diff options
20 files changed, 233 insertions, 135 deletions
diff --git a/base/common/src/org/dogtagpki/tps/TPSConnection.java b/base/common/src/org/dogtagpki/tps/TPSConnection.java index d93827775..c5a971edd 100644 --- a/base/common/src/org/dogtagpki/tps/TPSConnection.java +++ b/base/common/src/org/dogtagpki/tps/TPSConnection.java @@ -46,7 +46,7 @@ public class TPSConnection { } public TPSMessage read() throws IOException { - CMS.debug("TPSMessage read()"); + CMS.debug("TPSConnection read()"); StringBuilder sb = new StringBuilder(); int b; @@ -80,7 +80,10 @@ public class TPSConnection { sb.append(c); } - CMS.debug("TPSMessage.read: Reading: " + sb.toString()); + if (size <= 38) // for pdu_data size is 2 and only contains status + CMS.debug("TPSConnection.read: Reading: " + sb.toString()); + else + CMS.debug("TPSConnection.read: Reading..."); // parse the entire message return TPSMessage.createMessage(sb.toString()); @@ -89,7 +92,15 @@ public class TPSConnection { public void write(TPSMessage message) throws IOException { String s = message.encode(); - CMS.debug("TPSMessage.write: Writing: " + s); + // don't print the pdu_data + int idx = s.lastIndexOf("pdu_data="); + String toDebug = null; + if (idx == -1) + CMS.debug("TPSConnection.write: Writing: " + s); + else { + toDebug = s.substring(0, idx-1); + CMS.debug("TPSConnection.write: Writing: " + toDebug + "pdu_data=<do not print>"); + } // send message out.print(s); diff --git a/base/common/src/org/dogtagpki/tps/main/Util.java b/base/common/src/org/dogtagpki/tps/main/Util.java index 2973bb8ec..b212478d7 100644 --- a/base/common/src/org/dogtagpki/tps/main/Util.java +++ b/base/common/src/org/dogtagpki/tps/main/Util.java @@ -432,7 +432,7 @@ public class Util { throw new EBaseException("Util.encryptData: called with no sym key or no data!"); } - CMS.debug("Util.encryptData: dataToEnc: " + dataToEnc.toHexString()); + //CMS.debug("Util.encryptData: dataToEnc: " + dataToEnc.toHexString()); CryptoToken token = null; try { diff --git a/base/common/src/org/dogtagpki/tps/msg/TPSMessage.java b/base/common/src/org/dogtagpki/tps/msg/TPSMessage.java index f622b9b4d..c7ad7f7c3 100644 --- a/base/common/src/org/dogtagpki/tps/msg/TPSMessage.java +++ b/base/common/src/org/dogtagpki/tps/msg/TPSMessage.java @@ -510,7 +510,22 @@ public class TPSMessage { public static TPSMessage createMessage(String message) throws IOException { - CMS.debug("TPSMessage.createMessage: message: " + message); + // don't print the pdu_data + int idx1 = message.lastIndexOf("pdu_data="); + int idx2 = message.lastIndexOf("pdu_size="); + String toDebug1 = null; + String toDebug2 = null; + if (idx1 == -1) + CMS.debug("TPSMessage.createMessage: message: " + message); + else { + toDebug1 = message.substring(0, idx1-1); + if (idx2 == -1) + CMS.debug("TPSMessage.createMessage: message: " + toDebug1 + "pdu_data=<do not print>..."); + else { + toDebug2 = message.substring(idx2-1); + CMS.debug("TPSMessage.createMessage: message: " + toDebug1 + "&pdu_data=<do not print>"+ toDebug2); + } + } TPSMessage new_msg = new TPSMessage(message); diff --git a/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java b/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java index c7c5ecbe4..f7ba92979 100644 --- a/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java +++ b/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java @@ -263,6 +263,7 @@ public class TokenKeyRecoveryService implements IService { auditSubjectID = rCUID + ":" + rUserid; //CMS.debug("TokenKeyRecoveryService: received DRM-trans-wrapped des key =" + rWrappedDesKeyString); + CMS.debug("TokenKeyRecoveryService: received DRM-trans-wrapped des key"); wrapped_des_key = com.netscape.cmsutil.util.Utils.SpecialDecode(rWrappedDesKeyString); CMS.debug("TokenKeyRecoveryService: wrapped_des_key specialDecoded"); @@ -588,8 +589,9 @@ public class TokenKeyRecoveryService implements IService { audit(auditMessage); return false; } else { - CMS.debug("TokenKeyRecoveryService: got publicKeyData b64 = " + - PubKey); + //CMS.debug("TokenKeyRecoveryService: got publicKeyData b64 = " + + // PubKey); + CMS.debug("TokenKeyRecoveryService: got publicKeyData"); } request.setExtData("public_key", PubKey); auditMessage = CMS.getLogMessage( diff --git a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java index ba7ce5720..99d18bbcb 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -420,7 +420,11 @@ public abstract class CMSServlet extends HttpServlet { pn.equalsIgnoreCase("pwd") || pn.equalsIgnoreCase("pwdagain") || pn.startsWith("p12Password") || - pn.equalsIgnoreCase("uPasswd")) { + pn.equalsIgnoreCase("uPasswd") || + pn.equalsIgnoreCase("host_challenge") || + pn.equalsIgnoreCase("card_challenge") || + pn.equalsIgnoreCase("card_cryptogram") || + pn.equalsIgnoreCase("drm_trans_desKey")) { CMS.debug("CMSServlet::service() param name='" + pn + "' value='(sensitive)'"); } else { diff --git a/base/server/cms/src/com/netscape/cms/servlet/tks/KDF.java b/base/server/cms/src/com/netscape/cms/servlet/tks/KDF.java index f8a5b1f6a..0407e2934 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/tks/KDF.java +++ b/base/server/cms/src/com/netscape/cms/servlet/tks/KDF.java @@ -115,7 +115,7 @@ public class KDF { } - CMS.debug("desKey: len: " + desKey.length); + CMS.debug(method + "desKey: len: " + desKey.length); return desKey; } diff --git a/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java b/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java index 83dd93c6e..7dab14045 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java +++ b/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java @@ -583,7 +583,8 @@ public class SecureChannelProtocol { } } - CMS.debug(method + "Returning symkey: " + unwrapped); + //CMS.debug(method + "Returning symkey: " + unwrapped); + CMS.debug(method + "Returning symkey..."); return unwrapped; } @@ -624,7 +625,8 @@ public class SecureChannelProtocol { throw new EBaseException(e); } - CMS.debug(method + "Returning symkey: " + unwrapped); + //CMS.debug(method + "Returning symkey: " + unwrapped); + CMS.debug(method + "Returning symkey..."); return finalUnwrapped; } @@ -857,7 +859,8 @@ public class SecureChannelProtocol { SymmetricKey extracted8 = extract8.derive(); - CMS.debug(method + " extracted8 key: " + extracted8); + //CMS.debug(method + " extracted8 key: " + extracted8); + CMS.debug(method + " extracted8 key"); SymmetricKeyDeriver concat = token.getSymmetricKeyDeriver(); concat.initDerive( @@ -943,7 +946,8 @@ public class SecureChannelProtocol { throw new EBaseException(e); } - CMS.debug(method + " About to return session key: " + wrappedSessKeyData); + //CMS.debug(method + " About to return session key: " + wrappedSessKeyData); + CMS.debug(method + " returning session key"); return wrappedSessKeyData; @@ -962,14 +966,15 @@ public class SecureChannelProtocol { try { CryptoManager cm = this.getCryptoManger(); CryptoToken token = returnTokenByName(selectedToken, cm); - CMS.debug("desKey: owning token: " + desKey.getOwningToken().getName()); - CMS.debug("desKey: current token: " + token.getName()); + CMS.debug(method + "desKey: owning token: " + desKey.getOwningToken().getName()); + CMS.debug(method + "desKey: current token: " + token.getName()); Cipher encryptor = token.getCipherContext(EncryptionAlgorithm.DES3_ECB); - CMS.debug("got encryptor"); + CMS.debug(method + "got encryptor"); encryptor.initEncrypt(desKey); - CMS.debug("done initEncrypt"); + CMS.debug(method + "done initEncrypt"); output = encryptor.doFinal(input); - CMS.debug("done doFinal " + output); + //CMS.debug(method + "done doFinal " + output); + CMS.debug(method + "done doFinal"); // SecureChannelProtocol.debugByteArray(output, "Encrypted data:"); } catch (EBaseException | NoSuchTokenException | NoSuchAlgorithmException | TokenException @@ -1017,7 +1022,8 @@ public class SecureChannelProtocol { //Get the 3 bytes needed System.arraycopy(output, 0, finalOutput, 0, 3); - SecureChannelProtocol.debugByteArray(finalOutput, "Calculated KeyCheck Value:"); + //SecureChannelProtocol.debugByteArray(finalOutput, "Calculated KeyCheck Value:"); + CMS.debug(method + " ends"); return finalOutput; } @@ -1405,10 +1411,11 @@ public class SecureChannelProtocol { keycheck_enc_key = this.computeKeyCheck(encKey, tokenName); keycheck_mac_key = this.computeKeyCheck(macKey, tokenName); keycheck_kek_key = this.computeKeyCheck(kekKey, tokenName); - + /* debugByteArray(keycheck_enc_key, " Keycheck enc key: "); debugByteArray(keycheck_mac_key, " Keycheck mac key: "); debugByteArray(keycheck_kek_key, " KeyCheck kek key: "); + */ } else if (protocol == PROTOCOL_TWO) { alg = (byte) 0x80; @@ -1447,7 +1454,8 @@ public class SecureChannelProtocol { throw new EBaseException(method + " Can't compose final output byte array!"); } - SecureChannelProtocol.debugByteArray(output, " Final output to createKeySetData: "); + //SecureChannelProtocol.debugByteArray(output, " Final output to createKeySetData: "); + CMS.debug(method + " returning output"); return output; } diff --git a/base/server/cms/src/com/netscape/cms/servlet/tks/TokenServlet.java b/base/server/cms/src/com/netscape/cms/servlet/tks/TokenServlet.java index 00bb90594..ab2ade958 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/tks/TokenServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/tks/TokenServlet.java @@ -803,7 +803,7 @@ public class TokenServlet extends CMSServlet { } - CMS.debug("TokenServlet:outputString.encode " + value); + //CMS.debug("TokenServlet:outputString.encode " + value); try { resp.setContentLength(value.length()); @@ -1298,8 +1298,8 @@ public class TokenServlet extends CMSServlet { input_card_crypto = com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_cryptogram); - SecureChannelProtocol.debugByteArray(input_card_crypto, "input_card_crypto"); - SecureChannelProtocol.debugByteArray(card_crypto, "card_crypto"); + //SecureChannelProtocol.debugByteArray(input_card_crypto, "input_card_crypto"); + //SecureChannelProtocol.debugByteArray(card_crypto, "card_crypto"); if (card_crypto.length == input_card_crypto.length) { for (int i = 0; i < card_crypto.length; i++) { @@ -1462,7 +1462,7 @@ public class TokenServlet extends CMSServlet { } } - CMS.debug("TokenServlet:outputString.encode " + value); + //CMS.debug("TokenServlet:outputString.encode " + value); try { resp.setContentLength(value.length()); @@ -1802,7 +1802,8 @@ public class TokenServlet extends CMSServlet { xnewkeyInfo, nistSP800_108KdfOnKeyVersion, nistSP800_108KdfUseCuidAsKdd, xCUID, xKDD, (protocol == 2) ? xWrappedDekKey : kekKeyArray, useSoftToken_s, keySet, (byte) protocol); } - SecureChannelProtocol.debugByteArray(KeySetData, " New keyset data: "); + //SecureChannelProtocol.debugByteArray(KeySetData, " New keyset data: "); + CMS.debug("TokenServlet.processDiversifyKey: New keyset data obtained"); if (KeySetData == null || KeySetData.length <= 1) { CMS.getLogger().log(ILogger.EV_AUDIT, @@ -1832,7 +1833,8 @@ public class TokenServlet extends CMSServlet { if (KeySetData != null && KeySetData.length > 1) { value = IRemoteRequest.RESPONSE_STATUS + "=0&" + IRemoteRequest.TKS_RESPONSE_KeySetData + "=" + com.netscape.cmsutil.util.Utils.SpecialEncode(KeySetData); - CMS.debug("TokenServlet:process DiversifyKey.encode " + value); + //CMS.debug("TokenServlet:process DiversifyKey.encode " + value); + CMS.debug("TokenServlet:process DiversifyKey.encode returning KeySetData"); // AC: KDF SPEC CHANGE - check for settings file issue (flag) } else if (missingSetting_exception != null) { status = "6"; @@ -2154,7 +2156,7 @@ public class TokenServlet extends CMSServlet { value = IRemoteRequest.RESPONSE_STATUS + "=" + status; } - CMS.debug("TokenServlet:process EncryptData.encode " + value); + //CMS.debug("TokenServlet:process EncryptData.encode " + value); try { resp.setContentLength(value.length()); @@ -2378,7 +2380,7 @@ public class TokenServlet extends CMSServlet { String temp = req.getParameter(IRemoteRequest.TOKEN_CARD_CHALLENGE); String protocol = req.getParameter(IRemoteRequest.CHANNEL_PROTOCOL); String derivationConstant = req.getParameter(IRemoteRequest.DERIVATION_CONSTANT); - CMS.debug("Protocol: " + protocol + " temp: " + temp); + //CMS.debug("Protocol: " + protocol + " temp: " + temp); setDefaultSlotAndKeyName(req); if (temp != null) { diff --git a/base/server/cmscore/src/com/netscape/cmscore/connector/HttpConnection.java b/base/server/cmscore/src/com/netscape/cmscore/connector/HttpConnection.java index c4804784a..d016b6335 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/connector/HttpConnection.java +++ b/base/server/cmscore/src/com/netscape/cmscore/connector/HttpConnection.java @@ -215,7 +215,7 @@ public class HttpConnection implements IHttpConnection { throw new EBaseException("HttpConnection.send: with String content: null or empty"); } - CMS.debug("HttpConnection.send: with String content: " + content); + //CMS.debug("HttpConnection.send: with String content: " + content); resp = doSend(content); return resp; diff --git a/base/server/cmscore/src/com/netscape/cmscore/logging/SignedAuditEventFactory.java b/base/server/cmscore/src/com/netscape/cmscore/logging/SignedAuditEventFactory.java index 6ba492dc3..01f999120 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/logging/SignedAuditEventFactory.java +++ b/base/server/cmscore/src/com/netscape/cmscore/logging/SignedAuditEventFactory.java @@ -76,7 +76,8 @@ public class SignedAuditEventFactory implements ILogEventFactory { eventType = typeMessage.substring(typeBegin + 6, colon); message = typeMessage.substring(colon + 2); - Debug.trace("SignedAuditEventFactory: create() message=" + message + "\n"); + //Debug.trace("SignedAuditEventFactory: create() message=" + message + "\n"); + Debug.trace("SignedAuditEventFactory: create() message created for eventType=" + eventType + "\n"); } else { // no type specified diff --git a/base/tps/src/org/dogtagpki/server/tps/TPSSession.java b/base/tps/src/org/dogtagpki/server/tps/TPSSession.java index 6f175e207..f7fca8489 100644 --- a/base/tps/src/org/dogtagpki/server/tps/TPSSession.java +++ b/base/tps/src/org/dogtagpki/server/tps/TPSSession.java @@ -66,11 +66,12 @@ public class TPSSession { public TPSMessage read() throws IOException { TPSMessage message = null; - CMS.debug("TPSSession.process() about to call read on connection : " + connection); + CMS.debug("TPSSession.read() about to call read on connection : " + connection); try { message = connection.read(); - CMS.debug("TPSSession.process() created message " + message); + //CMS.debug("TPSSession.read() created message " + message); + CMS.debug("TPSSession.read() message created"); } catch (IOException e) { //Catch here so we can log diff --git a/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java b/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java index 598e99a64..8860f48cc 100644 --- a/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java +++ b/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java @@ -333,7 +333,8 @@ public class SecureChannel { attr = new TPSBuffer(Util.bool2Byte(value)); appendPKCS11Attribute(buffer, PKCS11Constants.CKA_TOKEN, attr); - CMS.debug("SecureChannel.appendKeyCapabilities: returning: " + buffer.toHexString()); + //CMS.debug("SecureChannel.appendKeyCapabilities: returning: " + buffer.toHexString()); + CMS.debug("SecureChannel.appendKeyCapabilities: returning"); } catch (EBaseException e) { throw new TPSException("SecureChannel.appentKeyCapabilities. Can't obtain config value!", @@ -423,9 +424,9 @@ public class SecureChannel { if (secLevel == SecurityLevel.SECURE_MSG_MAC_ENC) { try { - CMS.debug("SecureChannel.computeAPDU: Before encryption data value: " + apdu.getData().toHexString()); + //CMS.debug("SecureChannel.computeAPDU: Before encryption data value: " + apdu.getData().toHexString()); apdu.secureMessage(encSessionKey, (byte) 1); - CMS.debug("SecureChannel.computeAPDU: After encryption data value: " + apdu.getData().toHexString()); + //CMS.debug("SecureChannel.computeAPDU: After encryption data value: " + apdu.getData().toHexString()); } catch (EBaseException e) { throw new TPSException("SecureChannel.computeAPDU: Can't encrypt outgoing data! " + e); } @@ -519,7 +520,8 @@ public class SecureChannel { data = apdu.getDataToMAC(); - CMS.debug("SecureChannel.computeAPDUMac: data To MAC: " + data.toHexString()); + //CMS.debug("SecureChannel.computeAPDUMac: data To MAC: " + data.toHexString()); + CMS.debug("SecureChannel.computeAPDUMac: got data To MAC"); try { newMac = Util.computeMAC(sessionKey, data, icv); @@ -529,7 +531,8 @@ public class SecureChannel { TPSStatus.STATUS_ERROR_SECURE_CHANNEL); } - CMS.debug("SecureChannel.computeAPDUMac: computed MAC: " + newMac.toHexString()); + //CMS.debug("SecureChannel.computeAPDUMac: computed MAC: " + newMac.toHexString()); + CMS.debug("SecureChannel.computeAPDUMac: MAC computed"); apdu.setMAC(newMac); @@ -707,12 +710,13 @@ public class SecureChannel { //Load one piece of the applet file onto the token. private void loadFileSegment(byte refControl, int count, TPSBuffer piece) throws TPSException, IOException { + CMS.debug("SecureChannel.loadFileSegment: begins"); if (piece == null || count < 0) { throw new TPSException("SecureChannel.loadFileSegment: invalid input data.", TPSStatus.STATUS_ERROR_UPGRADE_APPLET); } - CMS.debug("SecureChannel.loadFileSegment: count: " + count + " piece: " + piece.toHexString()); + //CMS.debug("SecureChannel.loadFileSegment: count: " + count + " piece: " + piece.toHexString()); APDUResponse response = null; @@ -738,6 +742,7 @@ public class SecureChannel { TPSStatus.STATUS_ERROR_SECURE_CHANNEL); } + CMS.debug("SecureChannel.loadFileSegment: ends"); } // Kick off the applet loading process. @@ -1023,7 +1028,8 @@ public class SecureChannel { finalizeObjectBuffer(result, id); - CMS.debug("SecureChannel.createPKCS11PriKeyAttrsBuffer: returing: " + result.toHexString()); + //CMS.debug("SecureChannel.createPKCS11PriKeyAttrsBuffer: returing: " + result.toHexString()); + CMS.debug("SecureChannel.createPKCS11PriKeyAttrsBuffer: returing"); return result; @@ -1070,7 +1076,8 @@ public class SecureChannel { finalizeObjectBuffer(result, id); - CMS.debug("SecureChannel.createPKCS11PublicKeyAttrsBuffer: returing: " + result.toHexString()); + //CMS.debug("SecureChannel.createPKCS11PublicKeyAttrsBuffer: returing: " + result.toHexString()); + CMS.debug("SecureChannel.createPKCS11PublicKeyAttrsBuffer: returing"); return result; @@ -1144,7 +1151,8 @@ public class SecureChannel { finalizeObjectBuffer(result, id); - CMS.debug("SecureChannel.createPKCS11CertAttrsBuffer: returing: " + result.toHexString()); + //CMS.debug("SecureChannel.createPKCS11CertAttrsBuffer: returing: " + result.toHexString()); + CMS.debug("SecureChannel.createPKCS11CertAttrsBuffer: returing"); return result; diff --git a/base/tps/src/org/dogtagpki/server/tps/cms/CARemoteRequestHandler.java b/base/tps/src/org/dogtagpki/server/tps/cms/CARemoteRequestHandler.java index ace5f389f..8eafa36a5 100644 --- a/base/tps/src/org/dogtagpki/server/tps/cms/CARemoteRequestHandler.java +++ b/base/tps/src/org/dogtagpki/server/tps/cms/CARemoteRequestHandler.java @@ -192,7 +192,7 @@ public class CARemoteRequestHandler extends RemoteRequestHandler } } } - CMS.debug("CARemoteRequestHandler: enrollCertificate(): sendMsg =" + sendMsg); + //CMS.debug("CARemoteRequestHandler: enrollCertificate(): sendMsg =" + sendMsg); HttpResponse resp = conn.send("enrollment", sendMsg); if (resp == null) { @@ -202,16 +202,14 @@ public class CARemoteRequestHandler extends RemoteRequestHandler String content = resp.getContent(); if (content != null && !content.equals("")) { - CMS.debug("CARemoteRequestHandler: enrollCertificate(): got content = " + content); + //CMS.debug("CARemoteRequestHandler: enrollCertificate(): got content = " + content); + CMS.debug("CARemoteRequestHandler: enrollCertificate(): got content"); XMLObject xmlResponse = getXMLparser(content); Hashtable<String, Object> response = new Hashtable<String, Object>(); - CMS.debug("CARemoteRequestHandler: enrollCertificate(): received:" + - content); - /** * When a value is not found in response, keep going so we know * what else is missing @@ -222,7 +220,8 @@ public class CARemoteRequestHandler extends RemoteRequestHandler String value = xmlResponse.getValue(IRemoteRequest.RESPONSE_STATUS_XML); if (value == null) { CMS.debug("CARemoteRequestHandler: enrollCertificate(): Status not found."); - CMS.debug("CARemoteRequestHandler: enrollCertificate(): got content = " + content); + //CMS.debug("CARemoteRequestHandler: enrollCertificate(): got content = " + content); + CMS.debug("CARemoteRequestHandler: enrollCertificate(): got content"); } else { CMS.debug("CARemoteRequestHandler: enrollCertificate(): got Status = " + value); ist = Integer.parseInt(value); @@ -255,8 +254,9 @@ public class CARemoteRequestHandler extends RemoteRequestHandler IRemoteRequest.CA_RESPONSE_Certificate_b64); } else { try { - CMS.debug("CARemoteRequestHandler:: enrollCertificate(): got IRemoteRequest.CA_RESPONSE_Certificate_b64 = " - + value); + //CMS.debug("CARemoteRequestHandler:: enrollCertificate(): got IRemoteRequest.CA_RESPONSE_Certificate_b64 = " + // + value); + CMS.debug("CARemoteRequestHandler:: enrollCertificate(): got IRemoteRequest.CA_RESPONSE_Certificate_b64"); response.put(IRemoteRequest.CA_RESPONSE_Certificate_b64, value); X509CertImpl newCert = new X509CertImpl(Utils.base64decode(value)); response.put(IRemoteRequest.CA_RESPONSE_Certificate_x509, newCert); @@ -324,8 +324,9 @@ public class CARemoteRequestHandler extends RemoteRequestHandler Hashtable<String, Object> response = new Hashtable<String, Object>(); - CMS.debug("CARemoteRequestHandler: retrieveCertificate(): received:" + - content); + //CMS.debug("CARemoteRequestHandler: retrieveCertificate(): received:" + + // content); + CMS.debug("CARemoteRequestHandler: retrieveCertificate(): content received"); /** * When a value is not found in response, keep going so we know @@ -335,7 +336,8 @@ public class CARemoteRequestHandler extends RemoteRequestHandler String value = xmlResponse.getValue(IRemoteRequest.RESPONSE_STATUS_XML); if (value == null) { CMS.debug("CARemoteRequestHandler: retrieveCertificate(): Status not found."); - CMS.debug("CARemoteRequestHandler: retrieveCertificate(): got content = " + content); + //CMS.debug("CARemoteRequestHandler: retrieveCertificate(): got content = " + content); + CMS.debug("CARemoteRequestHandler: retrieveCertificate(): got content"); } else { CMS.debug("CARemoteRequestHandler: retrieveCertificate(): got Status = " + value); ist = Integer.parseInt(value); @@ -347,8 +349,9 @@ public class CARemoteRequestHandler extends RemoteRequestHandler CMS.debug("CARemoteRequestHandler:: retrieveCertificate(): response missing name-value pair for: " + IRemoteRequest.CA_RESPONSE_Certificate_chain_b64); } else { - CMS.debug("CARemoteRequestHandler:: retrieveCertificate(): got IRemoteRequest.CA_RESPONSE_Certificate_chain_b64 = " - + value); + //CMS.debug("CARemoteRequestHandler:: retrieveCertificate(): got IRemoteRequest.CA_RESPONSE_Certificate_chain_b64 = " + // + value); + CMS.debug("CARemoteRequestHandler:: retrieveCertificate(): got IRemoteRequest.CA_RESPONSE_Certificate_chain_b64"); response.put(IRemoteRequest.CA_RESPONSE_Certificate_chain_b64, value); try { X509CertImpl newCert = new X509CertImpl(Utils.base64decode(value)); @@ -442,7 +445,8 @@ public class CARemoteRequestHandler extends RemoteRequestHandler String value = xmlResponse.getValue(IRemoteRequest.RESPONSE_STATUS_XML); if (value == null) { CMS.debug("CARemoteRequestHandler: renewCertificate(): Status not found."); - CMS.debug("CARemoteRequestHandler: renewCertificate(): got content = " + content); + //CMS.debug("CARemoteRequestHandler: renewCertificate(): got content = " + content); + CMS.debug("CARemoteRequestHandler: renewCertificate(): got content"); } else { CMS.debug("CARemoteRequestHandler: renewCertificate(): got Status = " + value); ist = Integer.parseInt(value); @@ -474,8 +478,9 @@ public class CARemoteRequestHandler extends RemoteRequestHandler CMS.debug("CARemoteRequestHandler:: renewCertificate(): response missing name-value pair for: " + IRemoteRequest.CA_RESPONSE_Certificate_b64); } else { - CMS.debug("CARemoteRequestHandler:: renewCertificate(): got IRemoteRequest.CA_RESPONSE_Certificate_b64 = " - + value); + //CMS.debug("CARemoteRequestHandler:: renewCertificate(): got IRemoteRequest.CA_RESPONSE_Certificate_b64 = " + // + value); + CMS.debug("CARemoteRequestHandler:: renewCertificate(): got IRemoteRequest.CA_RESPONSE_Certificate_b64"); response.put(IRemoteRequest.CA_RESPONSE_Certificate_b64, value); try { X509CertImpl newCert = new X509CertImpl(Utils.base64decode(value)); diff --git a/base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java b/base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java index 0f3de3351..59b5208f6 100644 --- a/base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java +++ b/base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java @@ -182,8 +182,9 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler CMS.debug("KRARemoteRequestHandler: serverSideKeyGen(): response missing name-value pair for: " + IRemoteRequest.KRA_RESPONSE_PublicKey); } else { - CMS.debug("KRARemoteRequestHandler:serverSideKeyGen(): got IRemoteRequest.KRA_RESPONSE_PublicKey= " - + value); + //CMS.debug("KRARemoteRequestHandler:serverSideKeyGen(): got IRemoteRequest.KRA_RESPONSE_PublicKey= " + // + value); + CMS.debug("KRARemoteRequestHandler:serverSideKeyGen(): got IRemoteRequest.KRA_RESPONSE_PublicKey"); response.put(IRemoteRequest.KRA_RESPONSE_PublicKey, value); } @@ -326,7 +327,8 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler CMS.debug("KRARemoteRequestHandler: recoverKey(): response missing name-value pair for: " + IRemoteRequest.KRA_RESPONSE_PublicKey); } else { - CMS.debug("KRARemoteRequestHandler:recoverKey(): got IRemoteRequest.KRA_RESPONSE_PublicKey= " + value); + //CMS.debug("KRARemoteRequestHandler:recoverKey(): got IRemoteRequest.KRA_RESPONSE_PublicKey= " + value); + CMS.debug("KRARemoteRequestHandler:recoverKey(): got IRemoteRequest.KRA_RESPONSE_PublicKey"); response.put(IRemoteRequest.KRA_RESPONSE_PublicKey, value); } diff --git a/base/tps/src/org/dogtagpki/server/tps/cms/RemoteRequestHandler.java b/base/tps/src/org/dogtagpki/server/tps/cms/RemoteRequestHandler.java index b594df920..b63550451 100644 --- a/base/tps/src/org/dogtagpki/server/tps/cms/RemoteRequestHandler.java +++ b/base/tps/src/org/dogtagpki/server/tps/cms/RemoteRequestHandler.java @@ -73,11 +73,12 @@ public abstract class RemoteRequestHandler * @return XMLObject the parser */ protected XMLObject getXMLparser(String text) { + CMS.debug("RemoteRequestHandler: getXMLparser(): begins"); if (text == null) { return null; - } else { + }/* else { CMS.debug("RemoteRequestHandler: getXMLparser(): parsing: " + text); - } + }*/ try { ByteArrayInputStream bis = new ByteArrayInputStream(text.getBytes()); diff --git a/base/tps/src/org/dogtagpki/server/tps/cms/TKSRemoteRequestHandler.java b/base/tps/src/org/dogtagpki/server/tps/cms/TKSRemoteRequestHandler.java index eabae3408..f38d7def5 100644 --- a/base/tps/src/org/dogtagpki/server/tps/cms/TKSRemoteRequestHandler.java +++ b/base/tps/src/org/dogtagpki/server/tps/cms/TKSRemoteRequestHandler.java @@ -133,7 +133,8 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler + Util.specialURLEncode(card_cryptogram.toBytesArray()) + "&" + IRemoteRequest.TOKEN_KEYSET + "=" + keySet; - CMS.debug("TKSRemoteRequestHandler.computeSessionKey: outgoing message: " + requestString); + //CMS.debug("TKSRemoteRequestHandler.computeSessionKey: outgoing message: " + requestString); + CMS.debug("TKSRemoteRequestHandler.computeSessionKey: sending request to TKS"); HttpResponse resp = conn.send("computeSessionKey", @@ -156,7 +157,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler String value = (String) response.get(IRemoteRequest.RESPONSE_STATUS); if (value == null) { CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): status not found."); - CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got content = " + content); + //CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got content = " + content); } else { CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got status = " + value); ist = Integer.parseInt(value); @@ -168,7 +169,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): response missing name-value pair for: " + IRemoteRequest.TKS_RESPONSE_SessionKey); } else { - CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got IRemoteRequest.TKS_RESPONSE_SessionKey = "); + CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got IRemoteRequest.TKS_RESPONSE_SessionKey"); response.put(IRemoteRequest.TKS_RESPONSE_SessionKey, Util.specialDecode(value)); } @@ -177,7 +178,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): response missing name-value pair for: " + IRemoteRequest.TKS_RESPONSE_EncSessionKey); } else { - CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got IRemoteRequest.TKS_RESPONSE_EncSessionKey = "); + CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got IRemoteRequest.TKS_RESPONSE_EncSessionKey"); response.put(IRemoteRequest.TKS_RESPONSE_EncSessionKey, Util.specialDecode(value)); } @@ -186,7 +187,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): response missing name-value pair for: " + IRemoteRequest.TKS_RESPONSE_DRM_Trans_DesKey); } else { - CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got IRemoteRequest.TKS_RESPONSE_DRM_Trans_DesKey = "); + CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got IRemoteRequest.TKS_RESPONSE_DRM_Trans_DesKey"); response.put(IRemoteRequest.TKS_RESPONSE_DRM_Trans_DesKey, Util.specialDecode(value)); } @@ -195,7 +196,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): response missing name-value pair for: " + IRemoteRequest.TKS_RESPONSE_KEK_DesKey); } else { - CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got IRemoteRequest.TKS_RESPONSE_KEK_DesKey = "); + CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got IRemoteRequest.TKS_RESPONSE_KEK_DesKey"); response.put(IRemoteRequest.TKS_RESPONSE_KEK_DesKey, Util.specialDecode(value)); } @@ -204,7 +205,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): response missing name-value pair for: " + IRemoteRequest.TKS_RESPONSE_KeyCheck); } else { - CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got IRemoteRequest.TKS_RESPONSE_KeyCheck = "); + CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got IRemoteRequest.TKS_RESPONSE_KeyCheck"); response.put(IRemoteRequest.TKS_RESPONSE_KeyCheck, Util.specialDecode(value)); } @@ -213,7 +214,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): response missing name-value pair for: " + IRemoteRequest.TKS_RESPONSE_HostCryptogram); } else { - CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got IRemoteRequest.TKS_RESPONSE_HostCryptogram = "); + CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): got IRemoteRequest.TKS_RESPONSE_HostCryptogram"); response.put(IRemoteRequest.TKS_RESPONSE_HostCryptogram, Util.specialDecode(value)); } CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): ends."); @@ -310,7 +311,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler String value = (String) response.get(IRemoteRequest.RESPONSE_STATUS); if (value == null) { CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): status not found."); - CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): got content = " + content); + //CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): got content = " + content); } else { CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): got status = " + value); ist = Integer.parseInt(value); @@ -322,7 +323,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): response missing name-value pair for: " + IRemoteRequest.TKS_RESPONSE_SessionKey); } else { - CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): got IRemoteRequest.TKS_RESPONSE_SessionKey = "); + CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): got IRemoteRequest.TKS_RESPONSE_SessionKey"); response.put(IRemoteRequest.TKS_RESPONSE_SessionKey, Util.specialDecode(value)); } @@ -331,7 +332,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): response missing name-value pair for: " + IRemoteRequest.TKS_RESPONSE_DRM_Trans_DesKey); } else { - CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): got IRemoteRequest.TKS_RESPONSE_DRM_Trans_DesKey = "); + CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): got IRemoteRequest.TKS_RESPONSE_DRM_Trans_DesKey"); response.put(IRemoteRequest.TKS_RESPONSE_DRM_Trans_DesKey, Util.specialDecode(value)); } @@ -340,7 +341,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): response missing name-value pair for: " + IRemoteRequest.TKS_RESPONSE_KEK_DesKey); } else { - CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): got IRemoteRequest.TKS_RESPONSE_KEK_DesKey = "); + CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): got IRemoteRequest.TKS_RESPONSE_KEK_DesKey"); response.put(IRemoteRequest.TKS_RESPONSE_KEK_DesKey, Util.specialDecode(value)); } @@ -352,7 +353,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler IRemoteRequest.TKS_RESPONSE_KeyCheck); } else { - CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): got IRemoteRequest.TKS_RESPONSE_KeyCheck = "); + CMS.debug("TKSRemoteRequestHandler: computeSessionKeySCP02(): got IRemoteRequest.TKS_RESPONSE_KeyCheck"); response.put(IRemoteRequest.TKS_RESPONSE_KeyCheck, Util.specialDecode(value)); } @@ -438,7 +439,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler String value = (String) response.get(IRemoteRequest.RESPONSE_STATUS); if (value == null) { CMS.debug("TKSRemoteRequestHandler: createKeySetData(): status not found."); - CMS.debug("TKSRemoteRequestHandler: createKeySetData(): got content = " + content); + //CMS.debug("TKSRemoteRequestHandler: createKeySetData(): got content = " + content); } else { CMS.debug("TKSRemoteRequestHandler: createKeySetData(): got status = " + value); ist = Integer.parseInt(value); @@ -450,7 +451,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler CMS.debug("TKSRemoteRequestHandler: createKeySetData(): response missing name-value pair for: " + IRemoteRequest.TKS_RESPONSE_KeySetData); } else { - CMS.debug("TKSRemoteRequestHandler: createKeySetData(): got IRemoteRequest.TKS_RESPONSE_KeySetData = "); + CMS.debug("TKSRemoteRequestHandler: createKeySetData(): got IRemoteRequest.TKS_RESPONSE_KeySetData"); response.put(IRemoteRequest.TKS_RESPONSE_KeySetData, Util.specialDecode(value)); } CMS.debug("TKSRemoteRequestHandler: createKeySetData(): ends."); @@ -510,7 +511,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler String value = (String) response.get(IRemoteRequest.RESPONSE_STATUS); if (value == null) { CMS.debug("TKSRemoteRequestHandler: computeRandomData(): status not found."); - CMS.debug("TKSRemoteRequestHandler: computeRandomData(): got content = " + content); + //CMS.debug("TKSRemoteRequestHandler: computeRandomData(): got content = " + content); } else { CMS.debug("TKSRemoteRequestHandler: computeRandomData(): got status = " + value); ist = Integer.parseInt(value); @@ -522,8 +523,9 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler CMS.debug("TKSRemoteRequestHandler: computeRandomData(): response missing name-value pair for: " + IRemoteRequest.TKS_RESPONSE_RandomData); } else { - CMS.debug("TKSRemoteRequestHandler: computeRandomData(): got IRemoteRequest.TKS_RESPONSE_RandomData = " - + value); + //CMS.debug("TKSRemoteRequestHandler: computeRandomData(): got IRemoteRequest.TKS_RESPONSE_RandomData" + // + value); + CMS.debug("TKSRemoteRequestHandler: computeRandomData(): got IRemoteRequest.TKS_RESPONSE_RandomData"); response.put(IRemoteRequest.TKS_RESPONSE_RandomData, Util.uriDecodeFromHex(value)); } CMS.debug("TKSRemoteRequestHandler: computeRandomData(): ends."); @@ -596,7 +598,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler String value = (String) response.get(IRemoteRequest.RESPONSE_STATUS); if (value == null) { CMS.debug("TKSRemoteRequestHandler: encryptData(): status not found."); - CMS.debug("TKSRemoteRequestHandler: encryptData(): got content = " + content); + //CMS.debug("TKSRemoteRequestHandler: encryptData(): got content = " + content); } else { CMS.debug("TKSRemoteRequestHandler: encryptData(): got status = " + value); ist = Integer.parseInt(value); @@ -608,7 +610,7 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler CMS.debug("TKSRemoteRequestHandler: encryptData(): response missing name-value pair for: " + IRemoteRequest.TKS_RESPONSE_EncryptedData); } else { - CMS.debug("TKSRemoteRequestHandler: encryptData(): got IRemoteRequest.TKS_RESPONSE_EncryptedData = "); + CMS.debug("TKSRemoteRequestHandler: encryptData(): got IRemoteRequest.TKS_RESPONSE_EncryptedData"); response.put(IRemoteRequest.TKS_RESPONSE_EncryptedData, Util.specialDecode(value)); } CMS.debug("TKSRemoteRequestHandler: encryptData(): ends."); diff --git a/base/tps/src/org/dogtagpki/server/tps/main/PKCS11Obj.java b/base/tps/src/org/dogtagpki/server/tps/main/PKCS11Obj.java index a87841059..2fc62d70d 100644 --- a/base/tps/src/org/dogtagpki/server/tps/main/PKCS11Obj.java +++ b/base/tps/src/org/dogtagpki/server/tps/main/PKCS11Obj.java @@ -71,7 +71,8 @@ public class PKCS11Obj { throw new TPSException("PKCS11Obj.parse: error parsing object data!"); } - CMS.debug("PKCS11Obj.parse: uncompressed data: " + data.toHexString()); + //CMS.debug("PKCS11Obj.parse: uncompressed data: " + data.toHexString()); + CMS.debug("PKCS11Obj.parse: uncompressed data"); int objOffset = data.getIntFrom2Bytes(0); int objCount = data.getIntFrom2Bytes(2); @@ -373,7 +374,7 @@ public class PKCS11Obj { TPSBuffer data = getRawData(); // new TPSBuffer(); CMS.debug("PKCS11Obj.getCompressedData: " + "before compress length = " + data.size()); - CMS.debug("PKCS11Obj.getCompressedData: " + "before compress data = " + data.toHexString()); + //CMS.debug("PKCS11Obj.getCompressedData: " + "before compress data = " + data.toHexString()); System.out.println("Raw data before compress length: " + data.size()); @@ -388,7 +389,8 @@ public class PKCS11Obj { TPSBuffer result = new TPSBuffer(header); result.add(compressed); - CMS.debug("PKCS11Obj.getCompressedData: PKCS11 Data: " + result.toHexString()); + //CMS.debug("PKCS11Obj.getCompressedData: PKCS11 Data: " + result.toHexString()); + CMS.debug("PKCS11Obj.getCompressedData: PKCS11 Data: ends"); return result; } diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/EnrolledCertsInfo.java b/base/tps/src/org/dogtagpki/server/tps/processor/EnrolledCertsInfo.java index 5547f4419..aac1a23f3 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/EnrolledCertsInfo.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/EnrolledCertsInfo.java @@ -241,7 +241,8 @@ public class EnrolledCertsInfo { byte[] certBytes = null; try { certBytes = cert.getEncoded(); - CMS.debug("EnrolledCertsInfo.toTPSCertRecords: certBytes ="+ CMS.BtoA(certBytes)); + //CMS.debug("EnrolledCertsInfo.toTPSCertRecords: certBytes ="+ CMS.BtoA(certBytes)); + CMS.debug("EnrolledCertsInfo.toTPSCertRecords: cert encoded"); } catch (CertificateEncodingException e) { CMS.debug("EnrolledCertsInfo.toTPSCertRecord: "+ e); //TODO: throw diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java index 66407e3a3..24b2dbf82 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java @@ -898,7 +898,8 @@ public class TPSEnrollProcessor extends TPSProcessor { objects = listObjects(seq); if (objects != null) { - CMS.debug("PKCS11Obj.getCurrentObjectsOnToken: objects: " + objects.toHexString()); + //CMS.debug("PKCS11Obj.getCurrentObjectsOnToken: objects: " + objects.toHexString()); + CMS.debug("PKCS11Obj.getCurrentObjectsOnToken: objects exist "); } if (objects == null) { @@ -917,7 +918,8 @@ public class TPSEnrollProcessor extends TPSProcessor { TPSBuffer obj = channel.readObject(objectID, 0, (int) objectLenVal); if (obj != null) { - CMS.debug("PKCS11Obj.getCurrentObjectsOnToken: obj: " + obj.toHexString()); + //CMS.debug("PKCS11Obj.getCurrentObjectsOnToken: obj: " + obj.toHexString()); + CMS.debug("PKCS11Obj.getCurrentObjectsOnToken: obj exists"); } if ((char) objectID.at(0) == (byte) 'z' && objectID.at(1) == (byte) '0') { @@ -939,8 +941,9 @@ public class TPSEnrollProcessor extends TPSProcessor { pkcs11objx.addObjectSpec(objSpec); } - CMS.debug("TPSEnrollProcessor.getCurrentObjectsOnToken. just read object from token: " - + obj.toHexString()); + //CMS.debug("TPSEnrollProcessor.getCurrentObjectsOnToken. just read object from token: " + // + obj.toHexString()); + CMS.debug("TPSEnrollProcessor.getCurrentObjectsOnToken. just read object from token"); } } while (seq != 0); @@ -1247,8 +1250,8 @@ public class TPSEnrollProcessor extends TPSProcessor { cert_bytes = Utils.base64decode(retCertB64); TPSBuffer cert_bytes_buf = new TPSBuffer(cert_bytes); - CMS.debug(method + "recovered: retCertB64: " - + cert_bytes_buf.toHexString()); + //CMS.debug(method + "recovered: retCertB64: " + // + cert_bytes_buf.toHexString()); } else { logMsg = "recovering cert b64 not found"; CMS.debug(method + logMsg); @@ -1804,7 +1807,8 @@ public class TPSEnrollProcessor extends TPSProcessor { serialToRecover, keyTypeValue, caConnId); b64cert = certResponse.getCertB64(); - CMS.debug("TPSEnrollProcessor.processRecovery: recoverd cert blob: " + b64cert); + //CMS.debug("TPSEnrollProcessor.processRecovery: recoverd cert blob: " + b64cert); + CMS.debug("TPSEnrollProcessor.processRecovery: cert blob recovered"); KRARecoverKeyResponse keyResponse = tps.getEngine().recoverKey(toBeRecovered.getId(), toBeRecovered.getUserID(), @@ -2264,7 +2268,8 @@ public class TPSEnrollProcessor extends TPSProcessor { archive, isECC); publicKeyStr = ssKeyGenResponse.getPublicKey(); - CMS.debug("TPSEnrollProcessor.enrollOneCertificate: public key string from server: " + publicKeyStr); + //CMS.debug("TPSEnrollProcessor.enrollOneCertificate: public key string from server: " + publicKeyStr); + CMS.debug("TPSEnrollProcessor.enrollOneCertificate: got public key string from server "); public_key_blob = new TPSBuffer(Utils.base64decode(publicKeyStr)); } else { @@ -2470,7 +2475,8 @@ public class TPSEnrollProcessor extends TPSProcessor { String retCertB64 = caEnrollResp.getCertB64(); if (retCertB64 != null) - CMS.debug("TPSEnrollProcessor.enrollOneCertificate:: new cert b64 =" + retCertB64); + //CMS.debug("TPSEnrollProcessor.enrollOneCertificate:: new cert b64 =" + retCertB64); + CMS.debug("TPSEnrollProcessor.enrollOneCertificate:: new cert b64 retrieved from caEnrollResp"); else { auditInfo = "new cert b64 not found"; CMS.debug("TPSEnrollProcessor.enrollOneCertificate:: " + auditInfo); @@ -2480,12 +2486,11 @@ public class TPSEnrollProcessor extends TPSProcessor { TPSStatus.STATUS_ERROR_MAC_ENROLL_PDU); } - CMS.debug("TPSEnrollProcessor.enrollOneCertificate: retCertB64: " + retCertB64); - cert_bytes = Utils.base64decode(retCertB64); TPSBuffer cert_bytes_buf = new TPSBuffer(cert_bytes); - CMS.debug("TPSEnrollProcessor.enrollOneCertificate: retCertB64: " + cert_bytes_buf.toHexString()); + //CMS.debug("TPSEnrollProcessor.enrollOneCertificate: retCertB64: " + cert_bytes_buf.toHexString()); + CMS.debug("TPSEnrollProcessor.enrollOneCertificate: retCertB64 base64decode done"); x509Cert = caEnrollResp.getCert(); if (x509Cert != null) @@ -2516,21 +2521,25 @@ public class TPSEnrollProcessor extends TPSProcessor { } String retCertB64 = certResp.getCertB64(); - CMS.debug("TPSEnrollProcessor.enrollOneCertificate: recovering: retCertB64: " + retCertB64); - cert_bytes = Utils.base64decode(retCertB64); - TPSBuffer cert_bytes_buf = new TPSBuffer(cert_bytes); - CMS.debug("TPSEnrollProcessor.enrollOneCertificate: recovering: retCertB64: " - + cert_bytes_buf.toHexString()); - - if (retCertB64 != null) - CMS.debug("TPSEnrollProcessor.enrollOneCertificate:: recovering: new cert b64 =" + retCertB64); - else { + if (retCertB64 != null) { + //CMS.debug("TPSEnrollProcessor.enrollOneCertificate:: recovering: new cert b64 =" + retCertB64); + CMS.debug("TPSEnrollProcessor.enrollOneCertificate:: recovering: new cert b64 not null"); + } else { CMS.debug("TPSEnrollProcessor.enrollOneCertificate:: recovering new cert b64 not found"); throw new TPSException( "TPSEnrollProcessor.enrollOneCertificate: recovering: new cert b64 not found", TPSStatus.STATUS_ERROR_RECOVERY_FAILED); } + //CMS.debug("TPSEnrollProcessor.enrollOneCertificate: recovering: retCertB64: " + retCertB64); + CMS.debug("TPSEnrollProcessor.enrollOneCertificate: recovering: retCertB64 retrieved from certResp"); + cert_bytes = Utils.base64decode(retCertB64); + + TPSBuffer cert_bytes_buf = new TPSBuffer(cert_bytes); + CMS.debug("TPSEnrollProcessor.enrollOneCertificate: recovering: retCertB64 base64decode done"); + //CMS.debug("TPSEnrollProcessor.enrollOneCertificate: recovering: retCertB64: " + // + cert_bytes_buf.toHexString()); + x509Cert = certResp.getCert(); if (x509Cert != null) { CMS.debug("TPSEnrollProcessor.enrollOneCertificate:: recovering new cert retrieved"); @@ -2564,10 +2573,10 @@ public class TPSEnrollProcessor extends TPSProcessor { } String retCertB64 = certResp.getRenewedCertB64(); - cert_bytes = Utils.base64decode(retCertB64); if (retCertB64 != null) - CMS.debug("TPSEnrollProcessor.enrollOneCertificate:: renewing: new cert b64 =" + retCertB64); + //CMS.debug("TPSEnrollProcessor.enrollOneCertificate:: renewing: new cert b64 =" + retCertB64); + CMS.debug("TPSEnrollProcessor.enrollOneCertificate:: renewing: new cert b64 retrieved"); else { auditInfo = "renewing new cert b64 not found"; CMS.debug("TPSEnrollProcessor.enrollOneCertificate:: " + auditInfo); @@ -2578,6 +2587,12 @@ public class TPSEnrollProcessor extends TPSProcessor { TPSStatus.STATUS_ERROR_MAC_ENROLL_PDU); } + cert_bytes = Utils.base64decode(retCertB64); + TPSBuffer cert_bytes_buf = new TPSBuffer(cert_bytes); + CMS.debug("TPSEnrollProcessor.enrollOneCertificate: renewing: retCertB64 base64decode done"); + //CMS.debug("TPSEnrollProcessor.enrollOneCertificate: renewing: retCertB64: " + // + cert_bytes_buf.toHexString()); + x509Cert = certResp.getRenewedCert(); if (x509Cert != null) { @@ -2594,10 +2609,6 @@ public class TPSEnrollProcessor extends TPSProcessor { TPSStatus.STATUS_ERROR_MAC_ENROLL_PDU); } - TPSBuffer cert_bytes_buf = new TPSBuffer(cert_bytes); - CMS.debug("TPSEnrollProcessor.enrollOneCertificate: renewing: retCertB64: " - + cert_bytes_buf.toHexString()); - } } @@ -2835,10 +2846,11 @@ public class TPSEnrollProcessor extends TPSProcessor { keyCheck = new TPSBuffer(); } - CMS.debug("TPSEnrollProcessor.importprivateKeyPKCS8 : keyCheck: " + keyCheck.toHexString()); + //CMS.debug("TPSEnrollProcessor.importPrivateKeyPKCS8 : keyCheck: " + keyCheck.toHexString()); + CMS.debug("TPSEnrollProcessor.importPrivateKeyPKCS8 : got keyCheck"); // String ivParams = ssKeyGenResponse.getIVParam(); - //CMS.debug("TPSEnrollProcessor.importprivateKeyPKCS8: ivParams: " + ivParams); + //CMS.debug("TPSEnrollProcessor.importPrivateKeyPKCS8: ivParams: " + ivParams); TPSBuffer ivParamsBuff = new TPSBuffer(Util.uriDecodeFromHex(ivParams)); if (ivParamsBuff.size() == 0) { @@ -2851,6 +2863,7 @@ public class TPSEnrollProcessor extends TPSProcessor { if (kekWrappedDesKey != null) { //CMS.debug("TPSEnrollProcessor.importPrivateKeyPKCS8: keyWrappedDesKey: " + kekWrappedDesKey.toHexString()); + CMS.debug("TPSEnrollProcessor.importPrivateKeyPKCS8: got keyWrappedDesKey"); } else CMS.debug("TPSEnrollProcessor.iportPrivateKeyPKC8: null kekWrappedDesKey!"); @@ -3012,8 +3025,10 @@ public class TPSEnrollProcessor extends TPSProcessor { TPSStatus.STATUS_ERROR_MAC_ENROLL_PDU); } - CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: public key blob from token to parse: " - + public_key_blob.toHexString()); + //CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: public key blob from token to parse: " + // + public_key_blob.toHexString()); + CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: parsing public key blob from token"); + /* * decode blob into structures */ @@ -3040,9 +3055,10 @@ public class TPSEnrollProcessor extends TPSProcessor { throw new TPSException("TPSEnrollProcessor.parsePublicKeyBlob: Bad input data! pkeyb null", TPSStatus.STATUS_ERROR_MAC_ENROLL_PDU); } - CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: pkeyb = " - + pkeyb.toHexString()); + //CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: pkeyb = " + // + pkeyb.toHexString()); + CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: public key pkeyb extracted from blob"); // 2nd, proof blob length int proofb_len_offset = pkeyb_len_offset + 2 + pkeyb_len; /* @@ -3058,8 +3074,9 @@ public class TPSEnrollProcessor extends TPSProcessor { throw new TPSException("TPSEnrollProcessor.parsePublicKeyBlob: Bad input data! proofb null", TPSStatus.STATUS_ERROR_MAC_ENROLL_PDU); } - CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: proofb = " - + proofb.toHexString()); + //CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: proofb = " + // + proofb.toHexString()); + CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: proof proofb extracted from blob"); // convert pkeyb to pkey // 1 byte encoding, 1 byte key type, 2 bytes key length, then the key @@ -3086,8 +3103,9 @@ public class TPSEnrollProcessor extends TPSProcessor { throw new TPSException("TPSEnrollProcessor.parsePublicKeyBlob: Bad input data! modb null", TPSStatus.STATUS_ERROR_MAC_ENROLL_PDU); } - CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: modb= " - + modb.toHexString()); + //CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: modb= " + // + modb.toHexString()); + CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: modulus modb extracted from blob"); TPSBuffer expb = pkeyb.substr(pkey_offset + 2 + mod_len + 2, exp_len); if (expb == null) { @@ -3095,8 +3113,9 @@ public class TPSEnrollProcessor extends TPSProcessor { throw new TPSException("TPSEnrollProcessor.parsePublicKeyBlob: Bad input data! expb null", TPSStatus.STATUS_ERROR_MAC_ENROLL_PDU); } - CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: expb= " - + expb.toHexString()); + //CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob: expb= " + // + expb.toHexString()); + CMS.debug("TPSEnrollProcessor.parsePublicKeyBlob:processing exponent expb extracted from blob"); BigInt modb_bi = new BigInt(modb.toBytesArray()); BigInt expb_bi = new BigInt(expb.toBytesArray()); try { @@ -3460,8 +3479,8 @@ public class TPSEnrollProcessor extends TPSProcessor { mozillaDigestOut = mozillaDigest.digest(publicKeyInfo); if (mozillaDigestOut.length == mozillaDigest.getDigestLength()) { - System.out.println(mozillaDigest.getAlgorithm() + " " + - " digest output size is " + mozillaDigestOut.length); + //System.out.println(mozillaDigest.getAlgorithm() + " " + + // " digest output size is " + mozillaDigestOut.length); } else { throw new TPSException("ERROR: digest output size is " + mozillaDigestOut.length + ", should be " + diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java index e8608c487..26c438b3a 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java @@ -498,7 +498,10 @@ public class TPSProcessor { TPSBuffer randomData = computeRandomData(8, connId); - CMS.debug("TPSProcessor.setupSecureChannel: obtained randomData: " + randomData.toHexString()); + if (randomData != null) { + //CMS.debug("TPSProcessor.setupSecureChannel: obtained randomData: " + randomData.toHexString()); + CMS.debug("TPSProcessor.setupSecureChannel: obtained randomData"); + } acquireChannelPlatformAndProtocolInfo(); @@ -525,7 +528,8 @@ public class TPSProcessor { } card_cryptogram = initUpdateResp.substr(CARD_CRYPTOGRAM_OFFSET, CARD_CRYPTOGRAM_SIZE); - CMS.debug("TPSProcessor.setupSecureChannel: card cryptogram: " + card_cryptogram.toHexString()); + //CMS.debug("TPSProcessor.setupSecureChannel: card cryptogram: " + card_cryptogram.toHexString()); + CMS.debug("TPSProcessor.setupSecureChannel: card cryptogram: extracted"); TPSBuffer card_challenge = null; @@ -537,9 +541,13 @@ public class TPSProcessor { .substr(CARD_CHALLENGE_OFFSET_GP211_SC02, CARD_CHALLENGE_SIZE_GP211_SC02); card_cryptogram = initUpdateResp.substr(CARD_CRYPTOGRAM_OFFSET, CARD_CRYPTOGRAM_SIZE); //new TPSBuffer(canned_card_challenge); + /* CMS.debug("TPSProcessor.setupSecureChannel 02: card cryptogram: " + card_cryptogram.toHexString()); CMS.debug("TPSProcessor.setupSecureChannel 02: card challenge: " + card_challenge.toHexString()); CMS.debug("TPSProcessor.setupSecureChannel 02: host challenge: " + randomData.toHexString()); + */ + CMS.debug("TPSProcessor.setupSecureChannel 02: card cryptogram: extracted"); + CMS.debug("TPSProcessor.setupSecureChannel 02: card challenge: extracted"); } @@ -554,7 +562,8 @@ public class TPSProcessor { } else { card_challenge = initUpdateResp.substr(CARD_CHALLENGE_OFFSET, CARD_CHALLENGE_SIZE); } - CMS.debug("TPSProcessor.setupSecureChannel: card challenge: " + card_challenge.toHexString()); + //CMS.debug("TPSProcessor.setupSecureChannel: card challenge: " + card_challenge.toHexString()); + CMS.debug("TPSProcessor.setupSecureChannel: card challenge: extracted"); SecureChannel channel = null; @@ -699,7 +708,8 @@ public class TPSProcessor { TPSStatus.STATUS_ERROR_SECURE_CHANNEL); } - CMS.debug("TPSProcessor.generateSecureChannel: retrieved enc session key: " + encSessionKey); + //CMS.debug("TPSProcessor.generateSecureChannel: retrieved enc session key: " + encSessionKey); + CMS.debug("TPSProcessor.generateSecureChannel: retrieved enc session key"); TPSBuffer drmDesKey = null; TPSBuffer kekDesKey = null; @@ -710,10 +720,12 @@ public class TPSProcessor { kekDesKey = resp.getKekWrappedDesKey(); if (checkServerSideKeyGen(connId)) { - + CMS.debug("TPSProcessor.generateSecureChannel: true for checkServerSideKeyGen"); + /* CMS.debug("TPSProcessor.generateSecureChannel: drmDesKey: " + drmDesKey + " kekDesKey : " + kekDesKey + " keyCheck: " + keyCheck); + */ //ToDo handle server side keygen. } @@ -3108,7 +3120,8 @@ public class TPSProcessor { TPSBuffer keySetData = engine.createKeySetData(newVersion, curKeyInfo, protocol, appletInfo.getCUID(),channel.getKeyDiversificationData(), channel.getDekSessionKeyWrapped(), connId, getSelectedKeySet()); - CMS.debug("TPSProcessor.checkAndUpgradeSymKeys: new keySetData from TKS: " + keySetData.toHexString()); + //CMS.debug("TPSProcessor.checkAndUpgradeSymKeys: new keySetData from TKS: " + keySetData.toHexString()); + CMS.debug("TPSProcessor.checkAndUpgradeSymKeys: received new keySetData from TKS"); byte curVersion = curKeyInfo.at(0); byte curIndex = curKeyInfo.at(1); @@ -3540,7 +3553,8 @@ public class TPSProcessor { TPSStatus.STATUS_ERROR_SECURE_CHANNEL); } - CMS.debug("TPSProcessor.gp211GetSecureChannelProtocolDetails: returned data: " + data.toHexString()); + //CMS.debug("TPSProcessor.gp211GetSecureChannelProtocolDetails: returned data: " + data.toHexString()); + CMS.debug("TPSProcessor.gp211GetSecureChannelProtocolDetails: card data returned"); // Now process the GP211 data returned by the card. |