Ticket #2271 Part2:TMS:removing/reducing debug log printout of data

This patch comments out unneeded data in TMS debug logs (TPS&TKS); It reduces the size of the debug logs by a lot. Note that for ease of later development debugging, the debug lines are commented out instead of being removed
author: Christina Fu <cfu@redhat.com> 2016-06-02 16:47:24 -0700
committer: Christina Fu <cfu@redhat.com> 2016-06-02 18:03:07 -0700
commit: 897fd14bfdfa4cd722f95ba60c8dd7a9eaa37219 (patch)
tree: fa45c0f5fd02e6bc0e805c0ecfb467694109045a /base/server/cms/src/com/netscape/cms
parent: a8e71fb5aedd74a0822d3211d1cd08e0b5af3684 (diff)
download: pki-897fd14bfdfa4cd722f95ba60c8dd7a9eaa37219.tar.gz
pki-897fd14bfdfa4cd722f95ba60c8dd7a9eaa37219.tar.xz
pki-897fd14bfdfa4cd722f95ba60c8dd7a9eaa37219.zip
4 files changed, 36 insertions, 22 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java
index ba7ce5720..99d18bbcb 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java
@@ -420,7 +420,11 @@ public abstract class CMSServlet extends HttpServlet {
                     pn.equalsIgnoreCase("pwd") ||
                     pn.equalsIgnoreCase("pwdagain") ||
                     pn.startsWith("p12Password") ||
-                    pn.equalsIgnoreCase("uPasswd")) {
+                    pn.equalsIgnoreCase("uPasswd") ||
+                    pn.equalsIgnoreCase("host_challenge") ||
+                    pn.equalsIgnoreCase("card_challenge") ||
+                    pn.equalsIgnoreCase("card_cryptogram") ||
+                    pn.equalsIgnoreCase("drm_trans_desKey")) {
                 CMS.debug("CMSServlet::service() param name='" + pn +
                         "' value='(sensitive)'");
             } else {
diff --git a/base/server/cms/src/com/netscape/cms/servlet/tks/KDF.java b/base/server/cms/src/com/netscape/cms/servlet/tks/KDF.java
index f8a5b1f6a..0407e2934 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/tks/KDF.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/tks/KDF.java
@@ -115,7 +115,7 @@ public class KDF {
 
         }
 
-        CMS.debug("desKey: len: " + desKey.length);
+        CMS.debug(method + "desKey: len: " + desKey.length);
 
         return desKey;
     }
diff --git a/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java b/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java
index 83dd93c6e..7dab14045 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java
@@ -583,7 +583,8 @@ public class SecureChannelProtocol {
             }
         }
 
-        CMS.debug(method + "Returning symkey: " + unwrapped);
+        //CMS.debug(method + "Returning symkey: " + unwrapped);
+        CMS.debug(method + "Returning symkey...");
 
         return unwrapped;
     }
@@ -624,7 +625,8 @@ public class SecureChannelProtocol {
             throw new EBaseException(e);
         }
 
-        CMS.debug(method + "Returning symkey: " + unwrapped);
+        //CMS.debug(method + "Returning symkey: " + unwrapped);
+        CMS.debug(method + "Returning symkey...");
 
         return finalUnwrapped;
     }
@@ -857,7 +859,8 @@ public class SecureChannelProtocol {
 
             SymmetricKey extracted8 = extract8.derive();
 
-            CMS.debug(method + " extracted8 key: " + extracted8);
+            //CMS.debug(method + " extracted8 key: " + extracted8);
+            CMS.debug(method + " extracted8 key");
 
             SymmetricKeyDeriver concat = token.getSymmetricKeyDeriver();
             concat.initDerive(
@@ -943,7 +946,8 @@ public class SecureChannelProtocol {
             throw new EBaseException(e);
         }
 
-        CMS.debug(method + " About to return session key: " + wrappedSessKeyData);
+        //CMS.debug(method + " About to return session key: " + wrappedSessKeyData);
+        CMS.debug(method + " returning session key");
 
         return wrappedSessKeyData;
 
@@ -962,14 +966,15 @@ public class SecureChannelProtocol {
         try {
             CryptoManager cm = this.getCryptoManger();
             CryptoToken token = returnTokenByName(selectedToken, cm);
-            CMS.debug("desKey: owning token: " + desKey.getOwningToken().getName());
-            CMS.debug("desKey: current token: " + token.getName());
+            CMS.debug(method + "desKey: owning token: " + desKey.getOwningToken().getName());
+            CMS.debug(method + "desKey: current token: " + token.getName());
             Cipher encryptor = token.getCipherContext(EncryptionAlgorithm.DES3_ECB);
-            CMS.debug("got encryptor");
+            CMS.debug(method + "got encryptor");
             encryptor.initEncrypt(desKey);
-            CMS.debug("done initEncrypt");
+            CMS.debug(method + "done initEncrypt");
             output = encryptor.doFinal(input);
-            CMS.debug("done doFinal " + output);
+            //CMS.debug(method + "done doFinal " + output);
+            CMS.debug(method + "done doFinal");
 
             // SecureChannelProtocol.debugByteArray(output, "Encrypted data:");
         } catch (EBaseException | NoSuchTokenException | NoSuchAlgorithmException | TokenException
@@ -1017,7 +1022,8 @@ public class SecureChannelProtocol {
         //Get the 3 bytes needed
         System.arraycopy(output, 0, finalOutput, 0, 3);
 
-        SecureChannelProtocol.debugByteArray(finalOutput, "Calculated KeyCheck Value:");
+        //SecureChannelProtocol.debugByteArray(finalOutput, "Calculated KeyCheck Value:");
+        CMS.debug(method + " ends");
 
         return finalOutput;
     }
@@ -1405,10 +1411,11 @@ public class SecureChannelProtocol {
             keycheck_enc_key = this.computeKeyCheck(encKey, tokenName);
             keycheck_mac_key = this.computeKeyCheck(macKey, tokenName);
             keycheck_kek_key = this.computeKeyCheck(kekKey, tokenName);
-
+            /*
             debugByteArray(keycheck_enc_key, " Keycheck enc key: ");
             debugByteArray(keycheck_mac_key, " Keycheck mac key: ");
             debugByteArray(keycheck_kek_key, " KeyCheck kek key: ");
+            */
 
         } else if (protocol == PROTOCOL_TWO) {
             alg = (byte) 0x80;
@@ -1447,7 +1454,8 @@ public class SecureChannelProtocol {
             throw new EBaseException(method + " Can't compose final output byte array!");
         }
 
-        SecureChannelProtocol.debugByteArray(output, " Final output to createKeySetData: ");
+        //SecureChannelProtocol.debugByteArray(output, " Final output to createKeySetData: ");
+        CMS.debug(method + " returning output");
 
         return output;
     }
diff --git a/base/server/cms/src/com/netscape/cms/servlet/tks/TokenServlet.java b/base/server/cms/src/com/netscape/cms/servlet/tks/TokenServlet.java
index 00bb90594..ab2ade958 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/tks/TokenServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/tks/TokenServlet.java
@@ -803,7 +803,7 @@ public class TokenServlet extends CMSServlet {
 
         }
 
-        CMS.debug("TokenServlet:outputString.encode " + value);
+        //CMS.debug("TokenServlet:outputString.encode " + value);
 
         try {
             resp.setContentLength(value.length());
@@ -1298,8 +1298,8 @@ public class TokenServlet extends CMSServlet {
                         input_card_crypto =
                                 com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_cryptogram);
 
-                        SecureChannelProtocol.debugByteArray(input_card_crypto, "input_card_crypto");
-                        SecureChannelProtocol.debugByteArray(card_crypto, "card_crypto");
+                        //SecureChannelProtocol.debugByteArray(input_card_crypto, "input_card_crypto");
+                        //SecureChannelProtocol.debugByteArray(card_crypto, "card_crypto");
 
                         if (card_crypto.length == input_card_crypto.length) {
                             for (int i = 0; i < card_crypto.length; i++) {
@@ -1462,7 +1462,7 @@ public class TokenServlet extends CMSServlet {
             }
 
         }
-        CMS.debug("TokenServlet:outputString.encode " + value);
+        //CMS.debug("TokenServlet:outputString.encode " + value);
 
         try {
             resp.setContentLength(value.length());
@@ -1802,7 +1802,8 @@ public class TokenServlet extends CMSServlet {
                             xnewkeyInfo, nistSP800_108KdfOnKeyVersion, nistSP800_108KdfUseCuidAsKdd, xCUID, xKDD,
                             (protocol == 2) ? xWrappedDekKey : kekKeyArray, useSoftToken_s, keySet, (byte) protocol);
                 }
-                SecureChannelProtocol.debugByteArray(KeySetData, " New keyset data: ");
+                //SecureChannelProtocol.debugByteArray(KeySetData, " New keyset data: ");
+                CMS.debug("TokenServlet.processDiversifyKey: New keyset data obtained");
 
                 if (KeySetData == null || KeySetData.length <= 1) {
                     CMS.getLogger().log(ILogger.EV_AUDIT,
@@ -1832,7 +1833,8 @@ public class TokenServlet extends CMSServlet {
         if (KeySetData != null && KeySetData.length > 1) {
             value = IRemoteRequest.RESPONSE_STATUS + "=0&" + IRemoteRequest.TKS_RESPONSE_KeySetData + "=" +
                     com.netscape.cmsutil.util.Utils.SpecialEncode(KeySetData);
-            CMS.debug("TokenServlet:process DiversifyKey.encode " + value);
+            //CMS.debug("TokenServlet:process DiversifyKey.encode " + value);
+            CMS.debug("TokenServlet:process DiversifyKey.encode returning KeySetData");
             // AC: KDF SPEC CHANGE - check for settings file issue (flag)
         } else if (missingSetting_exception != null) {
             status = "6";
@@ -2154,7 +2156,7 @@ public class TokenServlet extends CMSServlet {
             value = IRemoteRequest.RESPONSE_STATUS + "=" + status;
         }
 
-        CMS.debug("TokenServlet:process EncryptData.encode " + value);
+        //CMS.debug("TokenServlet:process EncryptData.encode " + value);
 
         try {
             resp.setContentLength(value.length());
@@ -2378,7 +2380,7 @@ public class TokenServlet extends CMSServlet {
         String temp = req.getParameter(IRemoteRequest.TOKEN_CARD_CHALLENGE);
         String protocol = req.getParameter(IRemoteRequest.CHANNEL_PROTOCOL);
         String derivationConstant = req.getParameter(IRemoteRequest.DERIVATION_CONSTANT);
-        CMS.debug("Protocol: " + protocol + " temp: " + temp);
+        //CMS.debug("Protocol: " + protocol + " temp: " + temp);
 
         setDefaultSlotAndKeyName(req);
         if (temp != null) {
author	Christina Fu <cfu@redhat.com>	2016-06-02 16:47:24 -0700
committer	Christina Fu <cfu@redhat.com>	2016-06-02 18:03:07 -0700
commit	897fd14bfdfa4cd722f95ba60c8dd7a9eaa37219 (patch)
tree	fa45c0f5fd02e6bc0e805c0ecfb467694109045a /base/server/cms/src/com/netscape/cms
parent	a8e71fb5aedd74a0822d3211d1cd08e0b5af3684 (diff)
download	pki-897fd14bfdfa4cd722f95ba60c8dd7a9eaa37219.tar.gz pki-897fd14bfdfa4cd722f95ba60c8dd7a9eaa37219.tar.xz pki-897fd14bfdfa4cd722f95ba60c8dd7a9eaa37219.zip