To help troubleshooting some debug messages have been added into ConfigurationUtils.handleCerts().
https://fedorahosted.org/pki/ticket/2436 Pushed to master (10.4) under one-liner/trivial rule. -- Endi S. Dewata
>From 9aa6640e7e94a591343478ee806a6e6d4c9f81e8 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" <edew...@redhat.com> Date: Thu, 18 Aug 2016 05:40:25 +0200 Subject: [PATCH] Added debug messages for ConfigurationUtils.handleCerts(). To help troubleshooting some debug messages have been added into ConfigurationUtils.handleCerts(). https://fedorahosted.org/pki/ticket/2436 --- .../cms/servlet/csadmin/ConfigurationUtils.java | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index 34948822b593dd8bf03ff4db81a3d232c65da291..992ccc105047954b6f9be7847a43247711d8d1ee 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -3153,6 +3153,9 @@ public class ConfigurationUtils { String tokenname = config.getString("preop.module.token", ""); if (cert.getType().equals("local") && b64.equals("...certificate be generated internally...")) { + + CMS.debug("handleCerts(): processing local cert"); + String pubKeyType = config.getString(PCERT_PREFIX + certTag + ".keytype"); X509Key x509key = null; if (pubKeyType.equals("rsa")) { @@ -3177,24 +3180,33 @@ public class ConfigurationUtils { CMS.debug("handleCerts(): nickname=" + nickname); try { + CMS.debug("handleCerts(): deleting existing cert"); if (certTag.equals("sslserver") && findBootstrapServerCert()) deleteBootstrapServerCert(); if (findCertificate(tokenname, nickname)) deleteCert(tokenname, nickname); + + CMS.debug("handleCerts(): importing new cert"); if (certTag.equals("signing") && subsystem.equals("ca")) CryptoUtil.importUserCertificate(impl, nickname); else CryptoUtil.importUserCertificate(impl, nickname, false); CMS.debug("handleCerts(): cert imported for certTag '" + certTag + "'"); + } catch (Exception ee) { CMS.debug(ee); CMS.debug("handleCerts(): import certificate for certTag=" + certTag + " Exception: " + ee.toString()); } } + } else if (cert.getType().equals("remote")) { + + CMS.debug("handleCerts(): processing remote cert"); + if (b64 != null && b64.length() > 0 && !b64.startsWith("...")) { - CMS.debug("handleCerts(): process remote...import cert"); + + CMS.debug("handleCerts(): deleting existing cert"); String b64chain = cert.getCertChain(); try { @@ -3207,6 +3219,7 @@ public class ConfigurationUtils { CMS.debug("ConfigurationUtils: update (remote): deleteCert Exception=" + e.toString()); } + CMS.debug("handleCerts(): importing new cert"); b64 = CryptoUtil.stripCertBrackets(b64.trim()); String certs = CryptoUtil.normalizeCertStr(b64); byte[] certb = CryptoUtil.base64Decode(certs); @@ -3256,11 +3269,16 @@ public class ConfigurationUtils { CMS.debug("handleCerts(): b64 not set"); return 1; } + } else { + CMS.debug("handleCerts(): processing " + cert.getType() + " cert"); + b64 = CryptoUtil.stripCertBrackets(b64.trim()); String certs = CryptoUtil.normalizeCertStr(b64); byte[] certb = CryptoUtil.base64Decode(certs); X509CertImpl impl = new X509CertImpl(certb); + + CMS.debug("handleCerts(): deleting existing cert"); try { if (certTag.equals("sslserver") && findBootstrapServerCert()) deleteBootstrapServerCert(); @@ -3271,6 +3289,7 @@ public class ConfigurationUtils { CMS.debug("handleCerts(): deleteCert Exception=" + ee.toString()); } + CMS.debug("handleCerts(): importing new cert"); try { if (certTag.equals("signing") && subsystem.equals("ca")) CryptoUtil.importUserCertificate(impl, nickname); -- 2.5.5
_______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel