From 892c852352f48b18f2f2dadff6c223039d41aba0 Mon Sep 17 00:00:00 2001 From: Emina Ahmetovic Date: Fri, 30 Oct 2020 14:06:31 +0100 Subject: change log, reformat code --- .../gv/egiz/pdfas/web/sl20/JsonSecurityUtils.java | 30 ++++------------------ 1 file changed, 5 insertions(+), 25 deletions(-) (limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/sl20') diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/sl20/JsonSecurityUtils.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/sl20/JsonSecurityUtils.java index 4f496a75..4a0ecf47 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/sl20/JsonSecurityUtils.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/sl20/JsonSecurityUtils.java @@ -1,20 +1,16 @@ package at.gv.egiz.pdfas.web.sl20; -import java.io.IOException; import java.security.Key; import java.security.KeyStore; import java.security.PrivateKey; import java.security.cert.Certificate; -import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.ArrayList; -import java.util.Base64; import java.util.Collections; import java.util.Enumeration; import java.util.List; import org.apache.commons.lang3.StringUtils; -import org.bouncycastle.util.encoders.Base64Encoder; import org.jose4j.jwa.AlgorithmConstraints; import org.jose4j.jwa.AlgorithmConstraints.ConstraintType; import org.jose4j.jwe.JsonWebEncryption; @@ -85,7 +81,7 @@ public class JsonSecurityUtils implements IJOSETools{ if (certChainSigning[i] instanceof X509Certificate) { signCertChain[i] = (X509Certificate)certChainSigning[i]; } else - logger.warn("NO X509 certificate for signing: " + certChainSigning[i].getType()); + logger.warn("NO X509 certificate for signing: "); } @@ -99,7 +95,7 @@ public class JsonSecurityUtils implements IJOSETools{ if (certChainEncryption[i] instanceof X509Certificate) { encCertChain[i] = (X509Certificate)certChainEncryption[i]; } else - logger.warn("NO X509 certificate for encryption: " + certChainEncryption[i].getType()); + logger.warn("NO X509 certificate for encryption: "); } } else logger.info("No encryption key for SL2.0 found. End-to-End encryption is not used."); @@ -119,20 +115,20 @@ public class JsonSecurityUtils implements IJOSETools{ if (cert != null && cert instanceof X509Certificate) trustedCerts.add((X509Certificate) cert); else - logger.info("Can not process entry: " + el + ". Reason: " + cert.toString()); + logger.info("Can not process entry: " + el + ". Reason: "); } } //some short validation if (signPrivKey == null || !(signPrivKey instanceof PrivateKey)) { - logger.info("Can NOT open privateKey for SL2.0 signing. KeyStore=" + getKeyStoreFilePath()); + logger.info("Can NOT open privateKey for SL2.0 signing. KeyStore="); throw new SL20Exception("sl20.03"); } if (signCertChain == null || signCertChain.length == 0) { - logger.info("NO certificate for SL2.0 signing. KeyStore=" + getKeyStoreFilePath()); + logger.info("NO certificate for SL2.0 signing. KeyStore="); throw new SL20Exception("sl20.03"); } @@ -205,15 +201,6 @@ public class JsonSecurityUtils implements IJOSETools{ } else { logger.info("Can NOT find JOSE certificate in truststore."); - logger.debug("JOSE certificate: " + sortedX5cCerts.get(0).toString()); - try { - logger.debug("Cert: " + Base64.getEncoder().encodeToString(sortedX5cCerts.get(0).getEncoded())); - - } catch (CertificateEncodingException e) { - e.printStackTrace(); - - } - } } else if (StringUtils.isNotEmpty(x5t256)) { @@ -289,12 +276,6 @@ public class JsonSecurityUtils implements IJOSETools{ if (!sortedX5cCerts.get(0).equals(encCertChain[0])) { logger.info("Certificate from JOSE header does NOT match encryption certificate"); logger.debug("JOSE certificate: " + sortedX5cCerts.get(0).toString()); - - try { - logger.debug("Cert: " + Base64.getEncoder().encodeToString(sortedX5cCerts.get(0).getEncoded())); - } catch (CertificateEncodingException e) { - e.printStackTrace(); - } throw new SL20Exception("sl20.05"); } @@ -303,7 +284,6 @@ public class JsonSecurityUtils implements IJOSETools{ String certFingerPrint = X509Util.x5tS256(encCertChain[0]); if (!certFingerPrint.equals(x5t256)) { logger.info("X5t256 from JOSE header does NOT match encryption certificate"); - logger.debug("X5t256 from JOSE header: " + x5t256 + " Encrytption cert: " + certFingerPrint); throw new SL20Exception("sl20.05"); } -- cgit v1.2.3