From 8096811531aaf2040bfcd0e4f14b11aa9ff66e7a Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Tue, 13 Jun 2017 03:30:37 +0200 Subject: Refactored AuditVerify (part 3). The AuditVerify.verify() has been cleaned up and some debug messages have been added for clarity. https://pagure.io/dogtagpki/issue/2634 Change-Id: Id1c510dd0081e3abb4fb34da0737ea6a3a335ba4 --- .../src/com/netscape/cmstools/AuditVerify.java | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) (limited to 'base/java-tools/src') diff --git a/base/java-tools/src/com/netscape/cmstools/AuditVerify.java b/base/java-tools/src/com/netscape/cmstools/AuditVerify.java index b294ad17b..04f49e17d 100644 --- a/base/java-tools/src/com/netscape/cmstools/AuditVerify.java +++ b/base/java-tools/src/com/netscape/cmstools/AuditVerify.java @@ -165,6 +165,10 @@ public class AuditVerify { throw new Exception("Unknown signing certificate key type: " + pubk.getAlgorithm()); } + if (verbose) { + System.out.println("AuditVerify: Signing algorithm: " + sigAlgorithm); + } + Signature sig = Signature.getInstance(sigAlgorithm, CRYPTO_PROVIDER); sig.initVerify(pubk); @@ -208,15 +212,21 @@ public class AuditVerify { } else { - int sigStart = curLine.indexOf("sig: ") + 5; + int sigStart = curLine.indexOf("sig: "); - if (sigStart < 5) { + if (sigStart < 0) { output(linenum, "INVALID SIGNATURE"); ++badSigCount; } else { - byte[] logSig = base64decode(curLine.substring(sigStart)); + String signature = curLine.substring(sigStart + 5); + + if (verbose) { + System.out.println("AuditVerify: Signature: " + signature); + } + + byte[] logSig = base64decode(signature); // verify the signature if (sig.verify(logSig)) { @@ -349,6 +359,11 @@ public class AuditVerify { "secmod.db") ); } + + if (verbose) { + System.out.println("AuditVerify: Audit signing certificate: " + signerNick); + } + CryptoManager cm = CryptoManager.getInstance(); X509Certificate signerCert = cm.findCertByNickname(signerNick); -- cgit