diff options
author | Endi S. Dewata <edewata@redhat.com> | 2017-06-12 17:06:07 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2017-06-15 00:34:04 +0200 |
commit | fac7ebb8fd21f60a06241d6e132c8a4f5972a773 (patch) | |
tree | 08ce3b447318d594b00e152aabc4f24678925754 /base/server/cms/src/com/netscape | |
parent | ab2e24b3087368a2aadfcda77323a7d0aa70db80 (diff) | |
download | pki-fac7ebb8fd21f60a06241d6e132c8a4f5972a773.tar.gz pki-fac7ebb8fd21f60a06241d6e132c8a4f5972a773.tar.xz pki-fac7ebb8fd21f60a06241d6e132c8a4f5972a773.zip |
Fixed audit log signature problem due to rotation.
The LogFile has been modified to set up log signing during its
initialization to ensure the signing works properly during log
rotation.
https://pagure.io/dogtagpki/issue/2561
Change-Id: I69d54a359ebe74557ca9b12ea7582f712fb31949
Diffstat (limited to 'base/server/cms/src/com/netscape')
-rw-r--r-- | base/server/cms/src/com/netscape/cms/logging/LogFile.java | 43 |
1 files changed, 24 insertions, 19 deletions
diff --git a/base/server/cms/src/com/netscape/cms/logging/LogFile.java b/base/server/cms/src/com/netscape/cms/logging/LogFile.java index 772607edd..ba5a026ff 100644 --- a/base/server/cms/src/com/netscape/cms/logging/LogFile.java +++ b/base/server/cms/src/com/netscape/cms/logging/LogFile.java @@ -302,6 +302,30 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { } catch (IOException e) { throw new ELogException(CMS.getUserMessage("CMS_LOG_UNEXPECTED_EXCEPTION", e.toString())); } + + // set up signing here to ensure audit logs generated during + // subsequent component initialization are signed properly + if (mOn && mLogSigning) { + + try { + CMS.debug("LogFile: setting up log signing"); + setupSigning(); + + audit(CMS.getLogMessage( + AuditEvent.AUDIT_LOG_STARTUP, + ILogger.SYSTEM_UID, + ILogger.SUCCESS)); + + } catch (EBaseException e) { + + audit(CMS.getLogMessage( + AuditEvent.AUDIT_LOG_STARTUP, + ILogger.SYSTEM_UID, + ILogger.FAILURE)); + + throw e; + } + } } /** @@ -636,25 +660,6 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { * @exception EBaseException if an internal error occurred */ public void startup() throws EBaseException { - // ensure that any low-level exceptions are reported - // to the signed audit log and stored as failures - CMS.debug("LogFile: entering LogFile.startup()"); - if (mOn && mLogSigning) { - try { - setupSigning(); - audit(CMS.getLogMessage( - AuditEvent.AUDIT_LOG_STARTUP, - ILogger.SYSTEM_UID, - ILogger.SUCCESS)); - } catch (EBaseException e) { - audit(CMS.getLogMessage( - AuditEvent.AUDIT_LOG_STARTUP, - ILogger.SYSTEM_UID, - ILogger.FAILURE)); - throw e; - } - } - } /** |