From 8cf2b92353a450771515bf64354d00c126e80b6f Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Thu, 15 Sep 2022 16:57:19 +0200 Subject: [PATCH] Promote signature failure and cache corruption logs from DEBUG to WARN --- NEWS | 2 ++ .../java/com/yubico/fido/metadata/FidoMetadataDownloader.java | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 62d155e89..99e707796 100644 --- a/NEWS +++ b/NEWS @@ -44,6 +44,8 @@ Changes: * The `AuthenticatorToBeFiltered` argument of the `FidoMetadataService` runtime filter now omits zero AAGUIDs. +* Promoted log messages in `FidoMetadataDownloader` about BLOB signature failure + and cache corruption from DEBUG level to WARN level. Fixes: diff --git a/webauthn-server-attestation/src/main/java/com/yubico/fido/metadata/FidoMetadataDownloader.java b/webauthn-server-attestation/src/main/java/com/yubico/fido/metadata/FidoMetadataDownloader.java index cb76f5b7d..adfc5337e 100644 --- a/webauthn-server-attestation/src/main/java/com/yubico/fido/metadata/FidoMetadataDownloader.java +++ b/webauthn-server-attestation/src/main/java/com/yubico/fido/metadata/FidoMetadataDownloader.java @@ -834,7 +834,7 @@ private Optional refreshBlobInternal( return Optional.of(downloadedBlob); } catch (FidoMetadataDownloaderException e) { if (e.getReason() == Reason.BAD_SIGNATURE && cached.isPresent()) { - log.debug("New BLOB has bad signature - falling back to cached BLOB."); + log.warn("New BLOB has bad signature - falling back to cached BLOB."); return cached; } else { throw e; @@ -954,7 +954,7 @@ private Optional loadCachedBlobOnly(X509Certificate trustRootCerti try { return parseAndVerifyBlob(cached, trustRootCertificate); } catch (Exception e) { - log.debug("Failed to read or parse cached BLOB.", e); + log.warn("Failed to read or parse cached BLOB.", e); return null; } });