Bugzilla Bug 692990: Audit log messages needed to match CC doc: DRM Recovery audit log messages

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1943 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
author: vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2011-04-05 16:16:55 +0000
committer: vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2011-04-05 16:16:55 +0000
commit: 0fe646e7211a2707836afe8cd0dd3ce0132fd872 (patch)
tree: 808fe8280148be7ed1c0ea94339ec3dc31d14bbb /pki/base/common/src/com/netscape/cms/servlet/key
parent: 22c9a1a31a9a5cf4a1234c373c98d3388210f62c (diff)
download: pki-0fe646e7211a2707836afe8cd0dd3ce0132fd872.tar.gz
pki-0fe646e7211a2707836afe8cd0dd3ce0132fd872.tar.xz
pki-0fe646e7211a2707836afe8cd0dd3ce0132fd872.zip
2 files changed, 67 insertions, 6 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java
index eb510bf59..47ed5d0e9 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java
@@ -68,6 +68,14 @@ public class GetAsyncPk12 extends CMSServlet {
     private com.netscape.certsrv.kra.IKeyService mService = null;
     private final static String OUT_STATUS = "status";
 
+    private final static String
+        LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS =
+        "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4";
+
+    private final static String
+        LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE =
+        "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4";
+
     private String mFormPath = null;
 
     /**
@@ -112,6 +120,9 @@ public class GetAsyncPk12 extends CMSServlet {
 
         HttpServletRequest req = cmsReq.getHttpReq();
         HttpServletResponse resp = cmsReq.getHttpResp();
+        String auditMessage = null;
+        String agent = null;
+        String reqID = null;
 
         IAuthToken authToken = authenticate(cmsReq);
 
@@ -153,12 +164,11 @@ public class GetAsyncPk12 extends CMSServlet {
 
         // get status and populate argSet
         try {
-            String reqID = req.getParameter("reqID");
+            reqID = req.getParameter("reqID");
             header.addStringValue("reqID", reqID);
 
             // only the init DRM agent can get the pkcs12
             SessionContext sContext = SessionContext.getContext();
-            String agent = null;
 
             if (sContext != null) {
                 agent = (String) sContext.get(SessionContext.USER_ID);
@@ -208,6 +218,16 @@ public class GetAsyncPk12 extends CMSServlet {
                     resp.setContentType("application/x-pkcs12");
                     resp.getOutputStream().write(pkcs12);
                     mRenderResult = false;
+
+                    auditMessage = CMS.getLogMessage(
+                        LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,
+                        agent,
+                        ILogger.SUCCESS,
+                        reqID,
+                        "");
+
+                     audit(auditMessage);
+
                     return;
                 } catch (IOException e) {
                     header.addStringValue(OUT_ERROR,
@@ -224,6 +244,17 @@ public class GetAsyncPk12 extends CMSServlet {
             header.addStringValue(OUT_ERROR, e.toString(locale[0]));
         }
 
+        if ((agent != null) && (reqID != null)) {
+            auditMessage = CMS.getLogMessage(
+                LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,
+                agent,
+                ILogger.FAILURE,
+                reqID,
+                "");
+
+            audit(auditMessage);
+        }
+
         try {
             ServletOutputStream out = resp.getOutputStream();
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java
index cd43cc8eb..4c5f86c3e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java
@@ -66,6 +66,14 @@ public class GetPk12 extends CMSServlet {
     private com.netscape.certsrv.kra.IKeyService mService = null;
     private final static String OUT_STATUS = "status";
 
+    private final static String
+        LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS =
+        "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4";
+
+    private final static String
+        LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE =
+        "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4";
+
     private String mFormPath = null;
 
     /**
@@ -110,6 +118,9 @@ public class GetPk12 extends CMSServlet {
 
         HttpServletRequest req = cmsReq.getHttpReq();
         HttpServletResponse resp = cmsReq.getHttpResp();
+        String auditMessage = null;
+        String recoveryID = null;
+        String agent = null;
 
         IAuthToken authToken = authenticate(cmsReq);
 
@@ -151,7 +162,7 @@ public class GetPk12 extends CMSServlet {
 
         // get status and populate argSet
         try {
-            String recoveryID = req.getParameter("recoveryID");
+            recoveryID = req.getParameter("recoveryID");
 
             header.addStringValue("recoveryID", recoveryID);
 
@@ -166,8 +177,6 @@ public class GetPk12 extends CMSServlet {
 
             // only the init DRM agent can get the pkcs12
             SessionContext sContext = SessionContext.getContext();
-            String agent = null;
-
             if (sContext != null) {
                 agent = (String) sContext.get(SessionContext.USER_ID);
             }
@@ -202,13 +211,23 @@ public class GetPk12 extends CMSServlet {
                     resp.setContentType("application/x-pkcs12");
                     resp.getOutputStream().write(pkcs12);
                     mRenderResult = false;
+
+                    auditMessage = CMS.getLogMessage(
+                        LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,
+                        agent,
+                        ILogger.SUCCESS,
+                        recoveryID,
+                        "");
+
+                    audit(auditMessage);
+
                     return;
                 } catch (IOException e) {
                     header.addStringValue(OUT_ERROR,
                         CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
                 }
             } else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) {
-                // error in recovery process 
+                // error in recovery process
                 header.addStringValue(OUT_ERROR, 
                     ((IKeyRecoveryAuthority) mService).getError(recoveryID));
             } else {
@@ -218,6 +237,17 @@ public class GetPk12 extends CMSServlet {
             header.addStringValue(OUT_ERROR, e.toString(locale[0]));
         }
 
+        if ((agent != null) && (recoveryID != null)) {
+            auditMessage = CMS.getLogMessage(
+                LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,
+                agent,
+                ILogger.FAILURE,
+                recoveryID,
+                "");
+
+            audit(auditMessage);
+        }
+
         try {
             ServletOutputStream out = resp.getOutputStream();
author	vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2011-04-05 16:16:55 +0000
committer	vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2011-04-05 16:16:55 +0000
commit	0fe646e7211a2707836afe8cd0dd3ce0132fd872 (patch)
tree	808fe8280148be7ed1c0ea94339ec3dc31d14bbb /pki/base/common/src/com/netscape/cms/servlet/key
parent	22c9a1a31a9a5cf4a1234c373c98d3388210f62c (diff)
download	pki-0fe646e7211a2707836afe8cd0dd3ce0132fd872.tar.gz pki-0fe646e7211a2707836afe8cd0dd3ce0132fd872.tar.xz pki-0fe646e7211a2707836afe8cd0dd3ce0132fd872.zip