To help troubleshooting the EnrollProfile has been modified to log the stack trace and chain the exception.
https://fedorahosted.org/pki/ticket/1654 -- Endi S. Dewata
>From 77b149c869a26ae2a09fafa2833a879fec4de666 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" <edew...@redhat.com> Date: Sat, 19 Mar 2016 03:06:25 +0100 Subject: [PATCH] Fixed exception handling in EnrollProfile. To help troubleshooting the EnrollProfile has been modified to log the stack trace and chain the exception. https://fedorahosted.org/pki/ticket/1654 --- .../certsrv/profile/EProfileException.java | 4 + .../netscape/cms/profile/common/EnrollProfile.java | 118 ++++++++++----------- 2 files changed, 63 insertions(+), 59 deletions(-) diff --git a/base/common/src/com/netscape/certsrv/profile/EProfileException.java b/base/common/src/com/netscape/certsrv/profile/EProfileException.java index 5ad254f74372365192167c6d08be09e20c64eb25..e3cd95b7d2adbfc2c803dd8141d6494952b9bdd1 100644 --- a/base/common/src/com/netscape/certsrv/profile/EProfileException.java +++ b/base/common/src/com/netscape/certsrv/profile/EProfileException.java @@ -48,4 +48,8 @@ public class EProfileException extends EBaseException { public EProfileException(String msg, Throwable cause) { super(msg, cause); } + + public EProfileException(Throwable cause) { + super(cause.getMessage(), cause); + } } diff --git a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java index 523e0117a55567d2f807dd3eb2e69c48d7eb7344..ef61218bd6402512532d2c3e720711dc265dba6f 100644 --- a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java +++ b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java @@ -30,29 +30,6 @@ import java.util.Enumeration; import java.util.Locale; import java.util.StringTokenizer; -import netscape.security.pkcs.PKCS10; -import netscape.security.pkcs.PKCS10Attribute; -import netscape.security.pkcs.PKCS10Attributes; -import netscape.security.pkcs.PKCS9Attribute; -import netscape.security.util.DerInputStream; -import netscape.security.util.DerOutputStream; -import netscape.security.util.DerValue; -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.AlgorithmId; -import netscape.security.x509.CertificateAlgorithmId; -import netscape.security.x509.CertificateExtensions; -import netscape.security.x509.CertificateIssuerName; -import netscape.security.x509.CertificateSerialNumber; -import netscape.security.x509.CertificateSubjectName; -import netscape.security.x509.CertificateValidity; -import netscape.security.x509.CertificateVersion; -import netscape.security.x509.CertificateX509Key; -import netscape.security.x509.Extension; -import netscape.security.x509.Extensions; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertInfo; -import netscape.security.x509.X509Key; - import org.mozilla.jss.CryptoManager; import org.mozilla.jss.asn1.ASN1Util; import org.mozilla.jss.asn1.ASN1Value; @@ -99,6 +76,29 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.cmsutil.util.HMACDigest; +import netscape.security.pkcs.PKCS10; +import netscape.security.pkcs.PKCS10Attribute; +import netscape.security.pkcs.PKCS10Attributes; +import netscape.security.pkcs.PKCS9Attribute; +import netscape.security.util.DerInputStream; +import netscape.security.util.DerOutputStream; +import netscape.security.util.DerValue; +import netscape.security.util.ObjectIdentifier; +import netscape.security.x509.AlgorithmId; +import netscape.security.x509.CertificateAlgorithmId; +import netscape.security.x509.CertificateExtensions; +import netscape.security.x509.CertificateIssuerName; +import netscape.security.x509.CertificateSerialNumber; +import netscape.security.x509.CertificateSubjectName; +import netscape.security.x509.CertificateValidity; +import netscape.security.x509.CertificateVersion; +import netscape.security.x509.CertificateX509Key; +import netscape.security.x509.Extension; +import netscape.security.x509.Extensions; +import netscape.security.x509.X500Name; +import netscape.security.x509.X509CertInfo; +import netscape.security.x509.X509Key; + /** * This class implements a generic enrollment profile. * @@ -249,8 +249,8 @@ public abstract class EnrollProfile extends BasicProfile new CertificateExtensions()); } catch (Exception e) { // throw exception - add key to template - CMS.debug("EnrollProfile: Building X509CertInfo - " + e.toString()); - throw new EProfileException(e.toString()); + CMS.debug(e); + throw new EProfileException(e); } req.setExtData(REQUEST_CERTINFO, info); } @@ -272,8 +272,7 @@ public abstract class EnrollProfile extends BasicProfile req.getRequestId().toString()); } catch (EBaseException e) { // raise exception - CMS.debug("EnrollProfile: create new enroll request " + - e.toString()); + CMS.debug(e); } return req; @@ -312,7 +311,7 @@ public abstract class EnrollProfile extends BasicProfile return sn.toString(); } catch (Exception e) { - CMS.debug("EnrollProfile: getRequestDN " + e.toString()); + CMS.debug(e); } return null; } @@ -343,7 +342,7 @@ public abstract class EnrollProfile extends BasicProfile queue.updateRequest(request); } catch (EBaseException e) { // save request to disk - CMS.debug("EnrollProfile: Update request " + e.toString()); + CMS.debug(e); } if (token == null) { @@ -353,7 +352,7 @@ public abstract class EnrollProfile extends BasicProfile try { queue.updateRequest(request); } catch (EBaseException e) { - CMS.debug("EnrollProfile: Update request (after validation) " + e.toString()); + CMS.debug(e); } throw new EDeferException("defer request"); @@ -463,9 +462,9 @@ public abstract class EnrollProfile extends BasicProfile return msgs; } catch (Exception e) { - CMS.debug("EnrollProfile: parseCMC " + e.toString()); + CMS.debug(e); throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"), e); } } @@ -692,7 +691,7 @@ public abstract class EnrollProfile extends BasicProfile cm = CryptoManager.getInstance(); if (sigver == true) { String tokenName = - CMS.getConfigStore().getString("ca.requestVerify.token", "internal"); + CMS.getConfigStore().getString("ca.requestVerify.token", "internal"); savedToken = cm.getThreadToken(); if (tokenName.equals("internal")) { signToken = cm.getInternalCryptoToken(); @@ -762,8 +761,9 @@ public abstract class EnrollProfile extends BasicProfile lraPop = (LraPopWitness) (ASN1Util.decode(LraPopWitness.getTemplate(), ASN1Util.encode(vals.elementAt(0)))); } catch (InvalidBERException e) { + CMS.debug(e); throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR")); + CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR"), e); } SEQUENCE bodyIds = lraPop.getBodyIds(); @@ -818,9 +818,9 @@ public abstract class EnrollProfile extends BasicProfile } return msgs; } catch (Exception e) { - CMS.debug("EnrollProfile: parseCRMF " + e.toString()); + CMS.debug(e); throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"), e); } } @@ -1005,16 +1005,16 @@ public abstract class EnrollProfile extends BasicProfile } } catch (IOException e) { - CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString()); + CMS.debug(e); throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"), e); } catch (InvalidKeyException e) { - CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString()); + CMS.debug(e); throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - // } catch (CertificateException e) { - // CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString()); - // throw new EProfileException(e.toString()); + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"), e); + // } catch (CertificateException e) { + // CMS.debug(e); + // throw new EProfileException(e); } } @@ -1061,9 +1061,9 @@ public abstract class EnrollProfile extends BasicProfile pkcs10 = new PKCS10(data, sigver); } } catch (Exception e) { - CMS.debug("EnrollProfile: parsePKCS10 " + e.toString()); + CMS.debug(e); throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"), e); } finally { if (sigver) { CMS.debug("EnrollProfile: parsePKCS10 restoring thread token"); @@ -1131,13 +1131,13 @@ public abstract class EnrollProfile extends BasicProfile CMS.debug("Finish parsePKCS10 - " + pkcs10.getSubjectName()); } catch (IOException e) { - CMS.debug("EnrollProfile: fillPKCS10 " + e.toString()); + CMS.debug(e); throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"), e); } catch (CertificateException e) { - CMS.debug("EnrollProfile: fillPKCS10 " + e.toString()); + CMS.debug(e); throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"), e); } } @@ -1161,9 +1161,9 @@ public abstract class EnrollProfile extends BasicProfile CMS.debug("EnrollPrifile: fillNSNKEY(): uid=" + sn); } catch (Exception e) { - CMS.debug("EnrollProfile: fillNSNKEY(): " + e.toString()); + CMS.debug(e); throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"), e); } } @@ -1185,9 +1185,9 @@ public abstract class EnrollProfile extends BasicProfile CMS.debug("EnrollPrifile: fillNSNKEY(): tokencuid=" + tcuid); } catch (Exception e) { - CMS.debug("EnrollProfile: fillNSHKEY(): " + e.toString()); + CMS.debug(e); throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"), e); } } @@ -1235,13 +1235,13 @@ public abstract class EnrollProfile extends BasicProfile req.setExtData(IEnrollProfile.REQUEST_KEY, certKeyOut.toByteArray()); info.set(X509CertInfo.KEY, certKey); } catch (IOException e) { - CMS.debug("EnrollProfile: fillKeyGen " + e.toString()); + CMS.debug(e); throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"), e); } catch (CertificateException e) { - CMS.debug("EnrollProfile: fillKeyGen " + e.toString()); + CMS.debug(e); throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"), e); } } @@ -1501,7 +1501,7 @@ public abstract class EnrollProfile extends BasicProfile audit(auditMessage); } catch (Exception e) { - CMS.debug("Failed POP verify! " + e.toString()); + CMS.debug(e); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -1512,7 +1512,7 @@ public abstract class EnrollProfile extends BasicProfile audit(auditMessage); throw new EProfileException(CMS.getUserMessage(locale, - "CMS_POP_VERIFICATION_ERROR")); + "CMS_POP_VERIFICATION_ERROR"), e); } } } -- 2.4.3
_______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel
