Cli: Catch ssl errors in pki request command

fixes #7426
2014-10-23 16:07:48 +02:00 · 2014-10-23 16:07:48 +02:00 · 339d0604e1
parent e80fd0fbfa
commit 339d0604e1
4 changed files with 39 additions and 9 deletions
--- a/lib/cli/pkiutility.cpp
+++ b/lib/cli/pkiutility.cpp
@ -173,16 +173,46 @@ int PkiUtility::RequestCertificate(const String& host, const String& port, const
 {
 	TcpSocket::Ptr client = make_shared<TcpSocket>();

-	client->Connect(host, port);
+	try {
+		client->Connect(host, port);
+	} catch (const std::exception& ex) {
+		Log(LogCritical, "cli")
+		    << "Cannot connect to host '" << host << "' on port '" << port << "'";
+		Log(LogDebug, "cli")
+		    << "Cannot connect to host '" << host << "' on port '" << port << "':\n" << DiagnosticInformation(ex);
+		return 1;
+	}

-	shared_ptr<SSL_CTX> sslContext = MakeSSLContext(certfile, keyfile);
+	shared_ptr<SSL_CTX> sslContext = make_shared<SSL_CTX>();
+
+	try {
+		sslContext = MakeSSLContext(certfile, keyfile);
+	} catch (const std::exception& ex) {
+		Log(LogCritical, "cli")
+                    << "Cannot make SSL context for cert path: '" << certfile << "' key path: '" << keyfile << "' ca path: '" << cafile << "'.";
+		return 1;
+	}

 	TlsStream::Ptr stream = make_shared<TlsStream>(client, RoleClient, sslContext);

-	stream->Handshake();
+	try {
+		stream->Handshake();
+	} catch (const std::exception&) {
+		Log(LogCritical, "cli", "Client TLS handshake failed.");
+		return 1;
+	}

 	shared_ptr<X509> peerCert = stream->GetPeerCertificate();
-	shared_ptr<X509> trustedCert = GetX509Certificate(trustedfile);
+
+	shared_ptr<X509> trustedCert = make_shared<X509>();
+
+	try {
+		trustedCert = GetX509Certificate(trustedfile);
+	} catch (const std::exception&) {
+		Log(LogCritical, "cli")
+                    << "Cannot get trusted from cert path: '" << trustedfile << "'.";
+		return 1;
+	}

 	if (CertificateToString(peerCert) != CertificateToString(trustedCert)) {
 		Log(LogCritical, "cli", "Peer certificate does not match trusted certificate.");
--- a/lib/cli/repositorycommitcommand.cpp
+++ b/lib/cli/repositorycommitcommand.cpp
@ -59,7 +59,7 @@ void RepositoryCommitCommand::InitParameters(boost::program_options::options_des
 }

 /**
- * The entry point for the "object list" CLI command.
+ * The entry point for the "repository commit" CLI command.
 *
 * @returns An exit status.
 */
--- a/lib/cli/repositorycommitcommand.hpp
+++ b/lib/cli/repositorycommitcommand.hpp
@ -29,7 +29,7 @@ namespace icinga
 {

 /**
- * The "object list" command.
+ * The "repository commit" command.
 *
 * @ingroup cli
 */
--- a/lib/cli/repositoryobjectcommand.cpp
+++ b/lib/cli/repositoryobjectcommand.cpp
@ -142,7 +142,7 @@ int RepositoryObjectCommand::Run(const boost::program_options::variables_map& vm
 {
 	if (ap.empty()) {
 		Log(LogCritical, "cli")
-		    << "No object name given. Bailing out.\n";
+		    << "No object name given. Bailing out.";
 		return 1;
 	}

@ -157,9 +157,9 @@ int RepositoryObjectCommand::Run(const boost::program_options::variables_map& vm
 	BOOST_FOREACH(const String& kv, attrs) {
 		boost::algorithm::split(tokens, kv, boost::is_any_of("="));

-		if (tokens.size() == 2)
+		if (tokens.size() == 2) {
 			attr->Set(tokens[0], tokens[1]);
-		else
+		} else
 			Log(LogWarning, "cli")
 			    << "Cannot parse passed attributes for object '" << name << "': " << boost::algorithm::join(tokens, "=");
 	}