diff options
Diffstat (limited to 'base/server/cms/src/com/netscape/cms')
4 files changed, 36 insertions, 22 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java index ba7ce5720..99d18bbcb 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -420,7 +420,11 @@ public abstract class CMSServlet extends HttpServlet { pn.equalsIgnoreCase("pwd") || pn.equalsIgnoreCase("pwdagain") || pn.startsWith("p12Password") || - pn.equalsIgnoreCase("uPasswd")) { + pn.equalsIgnoreCase("uPasswd") || + pn.equalsIgnoreCase("host_challenge") || + pn.equalsIgnoreCase("card_challenge") || + pn.equalsIgnoreCase("card_cryptogram") || + pn.equalsIgnoreCase("drm_trans_desKey")) { CMS.debug("CMSServlet::service() param name='" + pn + "' value='(sensitive)'"); } else { diff --git a/base/server/cms/src/com/netscape/cms/servlet/tks/KDF.java b/base/server/cms/src/com/netscape/cms/servlet/tks/KDF.java index f8a5b1f6a..0407e2934 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/tks/KDF.java +++ b/base/server/cms/src/com/netscape/cms/servlet/tks/KDF.java @@ -115,7 +115,7 @@ public class KDF { } - CMS.debug("desKey: len: " + desKey.length); + CMS.debug(method + "desKey: len: " + desKey.length); return desKey; } diff --git a/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java b/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java index 83dd93c6e..7dab14045 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java +++ b/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java @@ -583,7 +583,8 @@ public class SecureChannelProtocol { } } - CMS.debug(method + "Returning symkey: " + unwrapped); + //CMS.debug(method + "Returning symkey: " + unwrapped); + CMS.debug(method + "Returning symkey..."); return unwrapped; } @@ -624,7 +625,8 @@ public class SecureChannelProtocol { throw new EBaseException(e); } - CMS.debug(method + "Returning symkey: " + unwrapped); + //CMS.debug(method + "Returning symkey: " + unwrapped); + CMS.debug(method + "Returning symkey..."); return finalUnwrapped; } @@ -857,7 +859,8 @@ public class SecureChannelProtocol { SymmetricKey extracted8 = extract8.derive(); - CMS.debug(method + " extracted8 key: " + extracted8); + //CMS.debug(method + " extracted8 key: " + extracted8); + CMS.debug(method + " extracted8 key"); SymmetricKeyDeriver concat = token.getSymmetricKeyDeriver(); concat.initDerive( @@ -943,7 +946,8 @@ public class SecureChannelProtocol { throw new EBaseException(e); } - CMS.debug(method + " About to return session key: " + wrappedSessKeyData); + //CMS.debug(method + " About to return session key: " + wrappedSessKeyData); + CMS.debug(method + " returning session key"); return wrappedSessKeyData; @@ -962,14 +966,15 @@ public class SecureChannelProtocol { try { CryptoManager cm = this.getCryptoManger(); CryptoToken token = returnTokenByName(selectedToken, cm); - CMS.debug("desKey: owning token: " + desKey.getOwningToken().getName()); - CMS.debug("desKey: current token: " + token.getName()); + CMS.debug(method + "desKey: owning token: " + desKey.getOwningToken().getName()); + CMS.debug(method + "desKey: current token: " + token.getName()); Cipher encryptor = token.getCipherContext(EncryptionAlgorithm.DES3_ECB); - CMS.debug("got encryptor"); + CMS.debug(method + "got encryptor"); encryptor.initEncrypt(desKey); - CMS.debug("done initEncrypt"); + CMS.debug(method + "done initEncrypt"); output = encryptor.doFinal(input); - CMS.debug("done doFinal " + output); + //CMS.debug(method + "done doFinal " + output); + CMS.debug(method + "done doFinal"); // SecureChannelProtocol.debugByteArray(output, "Encrypted data:"); } catch (EBaseException | NoSuchTokenException | NoSuchAlgorithmException | TokenException @@ -1017,7 +1022,8 @@ public class SecureChannelProtocol { //Get the 3 bytes needed System.arraycopy(output, 0, finalOutput, 0, 3); - SecureChannelProtocol.debugByteArray(finalOutput, "Calculated KeyCheck Value:"); + //SecureChannelProtocol.debugByteArray(finalOutput, "Calculated KeyCheck Value:"); + CMS.debug(method + " ends"); return finalOutput; } @@ -1405,10 +1411,11 @@ public class SecureChannelProtocol { keycheck_enc_key = this.computeKeyCheck(encKey, tokenName); keycheck_mac_key = this.computeKeyCheck(macKey, tokenName); keycheck_kek_key = this.computeKeyCheck(kekKey, tokenName); - + /* debugByteArray(keycheck_enc_key, " Keycheck enc key: "); debugByteArray(keycheck_mac_key, " Keycheck mac key: "); debugByteArray(keycheck_kek_key, " KeyCheck kek key: "); + */ } else if (protocol == PROTOCOL_TWO) { alg = (byte) 0x80; @@ -1447,7 +1454,8 @@ public class SecureChannelProtocol { throw new EBaseException(method + " Can't compose final output byte array!"); } - SecureChannelProtocol.debugByteArray(output, " Final output to createKeySetData: "); + //SecureChannelProtocol.debugByteArray(output, " Final output to createKeySetData: "); + CMS.debug(method + " returning output"); return output; } diff --git a/base/server/cms/src/com/netscape/cms/servlet/tks/TokenServlet.java b/base/server/cms/src/com/netscape/cms/servlet/tks/TokenServlet.java index 00bb90594..ab2ade958 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/tks/TokenServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/tks/TokenServlet.java @@ -803,7 +803,7 @@ public class TokenServlet extends CMSServlet { } - CMS.debug("TokenServlet:outputString.encode " + value); + //CMS.debug("TokenServlet:outputString.encode " + value); try { resp.setContentLength(value.length()); @@ -1298,8 +1298,8 @@ public class TokenServlet extends CMSServlet { input_card_crypto = com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_cryptogram); - SecureChannelProtocol.debugByteArray(input_card_crypto, "input_card_crypto"); - SecureChannelProtocol.debugByteArray(card_crypto, "card_crypto"); + //SecureChannelProtocol.debugByteArray(input_card_crypto, "input_card_crypto"); + //SecureChannelProtocol.debugByteArray(card_crypto, "card_crypto"); if (card_crypto.length == input_card_crypto.length) { for (int i = 0; i < card_crypto.length; i++) { @@ -1462,7 +1462,7 @@ public class TokenServlet extends CMSServlet { } } - CMS.debug("TokenServlet:outputString.encode " + value); + //CMS.debug("TokenServlet:outputString.encode " + value); try { resp.setContentLength(value.length()); @@ -1802,7 +1802,8 @@ public class TokenServlet extends CMSServlet { xnewkeyInfo, nistSP800_108KdfOnKeyVersion, nistSP800_108KdfUseCuidAsKdd, xCUID, xKDD, (protocol == 2) ? xWrappedDekKey : kekKeyArray, useSoftToken_s, keySet, (byte) protocol); } - SecureChannelProtocol.debugByteArray(KeySetData, " New keyset data: "); + //SecureChannelProtocol.debugByteArray(KeySetData, " New keyset data: "); + CMS.debug("TokenServlet.processDiversifyKey: New keyset data obtained"); if (KeySetData == null || KeySetData.length <= 1) { CMS.getLogger().log(ILogger.EV_AUDIT, @@ -1832,7 +1833,8 @@ public class TokenServlet extends CMSServlet { if (KeySetData != null && KeySetData.length > 1) { value = IRemoteRequest.RESPONSE_STATUS + "=0&" + IRemoteRequest.TKS_RESPONSE_KeySetData + "=" + com.netscape.cmsutil.util.Utils.SpecialEncode(KeySetData); - CMS.debug("TokenServlet:process DiversifyKey.encode " + value); + //CMS.debug("TokenServlet:process DiversifyKey.encode " + value); + CMS.debug("TokenServlet:process DiversifyKey.encode returning KeySetData"); // AC: KDF SPEC CHANGE - check for settings file issue (flag) } else if (missingSetting_exception != null) { status = "6"; @@ -2154,7 +2156,7 @@ public class TokenServlet extends CMSServlet { value = IRemoteRequest.RESPONSE_STATUS + "=" + status; } - CMS.debug("TokenServlet:process EncryptData.encode " + value); + //CMS.debug("TokenServlet:process EncryptData.encode " + value); try { resp.setContentLength(value.length()); @@ -2378,7 +2380,7 @@ public class TokenServlet extends CMSServlet { String temp = req.getParameter(IRemoteRequest.TOKEN_CARD_CHALLENGE); String protocol = req.getParameter(IRemoteRequest.CHANNEL_PROTOCOL); String derivationConstant = req.getParameter(IRemoteRequest.DERIVATION_CONSTANT); - CMS.debug("Protocol: " + protocol + " temp: " + temp); + //CMS.debug("Protocol: " + protocol + " temp: " + temp); setDefaultSlotAndKeyName(req); if (temp != null) { |