summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2017-04-19 23:23:39 +0200
committerEndi S. Dewata <edewata@redhat.com>2017-04-25 21:44:49 +0200
commit36a606e4b51de17c56da0f9ee4daab062ec4acf3 (patch)
treea63f303c90c768330e5223586b5f339cc88b013f
parent993a55fb4c883b3ca7ea0e64e24f4501909a571c (diff)
downloadpki-36a606e4b51de17c56da0f9ee4daab062ec4acf3.tar.gz
pki-36a606e4b51de17c56da0f9ee4daab062ec4acf3.tar.xz
pki-36a606e4b51de17c56da0f9ee4daab062ec4acf3.zip
Added CertRequestProcessedEvent constructor for X509CertImpl.
A new CertRequestProcessedEvent constructor has been added to encapsulate CERT_REQUEST_PROCESSED events that take an X509CertImpl object. Copies of auditInfoCertValue() method in various classes have been combined and moved into CertRequestProcessedEvent. https://pagure.io/dogtagpki/issue/2636 Change-Id: Ie234bdb9f1b52399dad4bd1e20f57dcb99d86091
Diffstat
-rw-r--r--base/common/src/com/netscape/certsrv/logging/event/CertRequestProcessedEvent.java71
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/cert/CertProcessor.java5
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/cert/EnrollServlet.java61
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/cert/RequestProcessor.java2
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/connector/ConnectorServlet.java65
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java54
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java64
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/request/ProcessCertReq.java56
8 files changed, 91 insertions, 287 deletions
diff --git a/base/common/src/com/netscape/certsrv/logging/event/CertRequestProcessedEvent.java b/base/common/src/com/netscape/certsrv/logging/event/CertRequestProcessedEvent.java
index 1703f65ff..3e5041ddf 100644
--- a/base/common/src/com/netscape/certsrv/logging/event/CertRequestProcessedEvent.java
+++ b/base/common/src/com/netscape/certsrv/logging/event/CertRequestProcessedEvent.java
@@ -17,7 +17,13 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.certsrv.logging.event;
+import java.security.cert.CertificateEncodingException;
+
import com.netscape.certsrv.logging.AuditEvent;
+import com.netscape.certsrv.logging.ILogger;
+import com.netscape.cmsutil.util.Utils;
+
+import netscape.security.x509.X509CertImpl;
public class CertRequestProcessedEvent extends AuditEvent {
@@ -40,4 +46,69 @@ public class CertRequestProcessedEvent extends AuditEvent {
infoValue
});
}
+
+ public CertRequestProcessedEvent(
+ String subjectID,
+ String outcome,
+ String requesterID,
+ String infoName,
+ X509CertImpl x509cert) {
+
+ super(CERT_REQUEST_PROCESSED);
+
+ setParameters(new Object[] {
+ subjectID,
+ outcome,
+ requesterID,
+ infoName,
+ auditInfoCertValue(x509cert)
+ });
+ }
+
+ /**
+ * Signed Audit Log Info Certificate Value
+ *
+ * This method is called to obtain the certificate from the passed in
+ * "X509CertImpl" for a signed audit log message.
+ * <P>
+ *
+ * @param x509cert an X509CertImpl
+ * @return cert string containing the certificate
+ */
+ public static String auditInfoCertValue(X509CertImpl x509cert) {
+
+ if (x509cert == null) {
+ return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
+ }
+
+ byte rawData[] = null;
+
+ try {
+ rawData = x509cert.getEncoded();
+ } catch (CertificateEncodingException e) {
+ return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
+ }
+
+ String cert = null;
+
+ // convert "rawData" into "base64Data"
+ if (rawData != null) {
+ String base64Data = Utils.base64encode(rawData).trim();
+
+ // concatenate lines
+ cert = base64Data.replace("\r", "").replace("\n", "");
+ }
+
+ if (cert != null) {
+ cert = cert.trim();
+
+ if (cert.equals("")) {
+ return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
+ } else {
+ return cert;
+ }
+ } else {
+ return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
+ }
+ }
}
diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/CertProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/cert/CertProcessor.java
index 2a60cb06d..d25d817b4 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/cert/CertProcessor.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/cert/CertProcessor.java
@@ -246,8 +246,9 @@ public class CertProcessor extends CAProcessor {
req.setRequestStatus(RequestStatus.COMPLETE);
X509CertImpl x509cert = req.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
- String auditInfoCertValue = auditInfoCertValue(x509cert);
+ String auditInfoCertValue = CertRequestProcessedEvent.auditInfoCertValue(x509cert);
+ // TODO: simplify this condition
if (auditInfoCertValue != null) {
if (!(auditInfoCertValue.equals(
ILogger.SIGNED_AUDIT_EMPTY_VALUE))) {
@@ -257,7 +258,7 @@ public class CertProcessor extends CAProcessor {
ILogger.SUCCESS,
auditRequesterID,
ILogger.SIGNED_AUDIT_ACCEPTANCE,
- auditInfoCertValue));
+ x509cert));
}
}
} catch (EDeferException e) {
diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/EnrollServlet.java b/base/server/cms/src/com/netscape/cms/servlet/cert/EnrollServlet.java
index cb2b76fbe..43df5b651 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/cert/EnrollServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/cert/EnrollServlet.java
@@ -19,7 +19,6 @@ package com.netscape.cms.servlet.cert;
import java.io.IOException;
import java.math.BigInteger;
-import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
@@ -69,7 +68,6 @@ import com.netscape.cms.servlet.processors.CRMFProcessor;
import com.netscape.cms.servlet.processors.KeyGenProcessor;
import com.netscape.cms.servlet.processors.PKCS10Processor;
import com.netscape.cms.servlet.processors.PKIProcessor;
-import com.netscape.cmsutil.util.Utils;
import netscape.security.pkcs.PKCS10;
import netscape.security.x509.AlgorithmId;
@@ -1374,7 +1372,7 @@ public class EnrollServlet extends CMSServlet {
ILogger.SUCCESS,
auditRequesterID,
ILogger.SIGNED_AUDIT_ACCEPTANCE,
- auditInfoCertValue(issuedCerts[i])));
+ issuedCerts[i]));
}
} catch (IOException ex) {
cmsReq.setStatus(ICMSRequest.ERROR);
@@ -1455,7 +1453,7 @@ public class EnrollServlet extends CMSServlet {
ILogger.SUCCESS,
auditRequesterID,
ILogger.SIGNED_AUDIT_ACCEPTANCE,
- auditInfoCertValue(issuedCerts[i])));
+ issuedCerts[i]));
}
return;
@@ -1475,7 +1473,7 @@ public class EnrollServlet extends CMSServlet {
ILogger.SUCCESS,
auditRequesterID,
ILogger.SIGNED_AUDIT_ACCEPTANCE,
- auditInfoCertValue(issuedCerts[i])));
+ issuedCerts[i]));
}
} catch (IOException e) {
log(ILogger.LL_FAILURE,
@@ -1674,57 +1672,4 @@ public class EnrollServlet extends CMSServlet {
throws EBaseException {
mIsTestBed = config.getBoolean("isTestBed", true);
}
-
- /**
- * Signed Audit Log Info Certificate Value
- *
- * This method is called to obtain the certificate from the passed in
- * "X509CertImpl" for a signed audit log message.
- * <P>
- *
- * @param x509cert an X509CertImpl
- * @return cert string containing the certificate
- */
- private String auditInfoCertValue(X509CertImpl x509cert) {
- // if no signed audit object exists, bail
- if (mSignedAuditLogger == null) {
- return null;
- }
-
- if (x509cert == null) {
- return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
- }
-
- byte rawData[] = null;
-
- try {
- rawData = x509cert.getEncoded();
- } catch (CertificateEncodingException e) {
- return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
- }
-
- String cert = null;
-
- // convert "rawData" into "base64Data"
- if (rawData != null) {
- String base64Data = null;
-
- base64Data = Utils.base64encode(rawData).trim();
-
- // concatenate lines
- cert = base64Data.replace("\r", "").replace("\n", "");
- }
-
- if (cert != null) {
- cert = cert.trim();
-
- if (cert.equals("")) {
- return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
- } else {
- return cert;
- }
- } else {
- return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
- }
- }
}
diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/RequestProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/cert/RequestProcessor.java
index 66fe58c27..b66aec27e 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/cert/RequestProcessor.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/cert/RequestProcessor.java
@@ -392,7 +392,7 @@ public class RequestProcessor extends CertProcessor {
ILogger.SUCCESS,
auditRequesterID,
ILogger.SIGNED_AUDIT_ACCEPTANCE,
- auditInfoCertValue(theCert)));
+ theCert));
} catch (EProfileException eAudit1) {
diff --git a/base/server/cms/src/com/netscape/cms/servlet/connector/ConnectorServlet.java b/base/server/cms/src/com/netscape/cms/servlet/connector/ConnectorServlet.java
index ee60187e2..b5ccdd2e4 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/connector/ConnectorServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/connector/ConnectorServlet.java
@@ -25,7 +25,6 @@ import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.security.cert.Certificate;
-import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
@@ -62,7 +61,6 @@ import com.netscape.certsrv.request.RequestId;
import com.netscape.certsrv.request.RequestStatus;
import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cmsutil.util.Utils;
import netscape.security.x509.CRLExtensions;
import netscape.security.x509.CRLReasonExtension;
@@ -622,8 +620,9 @@ public class ConnectorServlet extends CMSServlet {
if (isProfileRequest(thisreq)) {
X509CertImpl x509cert = thisreq.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
- String auditInfoCertValue = auditInfoCertValue(x509cert);
+ String auditInfoCertValue = CertRequestProcessedEvent.auditInfoCertValue(x509cert);
+ // TODO: simplify this condition
if (auditInfoCertValue != null) {
if (!(auditInfoCertValue.equals(
ILogger.SIGNED_AUDIT_EMPTY_VALUE))) {
@@ -633,7 +632,7 @@ public class ConnectorServlet extends CMSServlet {
ILogger.SUCCESS,
auditRequesterID,
ILogger.SIGNED_AUDIT_ACCEPTANCE,
- auditInfoCertValue));
+ x509cert));
}
}
}
@@ -641,8 +640,9 @@ public class ConnectorServlet extends CMSServlet {
if (isProfileRequest(thisreq)) {
X509CertImpl x509cert = thisreq.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
- String auditInfoCertValue = auditInfoCertValue(x509cert);
+ String auditInfoCertValue = CertRequestProcessedEvent.auditInfoCertValue(x509cert);
+ // TODO: simplify this condition
if (auditInfoCertValue != null) {
if (!(auditInfoCertValue.equals(
ILogger.SIGNED_AUDIT_EMPTY_VALUE))) {
@@ -652,7 +652,7 @@ public class ConnectorServlet extends CMSServlet {
ILogger.FAILURE,
auditRequesterID,
ILogger.SIGNED_AUDIT_ACCEPTANCE,
- auditInfoCertValue));
+ x509cert));
}
}
}
@@ -1054,57 +1054,4 @@ public class ConnectorServlet extends CMSServlet {
return profileID;
}
-
- /**
- * Signed Audit Log Info Certificate Value
- *
- * This method is called to obtain the certificate from the passed in
- * "X509CertImpl" for a signed audit log message.
- * <P>
- *
- * @param x509cert an X509CertImpl
- * @return cert string containing the certificate
- */
- private String auditInfoCertValue(X509CertImpl x509cert) {
- // if no signed audit object exists, bail
- if (mSignedAuditLogger == null) {
- return null;
- }
-
- if (x509cert == null) {
- return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
- }
-
- byte rawData[] = null;
-
- try {
- rawData = x509cert.getEncoded();
- } catch (CertificateEncodingException e) {
- return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
- }
-
- String cert = null;
-
- // convert "rawData" into "base64Data"
- if (rawData != null) {
- String base64Data = null;
-
- base64Data = Utils.base64encode(rawData).trim();
-
- // concatenate lines
- cert = base64Data.replace("\r", "").replace("\n", "");
- }
-
- if (cert != null) {
- cert = cert.trim();
-
- if (cert.equals("")) {
- return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
- } else {
- return cert;
- }
- } else {
- return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
- }
- }
}
diff --git a/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java
index 74f501f59..25f7bb3e1 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java
@@ -71,7 +71,6 @@ import com.netscape.certsrv.util.IStatsSubsystem;
import com.netscape.cms.servlet.common.AuthCredentials;
import com.netscape.cms.servlet.common.CMSGateway;
import com.netscape.cms.servlet.common.ServletUtils;
-import com.netscape.cmsutil.util.Utils;
import netscape.security.x509.X509CertImpl;
@@ -1040,59 +1039,6 @@ public class CAProcessor extends Processor {
}
/**
- * Signed Audit Log Info Certificate Value
- *
- * This method is called to obtain the certificate from the passed in
- * "X509CertImpl" for a signed audit log message.
- * <P>
- *
- * @param x509cert an X509CertImpl
- * @return cert string containing the certificate
- */
- protected String auditInfoCertValue(X509CertImpl x509cert) {
- // if no signed audit object exists, bail
- if (signedAuditLogger == null) {
- return null;
- }
-
- if (x509cert == null) {
- return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
- }
-
- byte rawData[] = null;
-
- try {
- rawData = x509cert.getEncoded();
- } catch (CertificateEncodingException e) {
- return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
- }
-
- String cert = null;
-
- // convert "rawData" into "base64Data"
- if (rawData != null) {
- String base64Data = null;
-
- base64Data = Utils.base64encode(rawData).trim();
-
- // concatenate lines
- cert = base64Data.replace("\r", "").replace("\n", "");
- }
-
- if (cert != null) {
- cert = cert.trim();
-
- if (cert.equals("")) {
- return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
- } else {
- return cert;
- }
- } else {
- return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
- }
- }
-
- /**
* Signed Audit Groups
*
* This method is called to extract all "groups" associated
diff --git a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
index 28f777b81..26ca2a4cc 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
@@ -19,7 +19,6 @@ package com.netscape.cms.servlet.profile;
import java.io.InputStream;
import java.io.OutputStream;
-import java.security.cert.CertificateEncodingException;
import java.util.Enumeration;
import java.util.Locale;
@@ -671,8 +670,9 @@ public class ProfileSubmitCMCServlet extends ProfileServlet {
reqs[k].setRequestStatus(RequestStatus.COMPLETE);
X509CertImpl x509cert = reqs[k].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
- String auditInfoCertValue = auditInfoCertValue(x509cert);
+ String auditInfoCertValue = CertRequestProcessedEvent.auditInfoCertValue(x509cert);
+ // TODO: simplify this condition
if (auditInfoCertValue != null) {
if (!(auditInfoCertValue.equals(
ILogger.SIGNED_AUDIT_EMPTY_VALUE))) {
@@ -682,7 +682,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet {
ILogger.SUCCESS,
auditRequesterID,
ILogger.SIGNED_AUDIT_ACCEPTANCE,
- auditInfoCertValue));
+ x509cert));
}
}
} catch (EDeferException e) {
@@ -768,8 +768,9 @@ public class ProfileSubmitCMCServlet extends ProfileServlet {
CMS.debug("ProfileSubmitCMCServlet: provedReq set to complete");
X509CertImpl x509cert = reqs[0].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
- String auditInfoCertValue = auditInfoCertValue(x509cert);
+ String auditInfoCertValue = CertRequestProcessedEvent.auditInfoCertValue(x509cert);
+ // TODO: simplify this condition
if (auditInfoCertValue != null) {
if (!(auditInfoCertValue.equals(
ILogger.SIGNED_AUDIT_EMPTY_VALUE))) {
@@ -779,7 +780,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet {
ILogger.SUCCESS,
auditRequesterID,
ILogger.SIGNED_AUDIT_ACCEPTANCE,
- auditInfoCertValue));
+ x509cert));
}
}
} catch (ERejectException e) {
@@ -875,57 +876,4 @@ public class ProfileSubmitCMCServlet extends ProfileServlet {
return requesterID;
}
-
- /**
- * Signed Audit Log Info Certificate Value
- *
- * This method is called to obtain the certificate from the passed in
- * "X509CertImpl" for a signed audit log message.
- * <P>
- *
- * @param x509cert an X509CertImpl
- * @return cert string containing the certificate
- */
- private String auditInfoCertValue(X509CertImpl x509cert) {
- // if no signed audit object exists, bail
- if (mSignedAuditLogger == null) {
- return null;
- }
-
- if (x509cert == null) {
- return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
- }
-
- byte rawData[] = null;
-
- try {
- rawData = x509cert.getEncoded();
- } catch (CertificateEncodingException e) {
- return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
- }
-
- String cert = null;
-
- // convert "rawData" into "base64Data"
- if (rawData != null) {
- String base64Data = null;
-
- base64Data = Utils.base64encode(rawData).trim();
-
- // concatenate lines
- cert = base64Data.replace("\r", "").replace("\n", "");
- }
-
- if (cert != null) {
- cert = cert.trim();
-
- if (cert.equals("")) {
- return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
- } else {
- return cert;
- }
- } else {
- return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
- }
- }
}
diff --git a/base/server/cms/src/com/netscape/cms/servlet/request/ProcessCertReq.java b/base/server/cms/src/com/netscape/cms/servlet/request/ProcessCertReq.java
index 2bcc8ad1c..c229263dc 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/request/ProcessCertReq.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/request/ProcessCertReq.java
@@ -21,7 +21,6 @@ import java.io.IOException;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
-import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.util.Date;
import java.util.Enumeration;
@@ -935,7 +934,7 @@ public class ProcessCertReq extends CMSServlet {
ILogger.SUCCESS,
auditRequesterID,
auditInfoName,
- auditInfoCertValue(issuedCerts[i])));
+ issuedCerts[i]));
}
header.addStringValue(
"serialNumber", sbuf.toString());
@@ -1757,59 +1756,6 @@ public class ProcessCertReq extends CMSServlet {
return infoName;
}
-
- /**
- * Signed Audit Log Info Certificate Value
- *
- * This method is called to obtain the certificate from the passed in
- * "X509CertImpl" for a signed audit log message.
- * <P>
- *
- * @param x509cert an X509CertImpl
- * @return cert string containing the certificate
- */
- private String auditInfoCertValue(X509CertImpl x509cert) {
- // if no signed audit object exists, bail
- if (mSignedAuditLogger == null) {
- return null;
- }
-
- if (x509cert == null) {
- return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
- }
-
- byte rawData[] = null;
-
- try {
- rawData = x509cert.getEncoded();
- } catch (CertificateEncodingException e) {
- return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
- }
-
- String cert = null;
-
- // convert "rawData" into "base64Data"
- if (rawData != null) {
- String base64Data = null;
-
- base64Data = Utils.base64encode(rawData).trim();
-
- // concatenate lines
- cert = base64Data.replace("\r", "").replace("\n", "");
- }
-
- if (cert != null) {
- cert = cert.trim();
-
- if (cert.equals("")) {
- return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
- } else {
- return cert;
- }
- } else {
- return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
- }
- }
}
class RAReqCompletedFiller extends ImportCertsTemplateFiller {
generated by cgit (git 2.34.1) at 2025-09-16 17:48:13 +0000