QPID-4554: correct use of 'ssl_keyfile' parameter in QPID tools

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1440543 13f79535-47bb-0310-9956-ffa450edef68

7 files changed, 29 insertions, 4 deletions

diff --git a/qpid/tools/src/py/qpid-cluster b/qpid/tools/src/py/qpid-cluster
index 7d800b52fb..d75a10f6e8 100755
--- a/qpid/tools/src/py/qpid-cluster
+++ b/qpid/tools/src/py/qpid-cluster
@@ -244,6 +244,7 @@ def main(argv=None):
         parser.add_option("-t", "--timeout", action="store", type="int", default=10, metavar="SECS", help="Maximum time to wait for broker connection (in seconds)")
         parser.add_option("--sasl-mechanism", action="store", type="string", metavar="<mech>", help="SASL mechanism for authentication (e.g. EXTERNAL, ANONYMOUS, PLAIN, CRAM-MD, DIGEST-MD5, GSSAPI). SASL automatically picks the most secure available mechanism - use this option to override.")
         parser.add_option("--ssl-certificate", action="store", type="string", metavar="<cert>", help="Client SSL certificate (PEM Format)")
+        parser.add_option("--ssl-key", action="store", type="string", metavar="<key>", help="Client SSL private key (PEM Format)")
         parser.add_option("-C", "--all-connections", action="store_true", default=False, help="View client connections to all cluster members")
         parser.add_option("-c", "--connections",  metavar="ID", help="View client connections to specified member")
         parser.add_option("-d", "--del-connection",  metavar="HOST:PORT", help="Disconnect a client connection")
@@ -280,6 +281,9 @@ def main(argv=None):
             if len(config._stopId.split(":")) != 2:
                 parser.error("Member ID must be of form: <host or ip>:<number>")
 
+        if opts.ssl_key and not opts.ssl_certificate:
+            parser.error("missing '--ssl-certificate' (required by '--ssl-key')")
+
         config._stopAll = opts.all_stop
         config._force = opts.force
         config._numeric = opts.numeric
@@ -289,6 +293,8 @@ def main(argv=None):
             conn_options['mechanisms'] = opts.sasl_mechanism
         if opts.ssl_certificate:
             conn_options['ssl_certfile'] = opts.ssl_certificate
+        if opts.ssl_key:
+            conn_options['ssl_keyfile'] = opts.ssl_key
 
         bm = BrokerManager(config, conn_options)
 
diff --git a/qpid/tools/src/py/qpid-config b/qpid/tools/src/py/qpid-config
index 3c5f1a1023..2bab892c95 100755
--- a/qpid/tools/src/py/qpid-config
+++ b/qpid/tools/src/py/qpid-config
@@ -317,7 +317,9 @@ def OptionsAndArguments(argv):
     if opts.ssl_certificate:
         conn_options['ssl_certfile'] = opts.ssl_certificate
     if opts.ssl_key:
-        conn_options['ssl_key'] = opts.ssl_key
+        if not opts.ssl_certificate:
+            parser.error("missing '--ssl-certificate' (required by '--ssl-key')")
+        conn_options['ssl_keyfile'] = opts.ssl_key
     if opts.ha_admin:
         conn_options['client_properties'] = {'qpid.ha-admin' : 1}
 
diff --git a/qpid/tools/src/py/qpid-ha b/qpid/tools/src/py/qpid-ha
index 5b701a1fb4..4414623855 100755
--- a/qpid/tools/src/py/qpid-ha
+++ b/qpid/tools/src/py/qpid-ha
@@ -61,7 +61,9 @@ class Command:
         if opts.ssl_certificate:
             conn_options['ssl_certfile'] = opts.ssl_certificate
         if opts.ssl_key:
-            conn_options['ssl_key'] = opts.ssl_key
+            if not opts.ssl_certificate:
+                self.op.error("missing '--ssl-certificate' (required by '--ssl-key')")
+            conn_options['ssl_keyfile'] = opts.ssl_key
         conn_options['client_properties'] = {'qpid.ha-admin' : 1}
 
         connection = Connection.establish(opts.broker, **conn_options)
diff --git a/qpid/tools/src/py/qpid-printevents b/qpid/tools/src/py/qpid-printevents
index d0e2ba9c49..71b5854f03 100755
--- a/qpid/tools/src/py/qpid-printevents
+++ b/qpid/tools/src/py/qpid-printevents
@@ -150,7 +150,9 @@ def main(argv=None):
   if options.ssl_certificate:
     conn_options['ssl_certfile'] = options.ssl_certificate
   if options.ssl_key:
-    conn_options['ssl_key'] = options.ssl_key
+    if not options.ssl_certificate:
+      p.error("missing '--ssl-certificate' (required by '--ssl-key')")
+    conn_options['ssl_keyfile'] = options.ssl_key
   if options.ha_admin:
     props['qpid.ha-admin'] = 1
   if options.heartbeats:
diff --git a/qpid/tools/src/py/qpid-queue-stats b/qpid/tools/src/py/qpid-queue-stats
index f68609aed8..5c5f60a816 100755
--- a/qpid/tools/src/py/qpid-queue-stats
+++ b/qpid/tools/src/py/qpid-queue-stats
@@ -127,6 +127,7 @@ def main(argv=None):
   p.add_option('--filter','-f' ,default=None ,help='a list of comma separated queue names (regex are accepted) to show')
   p.add_option("--sasl-mechanism", action="store", type="string", metavar="<mech>", help="SASL mechanism for authentication (e.g. EXTERNAL, ANONYMOUS, PLAIN, CRAM-MD, DIGEST-MD5, GSSAPI). SASL automatically picks the most secure available mechanism - use this option to override.")
   p.add_option("--ssl-certificate", action="store", type="string", metavar="<cert>", help="Client SSL certificate (PEM Format)")
+  p.add_option("--ssl-key", action="store", type="string", metavar="<key>", help="Client SSL private key (PEM Format)")
 
   options, arguments = p.parse_args(args=argv)
 
@@ -135,6 +136,10 @@ def main(argv=None):
     conn_options['mechanisms'] = options.sasl_mechanism
   if options.ssl_certificate:
     conn_options['ssl_certfile'] = options.ssl_certificate
+  if options.ssl_key:
+    if not options.ssl_certificate:
+      p.error("missing '--ssl-certificate' (required by '--ssl-key')")
+    conn_options['ssl_keyfile'] = options.ssl_key
 
   host = options.broker_address
   filter = []
diff --git a/qpid/tools/src/py/qpid-route b/qpid/tools/src/py/qpid-route
index 00c7c59189..7cf52e0a67 100755
--- a/qpid/tools/src/py/qpid-route
+++ b/qpid/tools/src/py/qpid-route
@@ -97,6 +97,7 @@ def OptionsAndArguments(argv):
 
     parser.add_option("--client-sasl-mechanism", action="store", type="string", metavar="<mech>", help="SASL mechanism for authentication (e.g. EXTERNAL, ANONYMOUS, PLAIN, CRAM-MD, DIGEST-MD5, GSSAPI). Used when the client connects to the destination broker (not for authentication between the source and destination brokers - that is specified using the [mechanisms] argument to 'add route'). SASL automatically picks the most secure available mechanism - use this option to override.")
     parser.add_option("--ssl-certificate", action="store", type="string", metavar="<cert>", help="Client SSL certificate (PEM Format)")
+    parser.add_option("--ssl-key", action="store", type="string", metavar="<key>", help="Client SSL private key (PEM Format)")
     parser.add_option("--ha-admin", action="store_true", help="Allow connection to a HA backup broker.")
     opts, encArgs = parser.parse_args(args=argv)
 
@@ -141,6 +142,11 @@ def OptionsAndArguments(argv):
     if opts.ssl_certificate:
         config._conn_options['ssl_certfile'] = opts.ssl_certificate
 
+    if opts.ssl_key:
+        if not opts.ssl_certificate:
+            parser.error("missing '--ssl-certificate' (required by '--ssl-key')")
+        config._conn_options['ssl_keyfile'] = opts.ssl_key
+
     return args
 
 
diff --git a/qpid/tools/src/py/qpid-stat b/qpid/tools/src/py/qpid-stat
index a448bb9881..00227a98b9 100755
--- a/qpid/tools/src/py/qpid-stat
+++ b/qpid/tools/src/py/qpid-stat
@@ -108,7 +108,9 @@ def OptionsAndArguments(argv):
     if opts.ssl_certificate:
         conn_options['ssl_certfile'] = opts.ssl_certificate
     if opts.ssl_key:
-        conn_options['ssl_key'] = opts.ssl_key
+        if not opts.ssl_certificate:
+            parser.error("missing '--ssl-certificate' (required by '--ssl-key')")
+        conn_options['ssl_keyfile'] = opts.ssl_key
     if opts.ha_admin:
         conn_options['client_properties'] = {'qpid.ha-admin' : 1}