Ticket #2271 Part2:TMS:removing/reducing debug log printout of data
This patch comments out unneeded data in TMS debug logs (TPS&TKS);
It reduces the size of the debug logs by a lot.
Note that for ease of later development debugging, the debug lines
are commented out instead of being removed
Testing was done in
* formatting
* formatting with key upgrade
* enrollment with server side key generation
* enrollment
* enrollment with key recovery
thanks,
Christina
>From 9cc6e1214b50f5da1d5fcc39f8f7e47853c00585 Mon Sep 17 00:00:00 2001
From: Christina Fu <[email protected]>
Date: Thu, 2 Jun 2016 16:47:24 -0700
Subject: [PATCH] Ticket #2271 Part2:TMS:removing/reducing debug log printout
of data This patch comments out unneeded data in TMS debug logs (TPS&TKS); It
reduces the size of the debug logs by a lot. Note that for ease of later
development debugging, the debug lines are commented out instead of being
removed
---
.../src/org/dogtagpki/tps/TPSConnection.java | 17 +++-
base/common/src/org/dogtagpki/tps/main/Util.java | 2 +-
.../src/org/dogtagpki/tps/msg/TPSMessage.java | 17 +++-
.../com/netscape/kra/TokenKeyRecoveryService.java | 6 +-
.../com/netscape/cms/servlet/base/CMSServlet.java | 6 +-
.../cms/src/com/netscape/cms/servlet/tks/KDF.java | 2 +-
.../cms/servlet/tks/SecureChannelProtocol.java | 32 ++++---
.../com/netscape/cms/servlet/tks/TokenServlet.java | 16 ++--
.../netscape/cmscore/connector/HttpConnection.java | 2 +-
.../cmscore/logging/SignedAuditEventFactory.java | 3 +-
.../src/org/dogtagpki/server/tps/TPSSession.java | 5 +-
.../server/tps/channel/SecureChannel.java | 26 ++++--
.../server/tps/cms/CARemoteRequestHandler.java | 37 ++++----
.../server/tps/cms/KRARemoteRequestHandler.java | 8 +-
.../server/tps/cms/RemoteRequestHandler.java | 5 +-
.../server/tps/cms/TKSRemoteRequestHandler.java | 42 +++++----
.../org/dogtagpki/server/tps/main/PKCS11Obj.java | 8 +-
.../server/tps/processor/EnrolledCertsInfo.java | 3 +-
.../server/tps/processor/TPSEnrollProcessor.java | 101 ++++++++++++---------
.../server/tps/processor/TPSProcessor.java | 28 ++++--
20 files changed, 232 insertions(+), 134 deletions(-)
diff --git a/base/common/src/org/dogtagpki/tps/TPSConnection.java b/base/common/src/org/dogtagpki/tps/TPSConnection.java
index d93827775655eb880ad94d0e6d928915c6395cc4..c5a971edd5b4bf8073de1cb23de8eefd72f9e0b8 100644
--- a/base/common/src/org/dogtagpki/tps/TPSConnection.java
+++ b/base/common/src/org/dogtagpki/tps/TPSConnection.java
@@ -46,7 +46,7 @@ public class TPSConnection {
}
public TPSMessage read() throws IOException {
- CMS.debug("TPSMessage read()");
+ CMS.debug("TPSConnection read()");
StringBuilder sb = new StringBuilder();
int b;
@@ -80,7 +80,10 @@ public class TPSConnection {
sb.append(c);
}
- CMS.debug("TPSMessage.read: Reading: " + sb.toString());
+ if (size <= 38) // for pdu_data size is 2 and only contains status
+ CMS.debug("TPSConnection.read: Reading: " + sb.toString());
+ else
+ CMS.debug("TPSConnection.read: Reading...");
// parse the entire message
return TPSMessage.createMessage(sb.toString());
@@ -89,7 +92,15 @@ public class TPSConnection {
public void write(TPSMessage message) throws IOException {
String s = message.encode();
- CMS.debug("TPSMessage.write: Writing: " + s);
+ // don't print the pdu_data
+ int idx = s.lastIndexOf("pdu_data=");
+ String toDebug = null;
+ if (idx == -1)
+ CMS.debug("TPSConnection.write: Writing: " + s);
+ else {
+ toDebug = s.substring(0, idx-1);
+ CMS.debug("TPSConnection.write: Writing: " + toDebug + "pdu_data=<do not print>");
+ }
// send message
out.print(s);
diff --git a/base/common/src/org/dogtagpki/tps/main/Util.java b/base/common/src/org/dogtagpki/tps/main/Util.java
index 2973bb8ec254232eaae8ca4a7b824521ab406dbe..b212478d7592bc6e1706dee429a1a650024fcbeb 100644
--- a/base/common/src/org/dogtagpki/tps/main/Util.java
+++ b/base/common/src/org/dogtagpki/tps/main/Util.java
@@ -432,7 +432,7 @@ public class Util {
throw new EBaseException("Util.encryptData: called with no sym key or no data!");
}
- CMS.debug("Util.encryptData: dataToEnc: " + dataToEnc.toHexString());
+ //CMS.debug("Util.encryptData: dataToEnc: " + dataToEnc.toHexString());
CryptoToken token = null;
try {
diff --git a/base/common/src/org/dogtagpki/tps/msg/TPSMessage.java b/base/common/src/org/dogtagpki/tps/msg/TPSMessage.java
index f622b9b4dffd6fd1bd72ad8b56df49b095f258fa..c7ad7f7c35e0fc3391d368bc6f86d92cdd295ab3 100644
--- a/base/common/src/org/dogtagpki/tps/msg/TPSMessage.java
+++ b/base/common/src/org/dogtagpki/tps/msg/TPSMessage.java
@@ -510,7 +510,22 @@ public class TPSMessage {
public static TPSMessage createMessage(String message) throws IOException {
- CMS.debug("TPSMessage.createMessage: message: " + message);
+ // don't print the pdu_data
+ int idx1 = message.lastIndexOf("pdu_data=");
+ int idx2 = message.lastIndexOf("pdu_size=");
+ String toDebug1 = null;
+ String toDebug2 = null;
+ if (idx1 == -1)
+ CMS.debug("TPSMessage.createMessage: message: " + message);
+ else {
+ toDebug1 = message.substring(0, idx1-1);
+ if (idx2 == -1)
+ CMS.debug("TPSMessage.createMessage: message: " + toDebug1 + "pdu_data=<do not print>...");
+ else {
+ toDebug2 = message.substring(idx2-1);
+ CMS.debug("TPSMessage.createMessage: message: " + toDebug1 + "&pdu_data=<do not print>"+ toDebug2);
+ }
+ }
TPSMessage new_msg = new TPSMessage(message);
diff --git a/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java b/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java
index c7c5ecbe4f60400092bee95e0b5d15ee120b2f2e..f7ba929797e619f61adf78aeebccfd4ad298d905 100644
--- a/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java
+++ b/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java
@@ -263,6 +263,7 @@ public class TokenKeyRecoveryService implements IService {
auditSubjectID = rCUID + ":" + rUserid;
//CMS.debug("TokenKeyRecoveryService: received DRM-trans-wrapped des key =" + rWrappedDesKeyString);
+ CMS.debug("TokenKeyRecoveryService: received DRM-trans-wrapped des key");
wrapped_des_key = com.netscape.cmsutil.util.Utils.SpecialDecode(rWrappedDesKeyString);
CMS.debug("TokenKeyRecoveryService: wrapped_des_key specialDecoded");
@@ -588,8 +589,9 @@ public class TokenKeyRecoveryService implements IService {
audit(auditMessage);
return false;
} else {
- CMS.debug("TokenKeyRecoveryService: got publicKeyData b64 = " +
- PubKey);
+ //CMS.debug("TokenKeyRecoveryService: got publicKeyData b64 = " +
+ // PubKey);
+ CMS.debug("TokenKeyRecoveryService: got publicKeyData");
}
request.setExtData("public_key", PubKey);
auditMessage = CMS.getLogMessage(
diff --git a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java
index ba7ce5720424d8fb7f620457d6628d975df59d49..99d18bbcbe1647454f05ba37db76291b5e657289 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java
@@ -420,7 +420,11 @@ public abstract class CMSServlet extends HttpServlet {
pn.equalsIgnoreCase("pwd") ||
pn.equalsIgnoreCase("pwdagain") ||
pn.startsWith("p12Password") ||
- pn.equalsIgnoreCase("uPasswd")) {
+ pn.equalsIgnoreCase("uPasswd") ||
+ pn.equalsIgnoreCase("host_challenge") ||
+ pn.equalsIgnoreCase("card_challenge") ||
+ pn.equalsIgnoreCase("card_cryptogram") ||
+ pn.equalsIgnoreCase("drm_trans_desKey")) {
CMS.debug("CMSServlet::service() param name='" + pn +
"' value='(sensitive)'");
} else {
diff --git a/base/server/cms/src/com/netscape/cms/servlet/tks/KDF.java b/base/server/cms/src/com/netscape/cms/servlet/tks/KDF.java
index f8a5b1f6a28cd5027ca59a8d3cf59a4558ada399..0407e2934da59d714c031fe4d49140c336224b93 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/tks/KDF.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/tks/KDF.java
@@ -115,7 +115,7 @@ public class KDF {
}
- CMS.debug("desKey: len: " + desKey.length);
+ CMS.debug(method + "desKey: len: " + desKey.length);
return desKey;
}
diff --git a/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java b/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java
index 83dd93c6efbff11e7f8c299143d9ae911aff9905..7dab14045646ef1095c3eef934ad054244a3d093 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java
@@ -583,7 +583,8 @@ public class SecureChannelProtocol {
}
}
- CMS.debug(method + "Returning symkey: " + unwrapped);
+ //CMS.debug(method + "Returning symkey: " + unwrapped);
+ CMS.debug(method + "Returning symkey...");
return unwrapped;
}
@@ -624,7 +625,8 @@ public class SecureChannelProtocol {
throw new EBaseException(e);
}
- CMS.debug(method + "Returning symkey: " + unwrapped);
+ //CMS.debug(method + "Returning symkey: " + unwrapped);
+ CMS.debug(method + "Returning symkey...");
return finalUnwrapped;
}
@@ -857,7 +859,8 @@ public class SecureChannelProtocol {
SymmetricKey extracted8 = extract8.derive();
- CMS.debug(method + " extracted8 key: " + extracted8);
+ //CMS.debug(method + " extracted8 key: " + extracted8);
+ CMS.debug(method + " extracted8 key");
SymmetricKeyDeriver concat = token.getSymmetricKeyDeriver();
concat.initDerive(
@@ -943,7 +946,8 @@ public class SecureChannelProtocol {
throw new EBaseException(e);
}
- CMS.debug(method + " About to return session key: " + wrappedSessKeyData);
+ //CMS.debug(method + " About to return session key: " + wrappedSessKeyData);
+ CMS.debug(method + " returning session key");
return wrappedSessKeyData;
@@ -962,14 +966,15 @@ public class SecureChannelProtocol {
try {
CryptoManager cm = this.getCryptoManger();
CryptoToken token = returnTokenByName(selectedToken, cm);
- CMS.debug("desKey: owning token: " + desKey.getOwningToken().getName());
- CMS.debug("desKey: current token: " + token.getName());
+ CMS.debug(method + "desKey: owning token: " + desKey.getOwningToken().getName());
+ CMS.debug(method + "desKey: current token: " + token.getName());
Cipher encryptor = token.getCipherContext(EncryptionAlgorithm.DES3_ECB);
- CMS.debug("got encryptor");
+ CMS.debug(method + "got encryptor");
encryptor.initEncrypt(desKey);
- CMS.debug("done initEncrypt");
+ CMS.debug(method + "done initEncrypt");
output = encryptor.doFinal(input);
- CMS.debug("done doFinal " + output);
+ //CMS.debug(method + "done doFinal " + output);
+ CMS.debug(method + "done doFinal");
// SecureChannelProtocol.debugByteArray(output, "Encrypted data:");
} catch (EBaseException | NoSuchTokenException | NoSuchAlgorithmException | TokenException
@@ -1017,7 +1022,8 @@ public class SecureChannelProtocol {
//Get the 3 bytes needed
System.arraycopy(output, 0, finalOutput, 0, 3);
- SecureChannelProtocol.debugByteArray(finalOutput, "Calculated KeyCheck Value:");
+ //SecureChannelProtocol.debugByteArray(finalOutput, "Calculated KeyCheck Value:");
+ CMS.debug(method + " ends");
return finalOutput;
}
@@ -1405,10 +1411,11 @@ public class SecureChannelProtocol {
keycheck_enc_key = this.computeKeyCheck(encKey, tokenName);
keycheck_mac_key = this.computeKeyCheck(macKey, tokenName);
keycheck_kek_key = this.computeKeyCheck(kekKey, tokenName);
-
+ /*
debugByteArray(keycheck_enc_key, " Keycheck enc key: ");
debugByteArray(keycheck_mac_key, " Keycheck mac key: ");
debugByteArray(keycheck_kek_key, " KeyCheck kek key: ");
+ */
} else if (protocol == PROTOCOL_TWO) {
alg = (byte) 0x80;
@@ -1447,7 +1454,8 @@ public class SecureChannelProtocol {
throw new EBaseException(method + " Can't compose final output byte array!");
}
- SecureChannelProtocol.debugByteArray(output, " Final output to createKeySetData: ");
+ //SecureChannelProtocol.debugByteArray(output, " Final output to createKeySetData: ");
+ CMS.debug(method + " returning output");
return output;
}
diff --git a/base/server/cms/src/com/netscape/cms/servlet/tks/TokenServlet.java b/base/server/cms/src/com/netscape/cms/servlet/tks/TokenServlet.java
index 00bb905946be819400e36078a21b5c5b3b82ae29..fb7232a7c48a13a7862702b0c49c26e6a8e1ef8b 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/tks/TokenServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/tks/TokenServlet.java
@@ -803,7 +803,7 @@ public class TokenServlet extends CMSServlet {
}
- CMS.debug("TokenServlet:outputString.encode " + value);
+ //CMS.debug("TokenServlet:outputString.encode " + value);
try {
resp.setContentLength(value.length());
@@ -1298,8 +1298,8 @@ public class TokenServlet extends CMSServlet {
input_card_crypto =
com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_cryptogram);
- SecureChannelProtocol.debugByteArray(input_card_crypto, "input_card_crypto");
- SecureChannelProtocol.debugByteArray(card_crypto, "card_crypto");
+ //SecureChannelProtocol.debugByteArray(input_card_crypto, "input_card_crypto");
+ //SecureChannelProtocol.debugByteArray(card_crypto, "card_crypto");
if (card_crypto.length == input_card_crypto.length) {
for (int i = 0; i < card_crypto.length; i++) {
@@ -1462,7 +1462,7 @@ public class TokenServlet extends CMSServlet {
}
}
- CMS.debug("TokenServlet:outputString.encode " + value);
+ //CMS.debug("TokenServlet:outputString.encode " + value);
try {
resp.setContentLength(value.length());
@@ -1802,7 +1802,8 @@ public class TokenServlet extends CMSServlet {
xnewkeyInfo, nistSP800_108KdfOnKeyVersion, nistSP800_108KdfUseCuidAsKdd, xCUID, xKDD,
(protocol == 2) ? xWrappedDekKey : kekKeyArray, useSoftToken_s, keySet, (byte) protocol);
}
- SecureChannelProtocol.debugByteArray(KeySetData, " New keyset data: ");
+ //SecureChannelProtocol.debugByteArray(KeySetData, " New keyset data: ");
+ CMS.debug("TokenServlet.processDiversifyKey: New keyset data obtained");
if (KeySetData == null || KeySetData.length <= 1) {
CMS.getLogger().log(ILogger.EV_AUDIT,
@@ -1832,7 +1833,8 @@ public class TokenServlet extends CMSServlet {
if (KeySetData != null && KeySetData.length > 1) {
value = IRemoteRequest.RESPONSE_STATUS + "=0&" + IRemoteRequest.TKS_RESPONSE_KeySetData + "=" +
com.netscape.cmsutil.util.Utils.SpecialEncode(KeySetData);
- CMS.debug("TokenServlet:process DiversifyKey.encode " + value);
+ //CMS.debug("TokenServlet:process DiversifyKey.encode " + value);
+ CMS.debug("TokenServlet:process DiversifyKey.encode returning KeySetData");
// AC: KDF SPEC CHANGE - check for settings file issue (flag)
} else if (missingSetting_exception != null) {
status = "6";
@@ -2154,7 +2156,7 @@ public class TokenServlet extends CMSServlet {
value = IRemoteRequest.RESPONSE_STATUS + "=" + status;
}
- CMS.debug("TokenServlet:process EncryptData.encode " + value);
+ //CMS.debug("TokenServlet:process EncryptData.encode " + value);
try {
resp.setContentLength(value.length());
diff --git a/base/server/cmscore/src/com/netscape/cmscore/connector/HttpConnection.java b/base/server/cmscore/src/com/netscape/cmscore/connector/HttpConnection.java
index c4804784af837775e0817419859a1d8f1335f848..d016b63351ed6ba8fbecd9857b97230287ea9fd1 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/connector/HttpConnection.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/connector/HttpConnection.java
@@ -215,7 +215,7 @@ public class HttpConnection implements IHttpConnection {
throw new EBaseException("HttpConnection.send: with String content: null or empty");
}
- CMS.debug("HttpConnection.send: with String content: " + content);
+ //CMS.debug("HttpConnection.send: with String content: " + content);
resp = doSend(content);
return resp;
diff --git a/base/server/cmscore/src/com/netscape/cmscore/logging/SignedAuditEventFactory.java b/base/server/cmscore/src/com/netscape/cmscore/logging/SignedAuditEventFactory.java
index 6ba492dc3fcc6764013a9517c071c8c3b358c921..01f9991206825d54e102b1cf805305e0f9fb710c 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/logging/SignedAuditEventFactory.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/logging/SignedAuditEventFactory.java
@@ -76,7 +76,8 @@ public class SignedAuditEventFactory implements ILogEventFactory {
eventType = typeMessage.substring(typeBegin + 6, colon);
message = typeMessage.substring(colon + 2);
- Debug.trace("SignedAuditEventFactory: create() message=" + message + "\n");
+ //Debug.trace("SignedAuditEventFactory: create() message=" + message + "\n");
+ Debug.trace("SignedAuditEventFactory: create() message created for eventType=" + eventType + "\n");
} else {
// no type specified
diff --git a/base/tps/src/org/dogtagpki/server/tps/TPSSession.java b/base/tps/src/org/dogtagpki/server/tps/TPSSession.java
index 6f175e2076b5d23c6eee6a1a1601ea061104ac7e..f7fca848934e5462f225b070b3396e0a394f3228 100644
--- a/base/tps/src/org/dogtagpki/server/tps/TPSSession.java
+++ b/base/tps/src/org/dogtagpki/server/tps/TPSSession.java
@@ -66,11 +66,12 @@ public class TPSSession {
public TPSMessage read() throws IOException {
TPSMessage message = null;
- CMS.debug("TPSSession.process() about to call read on connection : " + connection);
+ CMS.debug("TPSSession.read() about to call read on connection : " + connection);
try {
message = connection.read();
- CMS.debug("TPSSession.process() created message " + message);
+ //CMS.debug("TPSSession.read() created message " + message);
+ CMS.debug("TPSSession.read() message created");
} catch (IOException e) {
//Catch here so we can log
diff --git a/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java b/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java
index 598e99a6459d99b65adcfb0c733db3b2291308a8..8860f48cc7cc5c484f4c541ec1a5cc7910b57c96 100644
--- a/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java
+++ b/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java
@@ -333,7 +333,8 @@ public class SecureChannel {
attr = new TPSBuffer(Util.bool2Byte(value));
appendPKCS11Attribute(buffer, PKCS11Constants.CKA_TOKEN, attr);
- CMS.debug("SecureChannel.appendKeyCapabilities: returning: " + buffer.toHexString());
+ //CMS.debug("SecureChannel.appendKeyCapabilities: returning: " + buffer.toHexString());
+ CMS.debug("SecureChannel.appendKeyCapabilities: returning");
} catch (EBaseException e) {
throw new TPSException("SecureChannel.appentKeyCapabilities. Can't obtain config value!",
@@ -423,9 +424,9 @@ public class SecureChannel {
if (secLevel == SecurityLevel.SECURE_MSG_MAC_ENC) {
try {
- CMS.debug("SecureChannel.computeAPDU: Before encryption data value: " + apdu.getData().toHexString());
+ //CMS.debug("SecureChannel.computeAPDU: Before encryption data value: " + apdu.getData().toHexString());
apdu.secureMessage(encSessionKey, (byte) 1);
- CMS.debug("SecureChannel.computeAPDU: After encryption data value: " + apdu.getData().toHexString());
+ //CMS.debug("SecureChannel.computeAPDU: After encryption data value: " + apdu.getData().toHexString());
} catch (EBaseException e) {
throw new TPSException("SecureChannel.computeAPDU: Can't encrypt outgoing data! " + e);
}
@@ -519,7 +520,8 @@ public class SecureChannel {
data = apdu.getDataToMAC();
- CMS.debug("SecureChannel.computeAPDUMac: data To MAC: " + data.toHexString());
+ //CMS.debug("SecureChannel.computeAPDUMac: data To MAC: " + data.toHexString());
+ CMS.debug("SecureChannel.computeAPDUMac: got data To MAC");
try {
newMac = Util.computeMAC(sessionKey, data, icv);
@@ -529,7 +531,8 @@ public class SecureChannel {
TPSStatus.STATUS_ERROR_SECURE_CHANNEL);
}
- CMS.debug("SecureChannel.computeAPDUMac: computed MAC: " + newMac.toHexString());
+ //CMS.debug("SecureChannel.computeAPDUMac: computed MAC: " + newMac.toHexString());
+ CMS.debug("SecureChannel.computeAPDUMac: MAC computed");
apdu.setMAC(newMac);
@@ -707,12 +710,13 @@ public class SecureChannel {
//Load one piece of the applet file onto the token.
private void loadFileSegment(byte refControl, int count, TPSBuffer piece) throws TPSException, IOException {
+ CMS.debug("SecureChannel.loadFileSegment: begins");
if (piece == null || count < 0) {
throw new TPSException("SecureChannel.loadFileSegment: invalid input data.",
TPSStatus.STATUS_ERROR_UPGRADE_APPLET);
}
- CMS.debug("SecureChannel.loadFileSegment: count: " + count + " piece: " + piece.toHexString());
+ //CMS.debug("SecureChannel.loadFileSegment: count: " + count + " piece: " + piece.toHexString());
APDUResponse response = null;
@@ -738,6 +742,7 @@ public class SecureChannel {
TPSStatus.STATUS_ERROR_SECURE_CHANNEL);
}
+ CMS.debug("SecureChannel.loadFileSegment: ends");
}
// Kick off the applet loading process.
@@ -1023,7 +1028,8 @@ public class SecureChannel {
finalizeObjectBuffer(result, id);
- CMS.debug("SecureChannel.createPKCS11PriKeyAttrsBuffer: returing: " + result.toHexString());
+ //CMS.debug("SecureChannel.createPKCS11PriKeyAttrsBuffer: returing: " + result.toHexString());
+ CMS.debug("SecureChannel.createPKCS11PriKeyAttrsBuffer: returing");
return result;
@@ -1070,7 +1076,8 @@ public class SecureChannel {
finalizeObjectBuffer(result, id);
- CMS.debug("SecureChannel.createPKCS11PublicKeyAttrsBuffer: returing: " + result.toHexString());
+ //CMS.debug("SecureChannel.createPKCS11PublicKeyAttrsBuffer: returing: " + result.toHexString());
+ CMS.debug("SecureChannel.createPKCS11PublicKeyAttrsBuffer: returing");
return result;
@@ -1144,7 +1151,8 @@ public class SecureChannel {
finalizeObjectBuffer(result, id);
- CMS.debug("SecureChannel.createPKCS11CertAttrsBuffer: returing: " + result.toHexString());
+ //CMS.debug("SecureChannel.createPKCS11CertAttrsBuffer: returing: " + result.toHexString());
+ CMS.debug("SecureChannel.createPKCS11CertAttrsBuffer: returing");
return result;
diff --git a/base/tps/src/org/dogtagpki/server/tps/cms/CARemoteRequestHandler.java b/base/tps/src/org/dogtagpki/server/tps/cms/CARemoteRequestHandler.java
index ace5f389fb23253891b4689ace6486ccfd01099f..8eafa36a587bc05783cd9962416b207c7065eddc 100644
--- a/base/tps/src/org/dogtagpki/server/tps/cms/CARemoteRequestHandler.java
+++ b/base/tps/src/org/dogtagpki/server/tps/cms/CARemoteRequestHandler.java
@@ -192,7 +192,7 @@ public class CARemoteRequestHandler extends RemoteRequestHandler
}
}
}
- CMS.debug("CARemoteRequestHandler: enrollCertificate(): sendMsg =" + sendMsg);
+ //CMS.debug("CARemoteRequestHandler: enrollCertificate(): sendMsg =" + sendMsg);
HttpResponse resp =
conn.send("enrollment", sendMsg);
if (resp == null) {
@@ -202,16 +202,14 @@ public class CARemoteRequestHandler extends RemoteRequestHandler
String content = resp.getContent();
if (content != null && !content.equals("")) {
- CMS.debug("CARemoteRequestHandler: enrollCertificate(): got content = " + content);
+ //CMS.debug("CARemoteRequestHandler: enrollCertificate(): got content = " + content);
+ CMS.debug("CARemoteRequestHandler: enrollCertificate(): got content");
XMLObject xmlResponse =
getXMLparser(content);
Hashtable<String, Object> response =
new Hashtable<String, Object>();
- CMS.debug("CARemoteRequestHandler: enrollCertificate(): received:" +
- content);
-
/**
* When a value is not found in response, keep going so we know
* what else is missing
@@ -222,7 +220,8 @@ public class CARemoteRequestHandler extends RemoteRequestHandler
String value = xmlResponse.getValue(IRemoteRequest.RESPONSE_STATUS_XML);
if (value == null) {
CMS.debug("CARemoteRequestHandler: enrollCertificate(): Status not found.");
- CMS.debug("CARemoteRequestHandler: enrollCertificate(): got content = " + content);
+ //CMS.debug("CARemoteRequestHandler: enrollCertificate(): got content = " + content);
+ CMS.debug("CARemoteRequestHandler: enrollCertificate(): got content");
} else {
CMS.debug("CARemoteRequestHandler: enrollCertificate(): got Status = " + value);
ist = Integer.parseInt(value);
@@ -255,8 +254,9 @@ public class CARemoteRequestHandler extends RemoteRequestHandler
IRemoteRequest.CA_RESPONSE_Certificate_b64);
} else {
try {
- CMS.debug("CARemoteRequestHandler:: enrollCertificate(): got IRemoteRequest.CA_RESPONSE_Certificate_b64 = "
- + value);
+ //CMS.debug("CARemoteRequestHandler:: enrollCertificate(): got IRemoteRequest.CA_RESPONSE_Certificate_b64 = "
+ // + value);
+ CMS.debug("CARemoteRequestHandler:: enrollCertificate(): got IRemoteRequest.CA_RESPONSE_Certificate_b64");
response.put(IRemoteRequest.CA_RESPONSE_Certificate_b64, value);
X509CertImpl newCert = new X509CertImpl(Utils.base64decode(value));
response.put(IRemoteRequest.CA_RESPONSE_Certificate_x509, newCert);
@@ -324,8 +324,9 @@ public class CARemoteRequestHandler extends RemoteRequestHandler
Hashtable<String, Object> response =
new Hashtable<String, Object>();
- CMS.debug("CARemoteRequestHandler: retrieveCertificate(): received:" +
- content);
+ //CMS.debug("CARemoteRequestHandler: retrieveCertificate(): received:" +
+ // content);
+ CMS.debug("CARemoteRequestHandler: retrieveCertificate(): content received");
/**
* When a value is not found in response, keep going so we know
@@ -335,7 +336,8 @@ public class CARemoteRequestHandler extends RemoteRequestHandler
String value = xmlResponse.getValue(IRemoteRequest.RESPONSE_STATUS_XML);
if (value == null) {
CMS.debug("CARemoteRequestHandler: retrieveCertificate(): Status not found.");
- CMS.debug("CARemoteRequestHandler: retrieveCertificate(): got content = " + content);
+ //CMS.debug("CARemoteRequestHandler: retrieveCertificate(): got content = " + content);
+ CMS.debug("CARemoteRequestHandler: retrieveCertificate(): got content");
} else {
CMS.debug("CARemoteRequestHandler: retrieveCertificate(): got Status = " + value);
ist = Integer.parseInt(value);
@@ -347,8 +349,9 @@ public class CARemoteRequestHandler extends RemoteRequestHandler
CMS.debug("CARemoteRequestHandler:: retrieveCertificate(): response missing name-value pair for: " +
IRemoteRequest.CA_RESPONSE_Certificate_chain_b64);
} else {
- CMS.debug("CARemoteRequestHandler:: retrieveCertificate(): got IRemoteRequest.CA_RESPONSE_Certificate_chain_b64 = "
- + value);
+ //CMS.debug("CARemoteRequestHandler:: retrieveCertificate(): got IRemoteRequest.CA_RESPONSE_Certificate_chain_b64 = "
+ // + value);
+ CMS.debug("CARemoteRequestHandler:: retrieveCertificate(): got IRemoteRequest.CA_RESPONSE_Certificate_chain_b64");
response.put(IRemoteRequest.CA_RESPONSE_Certificate_chain_b64, value);
try {
X509CertImpl newCert = new X509CertImpl(Utils.base64decode(value));
@@ -442,7 +445,8 @@ public class CARemoteRequestHandler extends RemoteRequestHandler
String value = xmlResponse.getValue(IRemoteRequest.RESPONSE_STATUS_XML);
if (value == null) {
CMS.debug("CARemoteRequestHandler: renewCertificate(): Status not found.");
- CMS.debug("CARemoteRequestHandler: renewCertificate(): got content = " + content);
+ //CMS.debug("CARemoteRequestHandler: renewCertificate(): got content = " + content);
+ CMS.debug("CARemoteRequestHandler: renewCertificate(): got content");
} else {
CMS.debug("CARemoteRequestHandler: renewCertificate(): got Status = " + value);
ist = Integer.parseInt(value);
@@ -474,8 +478,9 @@ public class CARemoteRequestHandler extends RemoteRequestHandler
CMS.debug("CARemoteRequestHandler:: renewCertificate(): response missing name-value pair for: " +
IRemoteRequest.CA_RESPONSE_Certificate_b64);
} else {
- CMS.debug("CARemoteRequestHandler:: renewCertificate(): got IRemoteRequest.CA_RESPONSE_Certificate_b64 = "
- + value);
+ //CMS.debug("CARemoteRequestHandler:: renewCertificate(): got IRemoteRequest.CA_RESPONSE_Certificate_b64 = "
+ // + value);
+ CMS.debug("CARemoteRequestHandler:: renewCertificate(): got IRemoteRequest.CA_RESPONSE_Certificate_b64");
response.put(IRemoteRequest.CA_RESPONSE_Certificate_b64, value);
try {
X509CertImpl newCert = new X509CertImpl(Utils.base64decode(value));
diff --git a/base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java b/base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java
index 0f3de3351246645e11d779ce9ce6936ce994f2eb..59b5208f625a79c944115aea5806314948f5a442 100644
--- a/base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java
+++ b/base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java
@@ -182,8 +182,9 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler
CMS.debug("KRARemoteRequestHandler: serverSideKeyGen(): response missing name-value pair for: " +
IRemoteRequest.KRA_RESPONSE_PublicKey);
} else {
- CMS.debug("KRARemoteRequestHandler:serverSideKeyGen(): got IRemoteRequest.KRA_RESPONSE_PublicKey= "
- + value);
+ //CMS.debug("KRARemoteRequestHandler:serverSideKeyGen(): got IRemoteRequest.KRA_RESPONSE_PublicKey= "
+ // + value);
+ CMS.debug("KRARemoteRequestHandler:serverSideKeyGen(): got IRemoteRequest.KRA_RESPONSE_PublicKey");
response.put(IRemoteRequest.KRA_RESPONSE_PublicKey, value);
}
@@ -326,7 +327,8 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler
CMS.debug("KRARemoteRequestHandler: recoverKey(): response missing name-value pair for: " +
IRemoteRequest.KRA_RESPONSE_PublicKey);
} else {
- CMS.debug("KRARemoteRequestHandler:recoverKey(): got IRemoteRequest.KRA_RESPONSE_PublicKey= " + value);
+ //CMS.debug("KRARemoteRequestHandler:recoverKey(): got IRemoteRequest.KRA_RESPONSE_PublicKey= " + value);
+ CMS.debug("KRARemoteRequestHandler:recoverKey(): got IRemoteRequest.KRA_RESPONSE_PublicKey");
response.put(IRemoteRequest.KRA_RESPONSE_PublicKey, value);
}
diff --git a/base/tps/src/org/dogtagpki/server/tps/cms/RemoteRequestHandler.java b/base/tps/src/org/dogtagpki/server/tps/cms/RemoteRequestHandler.java
index b594df9207eefd3f4c4e7ff95275e4023496b02a..b6355045130fefdb6b649cedd3bcb6b59c7e090d 100644
--- a/base/tps/src/org/dogtagpki/server/tps/cms/RemoteRequestHandler.java
+++ b/base/tps/src/org/dogtagpki/server/tps/cms/RemoteRequestHandler.java
@@ -73,11 +73,12 @@ public abstract class RemoteRequestHandler
* @return XMLObject the parser
*/
protected XMLObject getXMLparser(String text) {
+ CMS.debug("RemoteRequestHandler: getXMLparser(): begins");
if (text == null) {
return null;
- } else {
+ }/* else {
CMS.debug("RemoteRequestHandler: getXMLparser(): parsing: " + text);
- }
+ }*/
try {
ByteArrayInputStream bis =
new ByteArrayInputStream(text.getBytes());
diff --git a/base/tps/src/org/dogtagpki/server/tps/cms/TKSRemoteRequestHandler.java b/base/tps/src/org/dogtagpki/server/tps/cms/TKSRemoteRequestHandler.java
index eabae3408a1ec1249c3be5f09f6479523b1e4808..f38d7def534fac1e6a63fcf7239eb5cee9c153db 100644
--- a/base/tps/src/org/dogtagpki/server/tps/cms/TKSRemoteRequestHandler.java
+++ b/base/tps/src/org/dogtagpki/server/tps/cms/TKSRemoteRequestHandler.java
@@ -133,7 +133,8 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler
+ Util.specialURLEncode(card_cryptogram.toBytesArray()) +
"&" + IRemoteRequest.TOKEN_KEYSET + "=" + keySet;
- CMS.debug("TKSRemoteRequestHandler.computeSessionKey: outgoing message: " + requestString);
+ //CMS.debug("TKSRemoteRequestHandler.computeSessionKey: outgoing message: " + requestString);
+ CMS.debug("TKSRemoteRequestHandler.computeSessionKey: sending request to TKS");
HttpResponse resp =
conn.send("computeSessionKey",
@@ -156,7 +157,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler
String value = (String) response.get(IRemoteRequest.RESPONSE_STATUS);
if (value == null) {
CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): status not found.");
- CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got content = " + content);
+ //CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got content = " + content);
} else {
CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got status = " + value);
ist = Integer.parseInt(value);
@@ -168,7 +169,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler
CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): response missing name-value pair for: " +
IRemoteRequest.TKS_RESPONSE_SessionKey);
} else {
- CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got IRemoteRequest.TKS_RESPONSE_SessionKey = ");
+ CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got IRemoteRequest.TKS_RESPONSE_SessionKey");
response.put(IRemoteRequest.TKS_RESPONSE_SessionKey, Util.specialDecode(value));
}
@@ -177,7 +178,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler
CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): response missing name-value pair for: " +
IRemoteRequest.TKS_RESPONSE_EncSessionKey);
} else {
- CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got IRemoteRequest.TKS_RESPONSE_EncSessionKey = ");
+ CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got IRemoteRequest.TKS_RESPONSE_EncSessionKey");
response.put(IRemoteRequest.TKS_RESPONSE_EncSessionKey, Util.specialDecode(value));
}
@@ -186,7 +187,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler
CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): response missing name-value pair for: " +
IRemoteRequest.TKS_RESPONSE_DRM_Trans_DesKey);
} else {
- CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got IRemoteRequest.TKS_RESPONSE_DRM_Trans_DesKey = ");
+ CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got IRemoteRequest.TKS_RESPONSE_DRM_Trans_DesKey");
response.put(IRemoteRequest.TKS_RESPONSE_DRM_Trans_DesKey, Util.specialDecode(value));
}
@@ -195,7 +196,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler
CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): response missing name-value pair for: " +
IRemoteRequest.TKS_RESPONSE_KEK_DesKey);
} else {
- CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got IRemoteRequest.TKS_RESPONSE_KEK_DesKey = ");
+ CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got IRemoteRequest.TKS_RESPONSE_KEK_DesKey");
response.put(IRemoteRequest.TKS_RESPONSE_KEK_DesKey, Util.specialDecode(value));
}
@@ -204,7 +205,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler
CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): response missing name-value pair for: " +
IRemoteRequest.TKS_RESPONSE_KeyCheck);
} else {
- CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got IRemoteRequest.TKS_RESPONSE_KeyCheck = ");
+ CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got IRemoteRequest.TKS_RESPONSE_KeyCheck");
response.put(IRemoteRequest.TKS_RESPONSE_KeyCheck, Util.specialDecode(value));
}
@@ -213,7 +214,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler
CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): response missing name-value pair for: " +
IRemoteRequest.TKS_RESPONSE_HostCryptogram);
} else {
- CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got IRemoteRequest.TKS_RESPONSE_HostCryptogram = ");
+ CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got IRemoteRequest.TKS_RESPONSE_HostCryptogram");
response.put(IRemoteRequest.TKS_RESPONSE_HostCryptogram, Util.specialDecode(value));
}
CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): ends.");
@@ -310,7 +311,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler
String value = (String) response.get(IRemoteRequest.RESPONSE_STATUS);
if (value == null) {
CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): status not found.");
- CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): got content = " + content);
+ //CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): got content = " + content);
} else {
CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): got status = " + value);
ist = Integer.parseInt(value);
@@ -322,7 +323,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler
CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): response missing name-value pair for: " +
IRemoteRequest.TKS_RESPONSE_SessionKey);
} else {
- CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): got IRemoteRequest.TKS_RESPONSE_SessionKey = ");
+ CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): got IRemoteRequest.TKS_RESPONSE_SessionKey");
response.put(IRemoteRequest.TKS_RESPONSE_SessionKey, Util.specialDecode(value));
}
@@ -331,7 +332,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler
CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): response missing name-value pair for: " +
IRemoteRequest.TKS_RESPONSE_DRM_Trans_DesKey);
} else {
- CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): got IRemoteRequest.TKS_RESPONSE_DRM_Trans_DesKey = ");
+ CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): got IRemoteRequest.TKS_RESPONSE_DRM_Trans_DesKey");
response.put(IRemoteRequest.TKS_RESPONSE_DRM_Trans_DesKey, Util.specialDecode(value));
}
@@ -340,7 +341,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler
CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): response missing name-value pair for: " +
IRemoteRequest.TKS_RESPONSE_KEK_DesKey);
} else {
- CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): got IRemoteRequest.TKS_RESPONSE_KEK_DesKey = ");
+ CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): got IRemoteRequest.TKS_RESPONSE_KEK_DesKey");
response.put(IRemoteRequest.TKS_RESPONSE_KEK_DesKey, Util.specialDecode(value));
}
@@ -352,7 +353,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler
IRemoteRequest.TKS_RESPONSE_KeyCheck);
} else {
- CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): got IRemoteRequest.TKS_RESPONSE_KeyCheck = ");
+ CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): got IRemoteRequest.TKS_RESPONSE_KeyCheck");
response.put(IRemoteRequest.TKS_RESPONSE_KeyCheck, Util.specialDecode(value));
}
@@ -438,7 +439,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler
String value = (String) response.get(IRemoteRequest.RESPONSE_STATUS);
if (value == null) {
CMS.debug("TKSRemoteRequestHandler: createKeySetData(): status not found.");
- CMS.debug("TKSRemoteRequestHandler: createKeySetData(): got content = " + content);
+ //CMS.debug("TKSRemoteRequestHandler: createKeySetData(): got content = " + content);
} else {
CMS.debug("TKSRemoteRequestHandler: createKeySetData(): got status = " + value);
ist = Integer.parseInt(value);
@@ -450,7 +451,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler
CMS.debug("TKSRemoteRequestHandler: createKeySetData(): response missing name-value pair for: " +
IRemoteRequest.TKS_RESPONSE_KeySetData);
} else {
- CMS.debug("TKSRemoteRequestHandler: createKeySetData(): got IRemoteRequest.TKS_RESPONSE_KeySetData = ");
+ CMS.debug("TKSRemoteRequestHandler: createKeySetData(): got IRemoteRequest.TKS_RESPONSE_KeySetData");
response.put(IRemoteRequest.TKS_RESPONSE_KeySetData, Util.specialDecode(value));
}
CMS.debug("TKSRemoteRequestHandler: createKeySetData(): ends.");
@@ -510,7 +511,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler
String value = (String) response.get(IRemoteRequest.RESPONSE_STATUS);
if (value == null) {
CMS.debug("TKSRemoteRequestHandler: computeRandomData(): status not found.");
- CMS.debug("TKSRemoteRequestHandler: computeRandomData(): got content = " + content);
+ //CMS.debug("TKSRemoteRequestHandler: computeRandomData(): got content = " + content);
} else {
CMS.debug("TKSRemoteRequestHandler: computeRandomData(): got status = " + value);
ist = Integer.parseInt(value);
@@ -522,8 +523,9 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler
CMS.debug("TKSRemoteRequestHandler: computeRandomData(): response missing name-value pair for: " +
IRemoteRequest.TKS_RESPONSE_RandomData);
} else {
- CMS.debug("TKSRemoteRequestHandler: computeRandomData(): got IRemoteRequest.TKS_RESPONSE_RandomData = "
- + value);
+ //CMS.debug("TKSRemoteRequestHandler: computeRandomData(): got IRemoteRequest.TKS_RESPONSE_RandomData"
+ // + value);
+ CMS.debug("TKSRemoteRequestHandler: computeRandomData(): got IRemoteRequest.TKS_RESPONSE_RandomData");
response.put(IRemoteRequest.TKS_RESPONSE_RandomData, Util.uriDecodeFromHex(value));
}
CMS.debug("TKSRemoteRequestHandler: computeRandomData(): ends.");
@@ -596,7 +598,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler
String value = (String) response.get(IRemoteRequest.RESPONSE_STATUS);
if (value == null) {
CMS.debug("TKSRemoteRequestHandler: encryptData(): status not found.");
- CMS.debug("TKSRemoteRequestHandler: encryptData(): got content = " + content);
+ //CMS.debug("TKSRemoteRequestHandler: encryptData(): got content = " + content);
} else {
CMS.debug("TKSRemoteRequestHandler: encryptData(): got status = " + value);
ist = Integer.parseInt(value);
@@ -608,7 +610,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler
CMS.debug("TKSRemoteRequestHandler: encryptData(): response missing name-value pair for: " +
IRemoteRequest.TKS_RESPONSE_EncryptedData);
} else {
- CMS.debug("TKSRemoteRequestHandler: encryptData(): got IRemoteRequest.TKS_RESPONSE_EncryptedData = ");
+ CMS.debug("TKSRemoteRequestHandler: encryptData(): got IRemoteRequest.TKS_RESPONSE_EncryptedData");
response.put(IRemoteRequest.TKS_RESPONSE_EncryptedData, Util.specialDecode(value));
}
CMS.debug("TKSRemoteRequestHandler: encryptData(): ends.");
diff --git a/base/tps/src/org/dogtagpki/server/tps/main/PKCS11Obj.java b/base/tps/src/org/dogtagpki/server/tps/main/PKCS11Obj.java
index a8784105987e77c8fc8c75b2186ce302456d943b..2fc62d70d2317122074a9afc630a3135e7467a1d 100644
--- a/base/tps/src/org/dogtagpki/server/tps/main/PKCS11Obj.java
+++ b/base/tps/src/org/dogtagpki/server/tps/main/PKCS11Obj.java
@@ -71,7 +71,8 @@ public class PKCS11Obj {
throw new TPSException("PKCS11Obj.parse: error parsing object data!");
}
- CMS.debug("PKCS11Obj.parse: uncompressed data: " + data.toHexString());
+ //CMS.debug("PKCS11Obj.parse: uncompressed data: " + data.toHexString());
+ CMS.debug("PKCS11Obj.parse: uncompressed data");
int objOffset = data.getIntFrom2Bytes(0);
int objCount = data.getIntFrom2Bytes(2);
@@ -373,7 +374,7 @@ public class PKCS11Obj {
TPSBuffer data = getRawData(); // new TPSBuffer();
CMS.debug("PKCS11Obj.getCompressedData: " + "before compress length = " + data.size());
- CMS.debug("PKCS11Obj.getCompressedData: " + "before compress data = " + data.toHexString());
+ //CMS.debug("PKCS11Obj.getCompressedData: " + "before compress data = " + data.toHexString());
System.out.println("Raw data before compress length: " + data.size());
@@ -388,7 +389,8 @@ public class PKCS11Obj {
TPSBuffer result = new TPSBuffer(header);
result.add(compressed);
- CMS.debug("PKCS11Obj.getCompressedData: PKCS11 Data: " + result.toHexString());
+ //CMS.debug("PKCS11Obj.getCompressedData: PKCS11 Data: " + result.toHexString());
+ CMS.debug("PKCS11Obj.getCompressedData: PKCS11 Data: ends");
return result;
}
diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/EnrolledCertsInfo.java b/base/tps/src/org/dogtagpki/server/tps/processor/EnrolledCertsInfo.java
index 5547f4419c9747cb3888e2799b50c615db383504..aac1a23f3a41026fc20b7e402879ffb1ef5a8cca 100644
--- a/base/tps/src/org/dogtagpki/server/tps/processor/EnrolledCertsInfo.java
+++ b/base/tps/src/org/dogtagpki/server/tps/processor/EnrolledCertsInfo.java
@@ -241,7 +241,8 @@ public class EnrolledCertsInfo {
byte[] certBytes = null;
try {
certBytes = cert.getEncoded();
- CMS.debug("EnrolledCertsInfo.toTPSCertRecords: certBytes ="+ CMS.BtoA(certBytes));
+ //CMS.debug("EnrolledCertsInfo.toTPSCertRecords: certBytes ="+ CMS.BtoA(certBytes));
+ CMS.debug("EnrolledCertsInfo.toTPSCertRecords: cert encoded");
} catch (CertificateEncodingException e) {
CMS.debug("EnrolledCertsInfo.toTPSCertRecord: "+ e);
//TODO: throw
diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
index bbdc15b86456077a5ff7c64c0b8d79b281fa098c..bc2926b1923e3c9c2cb38c08abf5b1e0b45298ee 100644
--- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
+++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
@@ -898,7 +898,8 @@ public class TPSEnrollProcessor extends TPSProcessor {
objects = listObjects(seq);
if (objects != null) {
- CMS.debug("PKCS11Obj.getCurrentObjectsOnToken: objects: " + objects.toHexString());
+ //CMS.debug("PKCS11Obj.getCurrentObjectsOnToken: objects: " + objects.toHexString());
+ CMS.debug("PKCS11Obj.getCurrentObjectsOnToken: objects exist ");
}
if (objects == null) {
@@ -917,7 +918,8 @@ public class TPSEnrollProcessor extends TPSProcessor {
TPSBuffer obj = channel.readObject(objectID, 0, (int) objectLenVal);
if (obj != null) {
- CMS.debug("PKCS11Obj.getCurrentObjectsOnToken: obj: " + obj.toHexString());
+ //CMS.debug("PKCS11Obj.getCurrentObjectsOnToken: obj: " + obj.toHexString());
+ CMS.debug("PKCS11Obj.getCurrentObjectsOnToken: obj exists");
}
if ((char) objectID.at(0) == (byte) 'z' && objectID.at(1) == (byte) '0') {
@@ -939,8 +941,9 @@ public class TPSEnrollProcessor extends TPSProcessor {
pkcs11objx.addObjectSpec(objSpec);
}
- CMS.debug("TPSEnrollProcessor.getCurrentObjectsOnToken. just read object from token: "
- + obj.toHexString());
+ //CMS.debug("TPSEnrollProcessor.getCurrentObjectsOnToken. just read object from token: "
+ // + obj.toHexString());
+ CMS.debug("TPSEnrollProcessor.getCurrentObjectsOnToken. just read object from token");
}
} while (seq != 0);
@@ -1247,8 +1250,8 @@ public class TPSEnrollProcessor extends TPSProcessor {
cert_bytes = Utils.base64decode(retCertB64);
TPSBuffer cert_bytes_buf = new TPSBuffer(cert_bytes);
- CMS.debug(method + "recovered: retCertB64: "
- + cert_bytes_buf.toHexString());
+ //CMS.debug(method + "recovered: retCertB64: "
+ // + cert_bytes_buf.toHexString());
} else {
logMsg = "recovering cert b64 not found";
CMS.debug(method + logMsg);
@@ -1804,7 +1807,8 @@ public class TPSEnrollProcessor extends TPSProcessor {
serialToRecover, keyTypeValue, caConnId);
b64cert = certResponse.getCertB64();
- CMS.debug("TPSEnrollProcessor.processRecovery: recoverd cert blob: " + b64cert);
+ //CMS.debug("TPSEnrollProcessor.processRecovery: recoverd cert blob: " + b64cert);
+ CMS.debug("TPSEnrollProcessor.processRecovery: cert blob recovered");
KRARecoverKeyResponse keyResponse = tps.getEngine().recoverKey(toBeRecovered.getId(),
toBeRecovered.getUserID(),
@@ -2264,7 +2268,8 @@ public class TPSEnrollProcessor extends TPSProcessor {
archive, isECC);
publicKeyStr = ssKeyGenResponse.getPublicKey();
- CMS.debug("TPSEnrollProcessor.enrollOneCertificate: public key string from server: " + publicKeyStr);
+ //CMS.debug("TPSEnrollProcessor.enrollOneCertificate: public key string from server: " + publicKeyStr);
+ CMS.debug("TPSEnrollProcessor.enrollOneCertificate: got public key string from server ");
public_key_blob = new TPSBuffer(Utils.base64decode(publicKeyStr));
} else {
@@ -2470,7 +2475,8 @@ public class TPSEnrollProcessor extends TPSProcessor {
String retCertB64 = caEnrollResp.getCertB64();
if (retCertB64 != null)
- CMS.debug("TPSEnrollProcessor.enrollOneCertificate:: new cert b64 =" + retCertB64);
+ //CMS.debug("TPSEnrollProcessor.enrollOneCertificate:: new cert b64 =" + retCertB64);
+ CMS.debug("TPSEnrollProcessor.enrollOneCertificate:: new cert b64 retrieved from caEnrollResp");
else {
auditInfo = "new cert b64 not found";
CMS.debug("TPSEnrollProcessor.enrollOneCertificate:: " + auditInfo);
@@ -2480,12 +2486,11 @@ public class TPSEnrollProcessor extends TPSProcessor {
TPSStatus.STATUS_ERROR_MAC_ENROLL_PDU);
}
- CMS.debug("TPSEnrollProcessor.enrollOneCertificate: retCertB64: " + retCertB64);
-
cert_bytes = Utils.base64decode(retCertB64);
TPSBuffer cert_bytes_buf = new TPSBuffer(cert_bytes);
- CMS.debug("TPSEnrollProcessor.enrollOneCertificate: retCertB64: " + cert_bytes_buf.toHexString());
+ //CMS.debug("TPSEnrollProcessor.enrollOneCertificate: retCertB64: " + cert_bytes_buf.toHexString());
+ CMS.debug("TPSEnrollProcessor.enrollOneCertificate: retCertB64 base64decode done");
x509Cert = caEnrollResp.getCert();
if (x509Cert != null)
@@ -2516,21 +2521,25 @@ public class TPSEnrollProcessor extends TPSProcessor {
}
String retCertB64 = certResp.getCertB64();
- CMS.debug("TPSEnrollProcessor.enrollOneCertificate: recovering: retCertB64: " + retCertB64);
- cert_bytes = Utils.base64decode(retCertB64);
- TPSBuffer cert_bytes_buf = new TPSBuffer(cert_bytes);
- CMS.debug("TPSEnrollProcessor.enrollOneCertificate: recovering: retCertB64: "
- + cert_bytes_buf.toHexString());
-
- if (retCertB64 != null)
- CMS.debug("TPSEnrollProcessor.enrollOneCertificate:: recovering: new cert b64 =" + retCertB64);
- else {
+ if (retCertB64 != null) {
+ //CMS.debug("TPSEnrollProcessor.enrollOneCertificate:: recovering: new cert b64 =" + retCertB64);
+ CMS.debug("TPSEnrollProcessor.enrollOneCertificate:: recovering: new cert b64 not null");
+ } else {
CMS.debug("TPSEnrollProcessor.enrollOneCertificate:: recovering new cert b64 not found");
throw new TPSException(
"TPSEnrollProcessor.enrollOneCertificate: recovering: new cert b64 not found",
TPSStatus.STATUS_ERROR_RECOVERY_FAILED);
}
+ //CMS.debug("TPSEnrollProcessor.enrollOneCertificate: recovering: retCertB64: " + retCertB64);
+ CMS.debug("TPSEnrollProcessor.enrollOneCertificate: recovering: retCertB64 retrieved from certResp");
+ cert_bytes = Utils.base64decode(retCertB64);
+
+ TPSBuffer cert_bytes_buf = new TPSBuffer(cert_bytes);
+ CMS.debug("TPSEnrollProcessor.enrollOneCertificate: recovering: retCertB64 base64decode done");
+ //CMS.debug("TPSEnrollProcessor.enrollOneCertificate: recovering: retCertB64: "
+ // + cert_bytes_buf.toHexString());
+
x509Cert = certResp.getCert();
if (x509Cert != null) {
CMS.debug("TPSEnrollProcessor.enrollOneCertificate:: recovering new cert retrieved");
@@ -2564,10 +2573,10 @@ public class TPSEnrollProcessor extends TPSProcessor {
}
String retCertB64 = certResp.getRenewedCertB64();
- cert_bytes = Utils.base64decode(retCertB64);
if (retCertB64 != null)
- CMS.debug("TPSEnrollProcessor.enrollOneCertificate:: renewing: new cert b64 =" + retCertB64);
+ //CMS.debug("TPSEnrollProcessor.enrollOneCertificate:: renewing: new cert b64 =" + retCertB64);
+ CMS.debug("TPSEnrollProcessor.enrollOneCertificate:: renewing: new cert b64 retrieved");
else {
auditInfo = "renewing new cert b64 not found";
CMS.debug("TPSEnrollProcessor.enrollOneCertificate:: " + auditInfo);
@@ -2578,6 +2587,12 @@ public class TPSEnrollProcessor extends TPSProcessor {
TPSStatus.STATUS_ERROR_MAC_ENROLL_PDU);
}
+ cert_bytes = Utils.base64decode(retCertB64);
+ TPSBuffer cert_bytes_buf = new TPSBuffer(cert_bytes);
+ CMS.debug("TPSEnrollProcessor.enrollOneCertificate: renewing: retCertB64 base64decode done");
+ //CMS.debug("TPSEnrollProcessor.enrollOneCertificate: renewing: retCertB64: "
+ // + cert_bytes_buf.toHexString());
+
x509Cert = certResp.getRenewedCert();
if (x509Cert != null) {
@@ -2594,10 +2609,6 @@ public class TPSEnrollProcessor extends TPSProcessor {
TPSStatus.STATUS_ERROR_MAC_ENROLL_PDU);
}
- TPSBuffer cert_bytes_buf = new TPSBuffer(cert_bytes);
- CMS.debug("TPSEnrollProcessor.enrollOneCertificate: renewing: retCertB64: "
- + cert_bytes_buf.toHexString());
-
}
}
@@ -2835,10 +2846,11 @@ public class TPSEnrollProcessor extends TPSProcessor {
keyCheck = new TPSBuffer();
}
- CMS.debug("TPSEnrollProcessor.importprivateKeyPKCS8 : keyCheck: " + keyCheck.toHexString());
+ //CMS.debug("TPSEnrollProcessor.importPrivateKeyPKCS8 : keyCheck: " + keyCheck.toHexString());
+ CMS.debug("TPSEnrollProcessor.importPrivateKeyPKCS8 : got keyCheck");
// String ivParams = ssKeyGenResponse.getIVParam();
- //CMS.debug("TPSEnrollProcessor.importprivateKeyPKCS8: ivParams: " + ivParams);
+ //CMS.debug("TPSEnrollProcessor.importPrivateKeyPKCS8: ivParams: " + ivParams);
TPSBuffer ivParamsBuff = new TPSBuffer(Util.uriDecodeFromHex(ivParams));
if (ivParamsBuff.size() == 0) {
@@ -2851,6 +2863,7 @@ public class TPSEnrollProcessor extends TPSProcessor {
if (kekWrappedDesKey != null) {
//CMS.debug("TPSEnrollProcessor.importPrivateKeyPKCS8: keyWrappedDesKey: " + kekWrappedDesKey.toHexString());
+ CMS.debug("TPSEnrollProcessor.importPrivateKeyPKCS8: got keyWrappedDesKey");
} else
CMS.debug("TPSEnrollProcessor.iportPrivateKeyPKC8: null kekWrappedDesKey!");
@@ -3012,8 +3025,10 @@ public class TPSEnrollProcessor extends TPSProcessor {
TPSStatus.STATUS_ERROR_MAC_ENROLL_PDU);
}
- CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: public key blob from token to parse: "
- + public_key_blob.toHexString());
+ //CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: public key blob from token to parse: "
+ // + public_key_blob.toHexString());
+ CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: parsing public key blob from token");
+
/*
* decode blob into structures
*/
@@ -3040,9 +3055,10 @@ public class TPSEnrollProcessor extends TPSProcessor {
throw new TPSException("TPSEnrollProcessor.parsePublicKeyBlob: Bad input data! pkeyb null",
TPSStatus.STATUS_ERROR_MAC_ENROLL_PDU);
}
- CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: pkeyb = "
- + pkeyb.toHexString());
+ //CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: pkeyb = "
+ // + pkeyb.toHexString());
+ CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: public key pkeyb extracted from blob");
// 2nd, proof blob length
int proofb_len_offset = pkeyb_len_offset + 2 + pkeyb_len;
/*
@@ -3058,8 +3074,9 @@ public class TPSEnrollProcessor extends TPSProcessor {
throw new TPSException("TPSEnrollProcessor.parsePublicKeyBlob: Bad input data! proofb null",
TPSStatus.STATUS_ERROR_MAC_ENROLL_PDU);
}
- CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: proofb = "
- + proofb.toHexString());
+ //CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: proofb = "
+ // + proofb.toHexString());
+ CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: proof proofb extracted from blob");
// convert pkeyb to pkey
// 1 byte encoding, 1 byte key type, 2 bytes key length, then the key
@@ -3086,8 +3103,9 @@ public class TPSEnrollProcessor extends TPSProcessor {
throw new TPSException("TPSEnrollProcessor.parsePublicKeyBlob: Bad input data! modb null",
TPSStatus.STATUS_ERROR_MAC_ENROLL_PDU);
}
- CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: modb= "
- + modb.toHexString());
+ //CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: modb= "
+ // + modb.toHexString());
+ CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: modulus modb extracted from blob");
TPSBuffer expb = pkeyb.substr(pkey_offset + 2 + mod_len + 2, exp_len);
if (expb == null) {
@@ -3095,8 +3113,9 @@ public class TPSEnrollProcessor extends TPSProcessor {
throw new TPSException("TPSEnrollProcessor.parsePublicKeyBlob: Bad input data! expb null",
TPSStatus.STATUS_ERROR_MAC_ENROLL_PDU);
}
- CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: expb= "
- + expb.toHexString());
+ //CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: expb= "
+ // + expb.toHexString());
+ CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob:processing exponent expb extracted from blob");
BigInt modb_bi = new BigInt(modb.toBytesArray());
BigInt expb_bi = new BigInt(expb.toBytesArray());
try {
@@ -3460,8 +3479,8 @@ public class TPSEnrollProcessor extends TPSProcessor {
mozillaDigestOut = mozillaDigest.digest(publicKeyInfo);
if (mozillaDigestOut.length == mozillaDigest.getDigestLength()) {
- System.out.println(mozillaDigest.getAlgorithm() + " " +
- " digest output size is " + mozillaDigestOut.length);
+ //System.out.println(mozillaDigest.getAlgorithm() + " " +
+ // " digest output size is " + mozillaDigestOut.length);
} else {
throw new TPSException("ERROR: digest output size is " +
mozillaDigestOut.length + ", should be " +
diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
index aa2f24260d813bac423af0e1d5015402a38bb51c..8366422fb4250e3a4af1a93d7b8018387eca8c0a 100644
--- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
+++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
@@ -498,7 +498,10 @@ public class TPSProcessor {
TPSBuffer randomData = computeRandomData(8, connId);
- CMS.debug("TPSProcessor.setupSecureChannel: obtained randomData: " + randomData.toHexString());
+ if (randomData != null) {
+ //CMS.debug("TPSProcessor.setupSecureChannel: obtained randomData: " + randomData.toHexString());
+ CMS.debug("TPSProcessor.setupSecureChannel: obtained randomData");
+ }
acquireChannelPlatformAndProtocolInfo();
@@ -525,7 +528,8 @@ public class TPSProcessor {
}
card_cryptogram = initUpdateResp.substr(CARD_CRYPTOGRAM_OFFSET, CARD_CRYPTOGRAM_SIZE);
- CMS.debug("TPSProcessor.setupSecureChannel: card cryptogram: " + card_cryptogram.toHexString());
+ //CMS.debug("TPSProcessor.setupSecureChannel: card cryptogram: " + card_cryptogram.toHexString());
+ CMS.debug("TPSProcessor.setupSecureChannel: card cryptogram: extracted");
TPSBuffer card_challenge = null;
@@ -537,9 +541,13 @@ public class TPSProcessor {
.substr(CARD_CHALLENGE_OFFSET_GP211_SC02, CARD_CHALLENGE_SIZE_GP211_SC02);
card_cryptogram = initUpdateResp.substr(CARD_CRYPTOGRAM_OFFSET, CARD_CRYPTOGRAM_SIZE); //new TPSBuffer(canned_card_challenge);
+ /*
CMS.debug("TPSProcessor.setupSecureChannel 02: card cryptogram: " + card_cryptogram.toHexString());
CMS.debug("TPSProcessor.setupSecureChannel 02: card challenge: " + card_challenge.toHexString());
CMS.debug("TPSProcessor.setupSecureChannel 02: host challenge: " + randomData.toHexString());
+ */
+ CMS.debug("TPSProcessor.setupSecureChannel 02: card cryptogram: extracted");
+ CMS.debug("TPSProcessor.setupSecureChannel 02: card challenge: extracted");
}
@@ -554,7 +562,8 @@ public class TPSProcessor {
} else {
card_challenge = initUpdateResp.substr(CARD_CHALLENGE_OFFSET, CARD_CHALLENGE_SIZE);
}
- CMS.debug("TPSProcessor.setupSecureChannel: card challenge: " + card_challenge.toHexString());
+ //CMS.debug("TPSProcessor.setupSecureChannel: card challenge: " + card_challenge.toHexString());
+ CMS.debug("TPSProcessor.setupSecureChannel: card challenge: extracted");
SecureChannel channel = null;
@@ -699,7 +708,8 @@ public class TPSProcessor {
TPSStatus.STATUS_ERROR_SECURE_CHANNEL);
}
- CMS.debug("TPSProcessor.generateSecureChannel: retrieved enc session key: " + encSessionKey);
+ //CMS.debug("TPSProcessor.generateSecureChannel: retrieved enc session key: " + encSessionKey);
+ CMS.debug("TPSProcessor.generateSecureChannel: retrieved enc session key");
TPSBuffer drmDesKey = null;
TPSBuffer kekDesKey = null;
@@ -710,10 +720,12 @@ public class TPSProcessor {
kekDesKey = resp.getKekWrappedDesKey();
if (checkServerSideKeyGen(connId)) {
-
+ CMS.debug("TPSProcessor.generateSecureChannel: true for checkServerSideKeyGen");
+ /*
CMS.debug("TPSProcessor.generateSecureChannel: drmDesKey: " + drmDesKey + " kekDesKey : "
+ kekDesKey
+ " keyCheck: " + keyCheck);
+ */
//ToDo handle server side keygen.
}
@@ -3108,7 +3120,8 @@ public class TPSProcessor {
TPSBuffer keySetData = engine.createKeySetData(newVersion, curKeyInfo, protocol,
appletInfo.getCUID(),channel.getKeyDiversificationData(), channel.getDekSessionKeyWrapped(), connId, getSelectedKeySet());
- CMS.debug("TPSProcessor.checkAndUpgradeSymKeys: new keySetData from TKS: " + keySetData.toHexString());
+ //CMS.debug("TPSProcessor.checkAndUpgradeSymKeys: new keySetData from TKS: " + keySetData.toHexString());
+ CMS.debug("TPSProcessor.checkAndUpgradeSymKeys: received new keySetData from TKS");
byte curVersion = curKeyInfo.at(0);
byte curIndex = curKeyInfo.at(1);
@@ -3540,7 +3553,8 @@ public class TPSProcessor {
TPSStatus.STATUS_ERROR_SECURE_CHANNEL);
}
- CMS.debug("TPSProcessor.gp211GetSecureChannelProtocolDetails: returned data: " + data.toHexString());
+ //CMS.debug("TPSProcessor.gp211GetSecureChannelProtocolDetails: returned data: " + data.toHexString());
+ CMS.debug("TPSProcessor.gp211GetSecureChannelProtocolDetails: card data returned");
// Now process the GP211 data returned by the card.
--
2.4.3
_______________________________________________
Pki-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/pki-devel
