Added Auditor service.

A new Auditor service has been added to replace the audit service that was
previously only available to subclasses of AdminServlet. The new service
can be used by other components including REST services. The AdminServlet
will be modified to use the Auditor service separately.

Ticket #160

3 files changed, 100 insertions, 0 deletions

diff --git a/base/common/src/com/netscape/certsrv/apps/CMS.java b/base/common/src/com/netscape/certsrv/apps/CMS.java
index 4d4577777..00d2e0653 100644
--- a/base/common/src/com/netscape/certsrv/apps/CMS.java
+++ b/base/common/src/com/netscape/certsrv/apps/CMS.java
@@ -73,6 +73,7 @@ import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.ldap.ILdapAuthInfo;
 import com.netscape.certsrv.ldap.ILdapConnFactory;
 import com.netscape.certsrv.ldap.ILdapConnInfo;
+import com.netscape.certsrv.logging.IAuditor;
 import com.netscape.certsrv.logging.ILogSubsystem;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.notification.IEmailFormProcessor;
@@ -288,6 +289,17 @@ public final class CMS {
     }
 
     /**
+     * Returns the auditor of the current server. The auditor can
+     * be used to audit critical informational or critical error
+     * messages.
+     *
+     * @return auditor
+     */
+    public static IAuditor getAuditor() {
+        return _engine.getAuditor();
+    }
+
+    /**
      * Returns the signed audit logger of the current server. This logger can
      * be used to log critical informational or critical error
      * messages.
diff --git a/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java b/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java
index 41f4c348e..f11005c07 100644
--- a/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java
+++ b/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java
@@ -64,6 +64,7 @@ import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.ldap.ILdapAuthInfo;
 import com.netscape.certsrv.ldap.ILdapConnFactory;
 import com.netscape.certsrv.ldap.ILdapConnInfo;
+import com.netscape.certsrv.logging.IAuditor;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.notification.IEmailFormProcessor;
 import com.netscape.certsrv.notification.IEmailResolver;
@@ -187,6 +188,15 @@ public interface ICMSEngine extends ISubsystem {
     public ILogger getLogger();
 
     /**
+     * Returns the auditor of the current server. The auditor can
+     * be used to audit critical informational or critical error
+     * messages.
+     *
+     * @return auditor
+     */
+    public IAuditor getAuditor();
+
+    /**
      * Returns the signed audit logger of the current server. This logger can
      * be used to log critical informational or critical error
      * messages.
diff --git a/base/common/src/com/netscape/certsrv/logging/IAuditor.java b/base/common/src/com/netscape/certsrv/logging/IAuditor.java
new file mode 100644
index 000000000..a93622596
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/logging/IAuditor.java
@@ -0,0 +1,78 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2012 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+package com.netscape.certsrv.logging;
+
+import java.util.Map;
+
+/**
+ * @author Endi S. Dewata
+ */
+public interface IAuditor {
+
+    public final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE =
+            "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
+
+    public final static String SIGNED_AUDIT_SCOPE = "Scope";
+    public final static String SIGNED_AUDIT_OPERATION = "Operation";
+    public final static String SIGNED_AUDIT_RESOURCE = "Resource";
+    public final static String SIGNED_AUDIT_RULENAME = "RULENAME";
+    public final static String SIGNED_AUDIT_PASSWORD_VALUE = "********";
+    public final static String SIGNED_AUDIT_EMPTY_NAME_VALUE_PAIR = "Unknown";
+    public final static String SIGNED_AUDIT_NAME_VALUE_DELIMITER = ";;";
+    public final static String SIGNED_AUDIT_NAME_VALUE_PAIRS_DELIMITER = "+";
+
+    /**
+     * Get signed audit log subject ID
+     *
+     * This method is called to obtain the "SubjectID" for
+     * a signed audit log message.
+     *
+     * @return id string containing the signed audit log message SubjectID
+     */
+    public String getSubjectID();
+
+    /**
+     * Get signed audit groups
+     *
+     * This method is called to extract all "groups" associated
+     * with the "auditSubjectID()".
+     * <P>
+     *
+     * @param subjectID string containing the signed audit log message SubjectID
+     * @return a delimited string of groups associated
+     *         with the "auditSubjectID()"
+     */
+    public String getGroups(String subjectID);
+
+        /**
+     * Get signed audit parameters as a string.
+     *
+     * This method is called to convert parameters into a
+     * string of name;;value pairs separated by a '+'
+     * if more than one name;;value pair exists.
+     *
+     * @return a delimited string of one or more delimited name/value pairs
+     */
+    public String getParamString(String scope, String type, String id, Map<String, String> params);
+
+    /**
+     * Log audit message.
+     */
+    public void log(String message);
+}
\ No newline at end of file