diff options
author | Endi S. Dewata <edewata@redhat.com> | 2016-10-05 06:58:27 +0200 |
---|---|---|
committer | Matthew Harmsen <mharmsen@redhat.com> | 2016-10-10 16:38:07 -0600 |
commit | cc509ac3e54cf361f4e1d250c67a2994f0c5694e (patch) | |
tree | 7284e3a29cbf6878c38f01e7117469d7ec320751 /base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCertChain.java | |
parent | d47733f8f9b01b04ef1970754133befa25955c9d (diff) | |
download | pki-cc509ac3e54cf361f4e1d250c67a2994f0c5694e.tar.gz pki-cc509ac3e54cf361f4e1d250c67a2994f0c5694e.tar.xz pki-cc509ac3e54cf361f4e1d250c67a2994f0c5694e.zip |
Troubleshooting improvements for GetCertChain.
To help troubleshooting the GetCertChain servlet has been modified
to log the certificate chain being returned. The ConfigurationUtils
has also been modified to log the certificate chain received.
https://fedorahosted.org/pki/ticket/2463
Diffstat (limited to 'base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCertChain.java')
-rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCertChain.java | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCertChain.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCertChain.java index 8cc0f85d6..df60d4230 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCertChain.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCertChain.java @@ -19,6 +19,7 @@ package com.netscape.cms.servlet.csadmin; import java.io.ByteArrayOutputStream; import java.io.IOException; +import java.security.cert.X509Certificate; import java.util.Locale; import javax.servlet.ServletConfig; @@ -26,8 +27,6 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import netscape.security.x509.CertificateChain; - import org.w3c.dom.Node; import com.netscape.certsrv.apps.CMS; @@ -39,6 +38,8 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.xml.XMLObject; +import netscape.security.x509.CertificateChain; + public class GetCertChain extends CMSServlet { /** @@ -70,17 +71,29 @@ public class GetCertChain extends CMSServlet { * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { + HttpServletResponse httpResp = cmsReq.getHttpResp(); CertificateChain certChain = ((ICertAuthority) mAuthority).getCACertChain(); if (certChain == null) { - CMS.debug( - "GetCertChain displayChain: cannot get the certificate chain."); + CMS.debug("GetCertChain: cannot get the certificate chain."); outputError(httpResp, "Error: Failed to get certificate chain."); return; } + X509Certificate[] certs = certChain.getChain(); + + if (certs == null) { + CMS.debug("GetCertChain: no certificate chain"); + + } else { + CMS.debug("GetCertChain: certificate chain:"); + for (X509Certificate cert : certs) { + CMS.debug("GetCertChain: - " + cert.getSubjectDN()); + } + } + byte[] bytes = null; try { |