diff options
author | Ade Lee <alee@redhat.com> | 2017-05-18 01:27:12 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2017-05-23 14:46:23 -0400 |
commit | 0df4ba1372e0a5942806fda3b56f0b9ea70c6e05 (patch) | |
tree | 0bea33ebd55f5f7797a3b5d992763277e900ed72 /base/server/cms/src/com/netscape | |
parent | f52f5be832e37cc45e665708d3b59d2a3aa04370 (diff) | |
download | pki-0df4ba1372e0a5942806fda3b56f0b9ea70c6e05.tar.gz pki-0df4ba1372e0a5942806fda3b56f0b9ea70c6e05.tar.xz pki-0df4ba1372e0a5942806fda3b56f0b9ea70c6e05.zip |
Encapsulate key retrieval audit events
Key retrieval is when the key/secret is extracted and returned
to the client (once the recovery request is approved). We combine
SECURITY_DATA_RETRIEVE_KEY and a couple of older EXPORT events.
Note: an analysis of the key retrieval rest flow (and the auditing
there will be done in a subsequent patch).
Change-Id: Ibd897772fef154869a721fda55ff7498210ca03c
Diffstat (limited to 'base/server/cms/src/com/netscape')
-rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/key/GetAsyncPk12.java | 25 | ||||
-rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/key/GetPk12.java | 26 |
2 files changed, 24 insertions, 27 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/key/GetAsyncPk12.java b/base/server/cms/src/com/netscape/cms/servlet/key/GetAsyncPk12.java index f0065e116..b28132d0e 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/key/GetAsyncPk12.java +++ b/base/server/cms/src/com/netscape/cms/servlet/key/GetAsyncPk12.java @@ -35,8 +35,9 @@ import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.base.SessionContext; import com.netscape.certsrv.common.ICMSRequest; import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; +import com.netscape.certsrv.logging.event.SecurityDataExportEvent; +import com.netscape.certsrv.request.RequestId; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.CMSTemplate; @@ -207,14 +208,13 @@ public class GetAsyncPk12 extends CMSServlet { resp.getOutputStream().write(pkcs12); mRenderResult = false; - auditMessage = CMS.getLogMessage( - AuditEvent.PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, + audit(new SecurityDataExportEvent( agent, ILogger.SUCCESS, - reqID, - ""); - - audit(auditMessage); + new RequestId(reqID), + null, + null, + null)); return; } catch (IOException e) { @@ -233,14 +233,13 @@ public class GetAsyncPk12 extends CMSServlet { } if ((agent != null) && (reqID != null)) { - auditMessage = CMS.getLogMessage( - AuditEvent.PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, + audit(new SecurityDataExportEvent( agent, ILogger.FAILURE, - reqID, - ""); - - audit(auditMessage); + new RequestId(reqID), + null, + null, + null)); } try { diff --git a/base/server/cms/src/com/netscape/cms/servlet/key/GetPk12.java b/base/server/cms/src/com/netscape/cms/servlet/key/GetPk12.java index 9bb52cd9a..c878605d5 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/key/GetPk12.java +++ b/base/server/cms/src/com/netscape/cms/servlet/key/GetPk12.java @@ -36,8 +36,9 @@ import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.base.SessionContext; import com.netscape.certsrv.common.ICMSRequest; import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; +import com.netscape.certsrv.logging.event.SecurityDataExportEvent; +import com.netscape.certsrv.request.RequestId; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.CMSTemplate; @@ -201,15 +202,13 @@ public class GetPk12 extends CMSServlet { resp.getOutputStream().write(pkcs12); mRenderResult = false; - auditMessage = CMS.getLogMessage( - AuditEvent.PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, + audit(new SecurityDataExportEvent( agent, ILogger.SUCCESS, - recoveryID, - ""); - - audit(auditMessage); - + new RequestId(recoveryID), + null, + null, + null)); return; } catch (IOException e) { header.addStringValue(OUT_ERROR, @@ -227,14 +226,13 @@ public class GetPk12 extends CMSServlet { } if ((agent != null) && (recoveryID != null)) { - auditMessage = CMS.getLogMessage( - AuditEvent.PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, + audit(new SecurityDataExportEvent( agent, ILogger.FAILURE, - recoveryID, - ""); - - audit(auditMessage); + new RequestId(recoveryID), + null, + null, + null)); } try { |