Encapsulate key retrieval audit events

Key retrieval is when the key/secret is extracted and returned to the client (once the recovery request is approved). We combine SECURITY_DATA_RETRIEVE_KEY and a couple of older EXPORT events. Note: an analysis of the key retrieval rest flow (and the auditing there will be done in a subsequent patch). Change-Id: Ibd897772fef154869a721fda55ff7498210ca03c
author: Ade Lee <alee@redhat.com> 2017-05-18 01:27:12 -0400
committer: Ade Lee <alee@redhat.com> 2017-05-23 14:46:23 -0400
commit: 0df4ba1372e0a5942806fda3b56f0b9ea70c6e05 (patch)
tree: 0bea33ebd55f5f7797a3b5d992763277e900ed72 /base/common/src
parent: f52f5be832e37cc45e665708d3b59d2a3aa04370 (diff)
download: pki-0df4ba1372e0a5942806fda3b56f0b9ea70c6e05.tar.gz
pki-0df4ba1372e0a5942806fda3b56f0b9ea70c6e05.tar.xz
pki-0df4ba1372e0a5942806fda3b56f0b9ea70c6e05.zip
2 files changed, 70 insertions, 6 deletions
diff --git a/base/common/src/com/netscape/certsrv/logging/AuditEvent.java b/base/common/src/com/netscape/certsrv/logging/AuditEvent.java
index 03340e168..45907d0b7 100644
--- a/base/common/src/com/netscape/certsrv/logging/AuditEvent.java
+++ b/base/common/src/com/netscape/certsrv/logging/AuditEvent.java
@@ -72,10 +72,6 @@ public class AuditEvent implements IBundleLogEvent {
     public final static String LOG_PATH_CHANGE =
             "LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE_4";
 
-    public final static String PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS =
-            "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4";
-    public final static String PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE =
-            "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4";
     public final static String SERVER_SIDE_KEYGEN_REQUEST =
             "LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST_3";
     public final static String SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS =
@@ -170,8 +166,6 @@ public class AuditEvent implements IBundleLogEvent {
 
     public static final String SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE =
             "LOGGING_SIGNED_AUDIT_SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE_4";
-    public final static String SECURITY_DATA_RETRIEVE_KEY =
-            "LOGGING_SIGNED_AUDIT_SECURITY_DATA_RETRIEVE_KEY_5";
     public final static String KEY_STATUS_CHANGE =
             "LOGGING_SIGNED_AUDIT_KEY_STATUS_CHANGE_6";
     public final static String SYMKEY_GENERATION_REQUEST_PROCESSED =
diff --git a/base/common/src/com/netscape/certsrv/logging/event/SecurityDataExportEvent.java b/base/common/src/com/netscape/certsrv/logging/event/SecurityDataExportEvent.java
new file mode 100644
index 000000000..a2c7939dc
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/logging/event/SecurityDataExportEvent.java
@@ -0,0 +1,70 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2017 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.logging.event;
+
+import com.netscape.certsrv.dbs.keydb.KeyId;
+import com.netscape.certsrv.logging.AuditEvent;
+import com.netscape.certsrv.request.RequestId;
+
+public class SecurityDataExportEvent extends AuditEvent {
+
+    private static final long serialVersionUID = 1L;
+
+    private static final String LOGGING_PROPERTY =
+            "LOGGING_SIGNED_AUDIT_SECURITY_DATA_EXPORT_KEY";
+
+    public SecurityDataExportEvent(
+            String subjectID,
+            String outcome,
+            RequestId recoveryID,
+            KeyId keyID,
+            String failureReason,
+            String pubKey) {
+
+        super(LOGGING_PROPERTY);
+
+        setParameters(new Object[] {
+                subjectID,
+                outcome,
+                recoveryID,
+                keyID,
+                failureReason,
+                pubKey
+        });
+    }
+
+    public SecurityDataExportEvent(
+            String subjectID,
+            String outcome,
+            String recoveryID,
+            KeyId keyID,
+            String failureReason,
+            String pubKey) {
+
+        super(LOGGING_PROPERTY);
+
+        setParameters(new Object[] {
+                subjectID,
+                outcome,
+                recoveryID,
+                keyID,
+                failureReason,
+                pubKey
+        });
+    }
+}
+\ No newline at end of file
author	Ade Lee <alee@redhat.com>	2017-05-18 01:27:12 -0400
committer	Ade Lee <alee@redhat.com>	2017-05-23 14:46:23 -0400
commit	0df4ba1372e0a5942806fda3b56f0b9ea70c6e05 (patch)
tree	0bea33ebd55f5f7797a3b5d992763277e900ed72 /base/common/src
parent	f52f5be832e37cc45e665708d3b59d2a3aa04370 (diff)
download	pki-0df4ba1372e0a5942806fda3b56f0b9ea70c6e05.tar.gz pki-0df4ba1372e0a5942806fda3b56f0b9ea70c6e05.tar.xz pki-0df4ba1372e0a5942806fda3b56f0b9ea70c6e05.zip