diff options
| author | Christina Fu <cfu@redhat.com> | 2016-01-19 18:59:18 -0800 |
|---|---|---|
| committer | Christina Fu <cfu@redhat.com> | 2016-01-20 09:12:26 -0800 |
| commit | 7aa1cdd52eca390dee6d8ec4d1e7a956114383c5 (patch) | |
| tree | a788ffcd360a731568fa3666de02c5bda551888d /base/tps | |
| parent | 387d09045fb37b71bc0f1980f16ca70bc071996c (diff) | |
| download | pki-7aa1cdd52eca390dee6d8ec4d1e7a956114383c5.tar.gz pki-7aa1cdd52eca390dee6d8ec4d1e7a956114383c5.tar.xz pki-7aa1cdd52eca390dee6d8ec4d1e7a956114383c5.zip | |
Ticket #1007 preparation work - replace auditMsg with logMsg
For ticket #1007 TPS Audit Events, we need to add audit messages.
The existing parameter name "auditMsg" has been used broadly for
TPS logging, which could be confused for the actual audit messages.
This patch is to replace all the existing "auditMsg" parameters with
"logMsg" instead.
Diffstat (limited to 'base/tps')
5 files changed, 302 insertions, 302 deletions
diff --git a/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java b/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java index 80f206817..980fe2d01 100644 --- a/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java +++ b/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java @@ -234,12 +234,12 @@ public class TPSTokendb { public void tdbAddCertificatesForCUID(String cuid, ArrayList<TPSCertRecord> certs, ExternalRegAttrs erAttrs) throws TPSException { String method = "TPSTokendb.tdbAddCertificatesForCUID (with erAttrs): "; - String auditMsg = ""; + String logMsg = ""; CMS.debug(method + "begins"); if (cuid == null || certs== null || certs.isEmpty() || erAttrs == null) { - auditMsg = "params cuid, certs and erAttrs cannot be null or empty"; - CMS.debug(method + auditMsg); - throw new TPSException(method + auditMsg, TPSStatus.STATUS_ERROR_CONTACT_ADMIN); + logMsg = "params cuid, certs and erAttrs cannot be null or empty"; + CMS.debug(method + logMsg); + throw new TPSException(method + logMsg, TPSStatus.STATUS_ERROR_CONTACT_ADMIN); } CMS.debug("TPSTokendb.tdbAddCertificatesForCUID: number of certs to update:"+ certs.size()); @@ -490,7 +490,7 @@ public class TPSTokendb { String method = "TPSTokendb.revokeCertsByCUID"; if (cuid == null) throw new TPSException(method + ": cuid null"); - String auditMsg; + String logMsg; IConfigStore configStore = CMS.getConfigStore(); ArrayList<TPSCertRecord> certRecords = tps.getTokendb().tdbGetCertRecordsByCUID(cuid); if (tokenReason != null) { @@ -498,9 +498,9 @@ public class TPSTokendb { !tokenReason.equalsIgnoreCase("destroyed") && !tokenReason.equalsIgnoreCase("keyCompromise") && !tokenReason.equalsIgnoreCase("terminated")) { - auditMsg = "unknown tokenRecord lost reason:" + tokenReason; - CMS.debug(method + ":" + auditMsg); - throw new Exception(method + ":" + auditMsg); + logMsg = "unknown tokenRecord lost reason:" + tokenReason; + CMS.debug(method + ":" + logMsg); + throw new Exception(method + ":" + logMsg); } } @@ -512,17 +512,17 @@ public class TPSTokendb { RevocationReason revokeReason = RevocationReason.UNSPECIFIED; if (isRevoke) { - auditMsg = "called to revoke"; - CMS.debug(method + ":" + auditMsg); + logMsg = "called to revoke"; + CMS.debug(method + ":" + logMsg); boolean revokeCert = shouldRevoke(cert, cuid, tokenReason, ipAddress, remoteUser); if (!revokeCert) { - auditMsg = "cert not to be revoked:" + cert.getSerialNumber(); - CMS.debug(method + ":" + auditMsg); + logMsg = "cert not to be revoked:" + cert.getSerialNumber(); + CMS.debug(method + ":" + logMsg); continue; } - auditMsg = "cert to be revoked:" + cert.getSerialNumber(); - CMS.debug(method + ":" + auditMsg); + logMsg = "cert to be revoked:" + cert.getSerialNumber(); + CMS.debug(method + ":" + logMsg); // get revoke reason config = "op.enroll." + cert.getType() + ".keyGen." + cert.getKeyType() + @@ -530,11 +530,11 @@ public class TPSTokendb { int reasonInt = configStore.getInteger(config, 0); revokeReason = RevocationReason.fromInt(reasonInt); } else { // is unrevoke - auditMsg = "called to unrevoke"; - CMS.debug(method + ":" + auditMsg); + logMsg = "called to unrevoke"; + CMS.debug(method + ":" + logMsg); if (!cert.getStatus().equalsIgnoreCase("revoked_on_hold")) { - auditMsg = "cert record current status is not revoked_on_hold; cannot unrevoke"; - CMS.debug(method + ":" + auditMsg); + logMsg = "cert record current status is not revoked_on_hold; cannot unrevoke"; + CMS.debug(method + ":" + logMsg); continue;// TODO: continue or bail? } } @@ -553,9 +553,9 @@ public class TPSTokendb { revokeReason); CMS.debug(method + ": response status =" + response.getStatus()); } else { - auditMsg = "mulformed hex serial number :" + hexSerial; - CMS.debug(method + ": " + auditMsg); - throw new Exception(auditMsg); + logMsg = "mulformed hex serial number :" + hexSerial; + CMS.debug(method + ": " + logMsg); + throw new Exception(logMsg); } // update certificate status @@ -569,8 +569,8 @@ public class TPSTokendb { updateCertsStatus(cert.getSerialNumber(), cert.getIssuedBy(), "active"); } - auditMsg = "cert (un)revoked:" + cert.getSerialNumber(); - CMS.debug(method + ":" + auditMsg); + logMsg = "cert (un)revoked:" + cert.getSerialNumber(); + CMS.debug(method + ":" + logMsg); //TODO: tdbActivity } } diff --git a/base/tps/src/org/dogtagpki/server/tps/main/ExternalRegAttrs.java b/base/tps/src/org/dogtagpki/server/tps/main/ExternalRegAttrs.java index d45f78d7c..b90888839 100644 --- a/base/tps/src/org/dogtagpki/server/tps/main/ExternalRegAttrs.java +++ b/base/tps/src/org/dogtagpki/server/tps/main/ExternalRegAttrs.java @@ -116,12 +116,12 @@ public class ExternalRegAttrs { */ public ExternalRegCertToRecover.CertStatus getCertStatus(String serialString) throws TPSException { String method = "ExternalRegAttrs.getCertStatus:"; - String auditMsg = ""; + String logMsg = ""; CMS.debug(method + "begins. getCertsToRecoverCount=" + getCertsToRecoverCount()); if (serialString == null) { - auditMsg = "parameter serialString cannnot be null"; - CMS.debug(method + auditMsg); - throw new TPSException(method + auditMsg, TPSStatus.STATUS_ERROR_CONTACT_ADMIN); + logMsg = "parameter serialString cannnot be null"; + CMS.debug(method + logMsg); + throw new TPSException(method + logMsg, TPSStatus.STATUS_ERROR_CONTACT_ADMIN); } else CMS.debug(method + "searching for serialString =" + serialString); if (serialString.startsWith("0x")) { @@ -136,8 +136,8 @@ public class ExternalRegAttrs { return cert.getCertStatus(); } } - auditMsg = "cert not found in ExternalReg, status not reset"; - CMS.debug(method + auditMsg); + logMsg = "cert not found in ExternalReg, status not reset"; + CMS.debug(method + logMsg); // no match means cert was not one of the ExternalReg recovered certs; so don't reset // use UNINITIALIZED to mean not found, as all certs in externalReg must have been set by now return ExternalRegCertToRecover.CertStatus.UNINITIALIZED; diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java index 02806aab1..e21f7caf3 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java @@ -89,7 +89,7 @@ public class TPSEnrollProcessor extends TPSProcessor { private void enroll() throws TPSException, IOException { String method = "TPSEnrollProcessor.enroll:"; CMS.debug(method + " entering..."); - String auditMsg = null; + String logMsg = null; TPSSubsystem tps = (TPSSubsystem) CMS.getSubsystem(TPSSubsystem.ID); TPSTokenPolicy tokenPolicy = new TPSTokenPolicy(tps); IConfigStore configStore = CMS.getConfigStore(); @@ -100,8 +100,8 @@ public class TPSEnrollProcessor extends TPSProcessor { try { appletInfo = getAppletInfo(); } catch (TPSException e) { - auditMsg = e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); throw e; @@ -144,11 +144,11 @@ public class TPSEnrollProcessor extends TPSProcessor { authId = configStore.getString(configName); } catch (EBaseException e) { CMS.debug(method + " Internal Error obtaining mandatory config values. Error: " + e); - auditMsg = "TPS error getting config values from config store." + e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = "TPS error getting config values from config store." + e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); } try { @@ -159,23 +159,23 @@ public class TPSEnrollProcessor extends TPSProcessor { } catch (Exception e) { // all exceptions are considered login failure CMS.debug(method + ": authentication exception thrown: " + e); - auditMsg = "ExternalReg authentication failed, status = STATUS_ERROR_LOGIN"; + logMsg = "ExternalReg authentication failed, status = STATUS_ERROR_LOGIN"; - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_LOGIN); } try { erAttrs = processExternalRegAttrs(authId); } catch (Exception ee) { - auditMsg = "after processExternalRegAttrs: " + ee.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = "after processExternalRegAttrs: " + ee.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); } /* @@ -190,15 +190,15 @@ public class TPSEnrollProcessor extends TPSProcessor { CMS.debug(method + " erAttrs.getTokenCUID()=" + erAttrs.getTokenCUID()); CMS.debug(method + " tokenRecord.getId()=" + tokenRecord.getId()); if (!tokenRecord.getId().equalsIgnoreCase(erAttrs.getTokenCUID())) { - auditMsg = "isExternalReg: token CUID not matching record:" + tokenRecord.getId() + " : " + + logMsg = "isExternalReg: token CUID not matching record:" + tokenRecord.getId() + " : " + erAttrs.getTokenCUID(); - CMS.debug(method + auditMsg); - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + CMS.debug(method + logMsg); + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_NOT_TOKEN_OWNER); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_NOT_TOKEN_OWNER); } else { - auditMsg = "isExternalReg: token CUID matches record"; - CMS.debug(method + auditMsg); + logMsg = "isExternalReg: token CUID matches record"; + CMS.debug(method + logMsg); } } else { CMS.debug(method + " no need to check if token cuid matches record"); @@ -224,11 +224,11 @@ public class TPSEnrollProcessor extends TPSProcessor { } catch (EBaseException e) { CMS.debug(method + " Internal Error obtaining mandatory config values. Error: " + e); - auditMsg = "TPS error getting config values from config store." + e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = "TPS error getting config values from config store." + e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); } } @@ -253,11 +253,11 @@ public class TPSEnrollProcessor extends TPSProcessor { CMS.debug(method + " resolved keySet: " + keySet); } } catch (TPSException e) { - auditMsg = e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); } } else { CMS.debug("In TPSEnrollProcessor.enroll isExternalReg: OFF"); @@ -281,11 +281,11 @@ public class TPSEnrollProcessor extends TPSProcessor { CMS.debug(method + " resolved tokenType: " + tokenType); } } catch (TPSException e) { - auditMsg = e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); } } @@ -302,13 +302,13 @@ public class TPSEnrollProcessor extends TPSProcessor { CMS.debug(method + " token transition disallowed " + tokenRecord.getTokenStatus() + " to " + newState); - auditMsg = "Operation for CUID " + cuid + + logMsg = "Operation for CUID " + cuid + " Disabled, illegal transition attempted " + tokenRecord.getTokenStatus() + " to " + newState; - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_DISABLED_TOKEN); } else { CMS.debug("TPSPEnrollrocessor.enroll: token transition allowed " + @@ -322,16 +322,16 @@ public class TPSEnrollProcessor extends TPSProcessor { !tokenPolicy.isAllowdTokenReenroll(cuid) && !tokenPolicy.isAllowdTokenRenew(cuid)) { CMS.debug(method + " token renewal or reEnroll disallowed "); - auditMsg = "Operation renewal or reEnroll for CUID " + cuid + + logMsg = "Operation renewal or reEnroll for CUID " + cuid + " Disabled"; - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_DISABLED_TOKEN); } else { - auditMsg = "isExternalReg: skip token policy (reenroll, renewal) check"; - CMS.debug(method + auditMsg); + logMsg = "isExternalReg: skip token policy (reenroll, renewal) check"; + CMS.debug(method + logMsg); } } else { CMS.debug(method + " token does not exist"); @@ -373,11 +373,11 @@ public class TPSEnrollProcessor extends TPSProcessor { try { pkcs11objx = getCurrentObjectsOnToken(channel); } catch (DataFormatException e) { - auditMsg = method + " Failed to parse original token data: " + e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = method + " Failed to parse original token data: " + e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg); + throw new TPSException(logMsg); } pkcs11objx.setCUID(appletInfo.getCUID()); @@ -387,10 +387,10 @@ public class TPSEnrollProcessor extends TPSProcessor { tps.tdb.tdbAddTokenEntry(tokenRecord, "uninitialized"); } catch (Exception e) { String failMsg = "add token failure"; - auditMsg = failMsg + ":" + e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = failMsg + ":" + e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg); + throw new TPSException(logMsg); } } @@ -419,22 +419,22 @@ public class TPSEnrollProcessor extends TPSProcessor { else if (status == TPSStatus.STATUS_ERROR_RECOVERY_IS_PROCESSED) { statusString = "Recovery processed"; recovered = true; - tps.tdb.tdbActivity(ActivityDatabase.OP_RECOVERY, tokenRecord, session.getIpAddress(), auditMsg, "success"); + tps.tdb.tdbActivity(ActivityDatabase.OP_RECOVERY, tokenRecord, session.getIpAddress(), logMsg, "success"); } else if (status == TPSStatus.STATUS_ERROR_RENEWAL_IS_PROCESSED) { statusString = "Renewal processed"; renewed = true; - tps.tdb.tdbActivity(ActivityDatabase.OP_RENEWAL, tokenRecord, session.getIpAddress(), auditMsg, "success"); + tps.tdb.tdbActivity(ActivityDatabase.OP_RENEWAL, tokenRecord, session.getIpAddress(), logMsg, "success"); } else { - auditMsg = " generateCertsAfterRenewalRecoveryPolicy returned status=" + status; - CMS.debug(method + auditMsg); - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = " generateCertsAfterRenewalRecoveryPolicy returned status=" + status; + CMS.debug(method + logMsg); + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg); + throw new TPSException(logMsg); } if (!isExternalReg) { - auditMsg = "generateCertsAfterRenewalRecoveryPolicy returns status:" + logMsg = "generateCertsAfterRenewalRecoveryPolicy returns status:" + EndOpMsg.statusToInt(status) + " : " + statusString; - CMS.debug(method + auditMsg); + CMS.debug(method + logMsg); } if (status == TPSStatus.STATUS_NO_ERROR) { if (!generateCertificates(certsInfo, channel, appletInfo)) { @@ -444,7 +444,7 @@ public class TPSEnrollProcessor extends TPSProcessor { CMS.debug(method + "generateCertificates returned false means some certs failed enrollment; clean up (format) the token"); format(true /*skipAuth*/); } - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); throw new TPSException("generateCertificates failed"); } else { @@ -466,29 +466,29 @@ public class TPSEnrollProcessor extends TPSProcessor { CMS.debug(method + " after externalRegRecover status is:" + recoverStatus); if (recoverStatus == TPSStatus.STATUS_ERROR_RECOVERY_IS_PROCESSED) { recovered = true; - auditMsg = method + " externalRegRecover returned: recoverStatus=" + recoverStatus; - tps.tdb.tdbActivity(ActivityDatabase.OP_RECOVERY, tokenRecord, session.getIpAddress(), auditMsg, "success"); + logMsg = method + " externalRegRecover returned: recoverStatus=" + recoverStatus; + tps.tdb.tdbActivity(ActivityDatabase.OP_RECOVERY, tokenRecord, session.getIpAddress(), logMsg, "success"); } else { - auditMsg = method + " externalRegRecover returned: recoverStatus=" + recoverStatus; - CMS.debug(auditMsg); + logMsg = method + " externalRegRecover returned: recoverStatus=" + recoverStatus; + CMS.debug(logMsg); tps.tdb.tdbActivity(ActivityDatabase.OP_RECOVERY, tokenRecord, session.getIpAddress(), - auditMsg, + logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_BAD_STATUS); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_BAD_STATUS); } } catch (EBaseException e) { - auditMsg = method + " externalRegRecover: " + e; - CMS.debug(auditMsg); + logMsg = method + " externalRegRecover: " + e; + CMS.debug(logMsg); tps.tdb.tdbActivity(ActivityDatabase.OP_RECOVERY, tokenRecord, session.getIpAddress(), - auditMsg, + logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_BAD_STATUS); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_BAD_STATUS); } } else { //TODO: - //tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + //tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, //"success"); } } @@ -555,10 +555,10 @@ public class TPSEnrollProcessor extends TPSProcessor { tps.tdb.tdbUpdateTokenEntry(tokenRecord); } catch (Exception e) { String failMsg = "update token failure"; - auditMsg = failMsg + ":" + e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = failMsg + ":" + e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg); + throw new TPSException(logMsg); } //update the tokendb with new certs CMS.debug(method + " updating tokendb with certs."); @@ -566,9 +566,9 @@ public class TPSEnrollProcessor extends TPSProcessor { // clean up the cert records used to belong to this token in tokendb tps.tdb.tdbRemoveCertificatesByCUID(tokenRecord.getId()); } catch (Exception e) { - auditMsg = "Attempt to clean up record with tdbRemoveCertificatesByCUID failed; token probably clean; continue anyway:" + logMsg = "Attempt to clean up record with tdbRemoveCertificatesByCUID failed; token probably clean; continue anyway:" + e; - CMS.debug(method + auditMsg); + CMS.debug(method + logMsg); } CMS.debug(method + " adding certs to token with tdbAddCertificatesForCUID..."); ArrayList<TPSCertRecord> certRecords = certsInfo.toTPSCertRecords(tokenRecord.getId(), tokenRecord.getUserID()); @@ -578,8 +578,8 @@ public class TPSEnrollProcessor extends TPSProcessor { tps.tdb.tdbAddCertificatesForCUID(tokenRecord.getId(), certRecords); CMS.debug(method + " tokendb updated with certs to the cuid so that it reflects what's on the token"); - auditMsg = "appletVersion=" + lastObjVer + "; tokenType =" + selectedTokenType + "; userid =" + userid; - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = "appletVersion=" + lastObjVer + "; tokenType =" + selectedTokenType + "; userid =" + userid; + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "success"); CMS.debug(method + " leaving ..."); @@ -1014,7 +1014,7 @@ public class TPSEnrollProcessor extends TPSProcessor { AppletInfo aInfo) throws TPSException, IOException { TPSStatus status = TPSStatus.STATUS_NO_ERROR; - String auditMsg; + String logMsg; final String method = "TPSEnrollProcessor.generateCertsAfterRenewalRecoveryPolicy"; CMS.debug(method + ": begins"); IConfigStore configStore = CMS.getConfigStore(); @@ -1029,9 +1029,9 @@ public class TPSEnrollProcessor extends TPSProcessor { } catch (Exception e) { //TODO: when do you get here? // no existing record, means no "renewal" or "recovery" actions needed - auditMsg = "no token associated with user: " + userid; - CMS.debug(method + auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_INACTIVE_TOKEN_NOT_FOUND); + logMsg = "no token associated with user: " + userid; + CMS.debug(method + logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_INACTIVE_TOKEN_NOT_FOUND); } CMS.debug(method + " found " + tokenRecords.size() + " tokens for user:" + userid); boolean isRecover = false; @@ -1045,8 +1045,8 @@ public class TPSEnrollProcessor extends TPSProcessor { //Is this the same token (current token)? if (tokenRecord.getId().equals(aInfo.getCUIDhexStringPlain())) { //same token - auditMsg = "found current token entry"; - CMS.debug(method + ":" + auditMsg); + logMsg = "found current token entry"; + CMS.debug(method + ":" + logMsg); if (tokenRecord.getStatus().equals("uninitialized")) { // this is the current token if (tokenRecords.size() == 1) { @@ -1070,70 +1070,70 @@ public class TPSEnrollProcessor extends TPSProcessor { isRecover = true; continue; // TODO: or break? } - auditMsg = method + ": user already has an active token"; - CMS.debug(auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_HAS_AT_LEAST_ONE_ACTIVE_TOKEN); + logMsg = method + ": user already has an active token"; + CMS.debug(logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_HAS_AT_LEAST_ONE_ACTIVE_TOKEN); } } else if (tokenRecord.getStatus().equals("active")) { // current token is already active; renew if allowed if (tokenPolicy.isAllowdTokenRenew(aInfo.getCUIDhexStringPlain())) { return processRenewal(certsInfo, channel, aInfo, tokenRecord); } else { - auditMsg = "token is already active; can't renew because renewal is not allowed; will re-enroll if allowed"; - CMS.debug(method + ":" + auditMsg); + logMsg = "token is already active; can't renew because renewal is not allowed; will re-enroll if allowed"; + CMS.debug(method + ":" + logMsg); } break; } else if (tokenRecord.getStatus().equals("terminated")) { - auditMsg = "terminated token cuid=" + logMsg = "terminated token cuid=" + aInfo.getCUIDhexStringPlain() + " cannot be reused"; - CMS.debug(method + ":" + auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_CONTACT_ADMIN); + CMS.debug(method + ":" + logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_CONTACT_ADMIN); } else if (tokenRecord.getStatus().equals("lost")) { String reasonStr = tokenRecord.getReason(); if (reasonStr.equals("keyCompromise")) { - auditMsg = "This token cannot be reused because it has been reported lost"; + logMsg = "This token cannot be reused because it has been reported lost"; CMS.debug(method + ": " - + auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_UNUSABLE_TOKEN_KEYCOMPROMISE); + + logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_UNUSABLE_TOKEN_KEYCOMPROMISE); } else if (reasonStr.equals("onHold")) { try { tps.tdb.tdbHasActiveToken(userid); - auditMsg = "user already has an active token"; + logMsg = "user already has an active token"; CMS.debug(method + ": " - + auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_HAS_AT_LEAST_ONE_ACTIVE_TOKEN); + + logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_HAS_AT_LEAST_ONE_ACTIVE_TOKEN); } catch (Exception e2) { - auditMsg = "User needs to contact administrator to report lost token (it should be put on Hold)."; + logMsg = "User needs to contact administrator to report lost token (it should be put on Hold)."; CMS.debug(method + ": " - + auditMsg); + + logMsg); break; } } else if (reasonStr.equals("destroyed")) { - auditMsg = "This destroyed lost case should not be executed because the token is so damaged. It should not get here"; + logMsg = "This destroyed lost case should not be executed because the token is so damaged. It should not get here"; CMS.debug(method + ": " - + auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_TOKEN_DISABLED); + + logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_TOKEN_DISABLED); } else { - auditMsg = "No such lost reason: " + reasonStr + " for this cuid: " + logMsg = "No such lost reason: " + reasonStr + " for this cuid: " + aInfo.getCUIDhexStringPlain(); - CMS.debug(method + ":" + auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_NO_SUCH_LOST_REASON); + CMS.debug(method + ":" + logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_NO_SUCH_LOST_REASON); } } else { - auditMsg = "No such token status for this cuid=" + aInfo.getCUIDhexStringPlain(); - CMS.debug(method + ":" + auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_NO_SUCH_TOKEN_STATE); + logMsg = "No such token status for this cuid=" + aInfo.getCUIDhexStringPlain(); + CMS.debug(method + ":" + logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_NO_SUCH_TOKEN_STATE); } } else { //cuid != current token - auditMsg = "found token entry different from current token"; - CMS.debug(method + ":" + auditMsg); + logMsg = "found token entry different from current token"; + CMS.debug(method + ":" + logMsg); if (tokenRecord.getStatus().equals("lost")) { //lostostToken keeps track of the latest token that's lost //last one in the look should be the latest lostToken = tokenRecord; - auditMsg = "found a lost token: cuid = " + tokenRecord.getId(); - CMS.debug(method + ":" + auditMsg); + logMsg = "found a lost token: cuid = " + tokenRecord.getId(); + CMS.debug(method + ":" + logMsg); } continue; } @@ -1141,14 +1141,14 @@ public class TPSEnrollProcessor extends TPSProcessor { if (isRecover == true) { // this could be set in previous iteration if (lostToken == null) { - auditMsg = "No lost token to be recovered; do enrollment"; - CMS.debug(method + ":" + auditMsg); + logMsg = "No lost token to be recovered; do enrollment"; + CMS.debug(method + ":" + logMsg); //shouldn't even get here; But if we do, just enroll } else { String reasonStr = lostToken.getReason(); //RevocationReason reason = RevocationReason.valueOf(reasonStr); - auditMsg = "isRecover true; reasonStr =" + reasonStr; - CMS.debug(method + ":" + auditMsg); + logMsg = "isRecover true; reasonStr =" + reasonStr; + CMS.debug(method + ":" + logMsg); if (reasonStr.equals("keyCompromise")) { return processRecovery(lostToken, certsInfo, channel, aInfo); @@ -1170,22 +1170,22 @@ public class TPSEnrollProcessor extends TPSProcessor { String tmpTokenType = configStore.getString(configName); setSelectedTokenType(tmpTokenType); } catch (EPropertyNotFound e) { - auditMsg = " configuration " + configName + " not found"; - CMS.debug(method + ":" + auditMsg); - throw new TPSException(method + ":" + auditMsg); + logMsg = " configuration " + configName + " not found"; + CMS.debug(method + ":" + logMsg); + throw new TPSException(method + ":" + logMsg); } catch (EBaseException e) { - auditMsg = " configuration " + configName + " not found"; - CMS.debug(method + ":" + auditMsg); - throw new TPSException(method + ":" + auditMsg); + logMsg = " configuration " + configName + " not found"; + CMS.debug(method + ":" + logMsg); + throw new TPSException(method + ":" + logMsg); } return processRecovery(lostToken, certsInfo, channel, aInfo); } else if (reasonStr.equals("destroyed")) { return processRecovery(lostToken, certsInfo, channel, aInfo); } else { - auditMsg = "No such lost reason: " + reasonStr + " for this cuid: " + aInfo.getCUIDhexStringPlain(); - CMS.debug(method + ":" + auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_NO_SUCH_LOST_REASON); + logMsg = "No such lost reason: " + reasonStr + " for this cuid: " + aInfo.getCUIDhexStringPlain(); + CMS.debug(method + ":" + logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_NO_SUCH_LOST_REASON); } } } @@ -1215,7 +1215,7 @@ public class TPSEnrollProcessor extends TPSProcessor { throws EBaseException, IOException { String method = "TPSEnrollProcessor.externalRegRecover:"; - String auditMsg; + String logMsg; CMS.debug(method + "begins"); TPSStatus status = TPSStatus.STATUS_ERROR_RECOVERY_IS_PROCESSED; if (session == null || session.getExternalRegAttrs() == null || @@ -1240,16 +1240,16 @@ public class TPSEnrollProcessor extends TPSProcessor { status = TPSStatus.STATUS_ERROR_RECOVERY_FAILED; return status; } - auditMsg = "ExternalReg cert record: serial=" + + logMsg = "ExternalReg cert record: serial=" + serial.toString(); - CMS.debug(method + auditMsg); + CMS.debug(method + logMsg); // recover cert CARemoteRequestHandler caRH = new CARemoteRequestHandler(caConn); CARetrieveCertResponse certResp = caRH.retrieveCertificate(serial); if (certResp == null) { - auditMsg = "In recovery mode, CARetieveCertResponse object not found!"; - CMS.debug(method + auditMsg); + logMsg = "In recovery mode, CARetieveCertResponse object not found!"; + CMS.debug(method + logMsg); return TPSStatus.STATUS_ERROR_RECOVERY_FAILED; } @@ -1264,16 +1264,16 @@ public class TPSEnrollProcessor extends TPSProcessor { CMS.debug(method + "recovered: retCertB64: " + cert_bytes_buf.toHexString()); } else { - auditMsg = "recovering cert b64 not found"; - CMS.debug(method + auditMsg); + logMsg = "recovering cert b64 not found"; + CMS.debug(method + logMsg); return TPSStatus.STATUS_ERROR_RECOVERY_FAILED; } if (certResp.isCertRevoked()) { CMS.debug(method + " cert revoked"); if (!allowRecoverInvalidCert()) { - auditMsg = "revoked cert not allowed on token per policy;"; - CMS.debug(method + auditMsg); + logMsg = "revoked cert not allowed on token per policy;"; + CMS.debug(method + logMsg); return TPSStatus.STATUS_ERROR_RECOVERY_FAILED; } erCert.setCertStatus(CertStatus.REVOKED); @@ -1284,43 +1284,43 @@ public class TPSEnrollProcessor extends TPSProcessor { // check if expired or not yet valid if (!certResp.isCertValid()) { - auditMsg = "cert expired or not yet valid"; - CMS.debug(auditMsg); + logMsg = "cert expired or not yet valid"; + CMS.debug(logMsg); erCert.setCertStatus(CertStatus.EXPIRED); // it could be not yet valid } } if (keyid == null) { - auditMsg = " no keyid; skip key recovery; continue"; - CMS.debug(method + auditMsg); + logMsg = " no keyid; skip key recovery; continue"; + CMS.debug(method + logMsg); continue; } else if ( keyid.compareTo(BigInteger.valueOf(0))==0) { - auditMsg = " keyid is 0; invalid; skip key recovery; continue"; - CMS.debug(method + auditMsg); + logMsg = " keyid is 0; invalid; skip key recovery; continue"; + CMS.debug(method + logMsg); continue; } // recover keys - auditMsg = " recovering for keyid: " + keyid.toString(); - CMS.debug(method + auditMsg); + logMsg = " recovering for keyid: " + keyid.toString(); + CMS.debug(method + logMsg); KRARecoverKeyResponse keyResp = null; if (kraConn != null) { - auditMsg = "kraConn not null:" + kraConn; - CMS.debug(method + auditMsg); + logMsg = "kraConn not null:" + kraConn; + CMS.debug(method + logMsg); KRARemoteRequestHandler kraRH = new KRARemoteRequestHandler(kraConn); if (channel.getDRMWrappedDesKey() == null) { - auditMsg = "channel.getDRMWrappedDesKey() null"; - CMS.debug(method + auditMsg); + logMsg = "channel.getDRMWrappedDesKey() null"; + CMS.debug(method + logMsg); return TPSStatus.STATUS_ERROR_RECOVERY_FAILED; } else { - auditMsg = "channel.getDRMWrappedDesKey() not null"; - CMS.debug(method + auditMsg); + logMsg = "channel.getDRMWrappedDesKey() not null"; + CMS.debug(method + logMsg); } keyResp = kraRH.recoverKey(cuid, userid, Util.specialURLEncode(channel.getDRMWrappedDesKey()), null, keyid); if (keyResp == null) { - auditMsg = "recovering key not found"; - CMS.debug(method + auditMsg); + logMsg = "recovering key not found"; + CMS.debug(method + logMsg); return TPSStatus.STATUS_ERROR_RECOVERY_FAILED; } } @@ -1367,7 +1367,7 @@ public class TPSEnrollProcessor extends TPSProcessor { throws TPSException, IOException { TPSStatus status = TPSStatus.STATUS_ERROR_RENEWAL_FAILED; String method = "TPSEnrollProcess.processRenewal"; - String auditMsg; + String logMsg; CMS.debug(method + ": begins"); boolean noFailedCerts = true; @@ -1502,9 +1502,9 @@ public class TPSEnrollProcessor extends TPSProcessor { if (!noFailedCerts) { // TODO: handle cleanup - auditMsg = "There has been failed cert renewal"; - CMS.debug(method + ":" + auditMsg); - throw new TPSException(auditMsg + TPSStatus.STATUS_ERROR_RENEWAL_FAILED); + logMsg = "There has been failed cert renewal"; + CMS.debug(method + ":" + logMsg); + throw new TPSException(logMsg + TPSStatus.STATUS_ERROR_RENEWAL_FAILED); } return status; } @@ -1655,7 +1655,7 @@ public class TPSEnrollProcessor extends TPSProcessor { private TPSStatus processRecovery(TokenRecord toBeRecovered, EnrolledCertsInfo certsInfo, SecureChannel channel, AppletInfo aInfo) throws TPSException, IOException { String method = "TPSEnrollProcessor.processRecover"; - String auditMsg; + String logMsg; TPSStatus status = TPSStatus.STATUS_ERROR_RECOVERY_IS_PROCESSED; TPSSubsystem tps = (TPSSubsystem) CMS.getSubsystem(TPSSubsystem.ID); @@ -1772,10 +1772,10 @@ public class TPSEnrollProcessor extends TPSProcessor { try { caConnId = configStore.getString(config); } catch (Exception e) { - auditMsg = "cannot find config:" + config; - CMS.debug(method + ":" + auditMsg); + logMsg = "cannot find config:" + config; + CMS.debug(method + ":" + logMsg); throw new TPSException( - method + ":" + auditMsg, + method + ":" + logMsg, TPSStatus.STATUS_ERROR_RECOVERY_FAILED); } CMS.debug("TPSEnrollProcessor.processRecovery: Selecting cert to recover: " + serialToRecover); @@ -1801,8 +1801,8 @@ public class TPSEnrollProcessor extends TPSProcessor { // unrevoke cert if needed if (certToRecover.getStatus().equalsIgnoreCase("revoked_on_hold")) { - auditMsg = "unrevoking cert..."; - CMS.debug(method + ":" + auditMsg); + logMsg = "unrevoking cert..."; + CMS.debug(method + ":" + logMsg); CARemoteRequestHandler caRH = null; try { @@ -1815,9 +1815,9 @@ public class TPSEnrollProcessor extends TPSProcessor { CMS.debug(method + ": response status =" + response.getStatus()); } catch (EBaseException e) { - auditMsg = "failed getting CARemoteRequestHandler"; - CMS.debug(method + ":" + auditMsg); - throw new TPSException(method + ":" + auditMsg, TPSStatus.STATUS_ERROR_RECOVERY_FAILED); + logMsg = "failed getting CARemoteRequestHandler"; + CMS.debug(method + ":" + logMsg); + throw new TPSException(method + ":" + logMsg, TPSStatus.STATUS_ERROR_RECOVERY_FAILED); } } @@ -1827,9 +1827,9 @@ public class TPSEnrollProcessor extends TPSProcessor { certToRecover.getIssuedBy(), "active"); } catch (Exception e) { - auditMsg = "failed tdbUpdateCertEntry"; - CMS.debug(method + ":" + auditMsg); - throw new TPSException(method + ":" + auditMsg, TPSStatus.STATUS_ERROR_RECOVERY_FAILED); + logMsg = "failed tdbUpdateCertEntry"; + CMS.debug(method + ":" + logMsg); + throw new TPSException(method + ":" + logMsg, TPSStatus.STATUS_ERROR_RECOVERY_FAILED); } } else { @@ -3200,7 +3200,7 @@ public class TPSEnrollProcessor extends TPSProcessor { protected int getNumberCertsToEnroll() throws TPSException { String method = "TPSEnrollProcessor.getNumberCertsToEnroll:"; - String auditMsg; + String logMsg; IConfigStore configStore = CMS.getConfigStore(); int keyTypeNum = 0; try { @@ -3211,8 +3211,8 @@ public class TPSEnrollProcessor extends TPSProcessor { configValue, 0); } catch (EBaseException e) { - auditMsg = "Internal error finding config value: " + e; - throw new TPSException(method + auditMsg, + logMsg = "Internal error finding config value: " + e; + throw new TPSException(method + logMsg, TPSStatus.STATUS_ERROR_UPGRADE_APPLET); } diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSPinResetProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSPinResetProcessor.java index da2cab4d7..2c29b21e8 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSPinResetProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSPinResetProcessor.java @@ -62,7 +62,7 @@ public class TPSPinResetProcessor extends TPSProcessor { // a completely stand alone pin reset of an already enrolled token. CMS.debug(method + ": entering..."); - String auditMsg = null; + String logMsg = null; TPSSubsystem tps = (TPSSubsystem) CMS.getSubsystem(TPSSubsystem.ID); AppletInfo appletInfo = null; @@ -73,8 +73,8 @@ public class TPSPinResetProcessor extends TPSProcessor { try { appletInfo = getAppletInfo(); } catch (TPSException e) { - auditMsg = e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); throw e; @@ -121,11 +121,11 @@ public class TPSPinResetProcessor extends TPSProcessor { CMS.debug(method + " resolved tokenType: " + tokenType); } } catch (TPSException e) { - auditMsg = e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_PIN_RESET, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_PIN_RESET, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); } statusUpdate(15, "PROGRESS_PIN_RESET_RESOLVE_PROFILE"); @@ -149,16 +149,16 @@ public class TPSPinResetProcessor extends TPSProcessor { CMS.debug(method + ": token record updated!"); } catch (Exception e) { String failMsg = "update token failure"; - auditMsg = failMsg + ":" + e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_PIN_RESET, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = failMsg + ":" + e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_PIN_RESET, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg); + throw new TPSException(logMsg); } statusUpdate(100, "PROGRESS_PIN_RESET_COMPLETE"); - auditMsg = "pin reset operation completed successfully"; - tps.tdb.tdbActivity(ActivityDatabase.OP_PIN_RESET, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = "pin reset operation completed successfully"; + tps.tdb.tdbActivity(ActivityDatabase.OP_PIN_RESET, tokenRecord, session.getIpAddress(), logMsg, "success"); CMS.debug(method + ": Token Pin successfully reset!"); diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java index 6ea8fa2ba..bf757c722 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java @@ -986,12 +986,12 @@ public class TPSProcessor { public TPSAuthenticator getAuthentication(String prefix, String tokenType) throws EBaseException { CMS.debug("TPSProcessor.getAuthentication"); - String auditMsg = null; + String logMsg = null; if (prefix.isEmpty() || tokenType.isEmpty()) { - auditMsg = "TPSProcessor.getAuthentication: missing parameters: prefix or tokenType"; - CMS.debug(auditMsg); - throw new EBaseException(auditMsg); + logMsg = "TPSProcessor.getAuthentication: missing parameters: prefix or tokenType"; + CMS.debug(logMsg); + throw new EBaseException(logMsg); } IConfigStore configStore = CMS.getConfigStore(); String configName = prefix + "." + tokenType + ".auth.id"; @@ -1001,9 +1001,9 @@ public class TPSProcessor { configName); authId = configStore.getString(configName); if (authId == null) { - auditMsg = "TPSProcessor.getAuthentication: config param not found:" + configName; - CMS.debug(auditMsg); - throw new EBaseException(auditMsg); + logMsg = "TPSProcessor.getAuthentication: config param not found:" + configName; + CMS.debug(logMsg); + throw new EBaseException(logMsg); } return getAuthentication(authId); } @@ -1011,12 +1011,12 @@ public class TPSProcessor { public TPSAuthenticator getAuthentication(String authId) throws EBaseException { CMS.debug("TPSProcessor.getAuthentication"); - String auditMsg = null; + String logMsg = null; if (authId.isEmpty()) { - auditMsg = "TPSProcessor.getAuthentication: missing parameters: authId"; - CMS.debug(auditMsg); - throw new EBaseException(auditMsg); + logMsg = "TPSProcessor.getAuthentication: missing parameters: authId"; + CMS.debug(logMsg); + throw new EBaseException(logMsg); } IConfigStore configStore = CMS.getConfigStore(); @@ -1029,9 +1029,9 @@ public class TPSProcessor { authCredNameConf); String authCredName = configStore.getString(authCredNameConf); if (authCredName == null) { - auditMsg = "TPSProcessor.getAuthentication: config param not found:" + authCredNameConf; - CMS.debug(auditMsg); - throw new EBaseException(auditMsg); + logMsg = "TPSProcessor.getAuthentication: config param not found:" + authCredNameConf; + CMS.debug(logMsg); + throw new EBaseException(logMsg); } authInst.setAuthCredName(authCredName); @@ -1041,13 +1041,13 @@ public class TPSProcessor { authLdapStringAttrs); String authLdapStringAttributes = configStore.getString(authLdapStringAttrs, ""); if (authLdapStringAttributes != null && !authLdapStringAttributes.equals("")) { - auditMsg = "TPSProcessor.getAuthentication: got ldapStringAttributes... setting up"; - CMS.debug(auditMsg); + logMsg = "TPSProcessor.getAuthentication: got ldapStringAttributes... setting up"; + CMS.debug(logMsg); ldapStringAttrs = Arrays.asList(authLdapStringAttributes.split(",")); } else { // not set is okay - auditMsg = "TPSProcessor.getAuthentication: config param not set:" + authLdapStringAttributes; - CMS.debug(auditMsg); + logMsg = "TPSProcessor.getAuthentication: config param not set:" + authLdapStringAttributes; + CMS.debug(logMsg); } return authInst; @@ -1090,12 +1090,12 @@ public class TPSProcessor { IAuthCredentials userCred) throws EBaseException, TPSException { - String auditMsg = null; + String logMsg = null; CMS.debug("TPSProcessor.authenticateUser"); if (op.isEmpty() || userAuth == null || userCred == null) { - auditMsg = "TPSProcessor.authenticateUser: missing parameter(s): op, userAuth, or userCred"; - CMS.debug(auditMsg); - throw new EBaseException(auditMsg); + logMsg = "TPSProcessor.authenticateUser: missing parameter(s): op, userAuth, or userCred"; + CMS.debug(logMsg); + throw new EBaseException(logMsg); } IAuthManager auth = userAuth.getAuthManager(); @@ -1389,7 +1389,7 @@ public class TPSProcessor { */ protected boolean revokeCertsAtFormat() { String method = "revokeCertsAtFormat"; - String auditMsg; + String logMsg; CMS.debug(method + ": begins"); IConfigStore configStore = CMS.getConfigStore(); @@ -1398,20 +1398,20 @@ public class TPSProcessor { try { revokeCert = configStore.getBoolean(configName, false); } catch (EBaseException e) { - auditMsg = method + ": config not found: " + configName + + logMsg = method + ": config not found: " + configName + "; default to false"; - CMS.debug(auditMsg); + CMS.debug(logMsg); } if (!revokeCert) { - auditMsg = method + ": revokeCert = false"; - CMS.debug(auditMsg); + logMsg = method + ": revokeCert = false"; + CMS.debug(logMsg); } return revokeCert; } protected RevocationReason getRevocationReasonAtFormat() { String method = "getRevocationReasonAtFormat"; - String auditMsg; + String logMsg; IConfigStore configStore = CMS.getConfigStore(); String configName = TPSEngine.OP_FORMAT_PREFIX + "." + selectedTokenType + ".revokeCert.revokeReason"; @@ -1420,9 +1420,9 @@ public class TPSProcessor { int revokeReasonInt = configStore.getInteger(configName); revokeReason = RevocationReason.fromInt(revokeReasonInt); } catch (EBaseException e) { - auditMsg = method + ": config not found: " + configName + + logMsg = method + ": config not found: " + configName + "; default to unspecified"; - CMS.debug(auditMsg); + CMS.debug(logMsg); revokeReason = RevocationReason.UNSPECIFIED; } @@ -1432,36 +1432,36 @@ public class TPSProcessor { /* * revokeCertificates revokes certificates on the token specified * @param cuid the cuid of the token to revoke certificates - * @return auditMsg captures the audit message + * @return logMsg captures the audit message * @throws TPSException in case of error * * TODO: maybe make this a callback function later */ protected void revokeCertificates(String cuid, RevocationReason revokeReason, String caConnId) throws TPSException { - String auditMsg = ""; + String logMsg = ""; final String method = "TPSProcessor.revokeCertificates"; if (cuid == null) { - auditMsg = "cuid null"; - CMS.debug(method + ":" + auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); + logMsg = "cuid null"; + CMS.debug(method + ":" + logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); } CMS.debug(method + ": begins for cuid:" + cuid); TPSSubsystem tps = (TPSSubsystem) CMS.getSubsystem(TPSSubsystem.ID); boolean isTokenPresent = tps.tdb.isTokenPresent(cuid); if (!isTokenPresent) { - auditMsg = method + ": token not found: " + cuid; - CMS.debug(auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); + logMsg = method + ": token not found: " + cuid; + CMS.debug(logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); } CARemoteRequestHandler caRH = null; try { caRH = new CARemoteRequestHandler(caConnId); } catch (EBaseException e) { - auditMsg = method + ": getting CARemoteRequestHandler failure"; - CMS.debug(auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); + logMsg = method + ": getting CARemoteRequestHandler failure"; + CMS.debug(logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); } //find all certs belonging to the token ArrayList<TPSCertRecord> certRecords = tps.tdb.tdbGetCertRecordsByCUID(cuid); @@ -1476,9 +1476,9 @@ public class TPSProcessor { try { tps.certDatabase.removeRecord(cert.getId()); } catch (Exception e) { - auditMsg = method + ": removeRecord failed"; - CMS.debug(auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); + logMsg = method + ": removeRecord failed"; + CMS.debug(logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); } continue; } @@ -1499,9 +1499,9 @@ public class TPSProcessor { try { tps.certDatabase.removeRecord(cert.getId()); } catch (Exception e) { - auditMsg = method + ": removeRecord failed"; - CMS.debug(auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); + logMsg = method + ": removeRecord failed"; + CMS.debug(logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); } continue; } @@ -1521,9 +1521,9 @@ public class TPSProcessor { try { tps.certDatabase.removeRecord(cert.getId()); } catch (Exception e) { - auditMsg = method + ": removeRecord failed"; - CMS.debug(auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); + logMsg = method + ": removeRecord failed"; + CMS.debug(logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); } continue; } @@ -1541,30 +1541,30 @@ public class TPSProcessor { revokeReason); CMS.debug(method + ": response status =" + response.getStatus()); } catch (EBaseException e) { - auditMsg = method + ": revokeCertificate from CA failed:" + e; - CMS.debug(auditMsg); + logMsg = method + ": revokeCertificate from CA failed:" + e; + CMS.debug(logMsg); if (revokeReason == RevocationReason.CERTIFICATE_HOLD) { tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, session.getTokenRecord(), - session.getIpAddress(), auditMsg, + session.getIpAddress(), logMsg, "failure"); } else { tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, session.getTokenRecord(), - session.getIpAddress(), auditMsg, + session.getIpAddress(), logMsg, "failure"); } - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); } } else { - auditMsg = "mulformed hex serial number :" + hexSerial; - CMS.debug(method + ": " + auditMsg); + logMsg = "mulformed hex serial number :" + hexSerial; + CMS.debug(method + ": " + logMsg); tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, session.getTokenRecord(), session.getIpAddress(), - auditMsg, + logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); } - auditMsg = "Certificate " + hexSerial + " revoked"; - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, session.getTokenRecord(), session.getIpAddress(), auditMsg, + logMsg = "Certificate " + hexSerial + " revoked"; + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, session.getTokenRecord(), session.getIpAddress(), logMsg, "success"); // delete cert from tokendb @@ -1573,9 +1573,9 @@ public class TPSProcessor { try { tps.certDatabase.removeRecord(cert.getId()); } catch (Exception e) { - auditMsg = "removeRecord failed:" + e; - CMS.debug(method + ": " + auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_UPDATE_TOKENDB_FAILED); + logMsg = "removeRecord failed:" + e; + CMS.debug(method + ": " + logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_UPDATE_TOKENDB_FAILED); } continue; } @@ -1735,7 +1735,7 @@ public class TPSProcessor { IConfigStore configStore = CMS.getConfigStore(); String configName = null; - String auditMsg = null; + String logMsg = null; String appletVersion = null; TPSSubsystem tps = (TPSSubsystem) CMS.getSubsystem(TPSSubsystem.ID); @@ -1745,8 +1745,8 @@ public class TPSProcessor { try { appletInfo = getAppletInfo(); } catch (TPSException e) { - auditMsg = e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "failure"); throw e; @@ -1810,11 +1810,11 @@ public class TPSProcessor { requireLoginRequest = configStore.getBoolean(configName, false); } catch (EBaseException e) { CMS.debug("TPSProcessor.format: Internal Error obtaining mandatory config values. Error: " + e); - auditMsg = "TPS error getting config values from config store." + e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = "TPS error getting config values from config store." + e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); } if (!requireLoginRequest) { CMS.debug("In TPSProcessor.format: no Login required"); @@ -1826,11 +1826,11 @@ public class TPSProcessor { setSelectedTokenType(tokenType); } catch (EBaseException e) { CMS.debug("TPSProcessor.format: Internal Error obtaining mandatory config values. Error: " + e); - auditMsg = "TPS error getting config values from config store." + e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = "TPS error getting config values from config store." + e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); } CMS.debug("In TPSProcessor.format: isExternalReg: setting tokenType to default first:" + tokenType); @@ -1843,11 +1843,11 @@ public class TPSProcessor { authId = configStore.getString(configName); } catch (EBaseException e) { CMS.debug("TPSProcessor.format: Internal Error obtaining mandatory config values. Error: " + e); - auditMsg = "TPS error getting config values from config store." + e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = "TPS error getting config values from config store." + e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); } try { TPSAuthenticator userAuth = @@ -1857,12 +1857,12 @@ public class TPSProcessor { } catch (Exception e) { // all exceptions are considered login failure CMS.debug("TPSProcessor.format:: authentication exception thrown: " + e); - auditMsg = "authentication failed, status = STATUS_ERROR_LOGIN"; + logMsg = "authentication failed, status = STATUS_ERROR_LOGIN"; - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_LOGIN); } @@ -1870,11 +1870,11 @@ public class TPSProcessor { try { erAttrs = processExternalRegAttrs(/*authToken,*/authId); } catch (Exception ee) { - auditMsg = "processExternalRegAttrs: " + ee.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = "processExternalRegAttrs: " + ee.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); } session.setExternalRegAttrs(erAttrs); /* test @@ -1915,11 +1915,11 @@ public class TPSProcessor { CMS.debug("In TPSProcessor.format: resolved keySet: " + keySet); } } catch (TPSException e) { - auditMsg = e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); } } else { CMS.debug("In TPSProcessor.format isExternalReg: OFF"); @@ -1943,11 +1943,11 @@ public class TPSProcessor { CMS.debug("In TPSProcessor.format: resolved tokenType: " + tokenType); } } catch (TPSException e) { - auditMsg = e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); } CMS.debug("TPSProcessor.format: calculated tokenType: " + tokenType); } @@ -1962,11 +1962,11 @@ public class TPSProcessor { isAuthRequired = configStore.getBoolean(configName, true); } catch (EBaseException e) { CMS.debug("TPSProcessor.format: Internal Error obtaining mandatory config values. Error: " + e); - auditMsg = "TPS error getting config values from config store." + e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = "TPS error getting config values from config store." + e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); } if (isAuthRequired && !skipAuth) { @@ -1977,12 +1977,12 @@ public class TPSProcessor { } catch (Exception e) { // all exceptions are considered login failure CMS.debug("TPSProcessor.format:: authentication exception thrown: " + e); - auditMsg = "authentication failed, status = STATUS_ERROR_LOGIN"; + logMsg = "authentication failed, status = STATUS_ERROR_LOGIN"; - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_LOGIN); } } // TODO: if no auth required, should wipe out existing tokenRecord entry data later? @@ -2000,14 +2000,14 @@ public class TPSProcessor { CMS.debug("TPSProcessor.format: token transition disallowed " + tokenRecord.getTokenStatus() + " to " + newState); - auditMsg = "Operation for CUID " + appletInfo.getCUIDhexStringPlain() + + logMsg = "Operation for CUID " + appletInfo.getCUIDhexStringPlain() + " Disabled, illegal transition attempted " + tokenRecord.getTokenStatus() + " to " + newState; - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_DISABLED_TOKEN); } else { CMS.debug("TPSProcessor.format: token transition allowed " + @@ -2064,7 +2064,7 @@ public class TPSProcessor { revokeCertificates(tokenRecord.getId(), reason, caConnId); } catch (TPSException te) { // failed revocation; capture message and continue - auditMsg = te.getMessage(); + logMsg = te.getMessage(); } } @@ -2074,16 +2074,16 @@ public class TPSProcessor { tps.tdb.tdbUpdateTokenEntry(tokenRecord); } catch (Exception e) { String failMsg = "update token failure"; - auditMsg = failMsg + ":" + e.toString(); + logMsg = failMsg + ":" + e.toString(); tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), failMsg, "failure"); - throw new TPSException(auditMsg); + throw new TPSException(logMsg); } - auditMsg = "format operation succeeded"; + logMsg = "format operation succeeded"; - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, "success"); + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "success"); CMS.debug("TPSProcessor.format:: ends"); |