fix terminal messages and ignore leading and trailing whitespaces

slobodanadamovic · slobodanadamovic · commit c0f66f3600e3 · 2025-04-07T12:55:10.000+02:00
diff --git a/x-pack/plugin/security/cli/src/main/java/org/elasticsearch/xpack/security/cli/CertGenUtils.java b/x-pack/plugin/security/cli/src/main/java/org/elasticsearch/xpack/security/cli/CertGenUtils.java
@@ -55,11 +55,13 @@
 import java.time.ZoneOffset;
 import java.time.ZonedDateTime;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.Locale;
 import java.util.Map;
 import java.util.Objects;
 import java.util.Set;
+import java.util.TreeMap;
 
 import javax.net.ssl.X509ExtendedKeyManager;
 import javax.net.ssl.X509ExtendedTrustManager;
@@ -79,25 +81,29 @@ public class CertGenUtils {
     /**
      * The mapping of key usage names to their corresponding integer values as defined in {@code KeyUsage} class.
      */
-    public static final Map<String, Integer> KEY_USAGE_MAPPINGS = Map.of(
-        "digitalSignature",
-        KeyUsage.digitalSignature,
-        "nonRepudiation",
-        KeyUsage.nonRepudiation,
-        "keyEncipherment",
-        KeyUsage.keyEncipherment,
-        "dataEncipherment",
-        KeyUsage.dataEncipherment,
-        "keyAgreement",
-        KeyUsage.keyAgreement,
-        "keyCertSign",
-        KeyUsage.keyCertSign,
-        "cRLSign",
-        KeyUsage.cRLSign,
-        "encipherOnly",
-        KeyUsage.encipherOnly,
-        "decipherOnly",
-        KeyUsage.decipherOnly
+    public static final Map<String, Integer> KEY_USAGE_MAPPINGS = Collections.unmodifiableMap(
+        new TreeMap<>(
+            Map.of(
+                "digitalSignature",
+                KeyUsage.digitalSignature,
+                "nonRepudiation",
+                KeyUsage.nonRepudiation,
+                "keyEncipherment",
+                KeyUsage.keyEncipherment,
+                "dataEncipherment",
+                KeyUsage.dataEncipherment,
+                "keyAgreement",
+                KeyUsage.keyAgreement,
+                "keyCertSign",
+                KeyUsage.keyCertSign,
+                "cRLSign",
+                KeyUsage.cRLSign,
+                "encipherOnly",
+                KeyUsage.encipherOnly,
+                "decipherOnly",
+                KeyUsage.decipherOnly
+            )
+        )
     );
 
     /**
diff --git a/x-pack/plugin/security/cli/src/main/java/org/elasticsearch/xpack/security/cli/HttpCertificateCommand.java b/x-pack/plugin/security/cli/src/main/java/org/elasticsearch/xpack/security/cli/HttpCertificateCommand.java
@@ -69,6 +69,7 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
@@ -757,11 +758,12 @@ private CertOptions getCertificateConfiguration(
 
             printHeader("What key usage should your certificate have?", terminal);
             terminal.println("The key usage extension defines the purpose of the key contained in the certificate.");
-            terminal.println(
-                "The usage restriction might be employed when a key, that could be used for more than one operation, is to be restricted."
-            );
+            terminal.println("The usage restriction might be employed when a key, that could be used for more than ");
+            terminal.println("one operation, is to be restricted.");
             terminal.println("You may enter the key usage as a comma-delimited list of following values: ");
-            terminal.println(" - " + CertGenUtils.KEY_USAGE_MAPPINGS.keySet().stream().sorted());
+            for (String keyUsageName : CertGenUtils.KEY_USAGE_MAPPINGS.keySet()) {
+                terminal.println(" - " + keyUsageName);
+            }
             terminal.println("");
 
             keyUsage = readKeyUsage(terminal, keyUsage);
@@ -939,11 +941,12 @@ private CertificateTool.CAInfo createNewCA(Terminal terminal) {
 
             printHeader("What key usage should your CA have?", terminal);
             terminal.println("The key usage extension defines the purpose of the key contained in the certificate.");
-            terminal.println(
-                "The usage restriction might be employed when a key, that could be used for more than one operation, is to be restricted."
-            );
+            terminal.println("The usage restriction might be employed when a key, that could be used for more than ");
+            terminal.println("one operation, is to be restricted.");
             terminal.println("You may enter the key usage as a comma-delimited list of following values: ");
-            terminal.println(" - " + CertGenUtils.KEY_USAGE_MAPPINGS.keySet().stream().sorted());
+            for (String keyUsageName : CertGenUtils.KEY_USAGE_MAPPINGS.keySet()) {
+                terminal.println(" - " + keyUsageName);
+            }
             terminal.println("");
 
             keyUsage = readKeyUsage(terminal, keyUsage);
@@ -1040,6 +1043,7 @@ private static List<String> readKeyUsage(Terminal terminal, List<String> default
             final String[] keyUsages = input.split(",");
             final List<String> resolvedKeyUsages = new ArrayList<>(keyUsages.length);
             for (String keyUsage : keyUsages) {
+                keyUsage = keyUsage.trim();
                 if (keyUsage.isEmpty()) {
                     terminal.println("Key usage cannot be empty");
                     return null;
@@ -1053,7 +1057,7 @@ private static List<String> readKeyUsage(Terminal terminal, List<String> default
                 }
                 resolvedKeyUsages.add(keyUsage);
             }
-            return resolvedKeyUsages;
+            return Collections.unmodifiableList(resolvedKeyUsages);
         });
     }
 
