diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2017-06-21 00:48:39 +0200 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2017-06-24 00:04:03 +0200 |
| commit | db84bffad64dd4b9a9d684255794719ae13d677f (patch) | |
| tree | ae053e4062ce95d7a890e0817b473f381dbce13d /base | |
| parent | 5b2d619e9fdd3d020edda96196cac4e70a27fd6e (diff) | |
| download | pki-db84bffad64dd4b9a9d684255794719ae13d677f.tar.gz pki-db84bffad64dd4b9a9d684255794719ae13d677f.tar.xz pki-db84bffad64dd4b9a9d684255794719ae13d677f.zip | |
Refactored signed audit logger.
Signed audit logger creation has been simplified into:
Logger signedAuditLogger = SignedAuditLogger.getLogger();
The null checks on signed audit logger have been removed since
it cannot be null. Audit messages can be logged as follows:
signedAuditLogger.log(message);
https://pagure.io/dogtagpki/issue/2689
Change-Id: I3bf781b0194a6cbb166f71751c098d1c2a3a657a
Diffstat (limited to 'base')
44 files changed, 186 insertions, 591 deletions
diff --git a/base/ca/src/com/netscape/ca/CAService.java b/base/ca/src/com/netscape/ca/CAService.java index c9eacfe42..a9b38e7c2 100644 --- a/base/ca/src/com/netscape/ca/CAService.java +++ b/base/ca/src/com/netscape/ca/CAService.java @@ -59,6 +59,8 @@ import com.netscape.certsrv.profile.IProfileSubsystem; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IService; import com.netscape.certsrv.request.RequestId; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cmscore.base.SubsystemRegistry; import com.netscape.cmscore.connector.HttpConnector; import com.netscape.cmscore.connector.LocalConnector; @@ -103,6 +105,8 @@ import netscape.security.x509.X509ExtensionException; */ public class CAService implements ICAService, IService { + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + public static final String CRMF_REQUEST = "CRMFRequest"; public static final String CHALLENGE_PHRASE = "challengePhrase"; public static final String SERIALNO_ARRAY = "serialNoArray"; @@ -117,8 +121,6 @@ public class CAService implements ICAService, IService { private boolean mArchivalRequired = true; private Hashtable<String, ICRLIssuingPoint> mCRLIssuingPoints = new Hashtable<String, ICRLIssuingPoint>(); - private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - public CAService(ICertificateAuthority ca) { mCA = ca; @@ -1154,18 +1156,7 @@ public class CAService implements ICAService, IService { * @param msg signed audit log message */ private void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { @@ -1188,10 +1179,6 @@ public class CAService implements ICAService, IService { * @return id string containing the signed audit log message SubjectID */ private String auditSubjectID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String subjectID = null; @@ -1224,10 +1211,6 @@ public class CAService implements ICAService, IService { * @return id string containing the signed audit log message RequesterID */ private String auditRequesterID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String requesterID = null; diff --git a/base/ca/src/com/netscape/ca/CRLIssuingPoint.java b/base/ca/src/com/netscape/ca/CRLIssuingPoint.java index be6ffa877..984971513 100644 --- a/base/ca/src/com/netscape/ca/CRLIssuingPoint.java +++ b/base/ca/src/com/netscape/ca/CRLIssuingPoint.java @@ -64,6 +64,8 @@ import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.IRequestVirtualList; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.util.IStatsSubsystem; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cmscore.dbs.CRLIssuingPointRecord; import com.netscape.cmscore.dbs.CertRecord; import com.netscape.cmscore.dbs.CertificateRepository; @@ -106,6 +108,9 @@ import netscape.security.x509.X509CertImpl; public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { + private static ILogger mLogger = CMS.getLogger(); + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + /* Foreign config param for IssuingDistributionPointExtension. */ public static final String PROP_CACERTS = "onlyContainsCACerts"; @@ -120,8 +125,6 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { public IPublisherProcessor mPublisherProcessor = null; - private ILogger mLogger = CMS.getLogger(); - private IConfigStore mConfigStore; private int mCountMod = 0; @@ -3189,19 +3192,12 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { void audit(AuditEvent event) { - ILogger logger = CMS.getSignedAuditLogger(); - if (logger == null) return; - String messageID = event.getMessage(); Object[] params = event.getParameters(); String message = CMS.getLogMessage(messageID, params); - logger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - message); + signedAuditLogger.log(message); } } diff --git a/base/common/src/com/netscape/certsrv/apps/CMS.java b/base/common/src/com/netscape/certsrv/apps/CMS.java index 9df99ab09..a6cd582ba 100644 --- a/base/common/src/com/netscape/certsrv/apps/CMS.java +++ b/base/common/src/com/netscape/certsrv/apps/CMS.java @@ -36,10 +36,10 @@ import org.dogtagpki.legacy.policy.ISubjAltNameConfig; import org.mozilla.jss.CryptoManager.CertificateUsage; import org.mozilla.jss.util.PasswordCallback; -import com.netscape.certsrv.authentication.ISharedToken; import com.netscape.certsrv.acls.EACLsException; import com.netscape.certsrv.acls.IACL; import com.netscape.certsrv.authentication.IAuthSubsystem; +import com.netscape.certsrv.authentication.ISharedToken; import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.authorization.IAuthzSubsystem; import com.netscape.certsrv.base.EBaseException; @@ -307,17 +307,6 @@ public final class CMS { } /** - * Returns the signed audit logger of the current server. This logger can - * be used to log critical informational or critical error - * messages. - * - * @return signed audit logger - */ - public static ILogger getSignedAuditLogger() { - return _engine.getSignedAuditLogger(); - } - - /** * Creates a repository record in the internal database. * * @return repository record diff --git a/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java b/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java index 563b7c9c5..f861b955c 100644 --- a/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java +++ b/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java @@ -208,15 +208,6 @@ public interface ICMSEngine extends ISubsystem { public IAuditor getAuditor(); /** - * Returns the signed audit logger of the current server. This logger can - * be used to log critical informational or critical error - * messages. - * - * @return signed audit logger - */ - public ILogger getSignedAuditLogger(); - - /** * Puts data of an byte array into the debug file. * * @param data byte array to be recorded in the debug file diff --git a/base/kra/src/com/netscape/kra/AsymKeyGenService.java b/base/kra/src/com/netscape/kra/AsymKeyGenService.java index 1e38b4828..0731a4458 100644 --- a/base/kra/src/com/netscape/kra/AsymKeyGenService.java +++ b/base/kra/src/com/netscape/kra/AsymKeyGenService.java @@ -39,6 +39,8 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IService; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.security.IStorageKeyUnit; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cmscore.dbs.KeyRecord; import netscape.security.util.WrappingParams; @@ -55,12 +57,13 @@ import netscape.security.util.WrappingParams; */ public class AsymKeyGenService implements IService { + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + private static final String ATTR_KEY_RECORD = "keyRecord"; private static final String STATUS_ACTIVE = "active"; private IKeyRecoveryAuthority kra = null; private IStorageKeyUnit storageUnit = null; - private ILogger signedAuditLogger = CMS.getSignedAuditLogger(); public AsymKeyGenService(IKeyRecoveryAuthority kra) { this.kra = kra; @@ -214,14 +217,7 @@ public class AsymKeyGenService implements IService { } private void audit(String msg) { - if (signedAuditLogger == null) - return; - - signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { diff --git a/base/kra/src/com/netscape/kra/EnrollmentService.java b/base/kra/src/com/netscape/kra/EnrollmentService.java index 4cf36d1a2..79c4eb9a8 100644 --- a/base/kra/src/com/netscape/kra/EnrollmentService.java +++ b/base/kra/src/com/netscape/kra/EnrollmentService.java @@ -60,6 +60,8 @@ import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.security.IStorageKeyUnit; import com.netscape.certsrv.security.ITransportKeyUnit; import com.netscape.certsrv.util.IStatsSubsystem; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cms.servlet.key.KeyRecordParser; import com.netscape.cmscore.crmf.CRMFParser; import com.netscape.cmscore.crmf.PKIArchiveOptionsContainer; @@ -94,6 +96,8 @@ import netscape.security.x509.X509Key; */ public class EnrollmentService implements IService { + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + // constants public static final String CRMF_REQUEST = "CRMFRequest"; public final static String ATTR_KEY_RECORD = "keyRecord"; @@ -104,7 +108,6 @@ public class EnrollmentService implements IService { private IKeyRecoveryAuthority mKRA = null; private ITransportKeyUnit mTransportUnit = null; private IStorageKeyUnit mStorageUnit = null; - private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); /** * Constructs request processor. @@ -886,10 +889,6 @@ public class EnrollmentService implements IService { * @return key string containing the certificate's public key */ private String auditPublicKey(KeyRecord rec) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } if (rec == null) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -933,10 +932,6 @@ public class EnrollmentService implements IService { */ private String auditSubjectID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String subjectID = null; @@ -969,10 +964,6 @@ public class EnrollmentService implements IService { * @return id string containing the signed audit log message RequesterID */ private String auditRequesterID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String requesterID = null; @@ -1004,18 +995,7 @@ public class EnrollmentService implements IService { * @param msg signed audit log message */ private void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { diff --git a/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java b/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java index 5e3b8a9d7..190290b5a 100644 --- a/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java +++ b/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java @@ -78,6 +78,8 @@ import com.netscape.certsrv.security.Credential; import com.netscape.certsrv.security.IStorageKeyUnit; import com.netscape.certsrv.security.ITransportKeyUnit; import com.netscape.certsrv.usrgrp.IUGSubsystem; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cmscore.dbs.DBSubsystem; import com.netscape.cmscore.dbs.KeyRecord; import com.netscape.cmscore.dbs.KeyRepository; @@ -102,6 +104,8 @@ import netscape.security.x509.X509CertImpl; */ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecoveryAuthority { + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + public final static String OFFICIAL_NAME = "Data Recovery Manager"; /** @@ -150,7 +154,6 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove // for the notification listener public IRequestListener mReqInQListener = null; - private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static String SIGNED_AUDIT_AGENT_DELIMITER = ", "; /** * Constructs an escrow authority. @@ -1534,18 +1537,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove * @param msg signed audit log message */ private void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { @@ -1568,10 +1560,6 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove * @return id string containing the signed audit log message SubjectID */ private String auditSubjectID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String subjectID = null; @@ -1604,10 +1592,6 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove * @return id string containing the signed audit log message RequesterID */ private String auditRequesterID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String requesterID = null; @@ -1656,10 +1640,6 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove * @return key string containing the certificate's public key */ private String auditPublicKey(X509Certificate cert) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } if (cert == null) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -1689,10 +1669,6 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove * @return key string containing the certificate's public key */ private String auditPublicKey(KeyRecord rec) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } if (rec == null) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -1745,11 +1721,6 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove if (creds == null) return null; - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } - String agents = ILogger.SIGNED_AUDIT_EMPTY_VALUE; String uid = null; diff --git a/base/kra/src/com/netscape/kra/NetkeyKeygenService.java b/base/kra/src/com/netscape/kra/NetkeyKeygenService.java index 07333b7f4..0a6aa06c2 100644 --- a/base/kra/src/com/netscape/kra/NetkeyKeygenService.java +++ b/base/kra/src/com/netscape/kra/NetkeyKeygenService.java @@ -60,6 +60,8 @@ import com.netscape.certsrv.request.IService; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.security.IStorageKeyUnit; import com.netscape.certsrv.security.ITransportKeyUnit; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cms.servlet.key.KeyRecordParser; import com.netscape.cmscore.dbs.KeyRecord; import com.netscape.cmscore.security.JssSubsystem; @@ -88,6 +90,9 @@ import netscape.security.util.WrappingParams; */ public class NetkeyKeygenService implements IService { + + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + public final static String ATTR_KEY_RECORD = "keyRecord"; public final static String ATTR_PROOF_OF_ARCHIVAL = "proofOfArchival"; @@ -95,7 +100,6 @@ public class NetkeyKeygenService implements IService { private IKeyRecoveryAuthority mKRA = null; private ITransportKeyUnit mTransportUnit = null; private IStorageKeyUnit mStorageUnit = null; - private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); /** * Constructs request processor. @@ -523,18 +527,7 @@ public class NetkeyKeygenService implements IService { * @param msg signed audit log message */ private void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { diff --git a/base/kra/src/com/netscape/kra/SecurityDataProcessor.java b/base/kra/src/com/netscape/kra/SecurityDataProcessor.java index ec848be2d..f00cb5b3d 100644 --- a/base/kra/src/com/netscape/kra/SecurityDataProcessor.java +++ b/base/kra/src/com/netscape/kra/SecurityDataProcessor.java @@ -47,6 +47,8 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.security.IStorageKeyUnit; import com.netscape.certsrv.security.ITransportKeyUnit; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cmscore.dbs.KeyRecord; import com.netscape.cmscore.security.JssSubsystem; import com.netscape.cmsutil.crypto.CryptoUtil; @@ -57,6 +59,9 @@ import netscape.security.util.WrappingParams; import netscape.security.x509.X509Key; public class SecurityDataProcessor { + + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + public final static String ATTR_KEY_RECORD = "keyRecord"; public static final String ATTR_SERIALNO = "serialNumber"; private final static String STATUS_ACTIVE = "active"; @@ -65,7 +70,7 @@ public class SecurityDataProcessor { private ITransportKeyUnit transportUnit = null; private IStorageKeyUnit storageUnit = null; private IKeyRepository keyRepository = null; - private ILogger signedAuditLogger = CMS.getSignedAuditLogger(); + private static boolean allowEncDecrypt_archival = false; private static boolean allowEncDecrypt_recovery = false; @@ -829,14 +834,7 @@ public class SecurityDataProcessor { } private void audit(String msg) { - if (signedAuditLogger == null) - return; - - signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { diff --git a/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java b/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java index 3c44d5391..4e47ccadf 100644 --- a/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java +++ b/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java @@ -29,6 +29,8 @@ import com.netscape.certsrv.logging.event.SecurityDataRecoveryProcessedEvent; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IService; import com.netscape.certsrv.request.RequestId; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; /** * This implementation services SecurityData Recovery requests. @@ -38,9 +40,10 @@ import com.netscape.certsrv.request.RequestId; */ public class SecurityDataRecoveryService implements IService { + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + private IKeyRecoveryAuthority kra = null; private SecurityDataProcessor processor = null; - private ILogger signedAuditLogger = CMS.getSignedAuditLogger(); public SecurityDataRecoveryService(IKeyRecoveryAuthority kra) { this.kra = kra; @@ -107,14 +110,7 @@ public class SecurityDataRecoveryService implements IService { } private void audit(String msg) { - if (signedAuditLogger == null) - return; - - signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } private void auditRecoveryRequestProcessed(String subjectID, String status, RequestId requestID, diff --git a/base/kra/src/com/netscape/kra/SymKeyGenService.java b/base/kra/src/com/netscape/kra/SymKeyGenService.java index 578b1ffeb..b63c362d0 100644 --- a/base/kra/src/com/netscape/kra/SymKeyGenService.java +++ b/base/kra/src/com/netscape/kra/SymKeyGenService.java @@ -43,6 +43,8 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IService; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.security.IStorageKeyUnit; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cms.servlet.key.KeyRequestDAO; import com.netscape.cmscore.dbs.KeyRecord; import com.netscape.cmsutil.crypto.CryptoUtil; @@ -57,12 +59,13 @@ import netscape.security.util.WrappingParams; */ public class SymKeyGenService implements IService { + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + public final static String ATTR_KEY_RECORD = "keyRecord"; private final static String STATUS_ACTIVE = "active"; private IKeyRecoveryAuthority mKRA = null; private IStorageKeyUnit mStorageUnit = null; - private ILogger signedAuditLogger = CMS.getSignedAuditLogger(); public SymKeyGenService(IKeyRecoveryAuthority kra) { mKRA = kra; @@ -243,14 +246,7 @@ public class SymKeyGenService implements IService { } private void audit(String msg) { - if (signedAuditLogger == null) - return; - - signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { diff --git a/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java b/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java index 891b0831f..46cf5d96b 100644 --- a/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java +++ b/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java @@ -55,6 +55,8 @@ import com.netscape.certsrv.request.IService; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.security.IStorageKeyUnit; import com.netscape.certsrv.security.ITransportKeyUnit; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cmscore.dbs.KeyRecord; import com.netscape.cmscore.security.JssSubsystem; import com.netscape.cmsutil.crypto.CryptoUtil; @@ -74,6 +76,8 @@ import netscape.security.x509.X509Key; */ public class TokenKeyRecoveryService implements IService { + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + public static final String ATTR_NICKNAME = "nickname"; public static final String ATTR_OWNER_NAME = "ownerName"; public static final String ATTR_PUBLIC_KEY_DATA = "publicKeyData"; @@ -95,8 +99,6 @@ public class TokenKeyRecoveryService implements IService { private IStorageKeyUnit mStorageUnit = null; private ITransportKeyUnit mTransportUnit = null; - private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - /** * Constructs request processor. */ @@ -717,18 +719,7 @@ public class TokenKeyRecoveryService implements IService { * @param msg signed audit log message */ private void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { diff --git a/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java b/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java index 94411671b..8d70b8dfe 100644 --- a/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java +++ b/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java @@ -87,6 +87,8 @@ import com.netscape.certsrv.profile.IProfileAuthenticator; import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.util.Utils; @@ -110,6 +112,9 @@ import netscape.security.x509.X509Key; public class CMCAuth implements IAuthManager, IExtendedPluginInfo, IProfileAuthenticator { + private static ILogger mLogger = CMS.getLogger(); + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + //////////////////////// // default parameters // //////////////////////// @@ -173,11 +178,6 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, // Logger parameters // /////////////////////// - /* the system's logger */ - private ILogger mLogger = CMS.getLogger(); - - /* signed audit parameters */ - private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static String SIGNED_AUDIT_ENROLLMENT_REQUEST_TYPE = "enrollment"; private final static String SIGNED_AUDIT_REVOCATION_REQUEST_TYPE = @@ -1068,18 +1068,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, * @param msg signed audit log message */ private void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { @@ -1102,10 +1091,6 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, * @return id string containing the signed audit log message SubjectID */ private String auditSubjectID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String subjectID = null; diff --git a/base/server/cms/src/com/netscape/cms/authentication/CMCUserSignedAuth.java b/base/server/cms/src/com/netscape/cms/authentication/CMCUserSignedAuth.java index 6c3ee8f93..4165d50ed 100644 --- a/base/server/cms/src/com/netscape/cms/authentication/CMCUserSignedAuth.java +++ b/base/server/cms/src/com/netscape/cms/authentication/CMCUserSignedAuth.java @@ -28,18 +28,17 @@ package com.netscape.cms.authentication; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; -import java.security.cert.X509Certificate; import java.math.BigInteger; import java.security.MessageDigest; import java.security.PublicKey; import java.security.cert.CertificateExpiredException; +import java.security.cert.X509Certificate; import java.util.Enumeration; import java.util.Hashtable; import java.util.Locale; import java.util.Vector; import org.mozilla.jss.CryptoManager; -import org.mozilla.jss.CryptoManager.NotInitializedException; import org.mozilla.jss.asn1.ASN1Util; import org.mozilla.jss.asn1.BIT_STRING; import org.mozilla.jss.asn1.INTEGER; @@ -90,6 +89,8 @@ import com.netscape.certsrv.profile.IProfileAuthenticator; import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.util.Utils; @@ -125,6 +126,9 @@ import netscape.security.x509.X509Key; public class CMCUserSignedAuth implements IAuthManager, IExtendedPluginInfo, IProfileAuthenticator { + private static ILogger mLogger = CMS.getLogger(); + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + //////////////////////// // default parameters // //////////////////////// @@ -193,11 +197,6 @@ public class CMCUserSignedAuth implements IAuthManager, IExtendedPluginInfo, // Logger parameters // /////////////////////// - /* the system's logger */ - private ILogger mLogger = CMS.getLogger(); - - /* signed audit parameters */ - private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static String SIGNED_AUDIT_ENROLLMENT_REQUEST_TYPE = "enrollment"; private final static String SIGNED_AUDIT_REVOCATION_REQUEST_TYPE = "revocation"; @@ -276,7 +275,7 @@ public class CMCUserSignedAuth implements IAuthManager, IExtendedPluginInfo, if (clientCert != null) { try { createAuditSubjectFromCert(auditContext, clientCert); - } catch (IOException e) { + } catch (IOException e) { //unlikely, and not necessarily required at this point CMS.debug("CMSUserSignedAuth: authenticate: after createAuditSubjectFromCert call; " + e); } @@ -1292,18 +1291,7 @@ public class CMCUserSignedAuth implements IAuthManager, IExtendedPluginInfo, * @param msg signed audit log message */ private void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { @@ -1326,10 +1314,6 @@ public class CMCUserSignedAuth implements IAuthManager, IExtendedPluginInfo, * @return id string containing the signed audit log message SubjectID */ private String getAuditSubjectID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String subjectID = null; diff --git a/base/server/cms/src/com/netscape/cms/logging/LogFile.java b/base/server/cms/src/com/netscape/cms/logging/LogFile.java index d5319ab53..b28b810f8 100644 --- a/base/server/cms/src/com/netscape/cms/logging/LogFile.java +++ b/base/server/cms/src/com/netscape/cms/logging/LogFile.java @@ -49,7 +49,6 @@ import java.util.Date; import java.util.Hashtable; import java.util.LinkedHashSet; import java.util.Locale; -import java.util.Properties; import java.util.Set; import java.util.Vector; @@ -87,6 +86,9 @@ import com.netscape.cmsutil.util.Utils; * @version $Revision$, $Date$ **/ public class LogFile implements ILogEventListener, IExtendedPluginInfo { + + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + public static final String PROP_TYPE = "type"; public static final String PROP_REGISTER = "register"; public static final String PROP_ON = "enable"; @@ -106,7 +108,6 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { private final static String LOG_SIGNED_AUDIT_EXCEPTION = "LOG_SIGNED_AUDIT_EXCEPTION_1"; - protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); protected IConfigStore mConfig = null; /** @@ -728,14 +729,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { ILogger.SUCCESS, base64Encode(sigBytes)); - if (mSignedAuditLogger == null) { - return; - } - - ILogEvent ev = mSignedAuditLogger.create( - ILogger.EV_SIGNED_AUDIT, - (Properties) null, - ILogger.S_SIGNED_AUDIT, + ILogEvent ev = signedAuditLogger.create( ILogger.LL_SECURITY, auditMessage, o, @@ -1535,18 +1529,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { * @param msg signed audit log message */ protected void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { diff --git a/base/server/cms/src/com/netscape/cms/logging/Logger.java b/base/server/cms/src/com/netscape/cms/logging/Logger.java index 0b33a3967..64653c2fa 100644 --- a/base/server/cms/src/com/netscape/cms/logging/Logger.java +++ b/base/server/cms/src/com/netscape/cms/logging/Logger.java @@ -44,7 +44,6 @@ public class Logger implements ILogger { static { register(EV_AUDIT, new AuditEventFactory()); register(EV_SYSTEM, new SystemEventFactory()); - register(EV_SIGNED_AUDIT, new SignedAuditEventFactory()); } LogFactory factory; diff --git a/base/server/cms/src/com/netscape/cms/logging/SignedAuditLogger.java b/base/server/cms/src/com/netscape/cms/logging/SignedAuditLogger.java index aaf96ae9f..cf9ddf987 100644 --- a/base/server/cms/src/com/netscape/cms/logging/SignedAuditLogger.java +++ b/base/server/cms/src/com/netscape/cms/logging/SignedAuditLogger.java @@ -17,6 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.logging; +import com.netscape.certsrv.logging.ILogger; + /** * A class represents certificate server logger * implementation. @@ -28,12 +30,17 @@ package com.netscape.cms.logging; */ public class SignedAuditLogger extends Logger { - /** - * Constructs a generic logger, and registers a list - * of resident event factories. - */ + private final static SignedAuditLogger logger = + new SignedAuditLogger(); + public SignedAuditLogger() { - super(); - register(EV_SIGNED_AUDIT, new SignedAuditEventFactory()); + super(new SignedAuditEventFactory(), + ILogger.EV_SIGNED_AUDIT, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY); + } + + public static SignedAuditLogger getLogger() { + return logger; } } diff --git a/base/server/cms/src/com/netscape/cms/profile/common/BasicProfile.java b/base/server/cms/src/com/netscape/cms/profile/common/BasicProfile.java index e47c72295..bf6193499 100644 --- a/base/server/cms/src/com/netscape/cms/profile/common/BasicProfile.java +++ b/base/server/cms/src/com/netscape/cms/profile/common/BasicProfile.java @@ -49,6 +49,8 @@ import com.netscape.certsrv.registry.IPluginInfo; import com.netscape.certsrv.registry.IPluginRegistry; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestStatus; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; /** * This class implements a basic profile. @@ -57,6 +59,8 @@ import com.netscape.certsrv.request.RequestStatus; */ public abstract class BasicProfile implements IProfile { + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + public static final String PROP_ENABLE = "enable"; public static final String PROP_ENABLE_BY = "enableBy"; public static final String PROP_IS_RENEWAL = "renewal"; @@ -96,8 +100,6 @@ public abstract class BasicProfile implements IProfile { protected Hashtable<String, Vector<IProfilePolicy>> mPolicySet = new Hashtable<String, Vector<IProfilePolicy>>(); - protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - public BasicProfile() { } @@ -1172,18 +1174,7 @@ public abstract class BasicProfile implements IProfile { * @param msg signed audit log message */ protected void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { @@ -1207,10 +1198,6 @@ public abstract class BasicProfile implements IProfile { * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String subjectID = null; diff --git a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java index 8f3e986c0..7dfaddac4 100644 --- a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java +++ b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java @@ -756,7 +756,7 @@ public abstract class EnrollProfile extends BasicProfile OBJECT_IDENTIFIER oid = attributes[i].getType(); if (oid.equals(OBJECT_IDENTIFIER.id_cmc_revokeRequest)) { id_cmc_revokeRequest = true; - // put in context for processing in + // put in context for processing in // CMCOutputTemplate.java later context.put(OBJECT_IDENTIFIER.id_cmc_revokeRequest, attributes[i]); @@ -2583,10 +2583,6 @@ public abstract class EnrollProfile extends BasicProfile * @return id string containing the signed audit log message RequesterID */ protected String auditRequesterID(IRequest request) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String requesterID = ILogger.UNIDENTIFIED; @@ -2613,10 +2609,6 @@ public abstract class EnrollProfile extends BasicProfile * @return id string containing the signed audit log message ProfileID */ protected String auditProfileID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String profileID = getId(); diff --git a/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java b/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java index 2affaf385..f63f8801c 100644 --- a/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java +++ b/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java @@ -39,6 +39,8 @@ import com.netscape.certsrv.profile.IProfileInput; import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cms.profile.common.EnrollProfile; import com.netscape.cmsutil.crypto.CryptoUtil; @@ -49,13 +51,13 @@ import com.netscape.cmsutil.crypto.CryptoUtil; */ public abstract class EnrollInput implements IProfileInput { + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + protected IConfigStore mConfig = null; protected Vector<String> mValueNames = new Vector<String>(); protected Vector<String> mConfigNames = new Vector<String>(); protected IProfile mProfile = null; - protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - /** * Initializes this default policy. */ @@ -252,18 +254,7 @@ public abstract class EnrollInput implements IProfileInput { * @param msg signed audit log message */ protected void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { @@ -287,10 +278,6 @@ public abstract class EnrollInput implements IProfileInput { * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String subjectID = null; diff --git a/base/server/cms/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java b/base/server/cms/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java index 276c5b59b..453a86c86 100644 --- a/base/server/cms/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java +++ b/base/server/cms/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java @@ -40,6 +40,8 @@ import com.netscape.certsrv.request.RequestStatus; import com.netscape.certsrv.usrgrp.IGroup; import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import netscape.security.x509.X509CertImpl; @@ -51,10 +53,12 @@ import netscape.security.x509.X509CertImpl; */ public class SubsystemGroupUpdater implements IProfileUpdater { + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + @SuppressWarnings("unused") private IProfile mProfile; private IConfigStore mConfig = null; - private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); + private Vector<String> mConfigNames = new Vector<String>(); public SubsystemGroupUpdater() { @@ -258,15 +262,7 @@ public class SubsystemGroupUpdater implements IProfileUpdater { } private void audit(String msg) { - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { @@ -280,9 +276,6 @@ public class SubsystemGroupUpdater implements IProfileUpdater { } private String auditSubjectID() { - if (mSignedAuditLogger == null) { - return null; - } String subjectID = null; diff --git a/base/server/cms/src/com/netscape/cms/realm/PKIRealm.java b/base/server/cms/src/com/netscape/cms/realm/PKIRealm.java index 830619321..f74b9dac9 100644 --- a/base/server/cms/src/com/netscape/cms/realm/PKIRealm.java +++ b/base/server/cms/src/com/netscape/cms/realm/PKIRealm.java @@ -24,6 +24,8 @@ import com.netscape.certsrv.usrgrp.EUsrGrpException; import com.netscape.certsrv.usrgrp.IGroup; import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cms.servlet.common.AuthCredentials; import netscape.security.x509.X509CertImpl; @@ -37,7 +39,9 @@ import netscape.security.x509.X509CertImpl; */ public class PKIRealm extends RealmBase { - protected ILogger signedAuditLogger = CMS.getSignedAuditLogger(); + + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + @Override protected String getName() { return "PKIRealm"; @@ -208,18 +212,7 @@ public class PKIRealm extends RealmBase { * @param msg signed audit log message */ protected void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (signedAuditLogger == null) { - return; - } - - signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java index 662a3e9da..5b136be2f 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java @@ -953,8 +953,6 @@ public class AdminServlet extends HttpServlet { * @param msg signed audit log message */ protected void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters if (auditor == null) { return; diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java index 8d28408a3..7ddb0c8db 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java @@ -105,8 +105,6 @@ public final class CMSAdminServlet extends AdminServlet { private final static String PROP_SMTP = "smtp"; private final static String PROP_INTERNAL_DB = "internaldb"; - private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - // CMS must be instantiated before this admin servlet. /** @@ -3304,10 +3302,6 @@ public final class CMSAdminServlet extends AdminServlet { * @return key string containing the public key */ private String auditPublicKey(KeyPair object) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } if (object == null) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; diff --git a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java index c10620549..84ac2ea31 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -78,6 +78,8 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.usrgrp.IGroup; import com.netscape.certsrv.usrgrp.IUGSubsystem; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cms.servlet.common.AuthCredentials; import com.netscape.cms.servlet.common.CMSFileLoader; import com.netscape.cms.servlet.common.CMSGateway; @@ -114,9 +116,9 @@ import netscape.security.x509.X509CertImpl; * @version $Revision$, $Date$ */ public abstract class CMSServlet extends HttpServlet { - /** - * - */ + + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + private static final long serialVersionUID = -3886300199374147160L; // servlet init params // xxxx todo:Should enforce init param value checking! @@ -247,7 +249,6 @@ public abstract class CMSServlet extends HttpServlet { protected String mAclMethod = null; protected String mAuthzResourceName = null; - protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); protected String mOutputTemplatePath = null; private IUGSubsystem mUG = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); @@ -2022,18 +2023,7 @@ public abstract class CMSServlet extends HttpServlet { * @param msg signed audit log message */ protected void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { @@ -2057,10 +2047,6 @@ public abstract class CMSServlet extends HttpServlet { * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } CMS.debug("CMSServlet: in auditSubjectID"); String subjectID = null; @@ -2097,10 +2083,6 @@ public abstract class CMSServlet extends HttpServlet { * @return id string containing the signed audit log message SubjectID */ protected String auditGroupID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } CMS.debug("CMSServlet: in auditGroupID"); String groupID = null; @@ -2138,10 +2120,6 @@ public abstract class CMSServlet extends HttpServlet { * with the "auditSubjectID()" */ private String auditGroups(String SubjectID) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } if ((SubjectID == null) || (SubjectID.equals(ILogger.UNIDENTIFIED))) { diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java b/base/server/cms/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java index a66cd9574..7dad38820 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java @@ -981,10 +981,6 @@ public class CMCRevReqServlet extends CMSServlet { * @return id string containing the signed audit log message RequesterID */ private String auditRequesterID(HttpServletRequest req) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String requesterID = null; @@ -1011,10 +1007,6 @@ public class CMCRevReqServlet extends CMSServlet { * @return id string containing the signed audit log message RequesterID */ private String auditSerialNumber(String eeSerialNumber) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String serialNumber = null; @@ -1044,10 +1036,6 @@ public class CMCRevReqServlet extends CMSServlet { * @return string containing REVOKE or ON_HOLD */ private String auditRequestType(int reason) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String requestType = null; diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java b/base/server/cms/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java index a9a62389f..eab05edff 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java +++ b/base/server/cms/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java @@ -847,10 +847,6 @@ public class DoRevokeTPS extends CMSServlet { * @return id string containing the signed audit log message RequesterID */ private String auditRequesterID(HttpServletRequest req) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String requesterID = null; @@ -878,10 +874,6 @@ public class DoRevokeTPS extends CMSServlet { * @return id string containing the signed audit log message RequesterID */ private String auditSerialNumber(String eeSerialNumber) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String serialNumber = null; @@ -909,10 +901,6 @@ public class DoRevokeTPS extends CMSServlet { * @return string containing REVOKE or ON_HOLD */ private String auditRequestType(int reason) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String requestType = null; diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java b/base/server/cms/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java index 36a6802d6..6a83fcefe 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java +++ b/base/server/cms/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java @@ -557,10 +557,6 @@ public class DoUnrevokeTPS extends CMSServlet { * @return id string containing the signed audit log message RequesterID */ private String auditRequesterID(HttpServletRequest req) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String requesterID = null; @@ -588,10 +584,6 @@ public class DoUnrevokeTPS extends CMSServlet { * @return id string containing the signed audit log message RequesterID */ private String auditSerialNumber(String eeSerialNumber) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String serialNumber = null; diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java b/base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java index 150c36fb7..e31ed1b2e 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java +++ b/base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java @@ -87,6 +87,8 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.request.RequestStatus; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cms.servlet.profile.SSLClientCertProvider; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.scep.CRSPKIMessage; @@ -136,10 +138,11 @@ import netscape.security.x509.X509Key; * @version $Revision$, $Date$ */ public class CRSEnrollment extends HttpServlet { - /** - * - */ + + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + private static final long serialVersionUID = 8483002540957382369L; + protected IProfileSubsystem mProfileSubsystem = null; protected String mProfileId = null; protected ICertAuthority mAuthority; @@ -1502,12 +1505,7 @@ public class CRSEnrollment extends HttpServlet { req.getTransactionID(), "CRSEnrollment", ILogger.SIGNED_AUDIT_EMPTY_VALUE); - ILogger signedAuditLogger = CMS.getSignedAuditLogger(); - if (signedAuditLogger != null) { - signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, auditMessage); - } + signedAuditLogger.log(auditMessage); return null; } else { diff --git a/base/server/cms/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java b/base/server/cms/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java index 1e509d3b3..656d3d758 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java +++ b/base/server/cms/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java @@ -72,7 +72,6 @@ import org.mozilla.jss.pkix.primitive.Name; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.ISharedToken; import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.EPropertyNotFound; import com.netscape.certsrv.base.SessionContext; import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.dbs.certdb.ICertRecord; @@ -86,6 +85,8 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.request.RequestStatus; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cmsutil.crypto.CryptoUtil; import netscape.security.x509.CRLExtensions; @@ -104,7 +105,8 @@ import netscape.security.x509.X509Key; * @version $ $, $Date$ */ public class CMCOutputTemplate { - protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); + + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); public CMCOutputTemplate() { } @@ -1086,7 +1088,7 @@ public class CMCOutputTemplate { return bpid; } - String sharedSecret = + String sharedSecret = sharedSecret = tokenClass.getSharedToken(revokeSerial); if (sharedSecret == null) { @@ -1333,18 +1335,7 @@ public class CMCOutputTemplate { } protected void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } private RevocationReason toRevocationReason(ENUMERATED n) { diff --git a/base/server/cms/src/com/netscape/cms/servlet/connector/ConnectorServlet.java b/base/server/cms/src/com/netscape/cms/servlet/connector/ConnectorServlet.java index 82f3071cd..a547eec3f 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/connector/ConnectorServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/connector/ConnectorServlet.java @@ -59,6 +59,8 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.request.RequestStatus; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; @@ -83,9 +85,10 @@ import netscape.security.x509.X509CertInfo; * @version $Revision$, $Date$ */ public class ConnectorServlet extends CMSServlet { - /** - * - */ + + private static ILogger mLogger = CMS.getLogger(); + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + private static final long serialVersionUID = 1221916495803185863L; public static final String INFO = "Connector Servlet"; public final static String PROP_AUTHORITY = "authority"; @@ -93,9 +96,7 @@ public class ConnectorServlet extends CMSServlet { protected IAuthority mAuthority = null; protected IRequestEncoder mReqEncoder = null; protected IAuthSubsystem mAuthSubsystem = null; - protected ILogger mLogger = CMS.getLogger(); - protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static String SIGNED_AUDIT_PROTECTION_METHOD_SSL = "ssl"; public ConnectorServlet() { @@ -986,18 +987,7 @@ public class ConnectorServlet extends CMSServlet { * @param msg signed audit log message */ protected void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { @@ -1021,10 +1011,6 @@ public class ConnectorServlet extends CMSServlet { * @return id string containing the signed audit log message ProfileID */ protected String auditProfileID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String profileID = getId(); diff --git a/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java index bc5b9b5a1..79bd7c4c6 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java +++ b/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java @@ -68,6 +68,8 @@ import com.netscape.certsrv.usrgrp.ICertUserLocator; import com.netscape.certsrv.usrgrp.IGroup; import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.util.IStatsSubsystem; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cms.servlet.common.AuthCredentials; import com.netscape.cms.servlet.common.CMSGateway; import com.netscape.cms.servlet.common.ServletUtils; @@ -76,6 +78,8 @@ import netscape.security.x509.X509CertImpl; public class CAProcessor extends Processor { + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + public final static String ARG_REQUEST_OWNER = "requestOwner"; public final static String HDR_LANG = "accept-language"; public final static String ARG_PROFILE = "profile"; @@ -137,7 +141,6 @@ public class CAProcessor extends Processor { //logging and stats - protected ILogger signedAuditLogger = CMS.getSignedAuditLogger(); protected LinkedHashSet<String> statEvents = new LinkedHashSet<String>(); public CAProcessor(String id, Locale locale) throws EPropertyNotFound, EBaseException { @@ -885,18 +888,7 @@ public class CAProcessor extends Processor { * AUDIT FUNCTIONS (to be moved to Auditor?) ******************************************/ protected void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (signedAuditLogger == null) { - return; - } - - signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { @@ -920,10 +912,6 @@ public class CAProcessor extends Processor { * @return id string containing the signed audit log message RequesterID */ protected String auditRequesterID(IRequest request) { - // if no signed audit object exists, bail - if (signedAuditLogger == null) { - return null; - } String requesterID = ILogger.UNIDENTIFIED; @@ -940,10 +928,6 @@ public class CAProcessor extends Processor { } protected String auditSubjectID() { - // if no signed audit object exists, bail - if (signedAuditLogger == null) { - return null; - } CMS.debug("CMSServlet: in auditSubjectID"); String subjectID = null; @@ -970,10 +954,6 @@ public class CAProcessor extends Processor { } protected String auditGroupID() { - // if no signed audit object exists, bail - if (signedAuditLogger == null) { - return null; - } CMS.debug("CMSServlet: in auditGroupID"); String groupID = null; @@ -1011,10 +991,6 @@ public class CAProcessor extends Processor { * with the "auditSubjectID()" */ protected String auditGroups(String SubjectID) { - // if no signed audit object exists, bail - if (signedAuditLogger == null) { - return null; - } if ((SubjectID == null) || (SubjectID.equals(ILogger.UNIDENTIFIED))) { diff --git a/base/server/cms/src/com/netscape/cms/servlet/processors/PKIProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/processors/PKIProcessor.java index e60c30a27..fb4389528 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/processors/PKIProcessor.java +++ b/base/server/cms/src/com/netscape/cms/servlet/processors/PKIProcessor.java @@ -34,6 +34,8 @@ import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.logging.LogCategory; import com.netscape.certsrv.request.IRequest; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.ECMSGWException; @@ -50,6 +52,8 @@ import netscape.security.x509.X509CertInfo; */ public class PKIProcessor implements IPKIProcessor { + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + public final static String ADMIN_ENROLL_SERVLET_ID = "caadminEnroll"; public static final String SUBJECT_NAME = "subject"; public static final String OLD_CERT_TYPE = "csrCertType"; @@ -63,8 +67,6 @@ public class PKIProcessor implements IPKIProcessor { protected String mServletId = null; protected CMSServlet mServlet = null; - protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - public PKIProcessor() { } @@ -304,18 +306,7 @@ public class PKIProcessor implements IPKIProcessor { * @param msg signed audit log message */ protected void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { @@ -339,10 +330,6 @@ public class PKIProcessor implements IPKIProcessor { * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String subjectID = null; diff --git a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java index f56c37866..4af131450 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java @@ -472,10 +472,6 @@ public class ProfileApproveServlet extends ProfileServlet { * @return id string containing the signed audit log message ProfileID */ private String auditProfileID(HttpServletRequest req) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String profileID = null; @@ -503,10 +499,6 @@ public class ProfileApproveServlet extends ProfileServlet { * or SIGNED_AUDIT_EMPTY_VALUE */ private String auditProfileOp(HttpServletRequest req) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } if (mProfileSubId == null || mProfileSubId.equals("")) { diff --git a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileServlet.java b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileServlet.java index 233d9a710..50034834a 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileServlet.java @@ -160,8 +160,6 @@ public class ProfileServlet extends CMSServlet { protected LogSource mLogCategory = ILogger.S_OTHER; protected String mProfileSubId = null; - protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - // stats protected LinkedHashSet<String> statEvents = new LinkedHashSet<String>(); diff --git a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java index d0871628a..ded237b8d 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java @@ -41,8 +41,6 @@ import org.mozilla.jss.pkix.cmc.OtherInfo; import org.mozilla.jss.pkix.cmc.TaggedAttribute; import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.EInvalidCredentials; -import com.netscape.certsrv.authentication.EMissingCredential; import com.netscape.certsrv.authentication.IAuthManager; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.authorization.AuthzToken; @@ -1012,10 +1010,6 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { * @return id string containing the signed audit log message RequesterID */ private String auditRequesterID(IRequest request) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } String requesterID = ILogger.UNIDENTIFIED; diff --git a/base/server/cms/src/com/netscape/cms/servlet/request/ProcessCertReq.java b/base/server/cms/src/com/netscape/cms/servlet/request/ProcessCertReq.java index c229263dc..3fcf60ab1 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/request/ProcessCertReq.java +++ b/base/server/cms/src/com/netscape/cms/servlet/request/ProcessCertReq.java @@ -1733,15 +1733,9 @@ public class ProcessCertReq extends CMSServlet { * @return id string containing the signed audit log message InfoName */ private String auditInfoName(String type) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters (this is done below) String infoName = ILogger.UNIDENTIFIED; - if (mSignedAuditLogger == null) { - return infoName; - } - if (type != null) { type = type.trim(); diff --git a/base/server/cms/src/org/dogtagpki/server/rest/ACLInterceptor.java b/base/server/cms/src/org/dogtagpki/server/rest/ACLInterceptor.java index b4f75f1c8..3d2ee5e28 100644 --- a/base/server/cms/src/org/dogtagpki/server/rest/ACLInterceptor.java +++ b/base/server/cms/src/org/dogtagpki/server/rest/ACLInterceptor.java @@ -49,6 +49,8 @@ import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.logging.event.AuthzFailEvent; import com.netscape.certsrv.logging.event.AuthzSuccessEvent; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cms.realm.PKIPrincipal; /** @@ -56,7 +58,9 @@ import com.netscape.cms.realm.PKIPrincipal; */ @Provider public class ACLInterceptor implements ContainerRequestFilter { - protected ILogger signedAuditLogger = CMS.getSignedAuditLogger(); + + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + private final static String LOGGING_ACL_PARSING_ERROR = "internal error: ACL parsing error"; private final static String LOGGING_NO_ACL_ACCESS_ALLOWED = "no ACL configured; OK"; private final static String LOGGING_MISSING_AUTH_TOKEN = "auth token not found"; @@ -329,18 +333,7 @@ public class ACLInterceptor implements ContainerRequestFilter { * @param msg signed audit log message */ protected void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (signedAuditLogger == null) { - return; - } - - signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { diff --git a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java index 4d0384a2b..7650998f5 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java +++ b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java @@ -62,7 +62,6 @@ import org.mozilla.jss.util.PasswordCallback; import org.w3c.dom.Element; import org.w3c.dom.NodeList; -import com.netscape.certsrv.authentication.ISharedToken; import com.netscape.certsrv.acls.ACL; import com.netscape.certsrv.acls.ACLEntry; import com.netscape.certsrv.acls.EACLsException; @@ -70,6 +69,7 @@ import com.netscape.certsrv.acls.IACL; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.apps.ICMSEngine; import com.netscape.certsrv.apps.ICommandQueue; +import com.netscape.certsrv.authentication.ISharedToken; import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; @@ -118,7 +118,6 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.logging.Logger; -import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cmscore.authentication.AuthSubsystem; import com.netscape.cmscore.authentication.VerifiedCert; import com.netscape.cmscore.authentication.VerifiedCerts; @@ -1953,10 +1952,6 @@ public class CMSEngine implements ICMSEngine { return Auditor.getAuditor(); } - public ILogger getSignedAuditLogger() { - return SignedAuditLogger.getLogger(); - } - /** * starts up subsystems in a subsystem list.. */ diff --git a/base/server/cmscore/src/com/netscape/cmscore/cert/CertUtils.java b/base/server/cmscore/src/com/netscape/cmscore/cert/CertUtils.java index 6691f7ab5..7519d6274 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/cert/CertUtils.java +++ b/base/server/cmscore/src/com/netscape/cmscore/cert/CertUtils.java @@ -43,6 +43,8 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cmsutil.util.Utils; import netscape.security.extensions.NSCertTypeExtension; @@ -73,6 +75,9 @@ import netscape.security.x509.X509Key; * @version $Revision$, $Date$ */ public class CertUtils { + + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + public static final String CERT_NEW_REQUEST_HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----"; public static final String CERT_NEW_REQUEST_TRAILER = "-----END NEW CERTIFICATE REQUEST-----"; public static final String CERT_REQUEST_HEADER = "-----BEGIN CERTIFICATE REQUEST-----"; @@ -83,8 +88,6 @@ public class CertUtils { "-----BEGIN CERTIFICATE REVOCATION LIST-----"; public static final String END_CRL_HEADER = "-----END CERTIFICATE REVOCATION LIST-----"; - - protected static ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); /** * Remove the header and footer in the PKCS10 request. */ @@ -1089,17 +1092,7 @@ public class CertUtils { * @param msg signed audit log message */ private static void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { diff --git a/base/server/cmscore/src/com/netscape/cmscore/logging/Auditor.java b/base/server/cmscore/src/com/netscape/cmscore/logging/Auditor.java index 896256184..339f4dc63 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/logging/Auditor.java +++ b/base/server/cmscore/src/com/netscape/cmscore/logging/Auditor.java @@ -29,6 +29,8 @@ import com.netscape.certsrv.logging.IAuditor; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.usrgrp.IGroup; import com.netscape.certsrv.usrgrp.IUGSubsystem; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; /** * @author Endi S. Dewata @@ -37,7 +39,7 @@ public class Auditor implements IAuditor { public final static Auditor auditor = new Auditor(); - public ILogger signedAuditLogger = CMS.getSignedAuditLogger(); + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); public static IAuditor getAuditor() { return auditor; @@ -45,8 +47,6 @@ public class Auditor implements IAuditor { @Override public String getSubjectID() { - // if no signed audit object exists, bail - if (signedAuditLogger == null) return null; SessionContext context = SessionContext.getExistingContext(); if (context == null) return ILogger.UNIDENTIFIED; @@ -60,8 +60,6 @@ public class Auditor implements IAuditor { @Override public String getGroups(String subjectID) { - // if no signed audit object exists, bail - if (signedAuditLogger == null) return null; if (subjectID == null || subjectID.equals(ILogger.UNIDENTIFIED)) return ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -95,9 +93,6 @@ public class Auditor implements IAuditor { @Override public String getParamString(String scope, String type, String id, Map<String, String> params) { - // if no signed audit object exists, bail - if (signedAuditLogger == null) - return null; StringBuilder parameters = new StringBuilder(); // always identify the scope of the request @@ -209,15 +204,7 @@ public class Auditor implements IAuditor { @Override public void log(String message) { - - if (signedAuditLogger == null) return; - - signedAuditLogger.log( - ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - message); + signedAuditLogger.log(message); } @Override diff --git a/base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java index e1d6e1572..c95994c74 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java +++ b/base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java @@ -47,6 +47,8 @@ import com.netscape.certsrv.selftests.EMissingSelfTestException; import com.netscape.certsrv.selftests.ESelfTestException; import com.netscape.certsrv.selftests.ISelfTest; import com.netscape.certsrv.selftests.ISelfTestSubsystem; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; ////////////////////// // class definition // @@ -62,6 +64,11 @@ import com.netscape.certsrv.selftests.ISelfTestSubsystem; */ public class SelfTestSubsystem implements ISelfTestSubsystem { + + private static ILogEventListener mLogger; + private static ILogger mErrorLogger = CMS.getLogger(); + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + //////////////////////// // default parameters // //////////////////////// @@ -77,9 +84,7 @@ public class SelfTestSubsystem @SuppressWarnings("unused") private ISubsystem mOwner; private IConfigStore mConfig = null; - private ILogEventListener mLogger = null; - private ILogger mErrorLogger = CMS.getLogger(); - private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); + private String mRootPrefix = null; private String mPrefix = null; @@ -113,18 +118,7 @@ public class SelfTestSubsystem * @param msg signed audit log message */ private void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { @@ -953,8 +947,6 @@ public class SelfTestSubsystem * @param msg self test log message */ public void log(ILogEventListener logger, String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters if (logger != null) { // log the message to the "selftests.log" log diff --git a/base/server/cmscore/src/com/netscape/cmscore/session/SessionTimer.java b/base/server/cmscore/src/com/netscape/cmscore/session/SessionTimer.java index c6db13190..18e038a33 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/session/SessionTimer.java +++ b/base/server/cmscore/src/com/netscape/cmscore/session/SessionTimer.java @@ -25,10 +25,15 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.ISecurityDomainSessionTable; import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; public class SessionTimer extends TimerTask { + + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + private ISecurityDomainSessionTable m_sessiontable = null; - private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); + public SessionTimer(ISecurityDomainSessionTable table) { super(); m_sessiontable = table; @@ -64,11 +69,7 @@ public class SessionTimer extends TimerTask { ILogger.SUCCESS, auditParams); - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - auditMessage); + signedAuditLogger.log(auditMessage); } } diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java index e1a574878..1ef236117 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java @@ -33,8 +33,6 @@ import java.util.List; import java.util.Map; import java.util.Set; -import netscape.security.x509.RevocationReason; - import org.dogtagpki.server.tps.TPSSession; import org.dogtagpki.server.tps.TPSSubsystem; import org.dogtagpki.server.tps.authentication.AuthUIParameter; @@ -96,14 +94,19 @@ import com.netscape.certsrv.base.EPropertyNotFound; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.logging.AuditEvent; -import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.tps.token.TokenStatus; +import com.netscape.cms.logging.Logger; +import com.netscape.cms.logging.SignedAuditLogger; import com.netscape.cms.servlet.tks.SecureChannelProtocol; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.symkey.SessionKey; +import netscape.security.x509.RevocationReason; + public class TPSProcessor { + private static Logger signedAuditLogger = SignedAuditLogger.getLogger(); + public static final int RESULT_NO_ERROR = 0; public static final int RESULT_ERROR = -1; @@ -143,8 +146,6 @@ public class TPSProcessor { ProfileDatabase profileDatabase = new ProfileDatabase(); - protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - public TPSProcessor(TPSSession session) { setSession(session); } @@ -4273,18 +4274,7 @@ public class TPSProcessor { * @param msg signed audit log message */ protected void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + signedAuditLogger.log(msg); } protected void audit(AuditEvent event) { |