &algorithm)
+ FormatType inform,
+ FormatType outform,
+ const String &inPassword,
+ const String &outPassword,
+ const String &algorithm)
{
// FIXME: use tmp file
blocxx::String inFileName(::tempnam("/tmp/", "keyIn"));
@@ -1126,9 +1184,10 @@
bool isInPassSet = false;
bool isOutPassSet = false;
-
+ bool foundError = false;
+
LocalManagement::writeFile(key, inFileName,
- false, 0600);
+ false, 0600);
blocxx::String debugCmd;
@@ -1201,15 +1260,20 @@
try
{
status = wrapExecuteProcessAndGatherOutput(cmd, stdOutput,
- errOutput, env);
+ errOutput, env);
}
catch(blocxx::Exception& e)
{
LOGIT_ERROR( "openssl exception:" << e);
+ path::removeFile(inFileName);
+ path::removeFile(outFileName);
+ BLOCXX_THROW_SUBEX(limal::RuntimeException,
+ __("Executing openssl command failed."), e);
}
if(status != 0)
{
LOGIT_INFO( "openssl status:" << blocxx::String(status));
+ foundError = true;
}
if(!errOutput.empty())
{
@@ -1217,6 +1281,7 @@
if(!PerlRegEx("^writing RSA key$").match(errOutput))
{
LOGIT_ERROR("openssl stderr:" << errOutput);
+ foundError = true;
}
else
{
@@ -1228,28 +1293,40 @@
LOGIT_DEBUG("openssl stdout:" << stdOutput);
}
- ByteBuffer out = LocalManagement::readFile(outFileName);
+ if(foundError)
+ {
+ path::removeFile(inFileName);
+ path::removeFile(outFileName);
+
+ StringArray sa = errOutput.tokenize("\n\r");
+ String msg = (sa.empty()? "" : sa[0]);
+ BLOCXX_THROW(limal::RuntimeException,
+ Format(__("openssl command failed: %1"),msg).c_str());
+ }
+ ByteBuffer out = LocalManagement::readFile(outFileName);
+
path::removeFile(inFileName);
path::removeFile(outFileName);
-
+
return out;
}
limal::ByteBuffer
OpenSSLUtils::crlConvert(const ByteBuffer &crl,
- FormatType inform,
- FormatType outform )
+ FormatType inform,
+ FormatType outform )
{
// FIXME: use tmp file
blocxx::String inFileName(::tempnam("/tmp/", "crlIn"));
blocxx::String outFileName(::tempnam("/tmp/", "crlOt"));
LocalManagement::writeFile(crl, inFileName,
- false, 0600);
+ false, 0600);
blocxx::String debugCmd;
-
+ bool foundError = false;
+
debugCmd += limal::ca_mgm::OPENSSL_COMMAND + " ";
debugCmd += "crl ";
debugCmd += "-in ";
@@ -1294,47 +1371,65 @@
try
{
status = wrapExecuteProcessAndGatherOutput(cmd, stdOutput,
- errOutput, env);
+ errOutput, env);
}
catch(blocxx::Exception& e)
{
LOGIT_ERROR( "openssl exception:" << e);
+ path::removeFile(inFileName);
+ path::removeFile(outFileName);
+ BLOCXX_THROW_SUBEX(limal::RuntimeException,
+ __("Executing openssl command failed."), e);
}
if(status != 0)
{
LOGIT_INFO( "openssl status:" << blocxx::String(status));
+ foundError = true;
}
if(!errOutput.empty())
{
LOGIT_ERROR("openssl stderr:" << errOutput);
+ foundError = true;
}
if(!stdOutput.empty())
{
LOGIT_DEBUG("openssl stdout:" << stdOutput);
}
+ if(foundError)
+ {
+ path::removeFile(inFileName);
+ path::removeFile(outFileName);
+
+ StringArray sa = errOutput.tokenize("\n\r");
+ String msg = (sa.empty()? "" : sa[0]);
+ BLOCXX_THROW(limal::RuntimeException,
+ Format(__("openssl command failed: %1"), msg).c_str());
+ }
+
ByteBuffer out = LocalManagement::readFile(outFileName);
path::removeFile(inFileName);
path::removeFile(outFileName);
-
+
return out;
}
limal::ByteBuffer
OpenSSLUtils::reqConvert(const ByteBuffer &req,
- FormatType inform,
- FormatType outform )
+ FormatType inform,
+ FormatType outform )
{
// FIXME: use tmp file
blocxx::String inFileName(::tempnam("/tmp/", "reqIn"));
blocxx::String outFileName(::tempnam("/tmp/", "reqOt"));
LocalManagement::writeFile(req, inFileName,
- false, 0600);
+ false, 0600);
blocxx::String debugCmd;
-
+ bool foundError = false;
+
debugCmd += limal::ca_mgm::OPENSSL_COMMAND + " ";
debugCmd += "req ";
debugCmd += "-in ";
@@ -1379,41 +1474,58 @@
try
{
status = wrapExecuteProcessAndGatherOutput(cmd, stdOutput,
- errOutput, env);
+ errOutput, env);
}
catch(blocxx::Exception& e)
{
LOGIT_ERROR( "openssl exception:" << e);
+ path::removeFile(inFileName);
+ path::removeFile(outFileName);
+ BLOCXX_THROW_SUBEX(limal::RuntimeException,
+ __("Executing openssl command failed."), e);
}
if(status != 0)
{
LOGIT_INFO( "openssl status:" << blocxx::String(status));
+ foundError = true;
}
if(!errOutput.empty())
{
LOGIT_ERROR("openssl stderr:" << errOutput);
+ foundError = true;
}
if(!stdOutput.empty())
{
LOGIT_DEBUG("openssl stdout:" << stdOutput);
}
+ if(foundError)
+ {
+ path::removeFile(inFileName);
+ path::removeFile(outFileName);
+
+ StringArray sa = errOutput.tokenize("\n\r");
+ String msg = (sa.empty()? "" : sa[0]);
+ BLOCXX_THROW(limal::RuntimeException,
+ Format(__("openssl command failed: %1"), msg).c_str());
+ }
+
ByteBuffer out = LocalManagement::readFile(outFileName);
path::removeFile(inFileName);
path::removeFile(outFileName);
-
+
return out;
}
limal::ByteBuffer
OpenSSLUtils::createPKCS12(const ByteBuffer &certificate,
- const ByteBuffer &key,
- const String &inPassword,
- const String &outPassword,
- const ByteBuffer &caCert,
- const String &caPath,
- bool withChain )
+ const ByteBuffer &key,
+ const String &inPassword,
+ const String &outPassword,
+ const ByteBuffer &caCert,
+ const String &caPath,
+ bool withChain )
{
// FIXME: use tmp file
blocxx::String inFileName1(::tempnam("/tmp/", "crtIn"));
@@ -1423,15 +1535,16 @@
bool isInPassSet = false;
bool isOutPassSet = false;
-
+ bool foundError = false;
+
LocalManagement::writeFile(certificate, inFileName1,
- false, 0600);
+ false, 0600);
LocalManagement::writeFile(key, inFileName2,
- false, 0600);
+ false, 0600);
if(!caCert.empty())
{
LocalManagement::writeFile(caCert, inFileName3,
- false, 0600);
+ false, 0600);
}
blocxx::String debugCmd;
@@ -1471,7 +1584,7 @@
{
LOGIT_ERROR("Out password is required");
BLOCXX_THROW(limal::ValueException,
- __("The password for encrypting the output is required."));
+ __("The password for encrypting the output is required."));
}
debugCmd += "-inkey ";
@@ -1508,25 +1621,52 @@
try
{
status = wrapExecuteProcessAndGatherOutput(cmd, stdOutput,
- errOutput, env);
+ errOutput, env);
}
catch(blocxx::Exception& e)
{
LOGIT_ERROR( "openssl exception:" << e);
+ path::removeFile(inFileName1);
+ path::removeFile(inFileName2);
+ if(!caCert.empty())
+ {
+ path::removeFile(inFileName3);
+ }
+ path::removeFile(outFileName);
+ BLOCXX_THROW_SUBEX(limal::RuntimeException,
+ __("Executing openssl command failed."), e);
}
if(status != 0)
{
LOGIT_INFO( "openssl status:" << blocxx::String(status));
+ foundError = true;
}
if(!errOutput.empty())
{
LOGIT_ERROR("openssl stderr:" << errOutput);
+ foundError = true;
}
if(!stdOutput.empty())
{
LOGIT_DEBUG("openssl stdout:" << stdOutput);
}
+ if(foundError)
+ {
+ path::removeFile(inFileName1);
+ path::removeFile(inFileName2);
+ if(!caCert.empty())
+ {
+ path::removeFile(inFileName3);
+ }
+ path::removeFile(outFileName);
+
+ StringArray sa = errOutput.tokenize("\n\r");
+ String msg = (sa.empty()? "" : sa[0]);
+ BLOCXX_THROW(limal::RuntimeException,
+ Format(__("openssl command failed: %1"), msg).c_str());
+ }
+
ByteBuffer out = LocalManagement::readFile(outFileName);
path::removeFile(inFileName1);
@@ -1542,9 +1682,9 @@
limal::ByteBuffer
OpenSSLUtils::pkcs12ToPEM(const ByteBuffer &pkcs12,
- const String &inPassword,
- const String &outPassword,
- const String &algorithm)
+ const String &inPassword,
+ const String &outPassword,
+ const String &algorithm)
{
// FIXME: use tmp file
blocxx::String inFileName(::tempnam("/tmp/", "p12In"));
@@ -1552,9 +1692,10 @@
bool isInPassSet = false;
bool isOutPassSet = false;
-
+ bool foundError = false;
+
LocalManagement::writeFile(pkcs12, inFileName,
- false, 0600);
+ false, 0600);
blocxx::String debugCmd;
@@ -1565,7 +1706,7 @@
debugCmd += "-out ";
debugCmd += outFileName + " ";
- // -nokeys?
+ // -nokeys?
if(!inPassword.empty())
{
@@ -1576,7 +1717,7 @@
{
LOGIT_ERROR("PKCS12 password is required");
BLOCXX_THROW(limal::ValueException,
- __("The PKCS12 password is required."));
+ __("The PKCS12 password is required."));
}
if(!outPassword.empty())
@@ -1614,15 +1755,20 @@
try
{
status = wrapExecuteProcessAndGatherOutput(cmd, stdOutput,
- errOutput, env);
+ errOutput, env);
}
catch(blocxx::Exception& e)
{
LOGIT_ERROR( "openssl exception:" << e);
+ path::removeFile(inFileName);
+ path::removeFile(outFileName);
+ BLOCXX_THROW_SUBEX(limal::RuntimeException,
+ __("Executing openssl command failed."), e);
}
if(status != 0)
{
LOGIT_INFO( "openssl status:" << blocxx::String(status));
+ foundError = true;
}
if(!errOutput.empty())
{
@@ -1630,6 +1776,7 @@
if(!PerlRegEx("^MAC verified OK$").match(errOutput))
{
LOGIT_ERROR("openssl stderr:" << errOutput);
+ foundError = true;
}
else
{
@@ -1641,11 +1788,22 @@
LOGIT_DEBUG("openssl stdout:" << stdOutput);
}
+ if(foundError)
+ {
+ path::removeFile(inFileName);
+ path::removeFile(outFileName);
+
+ StringArray sa = errOutput.tokenize("\n\r");
+ String msg = (sa.empty()? "" : sa[0]);
+ BLOCXX_THROW(limal::RuntimeException,
+ Format(__("openssl command failed: %1"), msg).c_str());
+ }
+
ByteBuffer out = LocalManagement::readFile(outFileName);
path::removeFile(inFileName);
path::removeFile(outFileName);
-
+
return out;
}
@@ -1660,10 +1818,10 @@
if(r != 0)
{
LOGIT_ERROR("Cannot read directory: " << repository <<
- "(" << System::errorMsg(r) << ") [" << r << "]");
+ "(" << System::errorMsg(r) << ") [" << r << "]");
BLOCXX_THROW(limal::SystemException,
- Format(__("Cannot read directory: %1 (%2) [%3]."),
- repository, System::errorMsg(r), r).c_str());
+ Format(__("Cannot read directory: %1 (%2) [%3]."),
+ repository, System::errorMsg(r), r).c_str());
}
tmpList.sort();
@@ -1712,16 +1870,16 @@
{
LOGIT_ERROR("No serial number found in " << serialFile);
BLOCXX_THROW(limal::RuntimeException,
- Format(__("No serial number found in %1."),
- serialFile).c_str());
+ Format(__("No serial number found in %1."),
+ serialFile).c_str());
}
}
void
OpenSSLUtils::addCAM(const String &caName,
- const String &md5,
- const String &dnString,
- const String &repository)
+ const String &md5,
+ const String &dnString,
+ const String &repository)
{
Array
participants (1)
-
mcalmer@svn.opensuse.org