Encapsulate key retrieval audit events

Key retrieval is when the key/secret is extracted and returned
to the client (once the recovery request is approved).  We combine
SECURITY_DATA_RETRIEVE_KEY and a couple of older EXPORT events.

Note: an analysis of the key retrieval rest flow (and the auditing
there will be done in a subsequent patch).

Change-Id: Ibd897772fef154869a721fda55ff7498210ca03c

1 files changed, 4 insertions, 22 deletions

diff --git a/base/server/cmsbundle/src/LogMessages.properties b/base/server/cmsbundle/src/LogMessages.properties
index 5a01e1396..9cdcae687 100644
--- a/base/server/cmsbundle/src/LogMessages.properties
+++ b/base/server/cmsbundle/src/LogMessages.properties
@@ -1943,26 +1943,6 @@ LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE_4=<type=LOG_PATH_CHANGE>:[AuditEvent=LOG_PA
 # -- feature disabled --
 #LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE_4=<type=LOG_EXPIRATION_CHANGE>:[AuditEvent=LOG_EXPIRATION_CHANGE][SubjectID={0}][Outcome={1}][LogType={2}][ExpirationTime={3}] log expiration time change attempt
 #
-# LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
-# - used when user private key export request is made and processed with success
-# - this is used in case of server-side keygen when keys generated on the server
-#   need to be transported back to the client
-# EntityID must be the id that represents the client
-# PubKey must be the base-64 encoded public key associated with
-#    the private key to be archived
-#
-LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4=<type=PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS>:[AuditEvent=PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS][SubjectID={0}][Outcome={1}][EntityID={2}][PubKey={3}] private key export request processed with success
-#
-# LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
-# - used when user private key export request is made and processed with failure
-# - this is used in case of server-side keygen when keys generated on the server
-#   need to be transported back to the client
-# EntityID must be the id that represents the client
-# PubKey must be the base-64 encoded public key associated with
-#    the private key to be archived
-#
-LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4=<type=PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE>:[AuditEvent=PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE][SubjectID={0}][Outcome={1}][EntityID={2}][PubKey={3}] private key export request processed with failure
-#
 # LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST
 # - used when server-side key generation request is made
 #    This is for tokenkeys
@@ -2476,9 +2456,11 @@ LOGGING_SIGNED_AUDIT_SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE_4=<type=SECURIT
 #   has been approved.
 # 
 # RecoveryID must be the recovery request ID
-# Operation is the operation performed (approve, reject, cancel etc.)
+# KeyID is the key being retrieved
+# Info is the failure reason if the export fails.
+# PubKey is the public key for the private key being retrieved
 #
-LOGGING_SIGNED_AUDIT_SECURITY_DATA_RETRIEVE_KEY_5=<type=SECURITY_DATA_RETRIEVE_KEY>:[AuditEvent=SECURITY_DATA_RETRIEVE_KEY][SubjectID={0}][Outcome={1}][RecoveryID={2}][KeyID={3}][Info={4}] security data retrieval request
+LOGGING_SIGNED_AUDIT_SECURITY_DATA_EXPORT_KEY=<type=SECURITY_DATA_EXPORT_KEY>:[AuditEvent=SECURITY_DATA_EXPORT_KEY][SubjectID={0}][Outcome={1}][RecoveryID={2}][KeyID={3}][Info={4}][PubKey={5}] security data retrieval request
 #
 # LOGGING_SIGNED_AUDIT_KEY_STATUS_CHANGE
 # - used when modify key status is executed