Encapsulate key retrieval audit events

Key retrieval is when the key/secret is extracted and returned to the client (once the recovery request is approved). We combine SECURITY_DATA_RETRIEVE_KEY and a couple of older EXPORT events. Note: an analysis of the key retrieval rest flow (and the auditing there will be done in a subsequent patch). Change-Id: Ibd897772fef154869a721fda55ff7498210ca03c
author: Ade Lee <alee@redhat.com> 2017-05-18 01:27:12 -0400
committer: Ade Lee <alee@redhat.com> 2017-05-23 14:46:23 -0400
commit: 0df4ba1372e0a5942806fda3b56f0b9ea70c6e05 (patch)
tree: 0bea33ebd55f5f7797a3b5d992763277e900ed72 /base/kra/src/com
parent: f52f5be832e37cc45e665708d3b59d2a3aa04370 (diff)
download: pki-0df4ba1372e0a5942806fda3b56f0b9ea70c6e05.tar.gz
pki-0df4ba1372e0a5942806fda3b56f0b9ea70c6e05.tar.xz
pki-0df4ba1372e0a5942806fda3b56f0b9ea70c6e05.zip
1 files changed, 10 insertions, 8 deletions
diff --git a/base/kra/src/com/netscape/kra/NetkeyKeygenService.java b/base/kra/src/com/netscape/kra/NetkeyKeygenService.java
index 5463b921d..df42a4f28 100644
--- a/base/kra/src/com/netscape/kra/NetkeyKeygenService.java
+++ b/base/kra/src/com/netscape/kra/NetkeyKeygenService.java
@@ -52,6 +52,7 @@ import com.netscape.certsrv.logging.AuditEvent;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.logging.event.SecurityDataArchivalEvent;
 import com.netscape.certsrv.logging.event.SecurityDataArchivalProcessedEvent;
+import com.netscape.certsrv.logging.event.SecurityDataExportEvent;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.IService;
 import com.netscape.certsrv.security.IStorageKeyUnit;
@@ -356,25 +357,26 @@ public class NetkeyKeygenService implements IService {
                 if (wrappedPrivKeyString == null) {
                     request.setExtData(IRequest.RESULT, Integer.valueOf(4));
                     CMS.debug("NetkeyKeygenService: failed generating wrapped private key");
-                    auditMessage = CMS.getLogMessage(
-                            AuditEvent.PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,
+                    audit(new SecurityDataExportEvent(
                             agentId,
                             ILogger.FAILURE,
                             auditSubjectID,
-                            PubKey);
+                            null,
+                            "NetkeyKeygenService: failed generating wrapped private key",
+                            PubKey));
 
                     audit(auditMessage);
                     return false;
                 } else {
                     request.setExtData("wrappedUserPrivate", wrappedPrivKeyString);
-                    auditMessage = CMS.getLogMessage(
-                            AuditEvent.PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,
+
+                    audit(new SecurityDataExportEvent(
                             agentId,
                             ILogger.SUCCESS,
                             auditSubjectID,
-                            PubKey);
-
-                    audit(auditMessage);
+                            null,
+                            null,
+                            PubKey));
                 }
 
                 iv_s = /*base64Encode(iv);*/com.netscape.cmsutil.util.Utils.SpecialEncode(iv);
author	Ade Lee <alee@redhat.com>	2017-05-18 01:27:12 -0400
committer	Ade Lee <alee@redhat.com>	2017-05-23 14:46:23 -0400
commit	0df4ba1372e0a5942806fda3b56f0b9ea70c6e05 (patch)
tree	0bea33ebd55f5f7797a3b5d992763277e900ed72 /base/kra/src/com
parent	f52f5be832e37cc45e665708d3b59d2a3aa04370 (diff)
download	pki-0df4ba1372e0a5942806fda3b56f0b9ea70c6e05.tar.gz pki-0df4ba1372e0a5942806fda3b56f0b9ea70c6e05.tar.xz pki-0df4ba1372e0a5942806fda3b56f0b9ea70c6e05.zip