Refactored AuditVerify (part 3).

The AuditVerify.verify() has been cleaned up and some debug messages have been added for clarity. https://pagure.io/dogtagpki/issue/2634 Change-Id: Id1c510dd0081e3abb4fb34da0737ea6a3a335ba4
author: Endi S. Dewata <edewata@redhat.com> 2017-06-13 03:30:37 +0200
committer: Endi S. Dewata <edewata@redhat.com> 2017-06-13 06:46:07 +0200
commit: 8096811531aaf2040bfcd0e4f14b11aa9ff66e7a (patch)
tree: 284d8bc83500423a04950ff3f61e89a51e490bbf /base/java-tools/src/com
parent: fbcbc909481cf2e3a3046f5f2adfbb4293febb5c (diff)
download: pki-8096811531aaf2040bfcd0e4f14b11aa9ff66e7a.tar.gz
pki-8096811531aaf2040bfcd0e4f14b11aa9ff66e7a.tar.xz
pki-8096811531aaf2040bfcd0e4f14b11aa9ff66e7a.zip
1 files changed, 18 insertions, 3 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/AuditVerify.java b/base/java-tools/src/com/netscape/cmstools/AuditVerify.java
index b294ad17b..04f49e17d 100644
--- a/base/java-tools/src/com/netscape/cmstools/AuditVerify.java
+++ b/base/java-tools/src/com/netscape/cmstools/AuditVerify.java
@@ -165,6 +165,10 @@ public class AuditVerify {
             throw new Exception("Unknown signing certificate key type: " + pubk.getAlgorithm());
         }
 
+        if (verbose) {
+            System.out.println("AuditVerify: Signing algorithm: " + sigAlgorithm);
+        }
+
         Signature sig = Signature.getInstance(sigAlgorithm, CRYPTO_PROVIDER);
         sig.initVerify(pubk);
 
@@ -208,15 +212,21 @@ public class AuditVerify {
 
                     } else {
 
-                        int sigStart = curLine.indexOf("sig: ") + 5;
+                        int sigStart = curLine.indexOf("sig: ");
 
-                        if (sigStart < 5) {
+                        if (sigStart < 0) {
                             output(linenum, "INVALID SIGNATURE");
                             ++badSigCount;
 
                         } else {
 
-                            byte[] logSig = base64decode(curLine.substring(sigStart));
+                            String signature = curLine.substring(sigStart + 5);
+
+                            if (verbose) {
+                                System.out.println("AuditVerify: Signature: " + signature);
+                            }
+
+                            byte[] logSig = base64decode(signature);
 
                             // verify the signature
                             if (sig.verify(logSig)) {
@@ -349,6 +359,11 @@ public class AuditVerify {
                                 "secmod.db")
                         );
             }
+
+            if (verbose) {
+                System.out.println("AuditVerify: Audit signing certificate: " + signerNick);
+            }
+
             CryptoManager cm = CryptoManager.getInstance();
             X509Certificate signerCert = cm.findCertByNickname(signerNick);
author	Endi S. Dewata <edewata@redhat.com>	2017-06-13 03:30:37 +0200
committer	Endi S. Dewata <edewata@redhat.com>	2017-06-13 06:46:07 +0200
commit	8096811531aaf2040bfcd0e4f14b11aa9ff66e7a (patch)
tree	284d8bc83500423a04950ff3f61e89a51e490bbf /base/java-tools/src/com
parent	fbcbc909481cf2e3a3046f5f2adfbb4293febb5c (diff)
download	pki-8096811531aaf2040bfcd0e4f14b11aa9ff66e7a.tar.gz pki-8096811531aaf2040bfcd0e4f14b11aa9ff66e7a.tar.xz pki-8096811531aaf2040bfcd0e4f14b11aa9ff66e7a.zip