summaryrefslogtreecommitdiffstats
path: root/base/kra/src/com/netscape
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2017-05-17 14:10:37 -0400
committerAde Lee <alee@redhat.com>2017-05-23 14:32:48 -0400
commit58927bc0573769480dd35b564b9791eb086b267e (patch)
tree6c3b9d2d86b624b894ebf94e424d33f1873ed445 /base/kra/src/com/netscape
parent90f6d8ece46d70a3566b97b549efb1053895f407 (diff)
downloadpki-58927bc0573769480dd35b564b9791eb086b267e.tar.gz
pki-58927bc0573769480dd35b564b9791eb086b267e.tar.xz
pki-58927bc0573769480dd35b564b9791eb086b267e.zip
Encapsulate recovery processed audit events
This creates audit events for KEY_RECOVERY_PROCESSED and SECURITY_DATA_RECOVERY_PROCESSED audit logs. We simplify by reducing the logs to the SECURITY_DATA ones. Change-Id: I75968799dec48d1f056ba15f8125d3bd031f31bb
Diffstat (limited to 'base/kra/src/com/netscape')
-rw-r--r--base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java94
-rw-r--r--base/kra/src/com/netscape/kra/SecurityDataProcessor.java45
-rw-r--r--base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java182
3 files changed, 130 insertions, 191 deletions
diff --git a/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java b/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java
index 8f86eefe2..670279e38 100644
--- a/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java
+++ b/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java
@@ -62,6 +62,7 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.logging.event.SecurityDataArchivalEvent;
import com.netscape.certsrv.logging.event.SecurityDataArchivalProcessedEvent;
import com.netscape.certsrv.logging.event.SecurityDataRecoveryEvent;
+import com.netscape.certsrv.logging.event.SecurityDataRecoveryProcessedEvent;
import com.netscape.certsrv.request.ARequestNotifier;
import com.netscape.certsrv.request.IPolicy;
import com.netscape.certsrv.request.IRequest;
@@ -980,7 +981,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove
* @param kid key identifier
* @param creds list of recovery agent credentials
* @param password password of the PKCS12 package
- * @param cert certficate that will be put in PKCS12
+ * @param cert certificate that will be put in PKCS12
* @param delivery file, mail or something else
* @param nickname string containing the nickname of the id cert for this
* subsystem
@@ -993,13 +994,8 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove
String delivery, String nickname,
String agent)
throws EBaseException {
- String auditMessage = null;
String auditSubjectID = auditSubjectID();
-
- // temporary variable till other audit events are converted
- String auditRecoveryID = auditRecoveryID();
-
- RequestId auditRequestID = auditRequestID();
+ RequestId auditRecoveryID = auditRecoveryID();
String auditPublicKey = auditPublicKey(cert);
String auditAgents = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
@@ -1037,16 +1033,16 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove
audit(new SecurityDataRecoveryEvent(
auditSubjectID,
ILogger.SUCCESS,
- auditRequestID,
- null,
+ auditRecoveryID,
+ new KeyId(kid),
auditPublicKey));
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
audit(new SecurityDataRecoveryEvent(
auditSubjectID,
ILogger.FAILURE,
- auditRequestID,
- null,
+ auditRecoveryID,
+ new KeyId(kid),
auditPublicKey));
throw eAudit1;
@@ -1063,43 +1059,36 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove
auditAgents = auditAgents(creds);
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.KEY_RECOVERY_REQUEST_PROCESSED,
+ audit(new SecurityDataRecoveryProcessedEvent(
auditSubjectID,
ILogger.SUCCESS,
auditRecoveryID,
- auditAgents);
-
- audit(auditMessage);
+ new KeyId(kid),
+ null,
+ auditAgents));
destroyVolatileRequest(r.getRequestId());
return pkcs12;
} else {
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.KEY_RECOVERY_REQUEST_PROCESSED,
+ audit(new SecurityDataRecoveryProcessedEvent(
auditSubjectID,
ILogger.FAILURE,
auditRecoveryID,
- auditAgents);
-
- audit(auditMessage);
+ new KeyId(kid),
+ r.getExtDataInString(IRequest.ERROR),
+ auditAgents));
throw new EBaseException(r.getExtDataInString(IRequest.ERROR));
}
} catch (EBaseException eAudit1) {
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.KEY_RECOVERY_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRecoveryID,
- auditAgents);
-
- audit(auditMessage);
-
+ audit(new SecurityDataRecoveryProcessedEvent(
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRecoveryID,
+ new KeyId(kid),
+ eAudit1.getMessage(),
+ auditAgents));
throw eAudit1;
}
}
@@ -1646,45 +1635,10 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove
return requesterID;
}
- /**
- * Signed Audit Log Recovery ID
- *
- * This method is called to obtain the "RecoveryID" for
- * a signed audit log message.
- * <P>
- *
- * @return id string containing the signed audit log message RecoveryID
- */
- private String auditRecoveryID() {
- // if no signed audit object exists, bail
- if (mSignedAuditLogger == null) {
- return null;
- }
-
- String recoveryID = null;
-
- // Initialize recoveryID
- SessionContext auditContext = SessionContext.getExistingContext();
-
- if (auditContext != null) {
- recoveryID = (String)
- auditContext.get(SessionContext.RECOVERY_ID);
-
- if (recoveryID != null) {
- recoveryID = recoveryID.trim();
- } else {
- recoveryID = ILogger.UNIDENTIFIED;
- }
- } else {
- recoveryID = ILogger.UNIDENTIFIED;
- }
-
- return recoveryID;
- }
/*
- * temporary function till other audit messages are converted
+ * Returns the requestID for the recovery request for audit logs.
*/
- private RequestId auditRequestID() {
+ private RequestId auditRecoveryID() {
SessionContext auditContext = SessionContext.getExistingContext();
if (auditContext != null) {
String recoveryID = (String) auditContext.get(SessionContext.RECOVERY_ID);
diff --git a/base/kra/src/com/netscape/kra/SecurityDataProcessor.java b/base/kra/src/com/netscape/kra/SecurityDataProcessor.java
index da8dd9bcc..a44eb2fc8 100644
--- a/base/kra/src/com/netscape/kra/SecurityDataProcessor.java
+++ b/base/kra/src/com/netscape/kra/SecurityDataProcessor.java
@@ -42,6 +42,7 @@ import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
import com.netscape.certsrv.logging.AuditEvent;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.logging.event.SecurityDataArchivalProcessedEvent;
+import com.netscape.certsrv.logging.event.SecurityDataRecoveryProcessedEvent;
import com.netscape.certsrv.profile.IEnrollProfile;
import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.RequestId;
@@ -326,14 +327,15 @@ public class SecurityDataProcessor {
Hashtable<String, Object> params = kra.getVolatileRequest(
request.getRequestId());
- BigInteger serialno = request.getExtDataInBigInteger(ATTR_SERIALNO);
- request.setExtData(ATTR_KEY_RECORD, serialno);
+ KeyId keyId = new KeyId(request.getExtDataInBigInteger(ATTR_SERIALNO));
+ request.setExtData(ATTR_KEY_RECORD, keyId.toBigInteger());
RequestId requestID = request.getRequestId();
+ String approvers = request.getExtDataInString(IRequest.ATTR_APPROVE_AGENTS);
if (params == null) {
CMS.debug("SecurityDataProcessor.recover(): Can't get volatile params.");
- auditRecoveryRequestProcessed(auditSubjectID, ILogger.FAILURE, requestID, serialno.toString(),
- "cannot get volatile params");
+ auditRecoveryRequestProcessed(auditSubjectID, ILogger.FAILURE, requestID, keyId,
+ "cannot get volatile params", approvers);
throw new EBaseException("Can't obtain volatile params!");
}
@@ -355,7 +357,7 @@ public class SecurityDataProcessor {
return false;
}
- KeyRecord keyRecord = (KeyRecord) keyRepository.readKeyRecord(serialno);
+ KeyRecord keyRecord = (KeyRecord) keyRepository.readKeyRecord(keyId.toBigInteger());
String dataType = (String) keyRecord.get(IKeyRecord.ATTR_DATA_TYPE);
if (dataType == null) dataType = KeyRequestResource.ASYMMETRIC_KEY_TYPE;
@@ -455,8 +457,8 @@ public class SecurityDataProcessor {
iv != null? new IVParameterSpec(iv): null,
iv_wrap != null? new IVParameterSpec(iv_wrap): null);
} catch (Exception e) {
- auditRecoveryRequestProcessed(auditSubjectID, ILogger.FAILURE, requestID, serialno.toString(),
- "Cannot generate wrapping params");
+ auditRecoveryRequestProcessed(auditSubjectID, ILogger.FAILURE, requestID, keyId,
+ "Cannot generate wrapping params", approvers);
throw new EBaseException("Cannot generate wrapping params: " + e, e);
}
}
@@ -512,8 +514,8 @@ public class SecurityDataProcessor {
params.put(IRequest.SECURITY_DATA_PASS_WRAPPED_DATA, pbeWrappedData);
} catch (Exception e) {
- auditRecoveryRequestProcessed(auditSubjectID, ILogger.FAILURE, requestID, serialno.toString(),
- "Cannot unwrap passphrase");
+ auditRecoveryRequestProcessed(auditSubjectID, ILogger.FAILURE, requestID, keyId,
+ "Cannot unwrap passphrase", approvers);
throw new EBaseException("Cannot unwrap passphrase: " + e, e);
} finally {
@@ -554,8 +556,8 @@ public class SecurityDataProcessor {
}
} catch (Exception e) {
- auditRecoveryRequestProcessed(auditSubjectID, ILogger.FAILURE, requestID, serialno.toString(),
- "Cannot wrap symmetric key");
+ auditRecoveryRequestProcessed(auditSubjectID, ILogger.FAILURE, requestID, keyId,
+ "Cannot wrap symmetric key", approvers);
throw new EBaseException("Cannot wrap symmetric key: " + e, e);
}
@@ -573,7 +575,7 @@ public class SecurityDataProcessor {
wrapParams.getPayloadEncryptionIV());
} catch (Exception e) {
auditRecoveryRequestProcessed(auditSubjectID, ILogger.FAILURE, requestID,
- serialno.toString(), "Cannot encrypt passphrase");
+ keyId, "Cannot encrypt passphrase", approvers);
throw new EBaseException("Cannot encrypt passphrase: " + e, e);
}
@@ -604,8 +606,8 @@ public class SecurityDataProcessor {
}
} catch (Exception e) {
- auditRecoveryRequestProcessed(auditSubjectID, ILogger.FAILURE, requestID, serialno.toString(),
- "Cannot wrap private key");
+ auditRecoveryRequestProcessed(auditSubjectID, ILogger.FAILURE, requestID, keyId,
+ "Cannot wrap private key", approvers);
throw new EBaseException("Cannot wrap private key: " + e, e);
}
}
@@ -639,8 +641,8 @@ public class SecurityDataProcessor {
params.put(IRequest.SECURITY_DATA_TYPE, dataType);
- auditRecoveryRequestProcessed(auditSubjectID, ILogger.SUCCESS, requestID, serialno.toString(),
- "None");
+ auditRecoveryRequestProcessed(auditSubjectID, ILogger.SUCCESS, requestID, keyId,
+ null, approvers);
request.setExtData(IRequest.RESULT, IRequest.RES_SUCCESS);
return false; //return true ? TODO
@@ -856,15 +858,14 @@ public class SecurityDataProcessor {
}
private void auditRecoveryRequestProcessed(String subjectID, String status, RequestId requestID,
- String keyID, String reason) {
- String auditMessage = CMS.getLogMessage(
- AuditEvent.SECURITY_DATA_RECOVERY_REQUEST_PROCESSED,
+ KeyId keyID, String reason, String recoveryAgents) {
+ audit(new SecurityDataRecoveryProcessedEvent(
subjectID,
status,
- requestID.toString(),
+ requestID,
keyID,
- reason);
- audit(auditMessage);
+ reason,
+ recoveryAgents));
}
private void auditArchivalRequestProcessed(String subjectID, String status, RequestId requestID, String clientKeyID,
diff --git a/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java b/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java
index 7aca24cdf..2519a4d5e 100644
--- a/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java
+++ b/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java
@@ -43,11 +43,13 @@ import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.base.SessionContext;
import com.netscape.certsrv.dbs.keydb.IKeyRepository;
+import com.netscape.certsrv.dbs.keydb.KeyId;
import com.netscape.certsrv.kra.EKRAException;
import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
import com.netscape.certsrv.logging.AuditEvent;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.logging.event.SecurityDataRecoveryEvent;
+import com.netscape.certsrv.logging.event.SecurityDataRecoveryProcessedEvent;
import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.IService;
import com.netscape.certsrv.request.RequestId;
@@ -183,9 +185,7 @@ public class TokenKeyRecoveryService implements IService {
* @exception EBaseException failed to serve
*/
public synchronized boolean serviceRequest(IRequest request) throws EBaseException {
- String auditMessage = null;
String auditSubjectID = null;
- String auditRecoveryID = ILogger.UNIDENTIFIED;
String iv_s = "";
CMS.debug("KRA services token key recovery request");
@@ -209,12 +209,6 @@ public class TokenKeyRecoveryService implements IService {
CMS.debug("TokenKeyRecoveryService.serviceRequest: " + e.toString());
}
- String id = request.getRequestId().toString();
- if (id != null) {
- auditRecoveryID = id.trim();
- }
-
- // temporary variable till other audit messages have been replaced
RequestId auditRequestID = request.getRequestId();
SessionContext sContext = SessionContext.getContext();
@@ -240,7 +234,7 @@ public class TokenKeyRecoveryService implements IService {
String rCUID = request.getExtDataInString(IRequest.NETKEY_ATTR_CUID);
String rUserid = request.getExtDataInString(IRequest.NETKEY_ATTR_USERID);
String rWrappedDesKeyString = request.getExtDataInString(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY);
- // the request reocrd field delayLDAPCommit == "true" will cause
+ // the request record field delayLDAPCommit == "true" will cause
// updateRequest() to delay actual write to ldap
request.setExtData("delayLDAPCommit", "true");
// wrappedDesKey no longer needed. removing.
@@ -272,32 +266,32 @@ public class TokenKeyRecoveryService implements IService {
} else {
CMS.debug("TokenKeyRecoveryService: not receive des key");
request.setExtData(IRequest.RESULT, Integer.valueOf(4));
- auditMessage = CMS.getLogMessage(
- AuditEvent.KEY_RECOVERY_REQUEST_PROCESSED,
+ audit(new SecurityDataRecoveryProcessedEvent(
auditSubjectID,
ILogger.FAILURE,
- auditRecoveryID,
- agentId);
+ auditRequestID,
+ null,
+ "TokenRecoveryService: Did not receive DES key",
+ agentId));
- audit(auditMessage);
return false;
}
// retrieve based on Certificate
String cert_s = request.getExtDataInString(ATTR_USER_CERT);
String keyid_s = request.getExtDataInString(IRequest.NETKEY_ATTR_KEYID);
+ KeyId keyId = new KeyId(request.getExtDataInString(IRequest.NETKEY_ATTR_KEYID));
/* have to have at least one */
if ((cert_s == null) && (keyid_s == null)) {
CMS.debug("TokenKeyRecoveryService: not receive cert or keyid");
request.setExtData(IRequest.RESULT, Integer.valueOf(3));
- auditMessage = CMS.getLogMessage(
- AuditEvent.KEY_RECOVERY_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRecoveryID,
- agentId);
-
- audit(auditMessage);
+ audit(new SecurityDataRecoveryProcessedEvent(
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequestID,
+ keyId,
+ "TokenRecoveryService: Did not receive cert or keyid",
+ agentId));
return false;
}
@@ -311,27 +305,25 @@ public class TokenKeyRecoveryService implements IService {
if (x509cert == null) {
CMS.debug("cert mapping failed");
request.setExtData(IRequest.RESULT, Integer.valueOf(5));
- auditMessage = CMS.getLogMessage(
- AuditEvent.KEY_RECOVERY_REQUEST_PROCESSED,
+ audit(new SecurityDataRecoveryProcessedEvent(
auditSubjectID,
ILogger.FAILURE,
- auditRecoveryID,
- agentId);
-
- audit(auditMessage);
+ auditRequestID,
+ keyId,
+ "TokenRecoveryService: cert mapping failed",
+ agentId));
return false;
}
} catch (IOException e) {
CMS.debug("TokenKeyRecoveryService: mapCert failed");
request.setExtData(IRequest.RESULT, Integer.valueOf(6));
- auditMessage = CMS.getLogMessage(
- AuditEvent.KEY_RECOVERY_REQUEST_PROCESSED,
+ audit(new SecurityDataRecoveryProcessedEvent(
auditSubjectID,
ILogger.FAILURE,
- auditRecoveryID,
- agentId);
-
- audit(auditMessage);
+ auditRequestID,
+ keyId,
+ "TokenRecoveryService: mapCert failed: " + e.getMessage(),
+ agentId));
return false;
}
} else {
@@ -363,27 +355,25 @@ public class TokenKeyRecoveryService implements IService {
else {
CMS.debug("key record not found");
request.setExtData(IRequest.RESULT, Integer.valueOf(8));
- auditMessage = CMS.getLogMessage(
- AuditEvent.KEY_RECOVERY_REQUEST_PROCESSED,
+ audit(new SecurityDataRecoveryProcessedEvent(
auditSubjectID,
ILogger.FAILURE,
- auditRecoveryID,
- agentId);
-
- audit(auditMessage);
+ auditRequestID,
+ keyId,
+ "TokenRecoveryService: key record not found",
+ agentId));
return false;
}
} catch (Exception e) {
com.netscape.cmscore.util.Debug.printStackTrace(e);
request.setExtData(IRequest.RESULT, Integer.valueOf(9));
- auditMessage = CMS.getLogMessage(
- AuditEvent.KEY_RECOVERY_REQUEST_PROCESSED,
+ audit(new SecurityDataRecoveryProcessedEvent(
auditSubjectID,
ILogger.FAILURE,
- auditRecoveryID,
- agentId);
-
- audit(auditMessage);
+ auditRequestID,
+ keyId,
+ "TokenRecoveryService: error reading key record: " + e.getMessage(),
+ agentId));
return false;
}
@@ -410,14 +400,14 @@ public class TokenKeyRecoveryService implements IService {
if (inputPubData.length != pubData.length) {
mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_PUBLIC_KEY_LEN"));
- auditMessage = CMS.getLogMessage(
- AuditEvent.KEY_RECOVERY_REQUEST_PROCESSED,
+ audit(new SecurityDataRecoveryProcessedEvent(
auditSubjectID,
ILogger.FAILURE,
- auditRecoveryID,
- agentId);
+ auditRequestID,
+ keyId,
+ CMS.getLogMessage("CMSCORE_KRA_PUBLIC_KEY_LEN"),
+ agentId));
- audit(auditMessage);
throw new EKRAException(
CMS.getUserMessage("CMS_KRA_PUBLIC_KEY_NOT_MATCHED"));
}
@@ -425,14 +415,13 @@ public class TokenKeyRecoveryService implements IService {
for (int i = 0; i < pubData.length; i++) {
if (pubData[i] != inputPubData[i]) {
mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_PUBLIC_KEY_LEN"));
- auditMessage = CMS.getLogMessage(
- AuditEvent.KEY_RECOVERY_REQUEST_PROCESSED,
+ audit(new SecurityDataRecoveryProcessedEvent(
auditSubjectID,
ILogger.FAILURE,
- auditRecoveryID,
- agentId);
-
- audit(auditMessage);
+ auditRequestID,
+ keyId,
+ CMS.getLogMessage("CMSCORE_KRA_PUBLIC_KEY_LEN"),
+ agentId));
throw new EKRAException(
CMS.getUserMessage("CMS_KRA_PUBLIC_KEY_NOT_MATCHED"));
}
@@ -455,13 +444,13 @@ public class TokenKeyRecoveryService implements IService {
if (privateKeyData == null) {
request.setExtData(IRequest.RESULT, Integer.valueOf(4));
CMS.debug("TokenKeyRecoveryService: failed getting private key");
- auditMessage = CMS.getLogMessage(
- AuditEvent.KEY_RECOVERY_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRecoveryID,
- agentId);
- audit(auditMessage);
+ audit(new SecurityDataRecoveryProcessedEvent(
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequestID,
+ keyId,
+ "TokenKeyRecoveryService: failed getting private key",
+ agentId));
return false;
}
CMS.debug("TokenKeyRecoveryService: got private key...about to verify");
@@ -485,14 +474,13 @@ public class TokenKeyRecoveryService implements IService {
if (verifyKeyPair(pubData, privateKeyData) == false) {
mKRA.log(ILogger.LL_FAILURE,
CMS.getLogMessage("CMSCORE_KRA_PUBLIC_NOT_FOUND"));
- auditMessage = CMS.getLogMessage(
- AuditEvent.KEY_RECOVERY_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRecoveryID,
- agentId);
-
- audit(auditMessage);
+ audit(new SecurityDataRecoveryProcessedEvent(
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequestID,
+ keyId,
+ CMS.getLogMessage("CMSCORE_KRA_PUBLIC_NOT_FOUND"),
+ agentId));
throw new EKRAException(
CMS.getUserMessage("CMS_KRA_INVALID_PUBLIC_KEY"));
} else {
@@ -511,14 +499,13 @@ public class TokenKeyRecoveryService implements IService {
if (privKey == null) {
request.setExtData(IRequest.RESULT, Integer.valueOf(4));
CMS.debug("TokenKeyRecoveryService: failed getting private key");
- auditMessage = CMS.getLogMessage(
- AuditEvent.KEY_RECOVERY_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRecoveryID,
- agentId);
-
- audit(auditMessage);
+ audit(new SecurityDataRecoveryProcessedEvent(
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequestID,
+ keyId,
+ "TokenKeyRecoveryService: failed getting private key",
+ agentId));
return false;
}
@@ -541,14 +528,13 @@ public class TokenKeyRecoveryService implements IService {
if (wrappedPrivKeyString == null) {
request.setExtData(IRequest.RESULT, Integer.valueOf(4));
CMS.debug("TokenKeyRecoveryService: failed generating wrapped private key");
- auditMessage = CMS.getLogMessage(
- AuditEvent.KEY_RECOVERY_REQUEST_PROCESSED,
+ audit(new SecurityDataRecoveryProcessedEvent(
auditSubjectID,
ILogger.FAILURE,
- auditRecoveryID,
- agentId);
-
- audit(auditMessage);
+ auditRequestID,
+ keyId,
+ "TokenKeyRecoveryService: failed generating wrapped private key",
+ agentId));
return false;
} else {
CMS.debug("TokenKeyRecoveryService: got private key data wrapped");
@@ -579,14 +565,13 @@ public class TokenKeyRecoveryService implements IService {
if (PubKey == null) {
request.setExtData(IRequest.RESULT, Integer.valueOf(4));
CMS.debug("TokenKeyRecoveryService: failed getting publickey encoded");
- auditMessage = CMS.getLogMessage(
- AuditEvent.KEY_RECOVERY_REQUEST_PROCESSED,
+ audit(new SecurityDataRecoveryProcessedEvent(
auditSubjectID,
ILogger.FAILURE,
- auditRecoveryID,
- agentId);
-
- audit(auditMessage);
+ auditRequestID,
+ keyId,
+ "TokenKeyRecoveryService: failed getting publickey encoded",
+ agentId));
return false;
} else {
//CMS.debug("TokenKeyRecoveryService: got publicKeyData b64 = " +
@@ -594,15 +579,14 @@ public class TokenKeyRecoveryService implements IService {
CMS.debug("TokenKeyRecoveryService: got publicKeyData");
}
request.setExtData("public_key", PubKey);
- auditMessage = CMS.getLogMessage(
- AuditEvent.KEY_RECOVERY_REQUEST_PROCESSED,
+
+ audit(new SecurityDataRecoveryProcessedEvent(
auditSubjectID,
ILogger.SUCCESS,
- auditRecoveryID,
- agentId);
-
- audit(auditMessage);
-
+ auditRequestID,
+ keyId,
+ null,
+ agentId));
return true;
} catch (Exception e) {
generated by cgit (git 2.34.1) at 2026-01-07 01:05:06 +0000