The SigningUnit.init() has been modified to chain the exceptions to help troubleshooting.
https://fedorahosted.org/pki/ticket/2399 Pushed under one-liner/trivial rule. -- Endi S. Dewata
>From 03926918b688d6634a46e322565bd1ab8ccdd811 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" <[email protected]> Date: Wed, 6 Jul 2016 17:40:13 +0200 Subject: [PATCH] Fixed exception chain in SigningUnit.init(). The SigningUnit.init() has been modified to chain the exceptions to help troubleshooting. https://fedorahosted.org/pki/ticket/2399 --- base/ca/src/com/netscape/ca/SigningUnit.java | 45 +++++++++++++--------- .../certsrv/ca/CAMissingCertException.java | 3 ++ .../netscape/certsrv/ca/CAMissingKeyException.java | 3 ++ 3 files changed, 32 insertions(+), 19 deletions(-) diff --git a/base/ca/src/com/netscape/ca/SigningUnit.java b/base/ca/src/com/netscape/ca/SigningUnit.java index 60bd84e3b365b8ea4db53314427bf525668597cb..f708e557f0dab38ba22e6e39431ffe3964b706f4 100644 --- a/base/ca/src/com/netscape/ca/SigningUnit.java +++ b/base/ca/src/com/netscape/ca/SigningUnit.java @@ -22,10 +22,6 @@ import java.security.NoSuchAlgorithmException; import java.security.PublicKey; import java.security.SignatureException; -import netscape.security.x509.AlgorithmId; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509Key; - import org.mozilla.jss.CryptoManager; import org.mozilla.jss.NoSuchTokenException; import org.mozilla.jss.crypto.CryptoToken; @@ -42,15 +38,19 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.ISubsystem; -import com.netscape.certsrv.ca.ECAException; import com.netscape.certsrv.ca.CAMissingCertException; import com.netscape.certsrv.ca.CAMissingKeyException; +import com.netscape.certsrv.ca.ECAException; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.security.ISigningUnit; import com.netscape.cmscore.security.JssSubsystem; import com.netscape.cmsutil.util.Cert; +import netscape.security.x509.AlgorithmId; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509Key; + /** * CA signing unit based on JSS. * @@ -171,7 +171,7 @@ public final class SigningUnit implements ISigningUnit { mCert = mManager.findCertByNickname(mNickname); CMS.debug("Found cert by nickname: '" + mNickname + "' with serial number: " + mCert.getSerialNumber()); } catch (ObjectNotFoundException e) { - throw new CAMissingCertException(CMS.getUserMessage("CMS_CA_CERT_OBJECT_NOT_FOUND")); + throw new CAMissingCertException(CMS.getUserMessage("CMS_CA_CERT_OBJECT_NOT_FOUND"), e); } mCertImpl = new X509CertImpl(mCert.getEncoded()); @@ -181,7 +181,7 @@ public final class SigningUnit implements ISigningUnit { mPrivk = mManager.findPrivKeyByCert(mCert); CMS.debug("Got private key from cert"); } catch (ObjectNotFoundException e) { - throw new CAMissingKeyException(CMS.getUserMessage("CMS_CA_CERT_OBJECT_NOT_FOUND")); + throw new CAMissingKeyException(CMS.getUserMessage("CMS_CA_CERT_OBJECT_NOT_FOUND"), e); } mPubk = mCert.getPublicKey(); @@ -194,32 +194,39 @@ public final class SigningUnit implements ISigningUnit { CMS.debug( "got signing algorithm " + mDefSigningAlgorithm); mInited = true; + } catch (java.security.cert.CertificateException e) { - CMS.debug("SigningUnit init: debug " + e.toString()); + CMS.debug("SigningUnit: " + e); log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_CA_CERT", e.getMessage())); - throw new ECAException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); + throw new ECAException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()), e); + } catch (CryptoManager.NotInitializedException e) { - CMS.debug("SigningUnit init: debug " + e.toString()); + CMS.debug("SigningUnit: " + e); log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_TOKEN_INIT", e.toString())); - throw new ECAException(CMS.getUserMessage("CMS_CA_CRYPTO_NOT_INITIALIZED")); + throw new ECAException(CMS.getUserMessage("CMS_CA_CRYPTO_NOT_INITIALIZED"), e); + } catch (IncorrectPasswordException e) { - CMS.debug("SigningUnit init: debug " + e.toString()); + CMS.debug("SigningUnit: " + e); log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_WRONG_PWD", e.toString())); - throw new ECAException(CMS.getUserMessage("CMS_CA_INVALID_PASSWORD")); + throw new ECAException(CMS.getUserMessage("CMS_CA_INVALID_PASSWORD"), e); + } catch (NoSuchTokenException e) { - CMS.debug("SigningUnit init: debug " + e.toString()); + CMS.debug("SigningUnit: " + e); log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_TOKEN_NOT_FOUND", tokenname, e.toString())); - throw new ECAException(CMS.getUserMessage("CMS_CA_TOKEN_NOT_FOUND", tokenname)); + throw new ECAException(CMS.getUserMessage("CMS_CA_TOKEN_NOT_FOUND", tokenname), e); + } catch (CAMissingCertException | CAMissingKeyException e) { - CMS.debug("SigningUnit init: debug " + e.toString()); + CMS.debug("SigningUnit: " + e); log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_CERT_NOT_FOUND", e.toString())); throw e; // re-throw + } catch (TokenException e) { - CMS.debug("SigningUnit init: debug " + e.toString()); + CMS.debug("SigningUnit: " + e); log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); - throw new ECAException(CMS.getUserMessage("CMS_CA_TOKEN_ERROR")); + throw new ECAException(CMS.getUserMessage("CMS_CA_TOKEN_ERROR"), e); + } catch (Exception e) { - CMS.debug("SigningUnit init: debug " + e.toString()); + CMS.debug(e); } } diff --git a/base/common/src/com/netscape/certsrv/ca/CAMissingCertException.java b/base/common/src/com/netscape/certsrv/ca/CAMissingCertException.java index 49c5063f2a79a6fa2f977054dd2363e128c80d8f..e36364771931b7d75c9d9f0ea38b309dba05f1c2 100644 --- a/base/common/src/com/netscape/certsrv/ca/CAMissingCertException.java +++ b/base/common/src/com/netscape/certsrv/ca/CAMissingCertException.java @@ -12,4 +12,7 @@ public class CAMissingCertException extends ECAException { super(msgFormat); } + public CAMissingCertException(String msgFormat, Exception cause) { + super(msgFormat, cause); + } } diff --git a/base/common/src/com/netscape/certsrv/ca/CAMissingKeyException.java b/base/common/src/com/netscape/certsrv/ca/CAMissingKeyException.java index 8f5e1e72a3cdb31b1f12985d9e52371277901ae1..178857f803f7fa896cce01d28a4dee31b64bfa6d 100644 --- a/base/common/src/com/netscape/certsrv/ca/CAMissingKeyException.java +++ b/base/common/src/com/netscape/certsrv/ca/CAMissingKeyException.java @@ -12,4 +12,7 @@ public class CAMissingKeyException extends ECAException { super(msgFormat); } + public CAMissingKeyException(String msgFormat, Exception cause) { + super(msgFormat, cause); + } } -- 2.5.5
_______________________________________________ Pki-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-devel
