Skip to content

J
jenkins

LinuxSuRen / jenkins
与 Fork 源项目一致

从无法访问的项目Fork

通知 2
Star 0
Fork 0
J
jenkins

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

未验证 提交 05dd4095 编写于 作者: R Raihaan Shouhell 提交者: GitHub
浏览文件
操作

Merge pull request #4694 from daniel-beck/better-signature-logging 

Better logging for signature validation
上级 bdf0da30 0e911958
隐藏空白更改
内联 并排
Showing with 15 addition and 5 deletion
core/src/main/java/jenkins/util/JSONSignatureValidator.java
浏览文件 @ 05dd4095
......@@ -78,7 +78,9 @@ public class JSONSignatureValidator {
} catch (CertificateNotYetValidException e) {
warning = FormValidation.warning(e, String.format("Certificate %s is not yet valid in %s", cert.toString(), name));
}
LOGGER.log(Level.FINE, "Add certificate found in json doc: \r\n\tsubjectDN: {0}\r\n\tissuer: {1}", new Object[]{c.getSubjectDN(), c.getIssuerDN()});
LOGGER.log(Level.FINE, "Add certificate found in JSON document:\n\tsubjectDN: {0}\n\tissuer: {1}\n\tnotBefore: {2}\n\tnotAfter: {3}",
new Object[] { c.getSubjectDN(), c.getIssuerDN(), c.getNotBefore(), c.getNotAfter() });
LOGGER.log(Level.FINEST, () -> "Certificate from JSON document: " + c);
certs.add(c);
} catch (IllegalArgumentException ex) {
throw new IOException("Could not decode certificate", ex);
......@@ -253,6 +255,12 @@ public class JSONSignatureValidator {
try (InputStream in = j.servletContext.getResourceAsStream(cert)) {
if (in == null) continue; // our test for paths ending in / should prevent this from happening
certificate = cf.generateCertificate(in);
if (certificate instanceof X509Certificate) {
X509Certificate c = (X509Certificate) certificate;
LOGGER.log(Level.FINE, "Add CA certificate found in webapp resources:\n\tsubjectDN: {0}\n\tissuer: {1}\n\tnotBefore: {2}\n\tnotAfter: {3}",
new Object[] { c.getSubjectDN(), c.getIssuerDN(), c.getNotBefore(), c.getNotAfter() });
}
LOGGER.log(Level.FINEST, () -> "CA certificate from webapp resource " + cert + ": " + certificate);
} catch (CertificateException e) {
LOGGER.log(Level.WARNING, String.format("Webapp resources in /WEB-INF/update-center-rootCAs are "
+ "expected to be either certificates or .txt files documenting the "
......@@ -263,8 +271,6 @@ public class JSONSignatureValidator {
}
try {
TrustAnchor certificateAuthority = new TrustAnchor((X509Certificate) certificate, null);
LOGGER.log(Level.FINE, "Add Certificate Authority {0}: {1}",
new Object[]{cert, (certificateAuthority.getTrustedCert() == null ? null : certificateAuthority.getTrustedCert().getSubjectDN())});
anchors.add(certificateAuthority);
} catch (IllegalArgumentException e) {
LOGGER.log(Level.WARNING,
......@@ -282,6 +288,12 @@ public class JSONSignatureValidator {
Certificate certificate;
try (InputStream in = Files.newInputStream(cert.toPath())) {
certificate = cf.generateCertificate(in);
if (certificate instanceof X509Certificate) {
X509Certificate c = (X509Certificate) certificate;
LOGGER.log(Level.FINE, "Add CA certificate found in Jenkins home:\n\tsubjectDN: {0}\n\tissuer: {1}\n\tnotBefore: {2}\n\tnotAfter: {3}",
new Object[] { c.getSubjectDN(), c.getIssuerDN(), c.getNotBefore(), c.getNotAfter() });
}
LOGGER.log(Level.FINEST, () -> "CA certificate from Jenkins home " + cert + ": " + certificate);
} catch (InvalidPathException e) {
throw new IOException(e);
} catch (CertificateException e) {
......@@ -294,8 +306,6 @@ public class JSONSignatureValidator {
}
try {
TrustAnchor certificateAuthority = new TrustAnchor((X509Certificate) certificate, null);
LOGGER.log(Level.FINE, "Add Certificate Authority {0}: {1}",
new Object[]{cert, (certificateAuthority.getTrustedCert() == null ? null : certificateAuthority.getTrustedCert().getSubjectDN())});
anchors.add(certificateAuthority);
} catch (IllegalArgumentException e) {
LOGGER.log(Level.WARNING,
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册