Ticket #1006 Audit logging for TPS REST operations

This patch adds audit logging to TPS REST wrote-specific operations. The read-specific operations are already captured by AuditEvent=AUTHZ_* The affected (new or modified) log messages include: LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_GENERAL_5 LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_PROFILE_6 LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_MAPPING_RESOLVER_6 LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_AUTHENTICATOR_6 LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_CONNECTOR_6 LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_RECORD_6 LOGGING_SIGNED_AUDIT_TOKEN_STATE_CHANGE_8
author: Christina Fu <cfu@redhat.com> 2016-03-24 16:23:05 -0700
committer: Christina Fu <cfu@redhat.com> 2016-03-28 15:46:43 -0700
commit: 41a99a5938c6881a978199fe10b0c392eb27d569 (patch)
tree: 9de46099b3cc73cd5f691848bba9aa2b523c10aa /base/tps/src/org/dogtagpki/server/tps/config/ConfigService.java
parent: 93179af9333197cbdce843f16c02107b8d1db17e (diff)
download: pki-41a99a5938c6881a978199fe10b0c392eb27d569.tar.gz
pki-41a99a5938c6881a978199fe10b0c392eb27d569.tar.xz
pki-41a99a5938c6881a978199fe10b0c392eb27d569.zip
1 files changed, 24 insertions, 6 deletions
diff --git a/base/tps/src/org/dogtagpki/server/tps/config/ConfigService.java b/base/tps/src/org/dogtagpki/server/tps/config/ConfigService.java
index 6cd5e9f7d..b0b4fd229 100644
--- a/base/tps/src/org/dogtagpki/server/tps/config/ConfigService.java
+++ b/base/tps/src/org/dogtagpki/server/tps/config/ConfigService.java
@@ -20,6 +20,7 @@ package org.dogtagpki.server.tps.config;
 
 import java.io.UnsupportedEncodingException;
 import java.net.URI;
+import java.util.HashMap;
 import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
@@ -34,6 +35,7 @@ import org.jboss.resteasy.plugins.providers.atom.Link;
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.BadRequestException;
 import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.tps.config.ConfigData;
 import com.netscape.certsrv.tps.config.ConfigResource;
 import com.netscape.cms.servlet.base.PKIService;
@@ -94,8 +96,15 @@ public class ConfigService extends PKIService implements ConfigResource {
 
     @Override
     public Response updateConfig(ConfigData configData) {
+        String method = "ConfigService.updateConfig";
+        Map<String, String> auditModParams = new HashMap<String, String>();
 
-        if (configData == null) throw new BadRequestException("Config data is null.");
+        if (configData == null) {
+            BadRequestException e = new BadRequestException("Config data is null.");
+            auditModParams.put("Info", e.toString());
+            auditConfigTokenGeneral(ILogger.FAILURE, method, auditModParams, e.toString());
+            throw e;
+        }
 
         CMS.debug("ConfigService.updateConfig()");
 
@@ -103,32 +112,41 @@ public class ConfigService extends PKIService implements ConfigResource {
             ConfigDatabase configDatabase = new ConfigDatabase();
             ConfigRecord configRecord = configDatabase.getRecord("Generals");
 
-            Map<String, String> properties = configData.getProperties();
-            if (properties != null) {
+            Map<String, String> newProperties = configData.getProperties();
+            if (newProperties != null) {
                 // validate new properties
-                configDatabase.validateProperties(configRecord, null, properties);
+                configDatabase.validateProperties(configRecord, null, newProperties);
 
                 // remove old properties
                 configDatabase.removeProperties(configRecord, null);
 
                 // add new properties
-                configDatabase.addProperties(configRecord, null, properties);
+                configDatabase.addProperties(configRecord, null, newProperties);
             }
 
             configDatabase.commit();
 
-            properties = configDatabase.getProperties(configRecord, null);
+            Map<String, String> properties = configDatabase.getProperties(configRecord, null);
             configData = createConfigData(properties);
 
+            auditConfigTokenGeneral(ILogger.SUCCESS, method,
+                    newProperties, null);
+
             return Response
                     .ok(configData)
                     .build();
 
         } catch (PKIException e) {
+            CMS.debug(method +": " + e);
+            auditConfigTokenGeneral(ILogger.FAILURE, method,
+                    auditModParams, e.toString());
             throw e;
 
         } catch (Exception e) {
             e.printStackTrace();
+            CMS.debug(method +": " + e);
+            auditConfigTokenGeneral(ILogger.FAILURE, method,
+                    auditModParams, e.toString());
             throw new PKIException(e.getMessage());
         }
     }
author	Christina Fu <cfu@redhat.com>	2016-03-24 16:23:05 -0700
committer	Christina Fu <cfu@redhat.com>	2016-03-28 15:46:43 -0700
commit	41a99a5938c6881a978199fe10b0c392eb27d569 (patch)
tree	9de46099b3cc73cd5f691848bba9aa2b523c10aa /base/tps/src/org/dogtagpki/server/tps/config/ConfigService.java
parent	93179af9333197cbdce843f16c02107b8d1db17e (diff)
download	pki-41a99a5938c6881a978199fe10b0c392eb27d569.tar.gz pki-41a99a5938c6881a978199fe10b0c392eb27d569.tar.xz pki-41a99a5938c6881a978199fe10b0c392eb27d569.zip