diff options
author | Endi S. Dewata <edewata@redhat.com> | 2017-04-20 10:07:44 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2017-04-24 20:40:55 +0200 |
commit | 0de8be3084c4ccf23c2850331f86fc067e7c8383 (patch) | |
tree | 5f69e6ea6cef3e8c7e795d17968df2f9c194d9a3 /base/server/cms/src/com | |
parent | ce3304834dbb3e4d001ecbbfc1af61044ae7a74c (diff) | |
download | pki-0de8be3084c4ccf23c2850331f86fc067e7c8383.tar.gz pki-0de8be3084c4ccf23c2850331f86fc067e7c8383.tar.xz pki-0de8be3084c4ccf23c2850331f86fc067e7c8383.zip |
Added AuthFailEvent.
A new AuthFailEvent class of has been added to encapsulate the
AUTH_FAIL events.
https://pagure.io/dogtagpki/issue/2641
Change-Id: I870398f6a56df007c9520e50947a7b3c85baf79b
Diffstat (limited to 'base/server/cms/src/com')
4 files changed, 61 insertions, 95 deletions
diff --git a/base/server/cms/src/com/netscape/cms/realm/PKIRealm.java b/base/server/cms/src/com/netscape/cms/realm/PKIRealm.java index 81de9fbf2..830619321 100644 --- a/base/server/cms/src/com/netscape/cms/realm/PKIRealm.java +++ b/base/server/cms/src/com/netscape/cms/realm/PKIRealm.java @@ -18,6 +18,7 @@ import com.netscape.certsrv.authentication.IPasswdUserDBAuthentication; import com.netscape.certsrv.base.SessionContext; import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; +import com.netscape.certsrv.logging.event.AuthFailEvent; import com.netscape.certsrv.logging.event.AuthSuccessEvent; import com.netscape.certsrv.usrgrp.EUsrGrpException; import com.netscape.certsrv.usrgrp.IGroup; @@ -45,7 +46,7 @@ public class PKIRealm extends RealmBase { @Override public Principal authenticate(String username, String password) { CMS.debug("PKIRealm: Authenticating user " + username + " with password."); - String auditMessage = null; + String auditSubjectID = ILogger.UNIDENTIFIED; String attemptedAuditUID = username; @@ -69,14 +70,13 @@ public class PKIRealm extends RealmBase { return getPrincipal(username, authToken); } catch (Throwable e) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.AUTH_FAIL, + + audit(new AuthFailEvent( auditSubjectID, ILogger.FAILURE, IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID, - attemptedAuditUID); - audit(auditMessage); + attemptedAuditUID)); + e.printStackTrace(); } @@ -87,7 +87,6 @@ public class PKIRealm extends RealmBase { public Principal authenticate(final X509Certificate certs[]) { CMS.debug("PKIRealm: Authenticating certificate chain:"); - String auditMessage = null; // get the cert from the ssl client auth // in cert based auth, subject id from cert has already passed SSL authentication // what remains is to see if the user exists in the internal user db @@ -127,14 +126,13 @@ public class PKIRealm extends RealmBase { return getPrincipal(username, authToken); } catch (Throwable e) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.AUTH_FAIL, + + audit(new AuthFailEvent( auditSubjectID, ILogger.FAILURE, IAuthSubsystem.CERTUSERDB_AUTHMGR_ID, - attemptedAuditUID); - audit(auditMessage); + attemptedAuditUID)); + e.printStackTrace(); } diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java index d530f6a84..a715c73f6 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java @@ -52,6 +52,7 @@ import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.IAuditor; import com.netscape.certsrv.logging.ILogger; +import com.netscape.certsrv.logging.event.AuthFailEvent; import com.netscape.certsrv.logging.event.AuthSuccessEvent; import com.netscape.certsrv.usrgrp.EUsrGrpException; import com.netscape.certsrv.usrgrp.IUGSubsystem; @@ -274,7 +275,6 @@ public class AdminServlet extends HttpServlet { protected void authenticate(HttpServletRequest req) throws IOException { - String auditMessage = null; String auditUID = ILogger.UNIDENTIFIED; String authType = ""; @@ -297,15 +297,12 @@ public class AdminServlet extends HttpServlet { (X509Certificate[]) req.getAttribute(CERT_ATTR); if (allCerts == null || allCerts.length == 0) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.AUTH_FAIL, + + audit(new AuthFailEvent( ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, - auditUID); - - audit(auditMessage); + auditUID)); throw new IOException("No certificate"); } @@ -389,25 +386,20 @@ public class AdminServlet extends HttpServlet { */ if (authType.equals("sslclientauth")) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.AUTH_FAIL, + + audit(new AuthFailEvent( ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, - auditUID); + auditUID)); - audit(auditMessage); } else { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.AUTH_FAIL, + + audit(new AuthFailEvent( ILogger.UNIDENTIFIED, ILogger.FAILURE, PASSWDUSERDB, - auditUID); - - audit(auditMessage); + auditUID)); } throw new IOException("authentication failed"); @@ -423,25 +415,20 @@ public class AdminServlet extends HttpServlet { tuserid)); if (authType.equals("sslclientauth")) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.AUTH_FAIL, + + audit(new AuthFailEvent( ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, - auditUID); + auditUID)); - audit(auditMessage); } else { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.AUTH_FAIL, + + audit(new AuthFailEvent( ILogger.UNIDENTIFIED, ILogger.FAILURE, PASSWDUSERDB, - auditUID); - - audit(auditMessage); + auditUID)); } throw new IOException("authentication failed"); @@ -459,25 +446,20 @@ public class AdminServlet extends HttpServlet { tuserid)); if (authType.equals("sslclientauth")) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.AUTH_FAIL, + + audit(new AuthFailEvent( ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, - auditUID); + auditUID)); - audit(auditMessage); } else { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.AUTH_FAIL, + + audit(new AuthFailEvent( ILogger.UNIDENTIFIED, ILogger.FAILURE, PASSWDUSERDB, - auditUID); - - audit(auditMessage); + auditUID)); } throw new IOException("authentication failed"); @@ -495,25 +477,20 @@ public class AdminServlet extends HttpServlet { CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString())); if (authType.equals("sslclientauth")) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.AUTH_FAIL, + + audit(new AuthFailEvent( ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, - auditUID); + auditUID)); - audit(auditMessage); } else { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.AUTH_FAIL, + + audit(new AuthFailEvent( ILogger.UNIDENTIFIED, ILogger.FAILURE, PASSWDUSERDB, - auditUID); - - audit(auditMessage); + auditUID)); } throw new IOException("authentication failed"); @@ -539,25 +516,20 @@ public class AdminServlet extends HttpServlet { } } catch (IOException eAudit1) { if (authType.equals("sslclientauth")) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.AUTH_FAIL, + + audit(new AuthFailEvent( ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, - auditUID); + auditUID)); - audit(auditMessage); } else { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.AUTH_FAIL, + + audit(new AuthFailEvent( ILogger.UNIDENTIFIED, ILogger.FAILURE, PASSWDUSERDB, - auditUID); - - audit(auditMessage); + auditUID)); } // rethrow the specific exception to be handled later diff --git a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java index 9168870ad..c23b9d187 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -66,6 +66,7 @@ import com.netscape.certsrv.dbs.certdb.ICertificateRepository; import com.netscape.certsrv.kra.IKeyRecoveryAuthority; import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; +import com.netscape.certsrv.logging.event.AuthFailEvent; import com.netscape.certsrv.logging.event.AuthSuccessEvent; import com.netscape.certsrv.ra.IRegistrationAuthority; import com.netscape.certsrv.request.IRequest; @@ -1701,7 +1702,7 @@ public abstract class CMSServlet extends HttpServlet { */ public IAuthToken authenticate(HttpServletRequest httpReq, String authMgrName) throws EBaseException { - String auditMessage = null; + String auditSubjectID = ILogger.UNIDENTIFIED; String auditAuthMgrID = ILogger.UNIDENTIFIED; String auditUID = ILogger.UNIDENTIFIED; @@ -1797,14 +1798,12 @@ public abstract class CMSServlet extends HttpServlet { return authToken; } catch (EBaseException eAudit1) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.AUTH_FAIL, + + audit(new AuthFailEvent( auditSubjectID, ILogger.FAILURE, auditAuthMgrID, - auditUID); - audit(auditMessage); + auditUID)); // rethrow the specific exception to be handled later throw eAudit1; diff --git a/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java index 93d6a9a16..a28bee17c 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java +++ b/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java @@ -53,6 +53,7 @@ import com.netscape.certsrv.dbs.certdb.ICertRecord; import com.netscape.certsrv.dbs.certdb.ICertificateRepository; import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; +import com.netscape.certsrv.logging.event.AuthFailEvent; import com.netscape.certsrv.logging.event.AuthSuccessEvent; import com.netscape.certsrv.profile.IProfile; import com.netscape.certsrv.profile.IProfileAuthenticator; @@ -474,7 +475,7 @@ public class CAProcessor extends Processor { String authSubjectID = auditSubjectID(); String authMgrID = authenticator.getName(); - String auditMessage = null; + try { if (isRenewal) { authToken = authenticate(authenticator, request, origReq, context, credentials); @@ -486,13 +487,12 @@ public class CAProcessor extends Processor { CMS.debug("CAProcessor: authentication error: " + e); authSubjectID += " : " + uid_cred; - auditMessage = CMS.getLogMessage( - AuditEvent.AUTH_FAIL, + + audit(new AuthFailEvent( authSubjectID, ILogger.FAILURE, authMgrID, - uid_attempted_cred); - audit(auditMessage); + uid_attempted_cred)); throw e; @@ -500,13 +500,12 @@ public class CAProcessor extends Processor { CMS.debug(e); authSubjectID += " : " + uid_cred; - auditMessage = CMS.getLogMessage( - AuditEvent.AUTH_FAIL, + + audit(new AuthFailEvent( authSubjectID, ILogger.FAILURE, authMgrID, - uid_attempted_cred); - audit(auditMessage); + uid_attempted_cred)); throw e; } @@ -565,7 +564,7 @@ public class CAProcessor extends Processor { public IAuthToken authenticate(HttpServletRequest httpReq, String authMgrName) throws EBaseException { - String auditMessage = null; + String auditSubjectID = ILogger.UNIDENTIFIED; String auditAuthMgrID = ILogger.UNIDENTIFIED; String auditUID = ILogger.UNIDENTIFIED; @@ -659,14 +658,12 @@ public class CAProcessor extends Processor { return authToken; } catch (EBaseException eAudit1) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.AUTH_FAIL, + + audit(new AuthFailEvent( auditSubjectID, ILogger.FAILURE, auditAuthMgrID, - auditUID); - audit(auditMessage); + auditUID)); // rethrow the specific exception to be handled later throw eAudit1; |