summaryrefslogtreecommitdiffstats
path: root/openecomp-be/backend
diff options
context:
space:
mode:
Diffstat (limited to 'openecomp-be/backend')
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java14
1 files changed, 14 insertions, 0 deletions
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java
index e6fcaff712..f16467f568 100644
--- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java
@@ -188,6 +188,7 @@ public class SecurityManager {
Files.createDirectories(folder);
} catch (final IOException e) {
fail = true;
+ LOGGER.error("Failed to create directory '{}'", folder, e);
throw new SecurityManagerException(String.format("Failed to create directory '%s'", folder), e);
}
@@ -198,6 +199,7 @@ public class SecurityManager {
final var parsedObject = pemParser.readObject();
if (!(parsedObject instanceof ContentInfo)) {
fail = true;
+ LOGGER.error("Signature is not recognized");
throw new SecurityManagerException("Signature is not recognized");
}
@@ -216,9 +218,11 @@ public class SecurityManager {
throw new SecurityManagerException(UNEXPECTED_ERROR_OCCURRED_DURING_SIGNATURE_VALIDATION, e);
} catch (final CMSException e) {
fail = true;
+ LOGGER.error(e.getMessage(), e);
throw new SecurityManagerException(COULD_NOT_VERIFY_SIGNATURE, e);
} catch (final SecurityManagerException e) {
fail = true;
+ LOGGER.error(e.getMessage(), e);
throw e;
} finally {
deleteFile(target);
@@ -248,6 +252,7 @@ public class SecurityManager {
try {
certs = parseCertsFromPem(packageCert);
} catch (final IOException e) {
+ LOGGER.error("Failed to parse certificate from PEM", e);
throw new SecurityManagerException("Failed to parse certificate from PEM", e);
}
cert = readSignCert(certs, firstSigner)
@@ -260,6 +265,7 @@ public class SecurityManager {
try {
return firstSigner.verify(new JcaSimpleSignerInfoVerifierBuilder().build(cert));
} catch (CMSException | OperatorCreationException e) {
+ LOGGER.error("Failed to verify package signed data", e);
throw new SecurityManagerException("Failed to verify package signed data", e);
}
}
@@ -337,6 +343,7 @@ public class SecurityManager {
try (FileInputStream fi = new FileInputStream(certFile)) {
return loadCertificateFactory(fi);
} catch (IOException e) {
+ LOGGER.error("Error during loading Certificate from file!", e);
throw new SecurityManagerException("Error during loading Certificate from file!", e);
}
}
@@ -345,6 +352,7 @@ public class SecurityManager {
try {
return loadCertificateFactory(new ByteArrayInputStream(cert.getEncoded()));
} catch (IOException | SecurityManagerException e) {
+ LOGGER.error("Error during loading Certificate from bytes!", e);
throw new RuntimeException("Error during loading Certificate from bytes!", e);
}
}
@@ -354,6 +362,7 @@ public class SecurityManager {
CertificateFactory factory = CertificateFactory.getInstance("X.509");
return (X509Certificate) factory.generateCertificate(in);
} catch (CertificateException e) {
+ LOGGER.error("Error during loading Certificate from bytes!", e);
throw new SecurityManagerException("Error during loading Certificate from bytes!", e);
}
}
@@ -361,12 +370,15 @@ public class SecurityManager {
private PKIXCertPathBuilderResult verifyCertificate(final X509Certificate cert,
final Set<X509Certificate> additionalCerts) throws SecurityManagerException {
if (null == cert) {
+ LOGGER.error("The certificate is empty!");
throw new SecurityManagerException("The certificate is empty!");
}
if (isExpired(cert)) {
+ LOGGER.error("The certificate expired on: {}", cert.getNotAfter());
throw new SecurityManagerException("The certificate expired on: " + cert.getNotAfter());
}
if (isSelfSigned(cert)) {
+ LOGGER.error("The certificate is self-signed.");
throw new SecurityManagerException("The certificate is self-signed.");
}
Set<X509Certificate> trustedRootCerts = new HashSet<>();
@@ -381,6 +393,7 @@ public class SecurityManager {
try {
return verifyCertificate(cert, trustedRootCerts, intermediateCerts);
} catch (final GeneralSecurityException e) {
+ LOGGER.error("Failed to verify certificate", e);
throw new SecurityManagerException("Failed to verify certificate", e);
}
}
@@ -400,6 +413,7 @@ public class SecurityManager {
try {
pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
} catch (InvalidAlgorithmParameterException ex) {
+ LOGGER.error("No root CA has been found for this certificate", ex);
throw new InvalidAlgorithmParameterException("No root CA has been found for this certificate", ex);
}
// Not supporting CRL checks for now