tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CLI: Improve error handling for 'pki verify' command

This commit is contained in:
Michael Friedrich 2020-02-20 15:10:57 +01:00
parent e4e26d66a6
commit 12b6c1aab9
1 changed files with 61 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
lib/cli/pkiverifycommand.cpp
View File

@ -59,7 +59,15 @@ int PKIVerifyCommand::Run(const boost::program_options::variables_map& vm, const
/* Verify CN in certificate. */
if (!cn.IsEmpty() && !certFile.IsEmpty()) {
std::shared_ptr<X509> cert = GetX509Certificate(certFile);
std::shared_ptr<X509> cert;
try {
cert = GetX509Certificate(certFile);
} catch (const std::exception& ex) {
Log(LogCritical, "cli")
<< "Cannot read certificate file '" << certFile << "'. Please ensure that it exists and is readable.";
return ServiceCritical;
}
Log(LogInformation, "cli")
<< "Verifying common name (CN) '" << cn << " in certificate '" << certFile << "'.";
@ -83,8 +91,25 @@ int PKIVerifyCommand::Run(const boost::program_options::variables_map& vm, const
/* Verify certificate. */
if (!certFile.IsEmpty() && !caCertFile.IsEmpty()) {
std::shared_ptr<X509> cert = GetX509Certificate(certFile);
std::shared_ptr<X509> cacert = GetX509Certificate(caCertFile);
std::shared_ptr<X509> cert;
try {
cert = GetX509Certificate(certFile);
} catch (const std::exception& ex) {
Log(LogCritical, "cli")
<< "Cannot read certificate file '" << certFile << "'. Please ensure that it exists and is readable.";
return ServiceCritical;
}
std::shared_ptr<X509> cacert;
try {
cacert = GetX509Certificate(caCertFile);
} catch (const std::exception& ex) {
Log(LogCritical, "cli")
<< "Cannot read CA certificate file '" << caCertFile << "'. Please ensure that it exists and is readable.";
return ServiceCritical;
}
Log(LogInformation, "cli")
<< "Verifying certificate '" << certFile << "'";
@ -125,7 +150,15 @@ int PKIVerifyCommand::Run(const boost::program_options::variables_map& vm, const
/* Standalone CA checks. */
if (certFile.IsEmpty() && !caCertFile.IsEmpty()) {
std::shared_ptr<X509> cacert = GetX509Certificate(caCertFile);
std::shared_ptr<X509> cacert;
try {
cacert = GetX509Certificate(caCertFile);
} catch (const std::exception& ex) {
Log(LogCritical, "cli")
<< "Cannot read CA certificate file '" << caCertFile << "'. Please ensure that it exists and is readable.";
return ServiceCritical;
}
Log(LogInformation, "cli")
<< "Checking whether certificate '" << caCertFile << "' is a valid CA certificate.";
@ -147,7 +180,15 @@ int PKIVerifyCommand::Run(const boost::program_options::variables_map& vm, const
/* Print certificate */
if (!certFile.IsEmpty()) {
std::shared_ptr<X509> cert = GetX509Certificate(certFile);
std::shared_ptr<X509> cert;
try {
cert = GetX509Certificate(certFile);
} catch (const std::exception& ex) {
Log(LogCritical, "cli")
<< "Cannot read certificate file '" << certFile << "'. Please ensure that it exists and is readable.";
return ServiceCritical;
}
Log(LogInformation, "cli")
<< "Printing certificate '" << certFile << "'";
@ -157,5 +198,20 @@ int PKIVerifyCommand::Run(const boost::program_options::variables_map& vm, const
return ServiceOK;
}
/* Error handling. */
if (!cn.IsEmpty() && certFile.IsEmpty()) {
Log(LogCritical, "cli")
<< "The '--cn' parameter requires the '--cert' parameter.";
return ServiceCritical;
}
if (cn.IsEmpty() && certFile.IsEmpty() && caCertFile.IsEmpty()) {
Log(LogInformation, "cli")
<< "Please add the '--help' parameter to see all available options.";
return ServiceOK;
}
return ServiceOK;
}