To help troubleshooting the CAEnrollProfile class has been modified to chain the original exceptions.
Pushed to master under trivial rule. -- Endi S. Dewata
>From 8592db4465c3957afebcabb1c9c1bf6c9cf97ab8 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" <edew...@redhat.com> Date: Thu, 2 Feb 2017 01:53:45 +0100 Subject: [PATCH] Troubleshooting improvements for CAEnrollProfile. To help troubleshooting the CAEnrollProfile class has been modified to chain the original exceptions. --- .../cms/profile/common/CAEnrollProfile.java | 31 +++++++++++++--------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/base/server/cms/src/com/netscape/cms/profile/common/CAEnrollProfile.java b/base/server/cms/src/com/netscape/cms/profile/common/CAEnrollProfile.java index 8c14e91767f6cc765413821da71b2c26d86f77d3..44c1245939974dfb5628418d3511bc9dc9eb9e48 100644 --- a/base/server/cms/src/com/netscape/cms/profile/common/CAEnrollProfile.java +++ b/base/server/cms/src/com/netscape/cms/profile/common/CAEnrollProfile.java @@ -19,10 +19,6 @@ package com.netscape.cms.profile.common; import java.util.Enumeration; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; - import org.mozilla.jss.pkix.crmf.PKIArchiveOptions; import com.netscape.certsrv.apps.CMS; @@ -41,6 +37,10 @@ import com.netscape.certsrv.profile.IProfileUpdater; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestStatus; +import netscape.security.x509.X500Name; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509CertInfo; + /** * This class implements a Certificate Manager enrollment * profile. @@ -53,7 +53,6 @@ public class CAEnrollProfile extends EnrollProfile { "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4"; public CAEnrollProfile() { - super(); } public IAuthority getAuthority() { @@ -93,8 +92,8 @@ public class CAEnrollProfile extends EnrollProfile { auditArchiveID = id.trim(); } - CMS.debug("CAEnrollProfile: execute reqId=" + - request.getRequestId().toString()); + CMS.debug("CAEnrollProfile: execute request ID " + id); + ICertificateAuthority ca = (ICertificateAuthority) getAuthority(); ICAService caService = (ICAService) ca.getCAService(); @@ -105,6 +104,7 @@ public class CAEnrollProfile extends EnrollProfile { // if PKI Archive Option present, send this request // to DRM byte optionsData[] = request.getExtDataInByteArray(REQUEST_ARCHIVE_OPTIONS); + // do not archive keys for renewal requests if ((optionsData != null) && (!request.getRequestType().equals(IRequest.RENEWAL_REQUEST))) { PKIArchiveOptions options = toPKIArchiveOptions(optionsData); @@ -166,7 +166,7 @@ public class CAEnrollProfile extends EnrollProfile { if (e instanceof ERejectException) { throw (ERejectException) e; } - CMS.debug("CAEnrollProfile: " + e.toString()); + CMS.debug("CAEnrollProfile: " + e); CMS.debug(e); auditMessage = CMS.getLogMessage( @@ -177,32 +177,36 @@ public class CAEnrollProfile extends EnrollProfile { auditArchiveID); audit(auditMessage); - throw new EProfileException(e.toString()); + throw new EProfileException(e); } } } + // process certificate issuance X509CertInfo info = request.getExtDataInCertInfo(REQUEST_CERTINFO); - X509CertImpl theCert = null; // #615460 - added audit log (transaction) SessionContext sc = SessionContext.getExistingContext(); sc.put("profileId", getId()); + String setId = request.getExtDataInString("profileSetId"); if (setId != null) { sc.put("profileSetId", setId); } + AuthorityID aid = null; String aidString = request.getExtDataInString(IRequest.AUTHORITY_ID); if (aidString != null) aid = new AuthorityID(aidString); + + X509CertImpl theCert; try { theCert = caService.issueX509Cert( aid, info, getId() /* profileId */, id /* requestId */); } catch (EBaseException e) { - CMS.debug(e.toString()); - - throw new EProfileException(e.toString()); + CMS.debug(e); + throw new EProfileException(e); } + request.setExtData(REQUEST_ISSUED_CERT, theCert); long endTime = CMS.getCurrentDate().getTime(); @@ -230,6 +234,7 @@ public class CAEnrollProfile extends EnrollProfile { } request.setRequestStatus(RequestStatus.COMPLETE); + // notifies updater plugins Enumeration<String> updaterIds = getProfileUpdaterIds(); while (updaterIds.hasMoreElements()) { -- 2.5.5
_______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel