diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2017-04-04 17:53:53 +0200 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2017-04-05 02:58:06 +0200 |
| commit | 4ab0608cbda0c9336c5eb9ea40a7d3ca769ab17b (patch) | |
| tree | 8a6586ccd35ca0606299629ecb2cea5f7a957e63 /base/server | |
| parent | 88cd07655268831e14e7cd4f6f6a65e331f86583 (diff) | |
| download | pki-4ab0608cbda0c9336c5eb9ea40a7d3ca769ab17b.tar.gz pki-4ab0608cbda0c9336c5eb9ea40a7d3ca769ab17b.tar.xz pki-4ab0608cbda0c9336c5eb9ea40a7d3ca769ab17b.zip | |
Fixed PKIServerSocketListener.
The PKIServerSocketListener.alertReceived() has been fixed to
generate audit log when the SSL socket is closed by the client.
The log message has been modified to include the reason for the
termination.
https://pagure.io/dogtagpki/issue/2602
Change-Id: Ief2817f2b2b31cf6f60fae0ee4c55c17024f7988
Diffstat (limited to 'base/server')
| -rw-r--r-- | base/server/cms/src/org/dogtagpki/server/PKIServerSocketListener.java | 39 | ||||
| -rw-r--r-- | base/server/cmsbundle/src/LogMessages.properties | 2 |
2 files changed, 39 insertions, 2 deletions
diff --git a/base/server/cms/src/org/dogtagpki/server/PKIServerSocketListener.java b/base/server/cms/src/org/dogtagpki/server/PKIServerSocketListener.java index f147c7710..adba676ac 100644 --- a/base/server/cms/src/org/dogtagpki/server/PKIServerSocketListener.java +++ b/base/server/cms/src/org/dogtagpki/server/PKIServerSocketListener.java @@ -41,6 +41,42 @@ public class PKIServerSocketListener implements SSLSocketListener { @Override public void alertReceived(SSLAlertEvent event) { + try { + SSLSocket socket = event.getSocket(); + + SocketAddress remoteSocketAddress = socket.getRemoteSocketAddress(); + InetAddress clientAddress = remoteSocketAddress == null ? null : ((InetSocketAddress)remoteSocketAddress).getAddress(); + InetAddress serverAddress = socket.getLocalAddress(); + String clientIP = clientAddress == null ? "" : clientAddress.getHostAddress(); + String serverIP = serverAddress == null ? "" : serverAddress.getHostAddress(); + + SSLSecurityStatus status = socket.getStatus(); + X509Certificate peerCertificate = status.getPeerCertificate(); + Principal subjectDN = peerCertificate == null ? null : peerCertificate.getSubjectDN(); + String subjectID = subjectDN == null ? "" : subjectDN.toString(); + + int description = event.getDescription(); + String reason = SSLAlertDescription.valueOf(description).toString(); + + logger.debug("SSL alert received:"); + logger.debug(" - client: " + clientAddress); + logger.debug(" - server: " + serverAddress); + logger.debug(" - reason: " + reason); + + IAuditor auditor = CMS.getAuditor(); + + String auditMessage = CMS.getLogMessage( + "LOGGING_SIGNED_AUDIT_ACCESS_SESSION_TERMINATED", + clientIP, + serverIP, + subjectID, + reason); + + auditor.log(auditMessage); + + } catch (Exception e) { + e.printStackTrace(); + } } @Override @@ -75,7 +111,8 @@ public class PKIServerSocketListener implements SSLSocketListener { "LOGGING_SIGNED_AUDIT_ACCESS_SESSION_TERMINATED", clientIP, serverIP, - subjectID); + subjectID, + reason); auditor.log(auditMessage); diff --git a/base/server/cmsbundle/src/LogMessages.properties b/base/server/cmsbundle/src/LogMessages.properties index dde53ba73..7572db456 100644 --- a/base/server/cmsbundle/src/LogMessages.properties +++ b/base/server/cmsbundle/src/LogMessages.properties @@ -2737,7 +2737,7 @@ LOGGING_SIGNED_AUDIT_ACCESS_SESSION_ESTABLISH_SUCCESS=\ # separated by + (if more than one name;;value pair) of config params changed # LOGGING_SIGNED_AUDIT_ACCESS_SESSION_TERMINATED=\ -<type=ACCESS_SESSION_TERMINATED>:[AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP={0}][ServerIP={1}][SubjectID={2}][Outcome=Success] access session terminated +<type=ACCESS_SESSION_TERMINATED>:[AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP={0}][ServerIP={1}][SubjectID={2}][Outcome=Success][Info={3}] access session terminated ########################### |