diff options
| author | vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-06-07 04:38:49 +0000 |
|---|---|---|
| committer | vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-06-07 04:38:49 +0000 |
| commit | 4a7cd900f0f7cda8a44d11baf88fe15075e1d941 (patch) | |
| tree | 582c72cc78e7a48f6ecc65b8102d0c7623edb8e6 | |
| parent | 4aa0cc3ed8294117293c59d1dce48304c8033f7c (diff) | |
| download | pki-4a7cd900f0f7cda8a44d11baf88fe15075e1d941.tar.gz pki-4a7cd900f0f7cda8a44d11baf88fe15075e1d941.tar.xz pki-4a7cd900f0f7cda8a44d11baf88fe15075e1d941.zip | |
Bugzilla BZ 707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2017 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
7 files changed, 368 insertions, 24 deletions
diff --git a/pki/base/ca/shared/conf/CS.cfg.in b/pki/base/ca/shared/conf/CS.cfg.in index 8a0802161..289f65147 100644 --- a/pki/base/ca/shared/conf/CS.cfg.in +++ b/pki/base/ca/shared/conf/CS.cfg.in @@ -885,11 +885,11 @@ log.instance.SignedAudit._001=## Signed Audit Logging log.instance.SignedAudit._002=## log.instance.SignedAudit._003=## log.instance.SignedAudit._004=## Available Audit events: -log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION +log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,SECURITY_DOMAIN_UPDATE,CONFIG_SERIAL_NUMBER log.instance.SignedAudit._006=## log.instance.SignedAudit.bufferSize=512 log.instance.SignedAudit.enable=true -log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION +log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,SECURITY_DOMAIN_UPDATE,CONFIG_SERIAL_NUMBER log.instance.SignedAudit.expirationTime=0 log.instance.SignedAudit.fileName=[PKI_INSTANCE_PATH]/logs/signedAudit/ca_audit log.instance.SignedAudit.flushInterval=5 diff --git a/pki/base/common/src/LogMessages.properties b/pki/base/common/src/LogMessages.properties index 7a31e66d8..fada5eb88 100644 --- a/pki/base/common/src/LogMessages.properties +++ b/pki/base/common/src/LogMessages.properties @@ -2363,6 +2363,25 @@ LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE_8=<type=ENCRYPT_DATA # # # +# LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE +# - used when updating contents of security domain +# (add/remove a subsystem) +# ParamNameValPairs must be a name;;value pair +# (where name and value are separated by the delimiter ;;) +# separated by + (if more than one name;;value pair) of config params changed +# +LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1=<type=SECURITY_DOMAIN_UPDATE>:[AuditEvent=SECURITY_DOMAIN_UPDATE][SubjectID={0}][Outcome={1}][ParamNameValPairs={2}] security domain update +# +# +# +# LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER +# - used when configuring serial number ranges +# (when requesting a serial number range when cloning, for example) +# ParamNameValPairs must be a name;;value pair +# (where name and value are separated by the delimiter ;;) +# separated by + (if more than one name;;value pair) of config params changed +# +LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1=<type=CONFIG_SERIAL_NUMBER>:[AuditEvent=CONFIG_SERIAL_NUMBER][SubjectID={0}][Outcome={1}][ParamNameValPairs={2}] serial number range update ########################### diff --git a/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java b/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java index 1445d285c..7898ce2c1 100644 --- a/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java +++ b/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java @@ -37,12 +37,19 @@ import java.util.*; */ public class SubsystemGroupUpdater implements IProfileUpdater { - public IProfile mProfile = null; - public EnrollProfile mEnrollProfile = null; - public IConfigStore mConfig = null; - public ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - public Vector mConfigNames = new Vector(); - public Vector mValueNames = new Vector(); + private IProfile mProfile = null; + private EnrollProfile mEnrollProfile = null; + private IConfigStore mConfig = null; + private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); + private Vector mConfigNames = new Vector(); + private Vector mValueNames = new Vector(); + + private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = + "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + private final static String SIGNED_AUDIT_PASSWORD_VALUE = "********"; + private final static String SIGNED_AUDIT_EMPTY_NAME_VALUE_PAIR = "Unknown"; + private final static String SIGNED_AUDIT_NAME_VALUE_DELIMITER = ";;"; + private final static String SIGNED_AUDIT_NAME_VALUE_PAIRS_DELIMITER = "+"; public SubsystemGroupUpdater() { } @@ -90,7 +97,10 @@ public class SubsystemGroupUpdater implements IProfileUpdater { public void update(IRequest req, RequestStatus status) throws EProfileException { - + + String auditMessage = null; + String auditSubjectID = auditSubjectID(); + CMS.debug("SubsystemGroupUpdater update starts"); if (status != req.getRequestStatus()) { return; @@ -126,6 +136,11 @@ public class SubsystemGroupUpdater implements IProfileUpdater { mainConfig.commit(false); } catch (Exception e) { } + String auditParams = "Scope;;users+Operation;;OP_ADD+source;;SubsystemGroupUpdater" + + "+Resource;;"+ id + + "+fullname;;" + id + + "+state;;1" + + "+userType;;agentType+email;;<null>+password;;<null>+phone;;<null>"; IUser user = null; CMS.debug("SubsystemGroupUpdater adduser"); @@ -140,32 +155,108 @@ public class SubsystemGroupUpdater implements IProfileUpdater { X509CertImpl[] certs = new X509CertImpl[1]; certs[0] = cert; user.setX509Certificates(certs); + system.addUser(user); CMS.debug("SubsystemGroupUpdater update: successfully add the user"); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); + audit(auditMessage); + + String b64 = ILogger.SIGNED_AUDIT_EMPTY_VALUE; + try { + byte[] certEncoded = cert.getEncoded(); + b64 = CMS.BtoA(certEncoded).trim(); + + // extract all line separators + StringBuffer sb = new StringBuffer(); + for (int i = 0; i < b64.length(); i++) { + if (!Character.isWhitespace(b64.charAt(i))) { + sb.append(b64.charAt(i)); + } + } + b64 = sb.toString(); + } catch (Exception ence) { + CMS.debug("SubsystemGroupUpdater update: user cert encoding failed: " + ence); + } + + auditParams = "Scope;;certs+Operation;;OP_ADD+source;;SubsystemGroupUpdater" + + "+Resource;;"+ id + + "+cert;;"+ b64; + system.addUserCert(user); CMS.debug("SubsystemGroupUpdater update: successfully add the user certificate"); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); + audit(auditMessage); } catch (LDAPException e) { CMS.debug("UpdateSubsystemGroup: update " + e.toString()); if (e.getLDAPResultCode() != LDAPException.ENTRY_ALREADY_EXISTS) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams); + audit(auditMessage); throw new EProfileException(e.toString()); } } catch (Exception e) { CMS.debug("UpdateSubsystemGroup: update addUser " + e.toString()); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams); + audit(auditMessage); throw new EProfileException(e.toString()); } IGroup group = null; String groupName = "Subsystem Group"; + auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;SubsystemGroupUpdater" + + "+Resource;;"+ groupName; try { group = system.getGroupFromName(groupName); + + auditParams += "+user;;"; + Enumeration members = group.getMemberNames(); + while (members.hasMoreElements()) { + auditParams += (String) members.nextElement(); + if (members.hasMoreElements()) { + auditParams +=","; + } + } + if (!group.isMember(id)) { + auditParams += "," + id; group.addMemberName(id); system.modifyGroup(group); + + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); + audit(auditMessage); + CMS.debug("UpdateSubsystemGroup: update: successfully added the user to the group."); + } else { + CMS.debug("UpdateSubsystemGroup: update: user already a member of the group"); } } catch (Exception e) { CMS.debug("UpdateSubsystemGroup update: modifyGroup " + e.toString()); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams); + audit(auditMessage); } } @@ -176,4 +267,41 @@ public class SubsystemGroupUpdater implements IProfileUpdater { public String getText(Locale locale) { return CMS.getUserMessage(locale, "CMS_PROFILE_UPDATER_SUBSYSTEM_TEXT"); } + + private void audit(String msg) { + if (mSignedAuditLogger == null) { + return; + } + + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); + } + + private String auditSubjectID() { + if (mSignedAuditLogger == null) { + return null; + } + + String subjectID = null; + + // Initialize subjectID + SessionContext auditContext = SessionContext.getExistingContext(); + + if (auditContext != null) { + subjectID = (String) + auditContext.get(SessionContext.USER_ID); + + if (subjectID != null) { + subjectID = subjectID.trim(); + } else { + subjectID = ILogger.NONROLEUSER; + } + } else { + subjectID = ILogger.UNIDENTIFIED; + } + return subjectID; + } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java index 2bc5f94fc..e7a1286c0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java @@ -65,6 +65,9 @@ public class RegisterUser extends CMSServlet { private final static String FAILED = "1"; private final static String AUTH_FAILURE = "2"; private String mGroupName = null; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = + "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + public RegisterUser() { super(); @@ -143,6 +146,14 @@ public class RegisterUser extends CMSServlet { CMS.debug("RegisterUser got name=" + name); CMS.debug("RegisterUser got certsString=" + certsString); + String auditMessage = null; + String auditSubjectID = auditSubjectID(); + String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" + + "+Resource;;"+ uid + + "+fullname;;"+ name + + "+state;;1" + + "+userType;;<null>+email;;<null>+password;;<null>+phone;;<null>"; + IUGSubsystem ugsys = (IUGSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_UG); IUser user = null; @@ -187,29 +198,95 @@ public class RegisterUser extends CMSServlet { user.setEmail(""); user.setPhone(""); user.setPassword(""); + ugsys.addUser(user); CMS.debug("RegisterUser created user " + uid); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); + audit(auditMessage); } + // extract all line separators + StringBuffer sb = new StringBuffer(); + for (int i = 0; i < certsString.length(); i++) { + if (!Character.isWhitespace(certsString.charAt(i))) { + sb.append(certsString.charAt(i)); + } + } + certsString = sb.toString(); + + auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" + + "+Resource;;"+ uid + + "+cert;;"+certsString; + user.setX509Certificates(certs); if (!foundByCert) { ugsys.addUserCert(user); CMS.debug("RegisterUser added user certificate"); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); + audit(auditMessage); } else CMS.debug("RegisterUser no need to add user certificate"); - } catch (Exception eee) { + } catch (Exception eee) { CMS.debug("RegisterUser error " + eee.toString()); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams); + + audit(auditMessage); outputError(httpResp, "Error: Certificate malformed"); return; } // add user to the group - Enumeration groups = ugsys.findGroups(mGroupName); - IGroup group = (IGroup)groups.nextElement(); - group.addMemberName(user.getUserID()); - ugsys.modifyGroup(group); - CMS.debug("RegisterUser modified group"); + auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;RegisterUser" + + "+Resource;;"+ mGroupName; + try { + Enumeration groups = ugsys.findGroups(mGroupName); + IGroup group = (IGroup)groups.nextElement(); + + auditParams += "+user;;"; + Enumeration members = group.getMemberNames(); + while (members.hasMoreElements()) { + auditParams += (String) members.nextElement(); + if (members.hasMoreElements()) { + auditParams +=","; + } + } + + if (!group.isMember(user.getUserID())) { + auditParams += "," + user.getUserID(); + group.addMemberName(user.getUserID()); + ugsys.modifyGroup(group); + CMS.debug("RegisterUser modified group"); + + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); + + audit(auditMessage); + } + } catch (Exception e) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams); + + audit(auditMessage); + } // send success status back to the requestor try { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java index 6de314284..78763dfb2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java @@ -54,6 +54,10 @@ public class UpdateDomainXML extends CMSServlet { private final static String SUCCESS = "0"; private final static String FAILED = "1"; + private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = + "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = + "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; public UpdateDomainXML() { super(); @@ -194,6 +198,7 @@ public class UpdateDomainXML extends CMSServlet { protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateDomainXML: processing..."); String status = SUCCESS; + String status2 = SUCCESS; HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -264,16 +269,31 @@ public class UpdateDomainXML extends CMSServlet { if ((sport == null) || sport.equals("")) { missing += " sport "; } + if ((type == null) || type.equals("")) { + missing += " type "; + } if ((clone == null) || clone.equals("")) { clone = "false"; } if (! missing.equals("")) { - CMS.debug("UpdateDomainXML process: required parameters:" + missing + "not provided in request"); - outputError(httpResp, "Error: required parameters: " + missing + "not provided in request"); + CMS.debug("UpdateDomainXML process: required parameters:" + missing + + "not provided in request"); + outputError(httpResp, "Error: required parameters: " + missing + + "not provided in request"); return; } + String auditMessage = null; + String auditSubjectID = auditSubjectID(); + String auditParams = "host;;"+host+"+name;;"+name+"+sport;;"+sport+ + "+clone;;"+clone+"+type;;"+type; + if (operation != null) { + auditParams += "+operation;;"+operation; + } else { + auditParams += "+operation;;add"; + } + String basedn = null; String secstore = null; @@ -340,21 +360,53 @@ public class UpdateDomainXML extends CMSServlet { } else { adminUserDN = "uid=" + type + "-" + host + "-" + sport + ",ou=People," + basedn; } + String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML" + + "+resource;;"+adminUserDN; if (status.equals(SUCCESS)) { - // remove the client cert for this subsystem's admin - status = remove_from_ldap(adminUserDN); - if (status.equals(SUCCESS)) { + // remove the user for this subsystem's admin + status2 = remove_from_ldap(adminUserDN); + if (status2.equals(SUCCESS)) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + userAuditParams); + audit(auditMessage); + // remove this user from the subsystem group + userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER" + + "+source;;UpdateDomainXML" + + "+resource;;Subsystem Group+user;;"+adminUserDN; dn = "cn=Subsystem Group, ou=groups," + basedn; LDAPModification mod = new LDAPModification(LDAPModification.DELETE, new LDAPAttribute("uniqueMember", adminUserDN)); - status = modify_ldap(dn, mod); + status2 = modify_ldap(dn, mod); + if (status2.equals(SUCCESS)) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + userAuditParams); + } else { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + userAuditParams); + } + audit(auditMessage); + } else { // error deleting user + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + userAuditParams); + audit(auditMessage); } } } else { status = add_to_ldap(entry, dn); } - } else { // update the domain.xml file @@ -439,8 +491,31 @@ public class UpdateDomainXML extends CMSServlet { CMS.debug("Failed to update domain.xml file" + e.toString()); status = FAILED; } + } + if (status.equals(SUCCESS)) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); + } else { + // what if already exists or already deleted + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, + auditSubjectID, + ILogger.FAILURE, + auditParams); + } + audit(auditMessage); + + if (status.equals(SUCCESS) && status2.equals(SUCCESS)) { + status = SUCCESS; + } else { + status = FAILED; + } + try { // send success status back to the requestor CMS.debug("UpdateDomainXML: Sending response"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java index 890d6dfb1..77650dbfd 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java @@ -58,6 +58,8 @@ public class UpdateNumberRange extends CMSServlet { private final static String SUCCESS = "0"; private final static String FAILED = "1"; private final static String AUTH_FAILURE = "2"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER = + "LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1"; public UpdateNumberRange() { super(); @@ -116,11 +118,17 @@ public class UpdateNumberRange extends CMSServlet { return; } + String auditMessage = null; + String auditSubjectID = auditSubjectID(); + String auditParams = "source;;updateNumberRange"; + try { String type = httpReq.getParameter("type"); IConfigStore cs = CMS.getConfigStore(); String cstype = cs.getString("cs.type", ""); + auditParams += "+type;;" + type; + BigInteger beginNum = null; BigInteger endNum = null; BigInteger oneNum = new BigInteger("1"); @@ -201,6 +209,12 @@ public class UpdateNumberRange extends CMSServlet { if (endNum2 == null) { CMS.debug("UpdateNumberRange::process() - " + "Unused requests less than cloneTransferNumber!" ); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, + auditSubjectID, + ILogger.FAILURE, + auditParams); + audit(auditMessage); return; } else { CMS.debug("Transferring from the end of on-deck range"); @@ -221,12 +235,24 @@ public class UpdateNumberRange extends CMSServlet { if( beginNum == null ) { CMS.debug( "UpdateNumberRange::process() - " + "beginNum is null!" ); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, + auditSubjectID, + ILogger.FAILURE, + auditParams); + audit(auditMessage); return; } if( endNum == null ) { CMS.debug( "UpdateNumberRange::process() - " + "endNum is null!" ); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, + auditSubjectID, + ILogger.FAILURE, + auditParams); + audit(auditMessage); return; } @@ -249,8 +275,27 @@ public class UpdateNumberRange extends CMSServlet { outputResult(httpResp, "application/xml", cb); cs.commit(false); + + auditParams += "+beginNumber;;" + beginNum.toString(radix) + + "+endNumber;;" + endNum.toString(radix); + + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, + auditSubjectID, + ILogger.SUCCESS, + auditParams); + audit(auditMessage); + } catch (Exception e) { CMS.debug("UpdateNumberRange: Failed to update number range. Exception: "+e.toString()); + + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, + auditSubjectID, + ILogger.FAILURE, + auditParams); + audit(auditMessage); + outputError(httpResp, "Error: Failed to update number range."); } } diff --git a/pki/base/kra/shared/conf/CS.cfg.in b/pki/base/kra/shared/conf/CS.cfg.in index 0fc2b1e58..9332d119e 100644 --- a/pki/base/kra/shared/conf/CS.cfg.in +++ b/pki/base/kra/shared/conf/CS.cfg.in @@ -265,11 +265,11 @@ log.instance.SignedAudit._001=## Signed Audit Logging log.instance.SignedAudit._002=## log.instance.SignedAudit._003=## log.instance.SignedAudit._004=## Available Audit events: -log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION +log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,CONFIG_SERIAL_NUMBER log.instance.SignedAudit._006=## log.instance.SignedAudit.bufferSize=512 log.instance.SignedAudit.enable=true -log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION +log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,CONFIG_SERIAL_NUMBER log.instance.SignedAudit.expirationTime=0 log.instance.SignedAudit.fileName=[PKI_INSTANCE_PATH]/logs/signedAudit/kra_cert-kra_audit log.instance.SignedAudit.flushInterval=5 |