Fixed audit log signature problem due to rotation.

The LogFile has been modified to set up log signing during its initialization to ensure the signing works properly during log rotation. https://pagure.io/dogtagpki/issue/2561 Change-Id: I69d54a359ebe74557ca9b12ea7582f712fb31949
author: Endi S. Dewata <edewata@redhat.com> 2017-06-12 17:06:07 +0200
committer: Endi S. Dewata <edewata@redhat.com> 2017-06-15 00:34:04 +0200
commit: fac7ebb8fd21f60a06241d6e132c8a4f5972a773 (patch)
tree: 08ce3b447318d594b00e152aabc4f24678925754 /base
parent: ab2e24b3087368a2aadfcda77323a7d0aa70db80 (diff)
download: pki-fac7ebb8fd21f60a06241d6e132c8a4f5972a773.tar.gz
pki-fac7ebb8fd21f60a06241d6e132c8a4f5972a773.tar.xz
pki-fac7ebb8fd21f60a06241d6e132c8a4f5972a773.zip
1 files changed, 24 insertions, 19 deletions
diff --git a/base/server/cms/src/com/netscape/cms/logging/LogFile.java b/base/server/cms/src/com/netscape/cms/logging/LogFile.java
index 772607edd..ba5a026ff 100644
--- a/base/server/cms/src/com/netscape/cms/logging/LogFile.java
+++ b/base/server/cms/src/com/netscape/cms/logging/LogFile.java
@@ -302,6 +302,30 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
         } catch (IOException e) {
             throw new ELogException(CMS.getUserMessage("CMS_LOG_UNEXPECTED_EXCEPTION", e.toString()));
         }
+
+        // set up signing here to ensure audit logs generated during
+        // subsequent component initialization are signed properly
+        if (mOn && mLogSigning) {
+
+            try {
+                CMS.debug("LogFile: setting up log signing");
+                setupSigning();
+
+                audit(CMS.getLogMessage(
+                        AuditEvent.AUDIT_LOG_STARTUP,
+                        ILogger.SYSTEM_UID,
+                        ILogger.SUCCESS));
+
+            } catch (EBaseException e) {
+
+                audit(CMS.getLogMessage(
+                        AuditEvent.AUDIT_LOG_STARTUP,
+                        ILogger.SYSTEM_UID,
+                        ILogger.FAILURE));
+
+                throw e;
+            }
+        }
     }
 
     /**
@@ -636,25 +660,6 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
      * @exception EBaseException if an internal error occurred
      */
     public void startup() throws EBaseException {
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        CMS.debug("LogFile: entering LogFile.startup()");
-        if (mOn && mLogSigning) {
-            try {
-                setupSigning();
-                audit(CMS.getLogMessage(
-                        AuditEvent.AUDIT_LOG_STARTUP,
-                        ILogger.SYSTEM_UID,
-                        ILogger.SUCCESS));
-            } catch (EBaseException e) {
-                audit(CMS.getLogMessage(
-                        AuditEvent.AUDIT_LOG_STARTUP,
-                        ILogger.SYSTEM_UID,
-                        ILogger.FAILURE));
-                throw e;
-            }
-        }
-
     }
 
     /**
author	Endi S. Dewata <edewata@redhat.com>	2017-06-12 17:06:07 +0200
committer	Endi S. Dewata <edewata@redhat.com>	2017-06-15 00:34:04 +0200
commit	fac7ebb8fd21f60a06241d6e132c8a4f5972a773 (patch)
tree	08ce3b447318d594b00e152aabc4f24678925754 /base
parent	ab2e24b3087368a2aadfcda77323a7d0aa70db80 (diff)
download	pki-fac7ebb8fd21f60a06241d6e132c8a4f5972a773.tar.gz pki-fac7ebb8fd21f60a06241d6e132c8a4f5972a773.tar.xz pki-fac7ebb8fd21f60a06241d6e132c8a4f5972a773.zip