Encapsulate key retrieval audit events

Key retrieval is when the key/secret is extracted and returned to the client (once the recovery request is approved). We combine SECURITY_DATA_RETRIEVE_KEY and a couple of older EXPORT events. Note: an analysis of the key retrieval rest flow (and the auditing there will be done in a subsequent patch). Change-Id: Ibd897772fef154869a721fda55ff7498210ca03c
author: Ade Lee <alee@redhat.com> 2017-05-18 01:27:12 -0400
committer: Ade Lee <alee@redhat.com> 2017-05-23 14:46:23 -0400
commit: 0df4ba1372e0a5942806fda3b56f0b9ea70c6e05 (patch)
tree: 0bea33ebd55f5f7797a3b5d992763277e900ed72 /base/server/cms/src/com/netscape
parent: f52f5be832e37cc45e665708d3b59d2a3aa04370 (diff)
download: pki-0df4ba1372e0a5942806fda3b56f0b9ea70c6e05.tar.gz
pki-0df4ba1372e0a5942806fda3b56f0b9ea70c6e05.tar.xz
pki-0df4ba1372e0a5942806fda3b56f0b9ea70c6e05.zip
2 files changed, 24 insertions, 27 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/key/GetAsyncPk12.java b/base/server/cms/src/com/netscape/cms/servlet/key/GetAsyncPk12.java
index f0065e116..b28132d0e 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/key/GetAsyncPk12.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/key/GetAsyncPk12.java
@@ -35,8 +35,9 @@ import com.netscape.certsrv.base.IArgBlock;
 import com.netscape.certsrv.base.SessionContext;
 import com.netscape.certsrv.common.ICMSRequest;
 import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
-import com.netscape.certsrv.logging.AuditEvent;
 import com.netscape.certsrv.logging.ILogger;
+import com.netscape.certsrv.logging.event.SecurityDataExportEvent;
+import com.netscape.certsrv.request.RequestId;
 import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.CMSTemplate;
@@ -207,14 +208,13 @@ public class GetAsyncPk12 extends CMSServlet {
                     resp.getOutputStream().write(pkcs12);
                     mRenderResult = false;
 
-                    auditMessage = CMS.getLogMessage(
-                            AuditEvent.PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,
+                    audit(new SecurityDataExportEvent(
                             agent,
                             ILogger.SUCCESS,
-                            reqID,
-                            "");
-
-                    audit(auditMessage);
+                            new RequestId(reqID),
+                            null,
+                            null,
+                            null));
 
                     return;
                 } catch (IOException e) {
@@ -233,14 +233,13 @@ public class GetAsyncPk12 extends CMSServlet {
         }
 
         if ((agent != null) && (reqID != null)) {
-            auditMessage = CMS.getLogMessage(
-                    AuditEvent.PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,
+            audit(new SecurityDataExportEvent(
                     agent,
                     ILogger.FAILURE,
-                    reqID,
-                    "");
-
-            audit(auditMessage);
+                    new RequestId(reqID),
+                    null,
+                    null,
+                    null));
         }
 
         try {
diff --git a/base/server/cms/src/com/netscape/cms/servlet/key/GetPk12.java b/base/server/cms/src/com/netscape/cms/servlet/key/GetPk12.java
index 9bb52cd9a..c878605d5 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/key/GetPk12.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/key/GetPk12.java
@@ -36,8 +36,9 @@ import com.netscape.certsrv.base.IArgBlock;
 import com.netscape.certsrv.base.SessionContext;
 import com.netscape.certsrv.common.ICMSRequest;
 import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
-import com.netscape.certsrv.logging.AuditEvent;
 import com.netscape.certsrv.logging.ILogger;
+import com.netscape.certsrv.logging.event.SecurityDataExportEvent;
+import com.netscape.certsrv.request.RequestId;
 import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.CMSTemplate;
@@ -201,15 +202,13 @@ public class GetPk12 extends CMSServlet {
                     resp.getOutputStream().write(pkcs12);
                     mRenderResult = false;
 
-                    auditMessage = CMS.getLogMessage(
-                            AuditEvent.PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,
+                    audit(new SecurityDataExportEvent(
                             agent,
                             ILogger.SUCCESS,
-                            recoveryID,
-                            "");
-
-                    audit(auditMessage);
-
+                            new RequestId(recoveryID),
+                            null,
+                            null,
+                            null));
                     return;
                 } catch (IOException e) {
                     header.addStringValue(OUT_ERROR,
@@ -227,14 +226,13 @@ public class GetPk12 extends CMSServlet {
         }
 
         if ((agent != null) && (recoveryID != null)) {
-            auditMessage = CMS.getLogMessage(
-                    AuditEvent.PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,
+            audit(new SecurityDataExportEvent(
                     agent,
                     ILogger.FAILURE,
-                    recoveryID,
-                    "");
-
-            audit(auditMessage);
+                    new RequestId(recoveryID),
+                    null,
+                    null,
+                    null));
         }
 
         try {
author	Ade Lee <alee@redhat.com>	2017-05-18 01:27:12 -0400
committer	Ade Lee <alee@redhat.com>	2017-05-23 14:46:23 -0400
commit	0df4ba1372e0a5942806fda3b56f0b9ea70c6e05 (patch)
tree	0bea33ebd55f5f7797a3b5d992763277e900ed72 /base/server/cms/src/com/netscape
parent	f52f5be832e37cc45e665708d3b59d2a3aa04370 (diff)
download	pki-0df4ba1372e0a5942806fda3b56f0b9ea70c6e05.tar.gz pki-0df4ba1372e0a5942806fda3b56f0b9ea70c6e05.tar.xz pki-0df4ba1372e0a5942806fda3b56f0b9ea70c6e05.zip