summaryrefslogtreecommitdiffstats
path: root/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCertChain.java
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2016-10-05 06:58:27 +0200
committerMatthew Harmsen <mharmsen@redhat.com>2016-10-10 16:38:07 -0600
commitcc509ac3e54cf361f4e1d250c67a2994f0c5694e (patch)
tree7284e3a29cbf6878c38f01e7117469d7ec320751 /base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCertChain.java
parentd47733f8f9b01b04ef1970754133befa25955c9d (diff)
downloadpki-cc509ac3e54cf361f4e1d250c67a2994f0c5694e.tar.gz
pki-cc509ac3e54cf361f4e1d250c67a2994f0c5694e.tar.xz
pki-cc509ac3e54cf361f4e1d250c67a2994f0c5694e.zip
Troubleshooting improvements for GetCertChain.
To help troubleshooting the GetCertChain servlet has been modified to log the certificate chain being returned. The ConfigurationUtils has also been modified to log the certificate chain received. https://fedorahosted.org/pki/ticket/2463
Diffstat (limited to 'base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCertChain.java')
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCertChain.java21
1 files changed, 17 insertions, 4 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCertChain.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCertChain.java
index 8cc0f85d6..df60d4230 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCertChain.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCertChain.java
@@ -19,6 +19,7 @@ package com.netscape.cms.servlet.csadmin;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
+import java.security.cert.X509Certificate;
import java.util.Locale;
import javax.servlet.ServletConfig;
@@ -26,8 +27,6 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import netscape.security.x509.CertificateChain;
-
import org.w3c.dom.Node;
import com.netscape.certsrv.apps.CMS;
@@ -39,6 +38,8 @@ import com.netscape.cms.servlet.base.UserInfo;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cmsutil.xml.XMLObject;
+import netscape.security.x509.CertificateChain;
+
public class GetCertChain extends CMSServlet {
/**
@@ -70,17 +71,29 @@ public class GetCertChain extends CMSServlet {
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
+
HttpServletResponse httpResp = cmsReq.getHttpResp();
CertificateChain certChain = ((ICertAuthority) mAuthority).getCACertChain();
if (certChain == null) {
- CMS.debug(
- "GetCertChain displayChain: cannot get the certificate chain.");
+ CMS.debug("GetCertChain: cannot get the certificate chain.");
outputError(httpResp, "Error: Failed to get certificate chain.");
return;
}
+ X509Certificate[] certs = certChain.getChain();
+
+ if (certs == null) {
+ CMS.debug("GetCertChain: no certificate chain");
+
+ } else {
+ CMS.debug("GetCertChain: certificate chain:");
+ for (X509Certificate cert : certs) {
+ CMS.debug("GetCertChain: - " + cert.getSubjectDN());
+ }
+ }
+
byte[] bytes = null;
try {
generated by cgit (git 2.34.1) at 2024-09-25 22:36:37 +0000