diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2017-06-13 03:30:37 +0200 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2017-06-13 06:46:07 +0200 |
| commit | 8096811531aaf2040bfcd0e4f14b11aa9ff66e7a (patch) | |
| tree | 284d8bc83500423a04950ff3f61e89a51e490bbf | |
| parent | fbcbc909481cf2e3a3046f5f2adfbb4293febb5c (diff) | |
| download | pki-8096811531aaf2040bfcd0e4f14b11aa9ff66e7a.tar.gz pki-8096811531aaf2040bfcd0e4f14b11aa9ff66e7a.tar.xz pki-8096811531aaf2040bfcd0e4f14b11aa9ff66e7a.zip | |
Refactored AuditVerify (part 3).
The AuditVerify.verify() has been cleaned up and some debug
messages have been added for clarity.
https://pagure.io/dogtagpki/issue/2634
Change-Id: Id1c510dd0081e3abb4fb34da0737ea6a3a335ba4
| -rw-r--r-- | base/java-tools/src/com/netscape/cmstools/AuditVerify.java | 21 | ||||
| -rw-r--r-- | base/server/python/pki/server/cli/audit.py | 15 |
2 files changed, 29 insertions, 7 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/AuditVerify.java b/base/java-tools/src/com/netscape/cmstools/AuditVerify.java index b294ad17b..04f49e17d 100644 --- a/base/java-tools/src/com/netscape/cmstools/AuditVerify.java +++ b/base/java-tools/src/com/netscape/cmstools/AuditVerify.java @@ -165,6 +165,10 @@ public class AuditVerify { throw new Exception("Unknown signing certificate key type: " + pubk.getAlgorithm()); } + if (verbose) { + System.out.println("AuditVerify: Signing algorithm: " + sigAlgorithm); + } + Signature sig = Signature.getInstance(sigAlgorithm, CRYPTO_PROVIDER); sig.initVerify(pubk); @@ -208,15 +212,21 @@ public class AuditVerify { } else { - int sigStart = curLine.indexOf("sig: ") + 5; + int sigStart = curLine.indexOf("sig: "); - if (sigStart < 5) { + if (sigStart < 0) { output(linenum, "INVALID SIGNATURE"); ++badSigCount; } else { - byte[] logSig = base64decode(curLine.substring(sigStart)); + String signature = curLine.substring(sigStart + 5); + + if (verbose) { + System.out.println("AuditVerify: Signature: " + signature); + } + + byte[] logSig = base64decode(signature); // verify the signature if (sig.verify(logSig)) { @@ -349,6 +359,11 @@ public class AuditVerify { "secmod.db") ); } + + if (verbose) { + System.out.println("AuditVerify: Audit signing certificate: " + signerNick); + } + CryptoManager cm = CryptoManager.getInstance(); X509Certificate signerCert = cm.findCertByNickname(signerNick); diff --git a/base/server/python/pki/server/cli/audit.py b/base/server/python/pki/server/cli/audit.py index a19ca8c65..665fe9103 100644 --- a/base/server/python/pki/server/cli/audit.py +++ b/base/server/python/pki/server/cli/audit.py @@ -53,6 +53,7 @@ class AuditFileFindCLI(pki.cli.CLI): print('Usage: pki-server %s-audit-file-find [OPTIONS]' % self.parent.parent.name) print() print(' -i, --instance <instance ID> Instance ID (default: pki-tomcat).') + print(' -v, --verbose Run in verbose mode.') print(' --help Show help message.') print() @@ -126,6 +127,7 @@ class AuditFileVerifyCLI(pki.cli.CLI): print('Usage: pki-server %s-audit-file-verify [OPTIONS]' % self.parent.parent.name) print() print(' -i, --instance <instance ID> Instance ID (default: pki-tomcat).') + print(' -v, --verbose Run in verbose mode.') print(' --help Show help message.') print() @@ -186,10 +188,15 @@ class AuditFileVerifyCLI(pki.cli.CLI): for filename in log_files: f.write(os.path.join(log_dir, filename) + '\n') - cmd = ['AuditVerify', - '-d', instance.nssdb_dir, - '-n', signing_cert['nickname'], - '-a', file_list] + cmd = ['AuditVerify'] + + if self.verbose: + cmd.append('-v') + + cmd.extend([ + '-d', instance.nssdb_dir, + '-n', signing_cert['nickname'], + '-a', file_list]) if self.verbose: print('Command: %s' % ' '.join(cmd)) |