diff options
| author | Ade Lee <alee@redhat.com> | 2017-05-23 12:14:06 -0400 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2017-05-24 11:24:34 -0400 |
| commit | de9f890133e3acc660b985e8ef5950507d341a03 (patch) | |
| tree | 02c83b1ac86f7b43dbfdb00e8530375771961b8b /base/server/cms/src/com | |
| parent | b9f906eb1f26cf3d82262bc9894785742f451cd9 (diff) | |
Make sure archivalID is passed through archival
There was some confusion in the previous commit for archival
logging. The archivalID is the id provided by the CA for the archival
and is its requestID. This allows the cert request operation
to be tracked through the archival.
Made sure therefore, that we have two fields - one for the archivalID
and one for the requestId (which is the KRA archival request ID)
In addition, some of the archival events occur in the CA component
just before the request id sent to the KRA. These events will not
be displayed unless the audit event is added to the CA CS.cfg.
Change-Id: I3904d42ae677d5916385e0120f0e25311b4d9d08
Diffstat (limited to 'base/server/cms/src/com')
| -rw-r--r-- | base/server/cms/src/com/netscape/cms/profile/common/CAEnrollProfile.java | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/base/server/cms/src/com/netscape/cms/profile/common/CAEnrollProfile.java b/base/server/cms/src/com/netscape/cms/profile/common/CAEnrollProfile.java index 85db2cb75..ec9f86b2a 100644 --- a/base/server/cms/src/com/netscape/cms/profile/common/CAEnrollProfile.java +++ b/base/server/cms/src/com/netscape/cms/profile/common/CAEnrollProfile.java @@ -36,6 +36,7 @@ import com.netscape.certsrv.profile.EProfileException; import com.netscape.certsrv.profile.ERejectException; import com.netscape.certsrv.profile.IProfileUpdater; import com.netscape.certsrv.request.IRequest; +import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.request.RequestStatus; import netscape.security.x509.X500Name; @@ -82,10 +83,10 @@ public class CAEnrollProfile extends EnrollProfile { String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(request); - String id = request.getRequestId().toString(); + RequestId requestId = request.getRequestId(); - CMS.debug("CAEnrollProfile: execute request ID " + id); + CMS.debug("CAEnrollProfile: execute request ID " + requestId.toString()); ICertificateAuthority ca = (ICertificateAuthority) getAuthority(); @@ -115,7 +116,9 @@ public class CAEnrollProfile extends EnrollProfile { audit(new SecurityDataArchivalEvent( auditSubjectID, ILogger.FAILURE, - auditRequesterID)); + auditRequesterID, + requestId, + null)); } else { CMS.debug("CAEnrollProfile: execute send request"); kraConnector.send(request); @@ -125,7 +128,9 @@ public class CAEnrollProfile extends EnrollProfile { audit(new SecurityDataArchivalEvent( auditSubjectID, ILogger.FAILURE, - auditRequesterID)); + auditRequesterID, + requestId, + null)); if (request.getError(getLocale(request)) != null && (request.getError(getLocale(request))).equals(CMS.getUserMessage("CMS_KRA_INVALID_TRANSPORT_CERT"))) { @@ -140,7 +145,9 @@ public class CAEnrollProfile extends EnrollProfile { audit(new SecurityDataArchivalEvent( auditSubjectID, ILogger.SUCCESS, - auditRequesterID)); + auditRequesterID, + requestId, + null)); } } catch (Exception e) { @@ -153,7 +160,9 @@ public class CAEnrollProfile extends EnrollProfile { audit(new SecurityDataArchivalEvent( auditSubjectID, ILogger.FAILURE, - auditRequesterID)); + auditRequesterID, + requestId, + null)); throw new EProfileException(e); } @@ -179,7 +188,7 @@ public class CAEnrollProfile extends EnrollProfile { X509CertImpl theCert; try { theCert = caService.issueX509Cert( - aid, info, getId() /* profileId */, id /* requestId */); + aid, info, getId() /* profileId */, requestId.toString()); } catch (EBaseException e) { CMS.debug(e); throw new EProfileException(e); |