Added DELTA_CRL_GENERATION audit event.

A new DELTA_CRL_GENERATION audit event has been added which will be generated when delta CRL generation is complete. https://pagure.io/dogtagpki/issue/2651 Change-Id: Ic4759ac2d90b6915443587708292d0f51e11345f
author: Endi S. Dewata <edewata@redhat.com> 2017-05-18 19:38:20 +0200
committer: Endi S. Dewata <edewata@redhat.com> 2017-05-26 22:12:47 +0200
commit: e3f64ea8ca4ec231a954076a7f6b05dfc626ff1b (patch)
tree: ebd22b0d5a74eb4f59799adc950818bd01f0f4e9 /base/ca/src
parent: 2866f6195eb49012cf7c42089a9fbf1be819129a (diff)
download: pki-e3f64ea8ca4ec231a954076a7f6b05dfc626ff1b.tar.gz
pki-e3f64ea8ca4ec231a954076a7f6b05dfc626ff1b.tar.xz
pki-e3f64ea8ca4ec231a954076a7f6b05dfc626ff1b.zip
1 files changed, 51 insertions, 18 deletions
diff --git a/base/ca/src/com/netscape/ca/CRLIssuingPoint.java b/base/ca/src/com/netscape/ca/CRLIssuingPoint.java
index cbcdc695b..ff157b50d 100644
--- a/base/ca/src/com/netscape/ca/CRLIssuingPoint.java
+++ b/base/ca/src/com/netscape/ca/CRLIssuingPoint.java
@@ -51,8 +51,10 @@ import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
 import com.netscape.certsrv.dbs.certdb.IRevocationInfo;
 import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord;
 import com.netscape.certsrv.dbs.crldb.ICRLRepository;
+import com.netscape.certsrv.logging.AuditEvent;
 import com.netscape.certsrv.logging.AuditFormat;
 import com.netscape.certsrv.logging.ILogger;
+import com.netscape.certsrv.logging.event.DeltaCRLGenerationEvent;
 import com.netscape.certsrv.publish.ILdapRule;
 import com.netscape.certsrv.publish.IPublisherProcessor;
 import com.netscape.certsrv.request.IRequest;
@@ -2758,8 +2760,9 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
             if (mConfigStore.getBoolean("noCRLIfNoRevokedCert", false)) {
                 if (deltaCRLCerts.size() == 0) {
                     CMS.debug("CRLIssuingPoint: No Revoked Certificates Found And noCRLIfNoRevokedCert is set to true - No Delta CRL Generated");
-                    throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
-                            "No Revoked Certificates"));
+                    mDeltaCRLSize = -1;
+                    audit(DeltaCRLGenerationEvent.createSuccessEvent(getAuditSubjectID(), "No Revoked Certificates"));
+                    return;
                 }
             }
 
@@ -2804,30 +2807,21 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
                     }
             );
 
+            audit(DeltaCRLGenerationEvent.createSuccessEvent(getAuditSubjectID(), mCRLNumber));
+
         } catch (EBaseException e) {
             CMS.debug(e);
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_OR_STORE_DELTA", e.toString()));
             mDeltaCRLSize = -1;
+            audit(DeltaCRLGenerationEvent.createFailureEvent(getAuditSubjectID(), e.getMessage()));
+            return;
 
-        } catch (NoSuchAlgorithmException e) {
-            CMS.debug(e);
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
-            mDeltaCRLSize = -1;
-
-        } catch (CRLException e) {
-            CMS.debug(e);
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
-            mDeltaCRLSize = -1;
-
-        } catch (X509ExtensionException e) {
-            CMS.debug(e);
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
-            mDeltaCRLSize = -1;
-
-        } catch (OutOfMemoryError e) {
+        } catch (Throwable e) {
             CMS.debug(e);
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
             mDeltaCRLSize = -1;
+            audit(DeltaCRLGenerationEvent.createFailureEvent(getAuditSubjectID(), e.getMessage()));
+            return;
         }
 
         try {
@@ -3186,6 +3180,45 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
             }
         }
     }
+
+    String getAuditSubjectID() {
+
+        SessionContext context = SessionContext.getExistingContext();
+
+        if (context == null) {
+            return ILogger.UNIDENTIFIED;
+        }
+
+        String subjectID = (String)context.get(SessionContext.USER_ID);
+
+        if (subjectID == null) {
+            if (Thread.currentThread() == mUpdateThread) {
+                return ILogger.SYSTEM_UID;
+
+            } else {
+                return ILogger.NONROLEUSER;
+            }
+        }
+
+        return subjectID.trim();
+    }
+
+    void audit(AuditEvent event) {
+
+        ILogger logger = CMS.getSignedAuditLogger();
+        if (logger == null) return;
+
+        String messageID = event.getMessage();
+        Object[] params = event.getParameters();
+
+        String message = CMS.getLogMessage(messageID, params);
+
+        logger.log(ILogger.EV_SIGNED_AUDIT,
+                null,
+                ILogger.S_SIGNED_AUDIT,
+                ILogger.LL_SECURITY,
+                message);
+    }
 }
 
 class CertRecProcessor implements IElementProcessor {
author	Endi S. Dewata <edewata@redhat.com>	2017-05-18 19:38:20 +0200
committer	Endi S. Dewata <edewata@redhat.com>	2017-05-26 22:12:47 +0200
commit	e3f64ea8ca4ec231a954076a7f6b05dfc626ff1b (patch)
tree	ebd22b0d5a74eb4f59799adc950818bd01f0f4e9 /base/ca/src
parent	2866f6195eb49012cf7c42089a9fbf1be819129a (diff)
download	pki-e3f64ea8ca4ec231a954076a7f6b05dfc626ff1b.tar.gz pki-e3f64ea8ca4ec231a954076a7f6b05dfc626ff1b.tar.xz pki-e3f64ea8ca4ec231a954076a7f6b05dfc626ff1b.zip