Encapsulate recovery request approval audit logs

The audit logs where an agent grants an asynchronous recovery request
and the case where recovery request is appproved from the REST API
are consolidated and encapsulated in a class.

Change-Id: I237c1dcfc413012d421f3ccc64e21c7caf5a7701

2 files changed, 12 insertions, 55 deletions

diff --git a/base/server/cms/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java b/base/server/cms/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java
index c41052554..2a5006787 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java
@@ -34,8 +34,9 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IArgBlock;
 import com.netscape.certsrv.common.ICMSRequest;
 import com.netscape.certsrv.kra.IKeyService;
-import com.netscape.certsrv.logging.AuditEvent;
 import com.netscape.certsrv.logging.ILogger;
+import com.netscape.certsrv.logging.event.SecurityDataRecoveryStateChangeEvent;
+import com.netscape.certsrv.request.RequestId;
 import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.CMSTemplate;
@@ -194,32 +195,7 @@ public class GrantAsyncRecovery extends CMSServlet {
             String agentID,
             HttpServletRequest req, HttpServletResponse resp,
             Locale locale) {
-        String auditMessage = null;
         String auditSubjectID = auditSubjectID();
-        String auditRequestID = reqID;
-        String auditAgentID = agentID;
-
-        // "normalize" the "reqID"
-        if (auditRequestID != null) {
-            auditRequestID = auditRequestID.trim();
-
-            if (auditRequestID.equals("")) {
-                auditRequestID = ILogger.UNIDENTIFIED;
-            }
-        } else {
-            auditRequestID = ILogger.UNIDENTIFIED;
-        }
-
-        // "normalize" the "auditAgentID"
-        if (auditAgentID != null) {
-            auditAgentID = auditAgentID.trim();
-
-            if (auditAgentID.equals("")) {
-                auditAgentID = ILogger.UNIDENTIFIED;
-            }
-        } else {
-            auditAgentID = ILogger.UNIDENTIFIED;
-        }
 
         try {
             header.addStringValue(OUT_OP,
@@ -233,40 +209,21 @@ public class GrantAsyncRecovery extends CMSServlet {
             header.addStringValue("requestID", reqID);
             header.addStringValue("agentID", agentID);
 
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        AuditEvent.KEY_RECOVERY_AGENT_LOGIN,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditRequestID,
-                        auditAgentID);
 
-            audit(auditMessage);
-
-        } catch (EBaseException e) {
-            header.addStringValue(OUT_ERROR, e.toString(locale));
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        AuditEvent.KEY_RECOVERY_AGENT_LOGIN,
+            audit(new SecurityDataRecoveryStateChangeEvent(
                         auditSubjectID,
-                        ILogger.FAILURE,
-                        auditRequestID,
-                        auditAgentID);
+                        ILogger.SUCCESS,
+                        new RequestId(reqID),
+                        "approve"));
 
-            audit(auditMessage);
         } catch (Exception e) {
             header.addStringValue(OUT_ERROR, e.toString());
 
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        AuditEvent.KEY_RECOVERY_AGENT_LOGIN,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditRequestID,
-                        auditAgentID);
-
-            audit(auditMessage);
+            audit(new SecurityDataRecoveryStateChangeEvent(
+                    auditSubjectID,
+                    ILogger.FAILURE,
+                    new RequestId(reqID),
+                    "approve"));
         }
     }
 }
diff --git a/base/server/cmsbundle/src/LogMessages.properties b/base/server/cmsbundle/src/LogMessages.properties
index 3b998d99c..44eec2347 100644
--- a/base/server/cmsbundle/src/LogMessages.properties
+++ b/base/server/cmsbundle/src/LogMessages.properties
@@ -2449,7 +2449,7 @@ LOGGING_SIGNED_AUDIT_SECURITY_DATA_RECOVERY_REQUEST=<type=SECURITY_DATA_RECOVERY
 # RecoveryID must be the recovery request ID
 # Operation is the operation performed (approve, reject, cancel etc.)
 #
-LOGGING_SIGNED_AUDIT_SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE_4=<type=SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE>:[AuditEvent=SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE][SubjectID={0}][Outcome={1}][RecoveryID={2}][Operation={3}] security data recovery request state change
+LOGGING_SIGNED_AUDIT_SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE=<type=SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE>:[AuditEvent=SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE][SubjectID={0}][Outcome={1}][RecoveryID={2}][Operation={3}] security data recovery request state change
 #
 # LOGGING_SIGNED_AUDIT_SECURITY_DATA_EXPORT_KEY
 # - used when user attempts to retrieve key after the recovery request