summaryrefslogtreecommitdiffstats
path: root/base
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2017-04-26 20:04:46 +0200
committerEndi S. Dewata <edewata@redhat.com>2017-05-16 03:18:20 +0200
commitcec9efefe027ed4e7592827889eb3b487e7e485a (patch)
tree15f5508877f5f29a7097904102fb64fbc692bc52 /base
parent3abf731d9e6f02ac8d315978d31c28c2f9c85db9 (diff)
downloadpki-cec9efefe027ed4e7592827889eb3b487e7e485a.tar.gz
pki-cec9efefe027ed4e7592827889eb3b487e7e485a.tar.xz
pki-cec9efefe027ed4e7592827889eb3b487e7e485a.zip
Added ConfigTrustedPublicKeyEvent.
A new ConfigTrustedPublicKeyEvent class of has been added to encapsulate the CONFIG_TRUSTED_PUBLIC_KEY events. https://pagure.io/dogtagpki/issue/2641 Change-Id: I2fb4b46dfd63daf3c0c08dc08b3dbac9108ec908
Diffstat (limited to 'base')
-rw-r--r--base/common/src/com/netscape/certsrv/logging/AuditEvent.java2
-rw-r--r--base/common/src/com/netscape/certsrv/logging/event/ConfigTrustedPublicKeyEvent.java42
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java218
3 files changed, 114 insertions, 148 deletions
diff --git a/base/common/src/com/netscape/certsrv/logging/AuditEvent.java b/base/common/src/com/netscape/certsrv/logging/AuditEvent.java
index 9ba927123..ff5d344d9 100644
--- a/base/common/src/com/netscape/certsrv/logging/AuditEvent.java
+++ b/base/common/src/com/netscape/certsrv/logging/AuditEvent.java
@@ -63,8 +63,6 @@ public class AuditEvent implements IBundleLogEvent {
"LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT_3";
public final static String CONFIG_ENCRYPTION =
"LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION_3";
- public final static String CONFIG_TRUSTED_PUBLIC_KEY =
- "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3";
public final static String CONFIG_DRM =
"LOGGING_SIGNED_AUDIT_CONFIG_DRM_3";
public final static String SELFTESTS_EXECUTION =
diff --git a/base/common/src/com/netscape/certsrv/logging/event/ConfigTrustedPublicKeyEvent.java b/base/common/src/com/netscape/certsrv/logging/event/ConfigTrustedPublicKeyEvent.java
new file mode 100644
index 000000000..b0dd78140
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/logging/event/ConfigTrustedPublicKeyEvent.java
@@ -0,0 +1,42 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2017 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.logging.event;
+
+import com.netscape.certsrv.logging.AuditEvent;
+
+public class ConfigTrustedPublicKeyEvent extends AuditEvent {
+
+ private static final long serialVersionUID = 1L;
+
+ public final static String LOGGING_PROPERTY =
+ "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3";
+
+ public ConfigTrustedPublicKeyEvent(
+ String subjectID,
+ String outcome,
+ String params) {
+
+ super(LOGGING_PROPERTY);
+
+ setParameters(new Object[] {
+ subjectID,
+ outcome,
+ params
+ });
+ }
+}
diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
index f8bc34a50..8d28408a3 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
@@ -62,6 +62,7 @@ import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
import com.netscape.certsrv.logging.AuditEvent;
import com.netscape.certsrv.logging.ILogger;
+import com.netscape.certsrv.logging.event.ConfigTrustedPublicKeyEvent;
import com.netscape.certsrv.ocsp.IOCSPAuthority;
import com.netscape.certsrv.ra.IRegistrationAuthority;
import com.netscape.certsrv.security.ICryptoSubsystem;
@@ -1434,7 +1435,7 @@ public final class CMSAdminServlet extends AdminServlet {
private void issueImportCert(HttpServletRequest req,
HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
- String auditMessage = null;
+
String auditSubjectID = auditSubjectID();
// ensure that any low-level exceptions are reported
@@ -1484,14 +1485,11 @@ public final class CMSAdminServlet extends AdminServlet {
nicknameWithoutTokenName = nickname.substring(index + 1);
oldtokenname = nickname.substring(0, index);
} else {
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.CONFIG_TRUSTED_PUBLIC_KEY,
+
+ audit(new ConfigTrustedPublicKeyEvent(
auditSubjectID,
ILogger.FAILURE,
- auditParams(req));
-
- audit(auditMessage);
+ auditParams(req)));
throw new EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
}
@@ -1504,14 +1502,11 @@ public final class CMSAdminServlet extends AdminServlet {
} else if (index > 0 && (index < (canickname.length() - 1))) {
canicknameWithoutTokenName = canickname.substring(index + 1);
} else {
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.CONFIG_TRUSTED_PUBLIC_KEY,
+
+ audit(new ConfigTrustedPublicKeyEvent(
auditSubjectID,
ILogger.FAILURE,
- auditParams(req));
-
- audit(auditMessage);
+ auditParams(req)));
throw new EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
}
@@ -1524,14 +1519,11 @@ public final class CMSAdminServlet extends AdminServlet {
KeyPair pair = null;
if (nickname.equals("")) {
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.CONFIG_TRUSTED_PUBLIC_KEY,
+
+ audit(new ConfigTrustedPublicKeyEvent(
auditSubjectID,
ILogger.FAILURE,
- auditParams(req));
-
- audit(auditMessage);
+ auditParams(req)));
throw new EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
}
@@ -1771,40 +1763,30 @@ public final class CMSAdminServlet extends AdminServlet {
properties.clear();
properties = null;
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.CONFIG_TRUSTED_PUBLIC_KEY,
+ audit(new ConfigTrustedPublicKeyEvent(
auditSubjectID,
ILogger.SUCCESS,
- auditParams(req));
-
- audit(auditMessage);
+ auditParams(req)));
mConfig.commit(true);
sendResponse(SUCCESS, null, null, resp);
} catch (EBaseException eAudit1) {
CMS.debug("CMSAdminServlet: issueImportCert: EBaseException thrown: " + eAudit1.toString());
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.CONFIG_TRUSTED_PUBLIC_KEY,
+
+ audit(new ConfigTrustedPublicKeyEvent(
auditSubjectID,
ILogger.FAILURE,
- auditParams(req));
-
- audit(auditMessage);
+ auditParams(req)));
// rethrow the specific exception to be handled later
throw eAudit1;
} catch (IOException eAudit2) {
CMS.debug("CMSAdminServlet: issueImportCert: IOException thrown: " + eAudit2.toString());
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.CONFIG_TRUSTED_PUBLIC_KEY,
+
+ audit(new ConfigTrustedPublicKeyEvent(
auditSubjectID,
ILogger.FAILURE,
- auditParams(req));
-
- audit(auditMessage);
+ auditParams(req)));
// rethrow the specific exception to be handled later
throw eAudit2;
@@ -1890,14 +1872,11 @@ public final class CMSAdminServlet extends AdminServlet {
try {
if (pkcs == null || pkcs.equals("")) {
if (certpath == null || certpath.equals("")) {
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.CONFIG_TRUSTED_PUBLIC_KEY,
+
+ audit(new ConfigTrustedPublicKeyEvent(
auditSubjectID,
ILogger.FAILURE,
- auditParams(req));
-
- audit(auditMessage);
+ auditParams(req)));
EBaseException ex = new EBaseException(
CMS.getLogMessage("BASE_INVALID_FILE_PATH"));
@@ -1924,14 +1903,11 @@ public final class CMSAdminServlet extends AdminServlet {
}
}
} catch (IOException ee) {
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.CONFIG_TRUSTED_PUBLIC_KEY,
+
+ audit(new ConfigTrustedPublicKeyEvent(
auditSubjectID,
ILogger.FAILURE,
- auditParams(req));
-
- audit(auditMessage);
+ auditParams(req)));
throw new EBaseException(
CMS.getLogMessage("BASE_OPEN_FILE_FAILED"));
@@ -1954,14 +1930,11 @@ public final class CMSAdminServlet extends AdminServlet {
tokenName = nickname.substring(0, index);
nicknameWithoutTokenName = nickname.substring(index + 1);
} else {
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.CONFIG_TRUSTED_PUBLIC_KEY,
+
+ audit(new ConfigTrustedPublicKeyEvent(
auditSubjectID,
ILogger.FAILURE,
- auditParams(req));
-
- audit(auditMessage);
+ auditParams(req)));
throw new EBaseException(
CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
@@ -2203,14 +2176,10 @@ public final class CMSAdminServlet extends AdminServlet {
audit(auditMessage);
}
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.CONFIG_TRUSTED_PUBLIC_KEY,
+ audit(new ConfigTrustedPublicKeyEvent(
auditSubjectID,
ILogger.SUCCESS,
- auditParams(req));
-
- audit(auditMessage);
+ auditParams(req)));
mConfig.commit(true);
if (verified == true) {
@@ -2220,26 +2189,20 @@ public final class CMSAdminServlet extends AdminServlet {
null, resp);
}
} catch (EBaseException eAudit1) {
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.CONFIG_TRUSTED_PUBLIC_KEY,
+
+ audit(new ConfigTrustedPublicKeyEvent(
auditSubjectID,
ILogger.FAILURE,
- auditParams(req));
-
- audit(auditMessage);
+ auditParams(req)));
// rethrow the specific exception to be handled later
throw eAudit1;
} catch (IOException eAudit2) {
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.CONFIG_TRUSTED_PUBLIC_KEY,
+
+ audit(new ConfigTrustedPublicKeyEvent(
auditSubjectID,
ILogger.FAILURE,
- auditParams(req));
-
- audit(auditMessage);
+ auditParams(req)));
// rethrow the specific exception to be handled later
throw eAudit2;
@@ -2275,7 +2238,7 @@ public final class CMSAdminServlet extends AdminServlet {
private void importXCert(HttpServletRequest req,
HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
- String auditMessage = null;
+
String auditSubjectID = auditSubjectID();
// ensure that any low-level exceptions are reported
@@ -2309,14 +2272,11 @@ public final class CMSAdminServlet extends AdminServlet {
try {
if (b64Cert == null || b64Cert.equals("")) {
if (certpath == null || certpath.equals("")) {
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.CONFIG_TRUSTED_PUBLIC_KEY,
+
+ audit(new ConfigTrustedPublicKeyEvent(
auditSubjectID,
ILogger.FAILURE,
- auditParams(req));
-
- audit(auditMessage);
+ auditParams(req)));
EBaseException ex = new EBaseException(
CMS.getLogMessage("BASE_INVALID_FILE_PATH"));
@@ -2342,14 +2302,11 @@ public final class CMSAdminServlet extends AdminServlet {
}
}
} catch (IOException ee) {
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.CONFIG_TRUSTED_PUBLIC_KEY,
+
+ audit(new ConfigTrustedPublicKeyEvent(
auditSubjectID,
ILogger.FAILURE,
- auditParams(req));
-
- audit(auditMessage);
+ auditParams(req)));
throw new EBaseException(
CMS.getLogMessage("BASE_OPEN_FILE_FAILED"));
@@ -2376,14 +2333,11 @@ public final class CMSAdminServlet extends AdminServlet {
//this will import into internal ldap crossCerts entry
ccps.importCert(bCert);
} catch (Exception e) {
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.CONFIG_TRUSTED_PUBLIC_KEY,
+
+ audit(new ConfigTrustedPublicKeyEvent(
auditSubjectID,
ILogger.FAILURE,
- auditParams(req));
-
- audit(auditMessage);
+ auditParams(req)));
sendResponse(1, "xcert importing failure:" + e.toString(),
null, resp);
@@ -2395,14 +2349,11 @@ public final class CMSAdminServlet extends AdminServlet {
// db to publishing directory, if turned on
ccps.publishCertPairs();
} catch (EBaseException e) {
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.CONFIG_TRUSTED_PUBLIC_KEY,
+
+ audit(new ConfigTrustedPublicKeyEvent(
auditSubjectID,
ILogger.FAILURE,
- auditParams(req));
-
- audit(auditMessage);
+ auditParams(req)));
sendResponse(1, "xcerts publishing failure:" + e.toString(), null, resp);
return;
@@ -2416,37 +2367,27 @@ public final class CMSAdminServlet extends AdminServlet {
results.put(Constants.PR_NICKNAME, "FBCA cross-signed cert");
results.put(Constants.PR_CERT_CONTENT, content);
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.CONFIG_TRUSTED_PUBLIC_KEY,
+ audit(new ConfigTrustedPublicKeyEvent(
auditSubjectID,
ILogger.SUCCESS,
- auditParams(req));
-
- audit(auditMessage);
+ auditParams(req)));
sendResponse(SUCCESS, null, results, resp);
} catch (EBaseException eAudit1) {
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.CONFIG_TRUSTED_PUBLIC_KEY,
+
+ audit(new ConfigTrustedPublicKeyEvent(
auditSubjectID,
ILogger.FAILURE,
- auditParams(req));
-
- audit(auditMessage);
+ auditParams(req)));
// rethrow the specific exception to be handled later
throw eAudit1;
} catch (IOException eAudit2) {
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.CONFIG_TRUSTED_PUBLIC_KEY,
+
+ audit(new ConfigTrustedPublicKeyEvent(
auditSubjectID,
ILogger.FAILURE,
- auditParams(req));
-
- audit(auditMessage);
+ auditParams(req)));
// rethrow the specific exception to be handled later
throw eAudit2;
@@ -2929,7 +2870,7 @@ public final class CMSAdminServlet extends AdminServlet {
public void setRootCertTrust(HttpServletRequest req,
HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
- String auditMessage = null;
+
String auditSubjectID = auditSubjectID();
String nickname = req.getParameter(Constants.PR_NICK_NAME);
String serialno = req.getParameter(Constants.PR_SERIAL_NUMBER);
@@ -2943,25 +2884,20 @@ public final class CMSAdminServlet extends AdminServlet {
try {
jssSubSystem.setRootCertTrust(nickname, serialno, issuername, trust);
} catch (EBaseException e) {
- auditMessage = CMS.getLogMessage(
- AuditEvent.CONFIG_TRUSTED_PUBLIC_KEY,
+
+ audit(new ConfigTrustedPublicKeyEvent(
auditSubjectID,
ILogger.FAILURE,
- auditParams(req));
+ auditParams(req)));
- audit(auditMessage);
// rethrow the specific exception to be handled later
throw e;
}
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.CONFIG_TRUSTED_PUBLIC_KEY,
+ audit(new ConfigTrustedPublicKeyEvent(
auditSubjectID,
ILogger.SUCCESS,
- auditParams(req));
-
- audit(auditMessage);
+ auditParams(req)));
sendResponse(SUCCESS, null, null, resp);
}
@@ -2982,7 +2918,7 @@ public final class CMSAdminServlet extends AdminServlet {
private void trustCACert(HttpServletRequest req,
HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
- String auditMessage = null;
+
String auditSubjectID = auditSubjectID();
CMS.debug("CMSAdminServlet: trustCACert()");
@@ -3010,38 +2946,28 @@ public final class CMSAdminServlet extends AdminServlet {
}
}
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.CONFIG_TRUSTED_PUBLIC_KEY,
+ audit(new ConfigTrustedPublicKeyEvent(
auditSubjectID,
ILogger.SUCCESS,
- auditParams(req));
-
- audit(auditMessage);
+ auditParams(req)));
//sendResponse(SUCCESS, null, null, resp);
sendResponse(RESTART, null, null, resp);
} catch (EBaseException eAudit1) {
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.CONFIG_TRUSTED_PUBLIC_KEY,
+
+ audit(new ConfigTrustedPublicKeyEvent(
auditSubjectID,
ILogger.FAILURE,
- auditParams(req));
-
- audit(auditMessage);
+ auditParams(req)));
// rethrow the specific exception to be handled later
throw eAudit1;
} catch (IOException eAudit2) {
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.CONFIG_TRUSTED_PUBLIC_KEY,
+
+ audit(new ConfigTrustedPublicKeyEvent(
auditSubjectID,
ILogger.FAILURE,
- auditParams(req));
-
- audit(auditMessage);
+ auditParams(req)));
// rethrow the specific exception to be handled later
throw eAudit2;
generated by cgit (git 2.34.1) at 2026-01-09 08:52:13 +0000