diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2017-04-12 04:13:14 +0200 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2017-04-12 16:23:52 +0200 |
| commit | 0afe49b7b758d46f8bc0ca87cf2124e90084ebce (patch) | |
| tree | a9a9cdbfbbde728106ac232806cf7969a78f4091 | |
| parent | e770f3a4ff34c27bc698d47aedc518a7ae6b31f9 (diff) | |
| download | pki-0afe49b7b758d46f8bc0ca87cf2124e90084ebce.tar.gz pki-0afe49b7b758d46f8bc0ca87cf2124e90084ebce.tar.xz pki-0afe49b7b758d46f8bc0ca87cf2124e90084ebce.zip | |
Reorganized audit event constants for authentication.
Change-Id: Iade8cb7fdf3c3f93afb13ff814da0f72dc8f8049
12 files changed, 106 insertions, 125 deletions
diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/ProfileService.java b/base/ca/src/org/dogtagpki/server/ca/rest/ProfileService.java index 694fb92bb..eae68ef78 100644 --- a/base/ca/src/org/dogtagpki/server/ca/rest/ProfileService.java +++ b/base/ca/src/org/dogtagpki/server/ca/rest/ProfileService.java @@ -51,6 +51,7 @@ import com.netscape.certsrv.base.UnauthorizedException; import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.common.OpDef; import com.netscape.certsrv.common.ScopeDef; +import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.profile.EProfileException; import com.netscape.certsrv.profile.IProfile; @@ -89,8 +90,6 @@ public class ProfileService extends SubsystemService implements ProfileResource private IProfileSubsystem ps = (IProfileSubsystem) CMS.getSubsystem(IProfileSubsystem.ID); private IPluginRegistry registry = (IPluginRegistry) CMS.getSubsystem(CMS.SUBSYSTEM_REGISTRY); - private final static String LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL = - "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4"; private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE = "LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE_3"; @@ -1189,7 +1188,7 @@ public class ProfileService extends SubsystemService implements ProfileResource public void auditProfileChangeState(String profileId, String op, String status) { String msg = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + AuditEvent.CERT_PROFILE_APPROVAL, auditor.getSubjectID(), status, profileId, diff --git a/base/common/src/com/netscape/certsrv/logging/AuditEvent.java b/base/common/src/com/netscape/certsrv/logging/AuditEvent.java index bc892a953..82cb77f54 100644 --- a/base/common/src/com/netscape/certsrv/logging/AuditEvent.java +++ b/base/common/src/com/netscape/certsrv/logging/AuditEvent.java @@ -35,6 +35,25 @@ import com.netscape.certsrv.base.MessageFormatter; */ public class AuditEvent implements IBundleLogEvent { + public final static String AUTHZ_SUCCESS = + "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; + public final static String AUTHZ_SUCCESS_INFO = + "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_5"; + public final static String AUTHZ_FAIL = + "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; + public final static String AUTHZ_FAIL_INFO = + "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_5"; + public final static String INTER_BOUNDARY = + "LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS_5"; + public final static String AUTH_FAIL = + "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; + public final static String AUTH_SUCCESS = + "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; + public final static String CERT_PROFILE_APPROVAL = + "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4"; + public final static String PROOF_OF_POSSESSION = + "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; + public final static String CRL_RETRIEVAL = "LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL_3"; public final static String CRL_VALIDATION = diff --git a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java index f4a59d28f..0ec3c9438 100644 --- a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java +++ b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java @@ -76,6 +76,7 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.EPropertyNotFound; import com.netscape.certsrv.base.SessionContext; import com.netscape.certsrv.ca.ICertificateAuthority; +import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.profile.EDeferException; import com.netscape.certsrv.profile.EProfileException; @@ -121,9 +122,6 @@ public abstract class EnrollProfile extends BasicProfile private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST = "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; - private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = - "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; - private PKIData mCMCData; public EnrollProfile() { @@ -2073,7 +2071,7 @@ public abstract class EnrollProfile extends BasicProfile // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + AuditEvent.PROOF_OF_POSSESSION, auditSubjectID, ILogger.SUCCESS); audit(auditMessage); @@ -2093,7 +2091,7 @@ public abstract class EnrollProfile extends BasicProfile // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + AuditEvent.PROOF_OF_POSSESSION, auditSubjectID, ILogger.FAILURE); diff --git a/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java b/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java index f24695145..81e71c49e 100644 --- a/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java +++ b/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java @@ -30,6 +30,7 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.SessionContext; +import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.profile.EProfileException; import com.netscape.certsrv.profile.IProfile; @@ -48,9 +49,6 @@ import com.netscape.cmsutil.crypto.CryptoUtil; */ public abstract class EnrollInput implements IProfileInput { - private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = - "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; - protected IConfigStore mConfig = null; protected Vector<String> mValueNames = new Vector<String>(); protected Vector<String> mConfigNames = new Vector<String>(); @@ -219,7 +217,7 @@ public abstract class EnrollInput implements IProfileInput { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + AuditEvent.PROOF_OF_POSSESSION, auditSubjectID, ILogger.SUCCESS); audit(auditMessage); @@ -230,7 +228,7 @@ public abstract class EnrollInput implements IProfileInput { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + AuditEvent.PROOF_OF_POSSESSION, auditSubjectID, ILogger.FAILURE); diff --git a/base/server/cms/src/com/netscape/cms/realm/PKIRealm.java b/base/server/cms/src/com/netscape/cms/realm/PKIRealm.java index 1933601db..28fb0b9be 100644 --- a/base/server/cms/src/com/netscape/cms/realm/PKIRealm.java +++ b/base/server/cms/src/com/netscape/cms/realm/PKIRealm.java @@ -16,6 +16,7 @@ import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.authentication.ICertUserDBAuthentication; import com.netscape.certsrv.authentication.IPasswdUserDBAuthentication; import com.netscape.certsrv.base.SessionContext; +import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.usrgrp.EUsrGrpException; import com.netscape.certsrv.usrgrp.IGroup; @@ -35,11 +36,6 @@ import netscape.security.x509.X509CertImpl; public class PKIRealm extends RealmBase { protected ILogger signedAuditLogger = CMS.getSignedAuditLogger(); - private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = - "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; - private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; - @Override protected String getName() { return "PKIRealm"; @@ -66,7 +62,7 @@ public class PKIRealm extends RealmBase { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, + AuditEvent.AUTH_SUCCESS, auditSubjectID, ILogger.SUCCESS, IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID); @@ -77,7 +73,7 @@ public class PKIRealm extends RealmBase { } catch (Throwable e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, + AuditEvent.AUTH_FAIL, auditSubjectID, ILogger.FAILURE, IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID, @@ -126,7 +122,7 @@ public class PKIRealm extends RealmBase { CMS.debug("PKIRealm: User ID: " + username); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, + AuditEvent.AUTH_SUCCESS, auditSubjectID, ILogger.SUCCESS, IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); @@ -137,7 +133,7 @@ public class PKIRealm extends RealmBase { } catch (Throwable e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, + AuditEvent.AUTH_FAIL, auditSubjectID, ILogger.FAILURE, IAuthSubsystem.CERTUSERDB_AUTHMGR_ID, diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java index ab7af9ec3..0350e388b 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java @@ -51,6 +51,7 @@ import com.netscape.certsrv.base.IExtendedPluginInfo; import com.netscape.certsrv.base.SessionContext; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.common.NameValuePairs; +import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.IAuditor; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.usrgrp.EUsrGrpException; @@ -121,14 +122,6 @@ public class AdminServlet extends HttpServlet { public static final String CERT_ATTR = "javax.servlet.request.X509Certificate"; - private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = - "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; - private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; - private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL = - "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; - private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; private final static String CERTUSERDB = @@ -307,7 +300,7 @@ public class AdminServlet extends HttpServlet { if (allCerts == null || allCerts.length == 0) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, + AuditEvent.AUTH_FAIL, ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, @@ -399,7 +392,7 @@ public class AdminServlet extends HttpServlet { if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, + AuditEvent.AUTH_FAIL, ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, @@ -409,7 +402,7 @@ public class AdminServlet extends HttpServlet { } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, + AuditEvent.AUTH_FAIL, ILogger.UNIDENTIFIED, ILogger.FAILURE, PASSWDUSERDB, @@ -433,7 +426,7 @@ public class AdminServlet extends HttpServlet { if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, + AuditEvent.AUTH_FAIL, ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, @@ -443,7 +436,7 @@ public class AdminServlet extends HttpServlet { } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, + AuditEvent.AUTH_FAIL, ILogger.UNIDENTIFIED, ILogger.FAILURE, PASSWDUSERDB, @@ -469,7 +462,7 @@ public class AdminServlet extends HttpServlet { if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, + AuditEvent.AUTH_FAIL, ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, @@ -479,7 +472,7 @@ public class AdminServlet extends HttpServlet { } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, + AuditEvent.AUTH_FAIL, ILogger.UNIDENTIFIED, ILogger.FAILURE, PASSWDUSERDB, @@ -505,7 +498,7 @@ public class AdminServlet extends HttpServlet { if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, + AuditEvent.AUTH_FAIL, ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, @@ -515,7 +508,7 @@ public class AdminServlet extends HttpServlet { } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, + AuditEvent.AUTH_FAIL, ILogger.UNIDENTIFIED, ILogger.FAILURE, PASSWDUSERDB, @@ -535,7 +528,7 @@ public class AdminServlet extends HttpServlet { if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, + AuditEvent.AUTH_SUCCESS, auditSubjectID(), ILogger.SUCCESS, CERTUSERDB); @@ -544,7 +537,7 @@ public class AdminServlet extends HttpServlet { } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, + AuditEvent.AUTH_SUCCESS, auditSubjectID(), ILogger.SUCCESS, PASSWDUSERDB); @@ -555,7 +548,7 @@ public class AdminServlet extends HttpServlet { if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, + AuditEvent.AUTH_FAIL, ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, @@ -565,7 +558,7 @@ public class AdminServlet extends HttpServlet { } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, + AuditEvent.AUTH_FAIL, ILogger.UNIDENTIFIED, ILogger.FAILURE, PASSWDUSERDB, @@ -654,7 +647,7 @@ public class AdminServlet extends HttpServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + AuditEvent.AUTHZ_FAIL, auditSubjectID, ILogger.FAILURE, auditACLResource, @@ -677,7 +670,7 @@ public class AdminServlet extends HttpServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + AuditEvent.AUTHZ_FAIL, auditSubjectID, ILogger.FAILURE, auditACLResource, @@ -698,7 +691,7 @@ public class AdminServlet extends HttpServlet { } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + AuditEvent.AUTHZ_FAIL, auditSubjectID, ILogger.FAILURE, auditACLResource, @@ -720,7 +713,7 @@ public class AdminServlet extends HttpServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, + AuditEvent.AUTHZ_SUCCESS, auditSubjectID, ILogger.SUCCESS, auditACLResource, diff --git a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java index ab9b9367f..01f9f07fd 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -64,6 +64,7 @@ import com.netscape.certsrv.common.ICMSRequest; import com.netscape.certsrv.dbs.certdb.ICertRecord; import com.netscape.certsrv.dbs.certdb.ICertificateRepository; import com.netscape.certsrv.kra.IKeyRecoveryAuthority; +import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.ra.IRegistrationAuthority; import com.netscape.certsrv.request.IRequest; @@ -244,14 +245,6 @@ public abstract class CMSServlet extends HttpServlet { private IUGSubsystem mUG = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); - private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = - "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; - private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; - private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL = - "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; - private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; @@ -1801,7 +1794,7 @@ public abstract class CMSServlet extends HttpServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, + AuditEvent.AUTH_SUCCESS, auditSubjectID, ILogger.SUCCESS, auditAuthMgrID); @@ -1812,7 +1805,7 @@ public abstract class CMSServlet extends HttpServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, + AuditEvent.AUTH_FAIL, auditSubjectID, ILogger.FAILURE, auditAuthMgrID, @@ -1837,7 +1830,7 @@ public abstract class CMSServlet extends HttpServlet { authzToken = mAuthz.authorize(authzMgrName, authToken, exp); if (authzToken != null) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, + AuditEvent.AUTHZ_SUCCESS, auditSubjectID, ILogger.SUCCESS, auditACLResource, @@ -1855,7 +1848,7 @@ public abstract class CMSServlet extends HttpServlet { audit(auditMessage); } else { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + AuditEvent.AUTHZ_FAIL, auditSubjectID, ILogger.FAILURE, auditACLResource, @@ -1874,7 +1867,7 @@ public abstract class CMSServlet extends HttpServlet { return authzToken; } catch (Exception e) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + AuditEvent.AUTHZ_FAIL, auditSubjectID, ILogger.FAILURE, auditACLResource, @@ -1971,7 +1964,7 @@ public abstract class CMSServlet extends HttpServlet { if (authzTok != null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, + AuditEvent.AUTHZ_SUCCESS, auditSubjectID, ILogger.SUCCESS, auditACLResource, @@ -1990,7 +1983,7 @@ public abstract class CMSServlet extends HttpServlet { } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + AuditEvent.AUTHZ_FAIL, auditSubjectID, ILogger.FAILURE, auditACLResource, @@ -2012,7 +2005,7 @@ public abstract class CMSServlet extends HttpServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + AuditEvent.AUTHZ_FAIL, auditSubjectID, ILogger.FAILURE, auditACLResource, @@ -2033,7 +2026,7 @@ public abstract class CMSServlet extends HttpServlet { } catch (Exception eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + AuditEvent.AUTHZ_FAIL, auditSubjectID, ILogger.FAILURE, auditACLResource, diff --git a/base/server/cms/src/com/netscape/cms/servlet/connector/ConnectorServlet.java b/base/server/cms/src/com/netscape/cms/servlet/connector/ConnectorServlet.java index e6dfbc43e..014db79b7 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/connector/ConnectorServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/connector/ConnectorServlet.java @@ -49,6 +49,7 @@ import com.netscape.certsrv.base.SessionContext; import com.netscape.certsrv.common.ICMSRequest; import com.netscape.certsrv.connector.IPKIMessage; import com.netscape.certsrv.connector.IRequestEncoder; +import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.AuditFormat; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.profile.EProfileException; @@ -97,8 +98,6 @@ public class ConnectorServlet extends CMSServlet { protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static String SIGNED_AUDIT_PROTECTION_METHOD_SSL = "ssl"; - private final static String LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS = - "LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS_5"; private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST = "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = @@ -479,7 +478,7 @@ public class ConnectorServlet extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, + AuditEvent.INTER_BOUNDARY, auditSubjectID, ILogger.FAILURE, auditProtectionMethod, @@ -501,7 +500,7 @@ public class ConnectorServlet extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, + AuditEvent.INTER_BOUNDARY, auditSubjectID, ILogger.SUCCESS, auditProtectionMethod, @@ -699,7 +698,7 @@ public class ConnectorServlet extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, + AuditEvent.INTER_BOUNDARY, auditSubjectID, ILogger.SUCCESS, auditProtectionMethod, @@ -921,7 +920,7 @@ public class ConnectorServlet extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, + AuditEvent.INTER_BOUNDARY, auditSubjectID, ILogger.SUCCESS, auditProtectionMethod, @@ -934,7 +933,7 @@ public class ConnectorServlet extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, + AuditEvent.INTER_BOUNDARY, auditSubjectID, ILogger.FAILURE, auditProtectionMethod, @@ -947,7 +946,7 @@ public class ConnectorServlet extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, + AuditEvent.INTER_BOUNDARY, auditSubjectID, ILogger.FAILURE, auditProtectionMethod, @@ -960,7 +959,7 @@ public class ConnectorServlet extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, + AuditEvent.INTER_BOUNDARY, auditSubjectID, ILogger.FAILURE, auditProtectionMethod, @@ -980,7 +979,7 @@ public class ConnectorServlet extends CMSServlet { } catch (EBaseException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, + AuditEvent.INTER_BOUNDARY, auditSubjectID, ILogger.FAILURE, auditProtectionMethod, diff --git a/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java index 62b9a7c4b..d5a9c4d40 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java +++ b/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java @@ -51,6 +51,7 @@ import com.netscape.certsrv.base.SessionContext; import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.dbs.certdb.ICertRecord; import com.netscape.certsrv.dbs.certdb.ICertificateRepository; +import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.profile.IEnrollProfile; import com.netscape.certsrv.profile.IProfile; @@ -118,14 +119,6 @@ public class CAProcessor extends Processor { public final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; - public final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = - "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; - public final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; - public final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL = - "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; - public final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; public final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; public final static String SIGNED_AUDIT_CERT_REQUEST_REASON = @@ -498,7 +491,7 @@ public class CAProcessor extends Processor { authSubjectID += " : " + uid_cred; auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, + AuditEvent.AUTH_FAIL, authSubjectID, ILogger.FAILURE, authMgrID, @@ -512,7 +505,7 @@ public class CAProcessor extends Processor { authSubjectID += " : " + uid_cred; auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, + AuditEvent.AUTH_FAIL, authSubjectID, ILogger.FAILURE, authMgrID, @@ -534,7 +527,7 @@ public class CAProcessor extends Processor { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, + AuditEvent.AUTH_SUCCESS, authSubjectID, ILogger.SUCCESS, authMgrID); @@ -669,7 +662,7 @@ public class CAProcessor extends Processor { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, + AuditEvent.AUTH_SUCCESS, auditSubjectID, ILogger.SUCCESS, auditAuthMgrID); @@ -680,7 +673,7 @@ public class CAProcessor extends Processor { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, + AuditEvent.AUTH_FAIL, auditSubjectID, ILogger.FAILURE, auditAuthMgrID, @@ -730,7 +723,7 @@ public class CAProcessor extends Processor { authzToken = authz.authorize(authzMgrName, authToken, exp); if (authzToken != null) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, + AuditEvent.AUTHZ_SUCCESS, auditSubjectID, ILogger.SUCCESS, auditACLResource, @@ -748,7 +741,7 @@ public class CAProcessor extends Processor { audit(auditMessage); } else { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + AuditEvent.AUTHZ_FAIL, auditSubjectID, ILogger.FAILURE, auditACLResource, @@ -767,7 +760,7 @@ public class CAProcessor extends Processor { return authzToken; } catch (EBaseException e) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + AuditEvent.AUTHZ_FAIL, auditSubjectID, ILogger.FAILURE, auditACLResource, @@ -863,7 +856,7 @@ public class CAProcessor extends Processor { if (authzTok != null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, + AuditEvent.AUTHZ_SUCCESS, auditSubjectID, ILogger.SUCCESS, auditACLResource, @@ -882,7 +875,7 @@ public class CAProcessor extends Processor { } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + AuditEvent.AUTHZ_FAIL, auditSubjectID, ILogger.FAILURE, auditACLResource, @@ -904,7 +897,7 @@ public class CAProcessor extends Processor { } catch (Exception eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + AuditEvent.AUTHZ_FAIL, auditSubjectID, ILogger.FAILURE, auditACLResource, diff --git a/base/server/cms/src/com/netscape/cms/servlet/processors/CRMFProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/processors/CRMFProcessor.java index 1da0cf3c4..70a4a421a 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/processors/CRMFProcessor.java +++ b/base/server/cms/src/com/netscape/cms/servlet/processors/CRMFProcessor.java @@ -50,6 +50,7 @@ import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.common.ICMSRequest; +import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.servlet.base.CMSServlet; @@ -68,9 +69,6 @@ public class CRMFProcessor extends PKIProcessor { private boolean enforcePop = false; - private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = - "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; - public CRMFProcessor() { super(); } @@ -118,7 +116,7 @@ public class CRMFProcessor extends PKIProcessor { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + AuditEvent.PROOF_OF_POSSESSION, auditSubjectID, ILogger.SUCCESS); @@ -131,7 +129,7 @@ public class CRMFProcessor extends PKIProcessor { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + AuditEvent.PROOF_OF_POSSESSION, auditSubjectID, ILogger.FAILURE); @@ -148,7 +146,7 @@ public class CRMFProcessor extends PKIProcessor { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + AuditEvent.PROOF_OF_POSSESSION, auditSubjectID, ILogger.FAILURE); @@ -161,7 +159,7 @@ public class CRMFProcessor extends PKIProcessor { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + AuditEvent.PROOF_OF_POSSESSION, auditSubjectID, ILogger.FAILURE); diff --git a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java index 89ba1bd8c..f56c37866 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java @@ -32,6 +32,7 @@ import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.authorization.AuthzToken; import com.netscape.certsrv.authorization.EAuthzAccessDenied; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.profile.EProfileException; import com.netscape.certsrv.profile.IPolicyConstraint; @@ -60,8 +61,6 @@ public class ProfileApproveServlet extends ProfileServlet { private static final String PROP_AUTHORITY_ID = "authorityId"; private String mAuthorityId = null; - private final static String LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL = - "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4"; private final static String OP_APPROVE = "approve"; private final static String OP_DISAPPROVE = "disapprove"; @@ -134,7 +133,7 @@ public class ProfileApproveServlet extends ProfileServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + AuditEvent.CERT_PROFILE_APPROVAL, auditSubjectID, ILogger.FAILURE, auditProfileID, @@ -168,7 +167,7 @@ public class ProfileApproveServlet extends ProfileServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + AuditEvent.CERT_PROFILE_APPROVAL, auditSubjectID, ILogger.FAILURE, auditProfileID, @@ -198,7 +197,7 @@ public class ProfileApproveServlet extends ProfileServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + AuditEvent.CERT_PROFILE_APPROVAL, auditSubjectID, ILogger.FAILURE, auditProfileID, @@ -222,7 +221,7 @@ public class ProfileApproveServlet extends ProfileServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + AuditEvent.CERT_PROFILE_APPROVAL, auditSubjectID, ILogger.FAILURE, auditProfileID, @@ -244,7 +243,7 @@ public class ProfileApproveServlet extends ProfileServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + AuditEvent.CERT_PROFILE_APPROVAL, auditSubjectID, ILogger.FAILURE, auditProfileID, @@ -277,7 +276,7 @@ public class ProfileApproveServlet extends ProfileServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + AuditEvent.CERT_PROFILE_APPROVAL, auditSubjectID, ILogger.FAILURE, auditProfileID, @@ -298,7 +297,7 @@ public class ProfileApproveServlet extends ProfileServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + AuditEvent.CERT_PROFILE_APPROVAL, auditSubjectID, ILogger.SUCCESS, auditProfileID, @@ -316,7 +315,7 @@ public class ProfileApproveServlet extends ProfileServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + AuditEvent.CERT_PROFILE_APPROVAL, auditSubjectID, ILogger.FAILURE, auditProfileID, @@ -329,7 +328,7 @@ public class ProfileApproveServlet extends ProfileServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + AuditEvent.CERT_PROFILE_APPROVAL, auditSubjectID, ILogger.FAILURE, auditProfileID, diff --git a/base/server/cms/src/org/dogtagpki/server/rest/ACLInterceptor.java b/base/server/cms/src/org/dogtagpki/server/rest/ACLInterceptor.java index 8e02ec21c..86996d5b2 100644 --- a/base/server/cms/src/org/dogtagpki/server/rest/ACLInterceptor.java +++ b/base/server/cms/src/org/dogtagpki/server/rest/ACLInterceptor.java @@ -45,6 +45,7 @@ import com.netscape.certsrv.authorization.EAuthzUnknownRealm; import com.netscape.certsrv.authorization.IAuthzSubsystem; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.ForbiddenException; +import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; import com.netscape.cms.realm.PKIPrincipal; @@ -54,11 +55,6 @@ import com.netscape.cms.realm.PKIPrincipal; @Provider public class ACLInterceptor implements ContainerRequestFilter { protected ILogger signedAuditLogger = CMS.getSignedAuditLogger(); - private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL = - "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_5"; - private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_5"; - private final static String LOGGING_ACL_PARSING_ERROR = "internal error: ACL parsing error"; private final static String LOGGING_NO_ACL_ACCESS_ALLOWED = "no ACL configured; OK"; private final static String LOGGING_MISSING_AUTH_TOKEN = "auth token not found"; @@ -178,7 +174,7 @@ public class ACLInterceptor implements ContainerRequestFilter { // store a message in the signed audit log file // although if it didn't pass authentication, it should not have gotten here auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + AuditEvent.AUTHZ_FAIL_INFO, auditSubjectID, ILogger.FAILURE, null, // resource @@ -195,7 +191,7 @@ public class ACLInterceptor implements ContainerRequestFilter { CMS.debug("ACLInterceptor: No ACL mapping; authz not required."); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, + AuditEvent.AUTHZ_SUCCESS_INFO, auditSubjectID, ILogger.SUCCESS, null, //resource @@ -219,7 +215,7 @@ public class ACLInterceptor implements ContainerRequestFilter { } catch (IOException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + AuditEvent.AUTHZ_FAIL_INFO, auditSubjectID, ILogger.FAILURE, null, //resource @@ -236,7 +232,7 @@ public class ACLInterceptor implements ContainerRequestFilter { CMS.debug("ACLInterceptor: No ACL configuration."); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, + AuditEvent.AUTHZ_SUCCESS_INFO, auditSubjectID, ILogger.SUCCESS, null, //resource @@ -252,7 +248,7 @@ public class ACLInterceptor implements ContainerRequestFilter { CMS.debug("ACLInterceptor: Invalid ACL mapping."); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + AuditEvent.AUTHZ_FAIL_INFO, auditSubjectID, ILogger.FAILURE, null, //resource @@ -279,7 +275,7 @@ public class ACLInterceptor implements ContainerRequestFilter { CMS.debug("ACLInterceptor: " + info); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + AuditEvent.AUTHZ_FAIL_INFO, auditSubjectID, ILogger.FAILURE, values[0], // resource @@ -296,7 +292,7 @@ public class ACLInterceptor implements ContainerRequestFilter { CMS.debug("ACLInterceptor: " + info); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + AuditEvent.AUTHZ_FAIL_INFO, auditSubjectID, ILogger.FAILURE, values[0], // resource @@ -309,7 +305,7 @@ public class ACLInterceptor implements ContainerRequestFilter { String info = e.getMessage(); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + AuditEvent.AUTHZ_FAIL_INFO, auditSubjectID, ILogger.FAILURE, values[0], // resource @@ -323,7 +319,7 @@ public class ACLInterceptor implements ContainerRequestFilter { // Allow request. // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, + AuditEvent.AUTHZ_SUCCESS_INFO, auditSubjectID, ILogger.SUCCESS, values[0], // resource |