Misleading Logging for HSM

[pki-bot]

This issue was migrated from Pagure Issue #2457. Originally filed by gkapoor (@geetikakay) on 2016-09-14 18:13:14:

• Closed as Fixed
• Assigned to nobody
• Associated bugzillas
  • https://bugzilla.redhat.com/show_bug.cgi?id=1368410

---

Logs are bit confusing when it says "deleteCert Exception=java.io.IOException:
The certificate with the same nickname: NHSM6000:ocspSigningCert cert-NHSM-Test
CA has been found on HSM. "

<debug log snip>
1450 [17/Aug/2016:06:17:45][http-bio-22443-exec-3]: ConfigurationUtils:
findCertificate: The certificate with the same nickname:
NHSM6000:ocspSigningCert cert-NHSM-Test CA has been found on HSM. Please remove
it before proceeding.
1451 [17/Aug/2016:06:17:45][http-bio-22443-exec-3]: handleCerts(): deleteCert
Exception=java.io.IOException: The certificate with the same nickname:
NHSM6000:ocspSigningCert cert-NHSM-Test CA has been found on HSM. Please remove
it before proceeding.
1452 [17/Aug/2016:06:17:45][http-bio-22443-exec-3]: handleCerts(): Failed to
import user certificate.org.mozilla.jss.crypto.TokenException:
PK11_ImportDERCertForKey Unable to import certificate to its token: (-8054) You
are attempting to import a cert with the same issuer/serial as an existing
cert, but      that is not the same cert.
</debug log sinp>

What my observation is certs are not removed we just create a new cert with
different keyid. So why we are saying deleting certs in logs

Steps to Reproduce:

1. Install a HSM and refer https://bugzilla.redhat.com/show_bug.cgi?id=1289323

Actual results:

It gives an impression that it delete NHSM6000:ocspSigningCert cert-NHSM-Test
CA has been found on HSM

Expected results:

Logging should be more user friendly and should say what it does

[pki-bot]

Comment from edewata (@edewata) at 2017-01-05 12:25:46

Fixed in master:

• 48090b0

[pki-bot]

Comment from gkapoor (@geetikakay) at 2017-02-27 14:05:16

Metadata Update from @geetikakay:

• Issue set to the milestone: 10.4.0