[IMP] Catch errors

2024-05-07 22:24:05 +02:00
parent 1aa3c79ef7
commit 90bdb017de
1 changed files with 25 additions and 12 deletions
@@ -273,7 +273,6 @@ def create_openssl_intermediate(name, force=False,verbose=False):
                Printing.error('Error on generating Intermediate CA private key')
                retry = input('If you want to retry, press Y : ')
                if retry == "y" or retry == 'Y':
-                    os.remove(TisPKI.intermediate_ca_certfile(name))
                    os.remove(TisPKI.intermediate_ca_keyfile(name))
                    create_openssl_intermediate(name, force, verbose)
        else:
@@ -351,19 +350,33 @@ def generate_dc_certificate(dc_name=None, ca_name=None, force=False, verbose=Fal
            Printing.information(f'{dc_name} OpenSSL configfile is correctly generated !')

        Printing.information(f'Generate private key and CSR for {dc_name}')
-        print(subprocess.run(f"openssl req -new -addext 'subjectAltName = email:copy' -newkey rsa:4096 -keyout {dc_keyfile} \
-            -out {dc_csrfile} -config {dc_openssl_configfile}" , shell=True, check=True, executable='/bin/bash'))
+        gen_dc_key = subprocess.run(f"openssl req -new -addext 'subjectAltName = email:copy' -newkey rsa:4096 -keyout {dc_keyfile} \
+            -out {dc_csrfile} -config {dc_openssl_configfile}" , shell=True, check=False, executable='/bin/bash')

-        if os.path.isfile(dc_csrfile):
-            print(f'Sign certificate for {dc_name}')
-            print(subprocess.run(f'openssl ca -config {dc_openssl_configfile} -extensions usr_cert_mskdc \
-            -days 3650 -notext -md sha512 -create_serial -in {dc_csrfile} -out {dc_certfile}', shell=True, check=True, executable='/bin/bash'))
+        if gen_dc_key.returncode == 0:
+            if os.path.isfile(dc_csrfile):
+                Printing.information(f'Sign certificate for {dc_name}')
+                sign_dc_cert = subprocess.run(f'openssl ca -config {dc_openssl_configfile} -extensions usr_cert_mskdc \
+                -days 3650 -notext -md sha512 -create_serial -in {dc_csrfile} -out {dc_certfile}', shell=True, check=False, executable='/bin/bash')

-        if os.path.isfile(dc_certfile):
-            print('Concatenation of DC and Root cert')
-            subprocess.run(f'cat {dc_certfile} {TisPKI.root_ca_certfile()} > {dc_certfile}_full',shell=True)
-            Printing.success(f'Certificat is stored in : {dc_certfile}')
-            Printing.success(f'Key is stored in : {dc_keyfile}')
+                if sign_dc_cert.returncode == 0:
+                    if os.path.isfile(dc_certfile):
+                        print('Concatenation of DC and Root cert')
+                        subprocess.run(f'cat {dc_certfile} {TisPKI.root_ca_certfile()} > {dc_certfile}_full',shell=True)
+                        Printing.success(f'Certificat is stored in : {dc_certfile}')
+                        Printing.success(f'Key is stored in : {dc_keyfile}')
+                else:
+                    Printing.error('Error on sign Domain Controler certificate')
+                    retry = input('If you want to retry, press Y : ')
+                    if retry == "y" or retry == 'Y':
+                        os.remove(dc_keyfile)
+                        generate_dc_certificate(dc_name, ca_name, force, verbose)
+        else:
+            Printing.error('Error on generating Domain Controler private key')
+            retry = input('If you want to retry, press Y : ')
+            if retry == "y" or retry == 'Y':
+                os.remove(dc_keyfile)
+                generate_dc_certificate(dc_name, ca_name, force, verbose)


 def generate_user_certificate():