Changed illegal key size error to warning in provisioning self-test (…

…MID-3107)

infra/common/src/main/java/com/evolveum/midpoint/common/crypto/CryptoUtil.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010-2013 Evolveum
+ * Copyright (c) 2010-2016 Evolveum
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -39,6 +39,8 @@
 import com.evolveum.midpoint.schema.result.OperationResult;
 import com.evolveum.midpoint.schema.result.OperationResultStatus;
 import com.evolveum.midpoint.util.exception.TunnelException;
+import com.evolveum.midpoint.util.logging.Trace;
+import com.evolveum.midpoint.util.logging.TraceManager;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.MailServerConfigurationType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.NotificationConfigurationType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
@@ -51,6 +53,8 @@
  *
  */
 public class CryptoUtil {
+
+	private static final Trace LOGGER = TraceManager.getTrace(CryptoUtil.class);
 
 	/**
 	 * Encrypts all encryptable values in the object.
@@ -270,17 +274,18 @@ public static void securitySelfTest(OperationResult parentTestResult) {
 				providerResult.addContext("properties", propXml);
 				providerResult.recordSuccess();
 			} catch (Throwable e) {
+				LOGGER.error("Security self test (provider properties) failed: ", e.getMessage() ,e);
 				providerResult.recordFatalError(e);
 			}
 		}
 
-		securitySelfTestAlgorithm("AES", "AES/CBC/PKCS5Padding", null, result);
+		securitySelfTestAlgorithm("AES", "AES/CBC/PKCS5Padding", null, false, result);
 		OperationResult cryptoResult = result.getLastSubresult();
 		if (cryptoResult.isError()) {
 			// Do a test encryption. It happens sometimes that the key generator
             // generates a key that is not supported by the cipher.
 			// Fall back to known key size supported by all JCE implementations
-			securitySelfTestAlgorithm("AES", "AES/CBC/PKCS5Padding", 128, result);
+			securitySelfTestAlgorithm("AES", "AES/CBC/PKCS5Padding", 128, true, result);
 			OperationResult cryptoResult2 = result.getLastSubresult();
 			if (cryptoResult2.isSuccess()) {
 				cryptoResult.setStatus(OperationResultStatus.HANDLED_ERROR);
@@ -290,7 +295,8 @@ public static void securitySelfTest(OperationResult parentTestResult) {
 		result.computeStatus();
 	}
 
-	private static void securitySelfTestAlgorithm(String algorithmName, String transformationName, Integer keySize, OperationResult parentResult) {
+	private static void securitySelfTestAlgorithm(String algorithmName, String transformationName, 
+			Integer keySize, boolean critical, OperationResult parentResult) {
 		OperationResult subresult = parentResult.createSubresult(CryptoUtil.class.getName()+".securitySelfTest.algorithm."+algorithmName);
 		try {
 			KeyGenerator keyGenerator = KeyGenerator.getInstance(algorithmName);
@@ -331,8 +337,18 @@ private static void securitySelfTestAlgorithm(String algorithmName, String trans
 			} else {
 				subresult.recordSuccess();
 			}
+            LOGGER.debug("Security self test (algorithmName={}, transformationName={}, keySize={}) success", 
+					new Object[] {algorithmName, transformationName, keySize});
 		} catch (Throwable e) {
-			subresult.recordFatalError(e);
+			if (critical) {
+				LOGGER.error("Security self test (algorithmName={}, transformationName={}, keySize={}) failed: {}", 
+						new Object[] {algorithmName, transformationName, keySize, e.getMessage() ,e});
+				subresult.recordFatalError(e);
+			} else {
+				LOGGER.warn("Security self test (algorithmName={}, transformationName={}, keySize={}) failed: {} (failure is expected in some cases)", 
+						new Object[] {algorithmName, transformationName, keySize, e.getMessage() ,e});
+				subresult.recordWarning(e);
+			}
 		}
 	}