From 12b6c1aab91f01a1d057664abbf62616e9b5228b Mon Sep 17 00:00:00 2001 From: Michael Friedrich Date: Thu, 20 Feb 2020 15:10:57 +0100 Subject: [PATCH] CLI: Improve error handling for 'pki verify' command --- lib/cli/pkiverifycommand.cpp | 66 +++++++++++++++++++++++++++++++++--- 1 file changed, 61 insertions(+), 5 deletions(-) diff --git a/lib/cli/pkiverifycommand.cpp b/lib/cli/pkiverifycommand.cpp index 2c1893c7c..d22d49d91 100644 --- a/lib/cli/pkiverifycommand.cpp +++ b/lib/cli/pkiverifycommand.cpp @@ -59,7 +59,15 @@ int PKIVerifyCommand::Run(const boost::program_options::variables_map& vm, const /* Verify CN in certificate. */ if (!cn.IsEmpty() && !certFile.IsEmpty()) { - std::shared_ptr cert = GetX509Certificate(certFile); + std::shared_ptr cert; + try { + cert = GetX509Certificate(certFile); + } catch (const std::exception& ex) { + Log(LogCritical, "cli") + << "Cannot read certificate file '" << certFile << "'. Please ensure that it exists and is readable."; + + return ServiceCritical; + } Log(LogInformation, "cli") << "Verifying common name (CN) '" << cn << " in certificate '" << certFile << "'."; @@ -83,8 +91,25 @@ int PKIVerifyCommand::Run(const boost::program_options::variables_map& vm, const /* Verify certificate. */ if (!certFile.IsEmpty() && !caCertFile.IsEmpty()) { - std::shared_ptr cert = GetX509Certificate(certFile); - std::shared_ptr cacert = GetX509Certificate(caCertFile); + std::shared_ptr cert; + try { + cert = GetX509Certificate(certFile); + } catch (const std::exception& ex) { + Log(LogCritical, "cli") + << "Cannot read certificate file '" << certFile << "'. Please ensure that it exists and is readable."; + + return ServiceCritical; + } + + std::shared_ptr cacert; + try { + cacert = GetX509Certificate(caCertFile); + } catch (const std::exception& ex) { + Log(LogCritical, "cli") + << "Cannot read CA certificate file '" << caCertFile << "'. Please ensure that it exists and is readable."; + + return ServiceCritical; + } Log(LogInformation, "cli") << "Verifying certificate '" << certFile << "'"; @@ -125,7 +150,15 @@ int PKIVerifyCommand::Run(const boost::program_options::variables_map& vm, const /* Standalone CA checks. */ if (certFile.IsEmpty() && !caCertFile.IsEmpty()) { - std::shared_ptr cacert = GetX509Certificate(caCertFile); + std::shared_ptr cacert; + try { + cacert = GetX509Certificate(caCertFile); + } catch (const std::exception& ex) { + Log(LogCritical, "cli") + << "Cannot read CA certificate file '" << caCertFile << "'. Please ensure that it exists and is readable."; + + return ServiceCritical; + } Log(LogInformation, "cli") << "Checking whether certificate '" << caCertFile << "' is a valid CA certificate."; @@ -147,7 +180,15 @@ int PKIVerifyCommand::Run(const boost::program_options::variables_map& vm, const /* Print certificate */ if (!certFile.IsEmpty()) { - std::shared_ptr cert = GetX509Certificate(certFile); + std::shared_ptr cert; + try { + cert = GetX509Certificate(certFile); + } catch (const std::exception& ex) { + Log(LogCritical, "cli") + << "Cannot read certificate file '" << certFile << "'. Please ensure that it exists and is readable."; + + return ServiceCritical; + } Log(LogInformation, "cli") << "Printing certificate '" << certFile << "'"; @@ -157,5 +198,20 @@ int PKIVerifyCommand::Run(const boost::program_options::variables_map& vm, const return ServiceOK; } + /* Error handling. */ + if (!cn.IsEmpty() && certFile.IsEmpty()) { + Log(LogCritical, "cli") + << "The '--cn' parameter requires the '--cert' parameter."; + + return ServiceCritical; + } + + if (cn.IsEmpty() && certFile.IsEmpty() && caCertFile.IsEmpty()) { + Log(LogInformation, "cli") + << "Please add the '--help' parameter to see all available options."; + + return ServiceOK; + } + return ServiceOK; }