From 0d305cb84cbc9728301c6700048a1a3eeda2584b Mon Sep 17 00:00:00 2001 From: Radovan Semancik Date: Mon, 18 Jul 2016 12:22:21 +0200 Subject: [PATCH] Changed illegal key size error to warning in provisioning self-test (MID-3107) --- .../midpoint/common/crypto/CryptoUtil.java | 26 +++++++++++++++---- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/infra/common/src/main/java/com/evolveum/midpoint/common/crypto/CryptoUtil.java b/infra/common/src/main/java/com/evolveum/midpoint/common/crypto/CryptoUtil.java index 3d6e3ff7092..2c84aa5e506 100644 --- a/infra/common/src/main/java/com/evolveum/midpoint/common/crypto/CryptoUtil.java +++ b/infra/common/src/main/java/com/evolveum/midpoint/common/crypto/CryptoUtil.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2013 Evolveum + * Copyright (c) 2010-2016 Evolveum * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -39,6 +39,8 @@ import com.evolveum.midpoint.schema.result.OperationResult; import com.evolveum.midpoint.schema.result.OperationResultStatus; import com.evolveum.midpoint.util.exception.TunnelException; +import com.evolveum.midpoint.util.logging.Trace; +import com.evolveum.midpoint.util.logging.TraceManager; import com.evolveum.midpoint.xml.ns._public.common.common_3.MailServerConfigurationType; import com.evolveum.midpoint.xml.ns._public.common.common_3.NotificationConfigurationType; import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType; @@ -51,6 +53,8 @@ * */ public class CryptoUtil { + + private static final Trace LOGGER = TraceManager.getTrace(CryptoUtil.class); /** * Encrypts all encryptable values in the object. @@ -270,17 +274,18 @@ public static void securitySelfTest(OperationResult parentTestResult) { providerResult.addContext("properties", propXml); providerResult.recordSuccess(); } catch (Throwable e) { + LOGGER.error("Security self test (provider properties) failed: ", e.getMessage() ,e); providerResult.recordFatalError(e); } } - securitySelfTestAlgorithm("AES", "AES/CBC/PKCS5Padding", null, result); + securitySelfTestAlgorithm("AES", "AES/CBC/PKCS5Padding", null, false, result); OperationResult cryptoResult = result.getLastSubresult(); if (cryptoResult.isError()) { // Do a test encryption. It happens sometimes that the key generator // generates a key that is not supported by the cipher. // Fall back to known key size supported by all JCE implementations - securitySelfTestAlgorithm("AES", "AES/CBC/PKCS5Padding", 128, result); + securitySelfTestAlgorithm("AES", "AES/CBC/PKCS5Padding", 128, true, result); OperationResult cryptoResult2 = result.getLastSubresult(); if (cryptoResult2.isSuccess()) { cryptoResult.setStatus(OperationResultStatus.HANDLED_ERROR); @@ -290,7 +295,8 @@ public static void securitySelfTest(OperationResult parentTestResult) { result.computeStatus(); } - private static void securitySelfTestAlgorithm(String algorithmName, String transformationName, Integer keySize, OperationResult parentResult) { + private static void securitySelfTestAlgorithm(String algorithmName, String transformationName, + Integer keySize, boolean critical, OperationResult parentResult) { OperationResult subresult = parentResult.createSubresult(CryptoUtil.class.getName()+".securitySelfTest.algorithm."+algorithmName); try { KeyGenerator keyGenerator = KeyGenerator.getInstance(algorithmName); @@ -331,8 +337,18 @@ private static void securitySelfTestAlgorithm(String algorithmName, String trans } else { subresult.recordSuccess(); } + LOGGER.debug("Security self test (algorithmName={}, transformationName={}, keySize={}) success", + new Object[] {algorithmName, transformationName, keySize}); } catch (Throwable e) { - subresult.recordFatalError(e); + if (critical) { + LOGGER.error("Security self test (algorithmName={}, transformationName={}, keySize={}) failed: {}", + new Object[] {algorithmName, transformationName, keySize, e.getMessage() ,e}); + subresult.recordFatalError(e); + } else { + LOGGER.warn("Security self test (algorithmName={}, transformationName={}, keySize={}) failed: {} (failure is expected in some cases)", + new Object[] {algorithmName, transformationName, keySize, e.getMessage() ,e}); + subresult.recordWarning(e); + } } }