diff options
author | Endi S. Dewata <edewata@redhat.com> | 2017-06-21 00:48:39 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2017-06-24 00:04:03 +0200 |
commit | db84bffad64dd4b9a9d684255794719ae13d677f (patch) | |
tree | ae053e4062ce95d7a890e0817b473f381dbce13d /base/server | |
parent | 5b2d619e9fdd3d020edda96196cac4e70a27fd6e (diff) | |
download | pki-db84bffad64dd4b9a9d684255794719ae13d677f.tar.gz pki-db84bffad64dd4b9a9d684255794719ae13d677f.tar.xz pki-db84bffad64dd4b9a9d684255794719ae13d677f.zip |
Refactored signed audit logger.
Signed audit logger creation has been simplified into:
Logger signedAuditLogger = SignedAuditLogger.getLogger();
The null checks on signed audit logger have been removed since
it cannot be null. Audit messages can be logged as follows:
signedAuditLogger.log(message);
https://pagure.io/dogtagpki/issue/2689
Change-Id: I3bf781b0194a6cbb166f71751c098d1c2a3a657a
Diffstat (limited to 'base/server')
31 files changed, 124 insertions, 399 deletions
diff --git a/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java b/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java index 94411671b..8d70b8dfe 100644 --- a/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java +++ b/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java @@ -87,6 +87,8 @@ import com.netscape.certsrv.profile.IProfileAuthenticator; import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.util.Utils; @@ -110,6 +112,9 @@ import netscape.security.x509.X509Key; public class CMCAuth implements IAuthManager, IExtendedPluginInfo, IProfileAuthenticator { + private static ILogger mLogger = CMS.getLogger(); + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + //////////////////////// // default parameters // //////////////////////// @@ -173,11 +178,6 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, // Logger parameters // /////////////////////// - /* the system's logger */ - private ILogger mLogger = CMS.getLogger(); - - /* signed audit parameters */ - private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static String SIGNED_AUDIT_ENROLLMENT_REQUEST_TYPE = "enrollment"; private final static String SIGNED_AUDIT_REVOCATION_REQUEST_TYPE = @@ -1068,18 +1068,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, * @param msg signed audit log message */ private void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { @@ -1102,10 +1091,6 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, * @return id string containing the signed audit log message SubjectID */ private String auditSubjectID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String subjectID = null; diff --git a/base/server/cms/src/com/netscape/cms/authentication/CMCUserSignedAuth.java b/base/server/cms/src/com/netscape/cms/authentication/CMCUserSignedAuth.java index 6c3ee8f93..4165d50ed 100644 --- a/base/server/cms/src/com/netscape/cms/authentication/CMCUserSignedAuth.java +++ b/base/server/cms/src/com/netscape/cms/authentication/CMCUserSignedAuth.java @@ -28,18 +28,17 @@ package com.netscape.cms.authentication; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; -import java.security.cert.X509Certificate; import java.math.BigInteger; import java.security.MessageDigest; import java.security.PublicKey; import java.security.cert.CertificateExpiredException; +import java.security.cert.X509Certificate; import java.util.Enumeration; import java.util.Hashtable; import java.util.Locale; import java.util.Vector; import org.mozilla.jss.CryptoManager; -import org.mozilla.jss.CryptoManager.NotInitializedException; import org.mozilla.jss.asn1.ASN1Util; import org.mozilla.jss.asn1.BIT_STRING; import org.mozilla.jss.asn1.INTEGER; @@ -90,6 +89,8 @@ import com.netscape.certsrv.profile.IProfileAuthenticator; import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.util.Utils; @@ -125,6 +126,9 @@ import netscape.security.x509.X509Key; public class CMCUserSignedAuth implements IAuthManager, IExtendedPluginInfo, IProfileAuthenticator { + private static ILogger mLogger = CMS.getLogger(); + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + //////////////////////// // default parameters // //////////////////////// @@ -193,11 +197,6 @@ public class CMCUserSignedAuth implements IAuthManager, IExtendedPluginInfo, // Logger parameters // /////////////////////// - /* the system's logger */ - private ILogger mLogger = CMS.getLogger(); - - /* signed audit parameters */ - private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static String SIGNED_AUDIT_ENROLLMENT_REQUEST_TYPE = "enrollment"; private final static String SIGNED_AUDIT_REVOCATION_REQUEST_TYPE = "revocation"; @@ -276,7 +275,7 @@ public class CMCUserSignedAuth implements IAuthManager, IExtendedPluginInfo, if (clientCert != null) { try { createAuditSubjectFromCert(auditContext, clientCert); - } catch (IOException e) { + } catch (IOException e) { //unlikely, and not necessarily required at this point CMS.debug("CMSUserSignedAuth: authenticate: after createAuditSubjectFromCert call; " + e); } @@ -1292,18 +1291,7 @@ public class CMCUserSignedAuth implements IAuthManager, IExtendedPluginInfo, * @param msg signed audit log message */ private void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { @@ -1326,10 +1314,6 @@ public class CMCUserSignedAuth implements IAuthManager, IExtendedPluginInfo, * @return id string containing the signed audit log message SubjectID */ private String getAuditSubjectID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String subjectID = null; diff --git a/base/server/cms/src/com/netscape/cms/logging/LogFile.java b/base/server/cms/src/com/netscape/cms/logging/LogFile.java index d5319ab53..b28b810f8 100644 --- a/base/server/cms/src/com/netscape/cms/logging/LogFile.java +++ b/base/server/cms/src/com/netscape/cms/logging/LogFile.java @@ -49,7 +49,6 @@ import java.util.Date; import java.util.Hashtable; import java.util.LinkedHashSet; import java.util.Locale; -import java.util.Properties; import java.util.Set; import java.util.Vector; @@ -87,6 +86,9 @@ import com.netscape.cmsutil.util.Utils; * @version $Revision$, $Date$ **/ public class LogFile implements ILogEventListener, IExtendedPluginInfo { + + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + public static final String PROP_TYPE = "type"; public static final String PROP_REGISTER = "register"; public static final String PROP_ON = "enable"; @@ -106,7 +108,6 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { private final static String LOG_SIGNED_AUDIT_EXCEPTION = "LOG_SIGNED_AUDIT_EXCEPTION_1"; - protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); protected IConfigStore mConfig = null; /** @@ -728,14 +729,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { ILogger.SUCCESS, base64Encode(sigBytes)); - if (mSignedAuditLogger == null) { - return; - } - - ILogEvent ev = mSignedAuditLogger.create( - ILogger.EV_SIGNED_AUDIT, - (Properties) null, - ILogger.S_SIGNED_AUDIT, + ILogEvent ev = signedAuditLogger.create( ILogger.LL_SECURITY, auditMessage, o, @@ -1535,18 +1529,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { * @param msg signed audit log message */ protected void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { diff --git a/base/server/cms/src/com/netscape/cms/logging/Logger.java b/base/server/cms/src/com/netscape/cms/logging/Logger.java index 0b33a3967..64653c2fa 100644 --- a/base/server/cms/src/com/netscape/cms/logging/Logger.java +++ b/base/server/cms/src/com/netscape/cms/logging/Logger.java @@ -44,7 +44,6 @@ public class Logger implements ILogger { static { register(EV_AUDIT, new AuditEventFactory()); register(EV_SYSTEM, new SystemEventFactory()); - register(EV_SIGNED_AUDIT, new SignedAuditEventFactory()); } LogFactory factory; diff --git a/base/server/cms/src/com/netscape/cms/logging/SignedAuditLogger.java b/base/server/cms/src/com/netscape/cms/logging/SignedAuditLogger.java index aaf96ae9f..cf9ddf987 100644 --- a/base/server/cms/src/com/netscape/cms/logging/SignedAuditLogger.java +++ b/base/server/cms/src/com/netscape/cms/logging/SignedAuditLogger.java @@ -17,6 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.logging; +import com.netscape.certsrv.logging.ILogger; + /** * A class represents certificate server logger * implementation. @@ -28,12 +30,17 @@ package com.netscape.cms.logging; */ public class SignedAuditLogger extends Logger { - /** - * Constructs a generic logger, and registers a list - * of resident event factories. - */ + private final static SignedAuditLogger logger = + new SignedAuditLogger(); + public SignedAuditLogger() { - super(); - register(EV_SIGNED_AUDIT, new SignedAuditEventFactory()); + super(new SignedAuditEventFactory(), + ILogger.EV_SIGNED_AUDIT, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY); + } + + public static SignedAuditLogger getLogger() { + return logger; } } diff --git a/base/server/cms/src/com/netscape/cms/profile/common/BasicProfile.java b/base/server/cms/src/com/netscape/cms/profile/common/BasicProfile.java index e47c72295..bf6193499 100644 --- a/base/server/cms/src/com/netscape/cms/profile/common/BasicProfile.java +++ b/base/server/cms/src/com/netscape/cms/profile/common/BasicProfile.java @@ -49,6 +49,8 @@ import com.netscape.certsrv.registry.IPluginInfo; import com.netscape.certsrv.registry.IPluginRegistry; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestStatus; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; /** * This class implements a basic profile. @@ -57,6 +59,8 @@ import com.netscape.certsrv.request.RequestStatus; */ public abstract class BasicProfile implements IProfile { + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + public static final String PROP_ENABLE = "enable"; public static final String PROP_ENABLE_BY = "enableBy"; public static final String PROP_IS_RENEWAL = "renewal"; @@ -96,8 +100,6 @@ public abstract class BasicProfile implements IProfile { protected Hashtable<String, Vector<IProfilePolicy>> mPolicySet = new Hashtable<String, Vector<IProfilePolicy>>(); - protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - public BasicProfile() { } @@ -1172,18 +1174,7 @@ public abstract class BasicProfile implements IProfile { * @param msg signed audit log message */ protected void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { @@ -1207,10 +1198,6 @@ public abstract class BasicProfile implements IProfile { * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String subjectID = null; diff --git a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java index 8f3e986c0..7dfaddac4 100644 --- a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java +++ b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java @@ -756,7 +756,7 @@ public abstract class EnrollProfile extends BasicProfile OBJECT_IDENTIFIER oid = attributes[i].getType(); if (oid.equals(OBJECT_IDENTIFIER.id_cmc_revokeRequest)) { id_cmc_revokeRequest = true; - // put in context for processing in + // put in context for processing in // CMCOutputTemplate.java later context.put(OBJECT_IDENTIFIER.id_cmc_revokeRequest, attributes[i]); @@ -2583,10 +2583,6 @@ public abstract class EnrollProfile extends BasicProfile * @return id string containing the signed audit log message RequesterID */ protected String auditRequesterID(IRequest request) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String requesterID = ILogger.UNIDENTIFIED; @@ -2613,10 +2609,6 @@ public abstract class EnrollProfile extends BasicProfile * @return id string containing the signed audit log message ProfileID */ protected String auditProfileID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String profileID = getId(); diff --git a/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java b/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java index 2affaf385..f63f8801c 100644 --- a/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java +++ b/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java @@ -39,6 +39,8 @@ import com.netscape.certsrv.profile.IProfileInput; import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cms.profile.common.EnrollProfile; import com.netscape.cmsutil.crypto.CryptoUtil; @@ -49,13 +51,13 @@ import com.netscape.cmsutil.crypto.CryptoUtil; */ public abstract class EnrollInput implements IProfileInput { + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + protected IConfigStore mConfig = null; protected Vector<String> mValueNames = new Vector<String>(); protected Vector<String> mConfigNames = new Vector<String>(); protected IProfile mProfile = null; - protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - /** * Initializes this default policy. */ @@ -252,18 +254,7 @@ public abstract class EnrollInput implements IProfileInput { * @param msg signed audit log message */ protected void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { @@ -287,10 +278,6 @@ public abstract class EnrollInput implements IProfileInput { * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String subjectID = null; diff --git a/base/server/cms/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java b/base/server/cms/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java index 276c5b59b..453a86c86 100644 --- a/base/server/cms/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java +++ b/base/server/cms/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java @@ -40,6 +40,8 @@ import com.netscape.certsrv.request.RequestStatus; import com.netscape.certsrv.usrgrp.IGroup; import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import netscape.security.x509.X509CertImpl; @@ -51,10 +53,12 @@ import netscape.security.x509.X509CertImpl; */ public class SubsystemGroupUpdater implements IProfileUpdater { + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + @SuppressWarnings("unused") private IProfile mProfile; private IConfigStore mConfig = null; - private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); + private Vector<String> mConfigNames = new Vector<String>(); public SubsystemGroupUpdater() { @@ -258,15 +262,7 @@ public class SubsystemGroupUpdater implements IProfileUpdater { } private void audit(String msg) { - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { @@ -280,9 +276,6 @@ public class SubsystemGroupUpdater implements IProfileUpdater { } private String auditSubjectID() { - if (mSignedAuditLogger == null) { - return null; - } String subjectID = null; diff --git a/base/server/cms/src/com/netscape/cms/realm/PKIRealm.java b/base/server/cms/src/com/netscape/cms/realm/PKIRealm.java index 830619321..f74b9dac9 100644 --- a/base/server/cms/src/com/netscape/cms/realm/PKIRealm.java +++ b/base/server/cms/src/com/netscape/cms/realm/PKIRealm.java @@ -24,6 +24,8 @@ import com.netscape.certsrv.usrgrp.EUsrGrpException; import com.netscape.certsrv.usrgrp.IGroup; import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cms.servlet.common.AuthCredentials; import netscape.security.x509.X509CertImpl; @@ -37,7 +39,9 @@ import netscape.security.x509.X509CertImpl; */ public class PKIRealm extends RealmBase { - protected ILogger signedAuditLogger = CMS.getSignedAuditLogger(); + + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + @Override protected String getName() { return "PKIRealm"; @@ -208,18 +212,7 @@ public class PKIRealm extends RealmBase { * @param msg signed audit log message */ protected void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (signedAuditLogger == null) { - return; - } - - signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java index 662a3e9da..5b136be2f 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java @@ -953,8 +953,6 @@ public class AdminServlet extends HttpServlet { * @param msg signed audit log message */ protected void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters if (auditor == null) { return; diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java index 8d28408a3..7ddb0c8db 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java @@ -105,8 +105,6 @@ public final class CMSAdminServlet extends AdminServlet { private final static String PROP_SMTP = "smtp"; private final static String PROP_INTERNAL_DB = "internaldb"; - private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - // CMS must be instantiated before this admin servlet. /** @@ -3304,10 +3302,6 @@ public final class CMSAdminServlet extends AdminServlet { * @return key string containing the public key */ private String auditPublicKey(KeyPair object) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } if (object == null) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; diff --git a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java index c10620549..84ac2ea31 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -78,6 +78,8 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.usrgrp.IGroup; import com.netscape.certsrv.usrgrp.IUGSubsystem; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cms.servlet.common.AuthCredentials; import com.netscape.cms.servlet.common.CMSFileLoader; import com.netscape.cms.servlet.common.CMSGateway; @@ -114,9 +116,9 @@ import netscape.security.x509.X509CertImpl; * @version $Revision$, $Date$ */ public abstract class CMSServlet extends HttpServlet { - /** - * - */ + + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + private static final long serialVersionUID = -3886300199374147160L; // servlet init params // xxxx todo:Should enforce init param value checking! @@ -247,7 +249,6 @@ public abstract class CMSServlet extends HttpServlet { protected String mAclMethod = null; protected String mAuthzResourceName = null; - protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); protected String mOutputTemplatePath = null; private IUGSubsystem mUG = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); @@ -2022,18 +2023,7 @@ public abstract class CMSServlet extends HttpServlet { * @param msg signed audit log message */ protected void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { @@ -2057,10 +2047,6 @@ public abstract class CMSServlet extends HttpServlet { * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } CMS.debug("CMSServlet: in auditSubjectID"); String subjectID = null; @@ -2097,10 +2083,6 @@ public abstract class CMSServlet extends HttpServlet { * @return id string containing the signed audit log message SubjectID */ protected String auditGroupID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } CMS.debug("CMSServlet: in auditGroupID"); String groupID = null; @@ -2138,10 +2120,6 @@ public abstract class CMSServlet extends HttpServlet { * with the "auditSubjectID()" */ private String auditGroups(String SubjectID) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } if ((SubjectID == null) || (SubjectID.equals(ILogger.UNIDENTIFIED))) { diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java b/base/server/cms/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java index a66cd9574..7dad38820 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java @@ -981,10 +981,6 @@ public class CMCRevReqServlet extends CMSServlet { * @return id string containing the signed audit log message RequesterID */ private String auditRequesterID(HttpServletRequest req) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String requesterID = null; @@ -1011,10 +1007,6 @@ public class CMCRevReqServlet extends CMSServlet { * @return id string containing the signed audit log message RequesterID */ private String auditSerialNumber(String eeSerialNumber) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String serialNumber = null; @@ -1044,10 +1036,6 @@ public class CMCRevReqServlet extends CMSServlet { * @return string containing REVOKE or ON_HOLD */ private String auditRequestType(int reason) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String requestType = null; diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java b/base/server/cms/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java index a9a62389f..eab05edff 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java +++ b/base/server/cms/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java @@ -847,10 +847,6 @@ public class DoRevokeTPS extends CMSServlet { * @return id string containing the signed audit log message RequesterID */ private String auditRequesterID(HttpServletRequest req) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String requesterID = null; @@ -878,10 +874,6 @@ public class DoRevokeTPS extends CMSServlet { * @return id string containing the signed audit log message RequesterID */ private String auditSerialNumber(String eeSerialNumber) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String serialNumber = null; @@ -909,10 +901,6 @@ public class DoRevokeTPS extends CMSServlet { * @return string containing REVOKE or ON_HOLD */ private String auditRequestType(int reason) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String requestType = null; diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java b/base/server/cms/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java index 36a6802d6..6a83fcefe 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java +++ b/base/server/cms/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java @@ -557,10 +557,6 @@ public class DoUnrevokeTPS extends CMSServlet { * @return id string containing the signed audit log message RequesterID */ private String auditRequesterID(HttpServletRequest req) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String requesterID = null; @@ -588,10 +584,6 @@ public class DoUnrevokeTPS extends CMSServlet { * @return id string containing the signed audit log message RequesterID */ private String auditSerialNumber(String eeSerialNumber) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String serialNumber = null; diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java b/base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java index 150c36fb7..e31ed1b2e 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java +++ b/base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java @@ -87,6 +87,8 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.request.RequestStatus; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cms.servlet.profile.SSLClientCertProvider; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.scep.CRSPKIMessage; @@ -136,10 +138,11 @@ import netscape.security.x509.X509Key; * @version $Revision$, $Date$ */ public class CRSEnrollment extends HttpServlet { - /** - * - */ + + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + private static final long serialVersionUID = 8483002540957382369L; + protected IProfileSubsystem mProfileSubsystem = null; protected String mProfileId = null; protected ICertAuthority mAuthority; @@ -1502,12 +1505,7 @@ public class CRSEnrollment extends HttpServlet { req.getTransactionID(), "CRSEnrollment", ILogger.SIGNED_AUDIT_EMPTY_VALUE); - ILogger signedAuditLogger = CMS.getSignedAuditLogger(); - if (signedAuditLogger != null) { - signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, auditMessage); - } + signedAuditLogger.log(auditMessage); return null; } else { diff --git a/base/server/cms/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java b/base/server/cms/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java index 1e509d3b3..656d3d758 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java +++ b/base/server/cms/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java @@ -72,7 +72,6 @@ import org.mozilla.jss.pkix.primitive.Name; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.ISharedToken; import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.EPropertyNotFound; import com.netscape.certsrv.base.SessionContext; import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.dbs.certdb.ICertRecord; @@ -86,6 +85,8 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.request.RequestStatus; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cmsutil.crypto.CryptoUtil; import netscape.security.x509.CRLExtensions; @@ -104,7 +105,8 @@ import netscape.security.x509.X509Key; * @version $ $, $Date$ */ public class CMCOutputTemplate { - protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); + + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); public CMCOutputTemplate() { } @@ -1086,7 +1088,7 @@ public class CMCOutputTemplate { return bpid; } - String sharedSecret = + String sharedSecret = sharedSecret = tokenClass.getSharedToken(revokeSerial); if (sharedSecret == null) { @@ -1333,18 +1335,7 @@ public class CMCOutputTemplate { } protected void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } private RevocationReason toRevocationReason(ENUMERATED n) { diff --git a/base/server/cms/src/com/netscape/cms/servlet/connector/ConnectorServlet.java b/base/server/cms/src/com/netscape/cms/servlet/connector/ConnectorServlet.java index 82f3071cd..a547eec3f 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/connector/ConnectorServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/connector/ConnectorServlet.java @@ -59,6 +59,8 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.request.RequestStatus; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; @@ -83,9 +85,10 @@ import netscape.security.x509.X509CertInfo; * @version $Revision$, $Date$ */ public class ConnectorServlet extends CMSServlet { - /** - * - */ + + private static ILogger mLogger = CMS.getLogger(); + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + private static final long serialVersionUID = 1221916495803185863L; public static final String INFO = "Connector Servlet"; public final static String PROP_AUTHORITY = "authority"; @@ -93,9 +96,7 @@ public class ConnectorServlet extends CMSServlet { protected IAuthority mAuthority = null; protected IRequestEncoder mReqEncoder = null; protected IAuthSubsystem mAuthSubsystem = null; - protected ILogger mLogger = CMS.getLogger(); - protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static String SIGNED_AUDIT_PROTECTION_METHOD_SSL = "ssl"; public ConnectorServlet() { @@ -986,18 +987,7 @@ public class ConnectorServlet extends CMSServlet { * @param msg signed audit log message */ protected void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { @@ -1021,10 +1011,6 @@ public class ConnectorServlet extends CMSServlet { * @return id string containing the signed audit log message ProfileID */ protected String auditProfileID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String profileID = getId(); diff --git a/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java index bc5b9b5a1..79bd7c4c6 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java +++ b/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java @@ -68,6 +68,8 @@ import com.netscape.certsrv.usrgrp.ICertUserLocator; import com.netscape.certsrv.usrgrp.IGroup; import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.util.IStatsSubsystem; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cms.servlet.common.AuthCredentials; import com.netscape.cms.servlet.common.CMSGateway; import com.netscape.cms.servlet.common.ServletUtils; @@ -76,6 +78,8 @@ import netscape.security.x509.X509CertImpl; public class CAProcessor extends Processor { + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + public final static String ARG_REQUEST_OWNER = "requestOwner"; public final static String HDR_LANG = "accept-language"; public final static String ARG_PROFILE = "profile"; @@ -137,7 +141,6 @@ public class CAProcessor extends Processor { //logging and stats - protected ILogger signedAuditLogger = CMS.getSignedAuditLogger(); protected LinkedHashSet<String> statEvents = new LinkedHashSet<String>(); public CAProcessor(String id, Locale locale) throws EPropertyNotFound, EBaseException { @@ -885,18 +888,7 @@ public class CAProcessor extends Processor { * AUDIT FUNCTIONS (to be moved to Auditor?) ******************************************/ protected void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (signedAuditLogger == null) { - return; - } - - signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { @@ -920,10 +912,6 @@ public class CAProcessor extends Processor { * @return id string containing the signed audit log message RequesterID */ protected String auditRequesterID(IRequest request) { - // if no signed audit object exists, bail - if (signedAuditLogger == null) { - return null; - } String requesterID = ILogger.UNIDENTIFIED; @@ -940,10 +928,6 @@ public class CAProcessor extends Processor { } protected String auditSubjectID() { - // if no signed audit object exists, bail - if (signedAuditLogger == null) { - return null; - } CMS.debug("CMSServlet: in auditSubjectID"); String subjectID = null; @@ -970,10 +954,6 @@ public class CAProcessor extends Processor { } protected String auditGroupID() { - // if no signed audit object exists, bail - if (signedAuditLogger == null) { - return null; - } CMS.debug("CMSServlet: in auditGroupID"); String groupID = null; @@ -1011,10 +991,6 @@ public class CAProcessor extends Processor { * with the "auditSubjectID()" */ protected String auditGroups(String SubjectID) { - // if no signed audit object exists, bail - if (signedAuditLogger == null) { - return null; - } if ((SubjectID == null) || (SubjectID.equals(ILogger.UNIDENTIFIED))) { diff --git a/base/server/cms/src/com/netscape/cms/servlet/processors/PKIProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/processors/PKIProcessor.java index e60c30a27..fb4389528 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/processors/PKIProcessor.java +++ b/base/server/cms/src/com/netscape/cms/servlet/processors/PKIProcessor.java @@ -34,6 +34,8 @@ import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.logging.LogCategory; import com.netscape.certsrv.request.IRequest; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.ECMSGWException; @@ -50,6 +52,8 @@ import netscape.security.x509.X509CertInfo; */ public class PKIProcessor implements IPKIProcessor { + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + public final static String ADMIN_ENROLL_SERVLET_ID = "caadminEnroll"; public static final String SUBJECT_NAME = "subject"; public static final String OLD_CERT_TYPE = "csrCertType"; @@ -63,8 +67,6 @@ public class PKIProcessor implements IPKIProcessor { protected String mServletId = null; protected CMSServlet mServlet = null; - protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - public PKIProcessor() { } @@ -304,18 +306,7 @@ public class PKIProcessor implements IPKIProcessor { * @param msg signed audit log message */ protected void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { @@ -339,10 +330,6 @@ public class PKIProcessor implements IPKIProcessor { * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String subjectID = null; diff --git a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java index f56c37866..4af131450 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java @@ -472,10 +472,6 @@ public class ProfileApproveServlet extends ProfileServlet { * @return id string containing the signed audit log message ProfileID */ private String auditProfileID(HttpServletRequest req) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String profileID = null; @@ -503,10 +499,6 @@ public class ProfileApproveServlet extends ProfileServlet { * or SIGNED_AUDIT_EMPTY_VALUE */ private String auditProfileOp(HttpServletRequest req) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } if (mProfileSubId == null || mProfileSubId.equals("")) { diff --git a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileServlet.java b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileServlet.java index 233d9a710..50034834a 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileServlet.java @@ -160,8 +160,6 @@ public class ProfileServlet extends CMSServlet { protected LogSource mLogCategory = ILogger.S_OTHER; protected String mProfileSubId = null; - protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - // stats protected LinkedHashSet<String> statEvents = new LinkedHashSet<String>(); diff --git a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java index d0871628a..ded237b8d 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java @@ -41,8 +41,6 @@ import org.mozilla.jss.pkix.cmc.OtherInfo; import org.mozilla.jss.pkix.cmc.TaggedAttribute; import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.EInvalidCredentials; -import com.netscape.certsrv.authentication.EMissingCredential; import com.netscape.certsrv.authentication.IAuthManager; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.authorization.AuthzToken; @@ -1012,10 +1010,6 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { * @return id string containing the signed audit log message RequesterID */ private String auditRequesterID(IRequest request) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String requesterID = ILogger.UNIDENTIFIED; diff --git a/base/server/cms/src/com/netscape/cms/servlet/request/ProcessCertReq.java b/base/server/cms/src/com/netscape/cms/servlet/request/ProcessCertReq.java index c229263dc..3fcf60ab1 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/request/ProcessCertReq.java +++ b/base/server/cms/src/com/netscape/cms/servlet/request/ProcessCertReq.java @@ -1733,15 +1733,9 @@ public class ProcessCertReq extends CMSServlet { * @return id string containing the signed audit log message InfoName */ private String auditInfoName(String type) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters (this is done below) String infoName = ILogger.UNIDENTIFIED; - if (mSignedAuditLogger == null) { - return infoName; - } - if (type != null) { type = type.trim(); diff --git a/base/server/cms/src/org/dogtagpki/server/rest/ACLInterceptor.java b/base/server/cms/src/org/dogtagpki/server/rest/ACLInterceptor.java index b4f75f1c8..3d2ee5e28 100644 --- a/base/server/cms/src/org/dogtagpki/server/rest/ACLInterceptor.java +++ b/base/server/cms/src/org/dogtagpki/server/rest/ACLInterceptor.java @@ -49,6 +49,8 @@ import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.logging.event.AuthzFailEvent; import com.netscape.certsrv.logging.event.AuthzSuccessEvent; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cms.realm.PKIPrincipal; /** @@ -56,7 +58,9 @@ import com.netscape.cms.realm.PKIPrincipal; */ @Provider public class ACLInterceptor implements ContainerRequestFilter { - protected ILogger signedAuditLogger = CMS.getSignedAuditLogger(); + + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + private final static String LOGGING_ACL_PARSING_ERROR = "internal error: ACL parsing error"; private final static String LOGGING_NO_ACL_ACCESS_ALLOWED = "no ACL configured; OK"; private final static String LOGGING_MISSING_AUTH_TOKEN = "auth token not found"; @@ -329,18 +333,7 @@ public class ACLInterceptor implements ContainerRequestFilter { * @param msg signed audit log message */ protected void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (signedAuditLogger == null) { - return; - } - - signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { diff --git a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java index 4d0384a2b..7650998f5 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java +++ b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java @@ -62,7 +62,6 @@ import org.mozilla.jss.util.PasswordCallback; import org.w3c.dom.Element; import org.w3c.dom.NodeList; -import com.netscape.certsrv.authentication.ISharedToken; import com.netscape.certsrv.acls.ACL; import com.netscape.certsrv.acls.ACLEntry; import com.netscape.certsrv.acls.EACLsException; @@ -70,6 +69,7 @@ import com.netscape.certsrv.acls.IACL; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.apps.ICMSEngine; import com.netscape.certsrv.apps.ICommandQueue; +import com.netscape.certsrv.authentication.ISharedToken; import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; @@ -118,7 +118,6 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.logging.Logger; -import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cmscore.authentication.AuthSubsystem; import com.netscape.cmscore.authentication.VerifiedCert; import com.netscape.cmscore.authentication.VerifiedCerts; @@ -1953,10 +1952,6 @@ public class CMSEngine implements ICMSEngine { return Auditor.getAuditor(); } - public ILogger getSignedAuditLogger() { - return SignedAuditLogger.getLogger(); - } - /** * starts up subsystems in a subsystem list.. */ diff --git a/base/server/cmscore/src/com/netscape/cmscore/cert/CertUtils.java b/base/server/cmscore/src/com/netscape/cmscore/cert/CertUtils.java index 6691f7ab5..7519d6274 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/cert/CertUtils.java +++ b/base/server/cmscore/src/com/netscape/cmscore/cert/CertUtils.java @@ -43,6 +43,8 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cmsutil.util.Utils; import netscape.security.extensions.NSCertTypeExtension; @@ -73,6 +75,9 @@ import netscape.security.x509.X509Key; * @version $Revision$, $Date$ */ public class CertUtils { + + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + public static final String CERT_NEW_REQUEST_HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----"; public static final String CERT_NEW_REQUEST_TRAILER = "-----END NEW CERTIFICATE REQUEST-----"; public static final String CERT_REQUEST_HEADER = "-----BEGIN CERTIFICATE REQUEST-----"; @@ -83,8 +88,6 @@ public class CertUtils { "-----BEGIN CERTIFICATE REVOCATION LIST-----"; public static final String END_CRL_HEADER = "-----END CERTIFICATE REVOCATION LIST-----"; - - protected static ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); /** * Remove the header and footer in the PKCS10 request. */ @@ -1089,17 +1092,7 @@ public class CertUtils { * @param msg signed audit log message */ private static void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { diff --git a/base/server/cmscore/src/com/netscape/cmscore/logging/Auditor.java b/base/server/cmscore/src/com/netscape/cmscore/logging/Auditor.java index 896256184..339f4dc63 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/logging/Auditor.java +++ b/base/server/cmscore/src/com/netscape/cmscore/logging/Auditor.java @@ -29,6 +29,8 @@ import com.netscape.certsrv.logging.IAuditor; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.usrgrp.IGroup; import com.netscape.certsrv.usrgrp.IUGSubsystem; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; /** * @author Endi S. Dewata @@ -37,7 +39,7 @@ public class Auditor implements IAuditor { public final static Auditor auditor = new Auditor(); - public ILogger signedAuditLogger = CMS.getSignedAuditLogger(); + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); public static IAuditor getAuditor() { return auditor; @@ -45,8 +47,6 @@ public class Auditor implements IAuditor { @Override public String getSubjectID() { - // if no signed audit object exists, bail - if (signedAuditLogger == null) return null; SessionContext context = SessionContext.getExistingContext(); if (context == null) return ILogger.UNIDENTIFIED; @@ -60,8 +60,6 @@ public class Auditor implements IAuditor { @Override public String getGroups(String subjectID) { - // if no signed audit object exists, bail - if (signedAuditLogger == null) return null; if (subjectID == null || subjectID.equals(ILogger.UNIDENTIFIED)) return ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -95,9 +93,6 @@ public class Auditor implements IAuditor { @Override public String getParamString(String scope, String type, String id, Map<String, String> params) { - // if no signed audit object exists, bail - if (signedAuditLogger == null) - return null; StringBuilder parameters = new StringBuilder(); // always identify the scope of the request @@ -209,15 +204,7 @@ public class Auditor implements IAuditor { @Override public void log(String message) { - - if (signedAuditLogger == null) return; - - signedAuditLogger.log( - ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - message); + signedAuditLogger.log(message); } @Override diff --git a/base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java index e1d6e1572..c95994c74 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java +++ b/base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java @@ -47,6 +47,8 @@ import com.netscape.certsrv.selftests.EMissingSelfTestException; import com.netscape.certsrv.selftests.ESelfTestException; import com.netscape.certsrv.selftests.ISelfTest; import com.netscape.certsrv.selftests.ISelfTestSubsystem; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; ////////////////////// // class definition // @@ -62,6 +64,11 @@ import com.netscape.certsrv.selftests.ISelfTestSubsystem; */ public class SelfTestSubsystem implements ISelfTestSubsystem { + + private static ILogEventListener mLogger; + private static ILogger mErrorLogger = CMS.getLogger(); + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + //////////////////////// // default parameters // //////////////////////// @@ -77,9 +84,7 @@ public class SelfTestSubsystem @SuppressWarnings("unused") private ISubsystem mOwner; private IConfigStore mConfig = null; - private ILogEventListener mLogger = null; - private ILogger mErrorLogger = CMS.getLogger(); - private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); + private String mRootPrefix = null; private String mPrefix = null; @@ -113,18 +118,7 @@ public class SelfTestSubsystem * @param msg signed audit log message */ private void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { @@ -953,8 +947,6 @@ public class SelfTestSubsystem * @param msg self test log message */ public void log(ILogEventListener logger, String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters if (logger != null) { // log the message to the "selftests.log" log diff --git a/base/server/cmscore/src/com/netscape/cmscore/session/SessionTimer.java b/base/server/cmscore/src/com/netscape/cmscore/session/SessionTimer.java index c6db13190..18e038a33 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/session/SessionTimer.java +++ b/base/server/cmscore/src/com/netscape/cmscore/session/SessionTimer.java @@ -25,10 +25,15 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.ISecurityDomainSessionTable; import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; public class SessionTimer extends TimerTask { + + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + private ISecurityDomainSessionTable m_sessiontable = null; - private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); + public SessionTimer(ISecurityDomainSessionTable table) { super(); m_sessiontable = table; @@ -64,11 +69,7 @@ public class SessionTimer extends TimerTask { ILogger.SUCCESS, auditParams); - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - auditMessage); + signedAuditLogger.log(auditMessage); } } |