diff options
author | Ade Lee <alee@redhat.com> | 2017-05-16 17:29:45 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2017-05-23 14:31:54 -0400 |
commit | 1c8c61ef235bb57e744e9a8cfa5e1ff0cebb06a2 (patch) | |
tree | 67efbe323389114660ae79e918c9e621d61f86d7 /base/server/cms/src/com/netscape | |
parent | 3249ddc2c19f6f5ded11823b345c9c58bae4750b (diff) | |
download | pki-1c8c61ef235bb57e744e9a8cfa5e1ff0cebb06a2.tar.gz pki-1c8c61ef235bb57e744e9a8cfa5e1ff0cebb06a2.tar.xz pki-1c8c61ef235bb57e744e9a8cfa5e1ff0cebb06a2.zip |
Encapsulate the archival audit log
This patch encapsulates the SECURITY_DATA_ARCHIVAL_REQUEST and
PRIVATE_DATA_ARCHIVAL_REQUEST audit logs as audit events.
The PRIVATE_DATA_ARCHIVAL_REQUEST events are mapped to the
SECURITY_DATA ones to simplify the whole structure. They
used to provide an archivalID parameter which was pretty much
meaningless as it was at best just the same as the request id
which is alreadty logged. So this is now dropped.
Change-Id: I705d25ce716c73f2c954c5715b0aafdad80b99d2
Diffstat (limited to 'base/server/cms/src/com/netscape')
-rw-r--r-- | base/server/cms/src/com/netscape/cms/profile/common/CAEnrollProfile.java | 40 | ||||
-rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/base/SubsystemService.java | 10 |
2 files changed, 20 insertions, 30 deletions
diff --git a/base/server/cms/src/com/netscape/cms/profile/common/CAEnrollProfile.java b/base/server/cms/src/com/netscape/cms/profile/common/CAEnrollProfile.java index 02aa8c8c0..85db2cb75 100644 --- a/base/server/cms/src/com/netscape/cms/profile/common/CAEnrollProfile.java +++ b/base/server/cms/src/com/netscape/cms/profile/common/CAEnrollProfile.java @@ -29,9 +29,9 @@ import com.netscape.certsrv.ca.AuthorityID; import com.netscape.certsrv.ca.ICAService; import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.connector.IConnector; -import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.AuditFormat; import com.netscape.certsrv.logging.ILogger; +import com.netscape.certsrv.logging.event.SecurityDataArchivalEvent; import com.netscape.certsrv.profile.EProfileException; import com.netscape.certsrv.profile.ERejectException; import com.netscape.certsrv.profile.IProfileUpdater; @@ -80,15 +80,10 @@ public class CAEnrollProfile extends EnrollProfile { throw new EProfileException("Profile Not Enabled"); } - String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(request); - String auditArchiveID = ILogger.UNIDENTIFIED; - String id = request.getRequestId().toString(); - if (id != null) { - auditArchiveID = id.trim(); - } + CMS.debug("CAEnrollProfile: execute request ID " + id); @@ -117,29 +112,21 @@ public class CAEnrollProfile extends EnrollProfile { CMS.debug("CAEnrollProfile: KRA connector " + "not configured"); - auditMessage = CMS.getLogMessage( - AuditEvent.PRIVATE_KEY_ARCHIVE_REQUEST, + audit(new SecurityDataArchivalEvent( auditSubjectID, ILogger.FAILURE, - auditRequesterID, - auditArchiveID); - - audit(auditMessage); - + auditRequesterID)); } else { CMS.debug("CAEnrollProfile: execute send request"); kraConnector.send(request); // check response if (!request.isSuccess()) { - auditMessage = CMS.getLogMessage( - AuditEvent.PRIVATE_KEY_ARCHIVE_REQUEST, + audit(new SecurityDataArchivalEvent( auditSubjectID, ILogger.FAILURE, - auditRequesterID, - auditArchiveID); + auditRequesterID)); - audit(auditMessage); if (request.getError(getLocale(request)) != null && (request.getError(getLocale(request))).equals(CMS.getUserMessage("CMS_KRA_INVALID_TRANSPORT_CERT"))) { CMS.debug("CAEnrollProfile: execute set request status: REJECTED"); @@ -150,14 +137,10 @@ public class CAEnrollProfile extends EnrollProfile { request.getError(getLocale(request))); } - auditMessage = CMS.getLogMessage( - AuditEvent.PRIVATE_KEY_ARCHIVE_REQUEST, + audit(new SecurityDataArchivalEvent( auditSubjectID, ILogger.SUCCESS, - auditRequesterID, - auditArchiveID); - - audit(auditMessage); + auditRequesterID)); } } catch (Exception e) { @@ -167,14 +150,11 @@ public class CAEnrollProfile extends EnrollProfile { CMS.debug("CAEnrollProfile: " + e); CMS.debug(e); - auditMessage = CMS.getLogMessage( - AuditEvent.PRIVATE_KEY_ARCHIVE_REQUEST, + audit(new SecurityDataArchivalEvent( auditSubjectID, ILogger.FAILURE, - auditRequesterID, - auditArchiveID); + auditRequesterID)); - audit(auditMessage); throw new EProfileException(e); } } diff --git a/base/server/cms/src/com/netscape/cms/servlet/base/SubsystemService.java b/base/server/cms/src/com/netscape/cms/servlet/base/SubsystemService.java index 30d6b9cdc..2bcde64e9 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/base/SubsystemService.java +++ b/base/server/cms/src/com/netscape/cms/servlet/base/SubsystemService.java @@ -81,6 +81,16 @@ public class SubsystemService extends PKIService { getClass().getSimpleName() + ": " + message); } + protected void audit(AuditEvent event) { + + String template = event.getMessage(); + Object[] params = event.getParameters(); + + String message = CMS.getLogMessage(template, params); + + auditor.log(message); + } + public void audit(String message, String scope, String type, String id, Map<String, String> params, String status) { String auditMessage = CMS.getLogMessage( |