diff options
author | Ade Lee <alee@redhat.com> | 2017-05-16 17:29:45 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2017-05-23 14:31:54 -0400 |
commit | 1c8c61ef235bb57e744e9a8cfa5e1ff0cebb06a2 (patch) | |
tree | 67efbe323389114660ae79e918c9e621d61f86d7 /base/ca | |
parent | 3249ddc2c19f6f5ded11823b345c9c58bae4750b (diff) | |
download | pki-1c8c61ef235bb57e744e9a8cfa5e1ff0cebb06a2.tar.gz pki-1c8c61ef235bb57e744e9a8cfa5e1ff0cebb06a2.tar.xz pki-1c8c61ef235bb57e744e9a8cfa5e1ff0cebb06a2.zip |
Encapsulate the archival audit log
This patch encapsulates the SECURITY_DATA_ARCHIVAL_REQUEST and
PRIVATE_DATA_ARCHIVAL_REQUEST audit logs as audit events.
The PRIVATE_DATA_ARCHIVAL_REQUEST events are mapped to the
SECURITY_DATA ones to simplify the whole structure. They
used to provide an archivalID parameter which was pretty much
meaningless as it was at best just the same as the request id
which is alreadty logged. So this is now dropped.
Change-Id: I705d25ce716c73f2c954c5715b0aafdad80b99d2
Diffstat (limited to 'base/ca')
-rw-r--r-- | base/ca/src/com/netscape/ca/CAService.java | 45 |
1 files changed, 12 insertions, 33 deletions
diff --git a/base/ca/src/com/netscape/ca/CAService.java b/base/ca/src/com/netscape/ca/CAService.java index 2ad196720..45fae66d4 100644 --- a/base/ca/src/com/netscape/ca/CAService.java +++ b/base/ca/src/com/netscape/ca/CAService.java @@ -52,6 +52,7 @@ import com.netscape.certsrv.dbs.certdb.ICertRecordList; import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord; import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; +import com.netscape.certsrv.logging.event.SecurityDataArchivalEvent; import com.netscape.certsrv.profile.EProfileException; import com.netscape.certsrv.profile.IProfile; import com.netscape.certsrv.profile.IProfileSubsystem; @@ -368,10 +369,8 @@ public class CAService implements ICAService, IService { * @return true or false */ public boolean serviceRequest(IRequest request) { - String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(); - String auditArchiveID = ILogger.SIGNED_AUDIT_NON_APPLICABLE; boolean completed = false; @@ -392,7 +391,7 @@ public class CAService implements ICAService, IService { request.setExtData(IRequest.RESULT, IRequest.RES_ERROR); request.setExtData(IRequest.ERROR, e.toString()); - audit(auditMessage); + // TODO(alee) New audit message needed here return false; } @@ -420,14 +419,10 @@ public class CAService implements ICAService, IService { CMS.debug("CAService: Sending enrollment request to KRA"); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.PRIVATE_KEY_ARCHIVE_REQUEST, + audit(new SecurityDataArchivalEvent( auditSubjectID, ILogger.SUCCESS, - auditRequesterID, - auditArchiveID); - - audit(auditMessage); + auditRequesterID)); boolean sendStatus = mKRAConnector.send(request); @@ -439,14 +434,10 @@ public class CAService implements ICAService, IService { new ECAException(CMS.getUserMessage("CMS_CA_SEND_KRA_REQUEST"))); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.PRIVATE_KEY_ARCHIVE_REQUEST, + audit(new SecurityDataArchivalEvent( auditSubjectID, ILogger.FAILURE, - auditRequesterID, - auditArchiveID); - - audit(auditMessage); + auditRequesterID)); return true; } else { @@ -457,14 +448,10 @@ public class CAService implements ICAService, IService { } if (request.getExtDataInString(IRequest.ERROR) != null) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.PRIVATE_KEY_ARCHIVE_REQUEST, + audit(new SecurityDataArchivalEvent( auditSubjectID, ILogger.FAILURE, - auditRequesterID, - auditArchiveID); - - audit(auditMessage); + auditRequesterID)); return true; } @@ -484,14 +471,10 @@ public class CAService implements ICAService, IService { // store a message in the signed audit log file if (!(type.equals(IRequest.REVOCATION_REQUEST) || type.equals(IRequest.UNREVOCATION_REQUEST) || type.equals(IRequest.CMCREVOKE_REQUEST))) { - auditMessage = CMS.getLogMessage( - AuditEvent.PRIVATE_KEY_ARCHIVE_REQUEST, + audit(new SecurityDataArchivalEvent( auditSubjectID, ILogger.FAILURE, - auditRequesterID, - auditArchiveID); - - audit(auditMessage); + auditRequesterID)); } return true; @@ -504,14 +487,10 @@ public class CAService implements ICAService, IService { if (!(type.equals(IRequest.REVOCATION_REQUEST) || type.equals(IRequest.UNREVOCATION_REQUEST) || type.equals(IRequest.CMCREVOKE_REQUEST))) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.PRIVATE_KEY_ARCHIVE_REQUEST, + audit(new SecurityDataArchivalEvent( auditSubjectID, ILogger.SUCCESS, - auditRequesterID, - auditArchiveID); - - audit(auditMessage); + auditRequesterID)); } return completed; |