To help troubleshooting the GetCertChain servlet has been modified to log the certificate chain being returned. The ConfigurationUtils has also been modified to log the certificate chain received.
https://fedorahosted.org/pki/ticket/2463 Pushed to master (10.4) under one-liner/trivial rule. -- Endi S. Dewata
>From 68bf23c68cc1c3c1bdde2026c1c712d379052666 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" <[email protected]> Date: Wed, 5 Oct 2016 06:58:27 +0200 Subject: [PATCH] Troubleshooting improvements for GetCertChain. To help troubleshooting the GetCertChain servlet has been modified to log the certificate chain being returned. The ConfigurationUtils has also been modified to log the certificate chain received. https://fedorahosted.org/pki/ticket/2463 --- .../cms/servlet/csadmin/ConfigurationUtils.java | 15 +++++++++++++-- .../netscape/cms/servlet/csadmin/GetCertChain.java | 21 +++++++++++++++++---- 2 files changed, 30 insertions(+), 6 deletions(-) diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index 92a90179131ecc491e45415fa9381eb09d278c87..ed70a099aad27823b693f7bc619ed7d53a961188 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -289,9 +289,20 @@ public class ConfigurationUtils { // separate individual certs in chain for display byte[] decoded = CryptoUtil.base64Decode(certchain); java.security.cert.X509Certificate[] b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded); - int size = 0; - if (b_certchain != null) { + int size; + + if (b_certchain == null) { + CMS.debug("ConfigurationUtils: no certificate chain"); + + size = 0; + + } else { + CMS.debug("ConfigurationUtils: certificate chain:"); + for (java.security.cert.X509Certificate cert : b_certchain) { + CMS.debug("ConfigurationUtils: - " + cert.getSubjectDN()); + } + size = b_certchain.length; } diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCertChain.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCertChain.java index 8cc0f85d6eff9eff7e04288f4f1c705a434887cf..df60d42307d8a5392379afe642e01379db359210 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCertChain.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCertChain.java @@ -19,6 +19,7 @@ package com.netscape.cms.servlet.csadmin; import java.io.ByteArrayOutputStream; import java.io.IOException; +import java.security.cert.X509Certificate; import java.util.Locale; import javax.servlet.ServletConfig; @@ -26,8 +27,6 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import netscape.security.x509.CertificateChain; - import org.w3c.dom.Node; import com.netscape.certsrv.apps.CMS; @@ -39,6 +38,8 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.xml.XMLObject; +import netscape.security.x509.CertificateChain; + public class GetCertChain extends CMSServlet { /** @@ -70,17 +71,29 @@ public class GetCertChain extends CMSServlet { * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { + HttpServletResponse httpResp = cmsReq.getHttpResp(); CertificateChain certChain = ((ICertAuthority) mAuthority).getCACertChain(); if (certChain == null) { - CMS.debug( - "GetCertChain displayChain: cannot get the certificate chain."); + CMS.debug("GetCertChain: cannot get the certificate chain."); outputError(httpResp, "Error: Failed to get certificate chain."); return; } + X509Certificate[] certs = certChain.getChain(); + + if (certs == null) { + CMS.debug("GetCertChain: no certificate chain"); + + } else { + CMS.debug("GetCertChain: certificate chain:"); + for (X509Certificate cert : certs) { + CMS.debug("GetCertChain: - " + cert.getSubjectDN()); + } + } + byte[] bytes = null; try { -- 2.7.4
_______________________________________________ Pki-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-devel
