Fix Bugzilla Bug#718607 CC_LAB_EVAL: No AUTH message is generated in CA's signedaudit log when a directory based user enrollment is performed

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2048 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
author: jmagne <jmagne@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2011-07-07 00:51:16 +0000
committer: jmagne <jmagne@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2011-07-07 00:51:16 +0000
commit: 3ffa3490b4c1879b8539597c15c193628cbbe123 (patch)
tree: 3d993a66467aa503945e242811a203f263b9d323 /pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
parent: f1421d0aa5ae6fda6823df3ec64a88748542a3aa (diff)
download: pki-3ffa3490b4c1879b8539597c15c193628cbbe123.tar.gz
pki-3ffa3490b4c1879b8539597c15c193628cbbe123.tar.xz
pki-3ffa3490b4c1879b8539597c15c193628cbbe123.zip
1 files changed, 66 insertions, 9 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
index 389267678..1026eef30 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
@@ -75,6 +75,13 @@ public class ProfileSubmitServlet extends ProfileServlet {
     private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
         "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
 
+
+     private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL =
+        "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
+     private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS =
+        "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
+
+
     public ProfileSubmitServlet() {
     }
 
@@ -423,16 +430,10 @@ public class ProfileSubmitServlet extends ProfileServlet {
         HttpServletResponse response = cmsReq.getHttpResp();
         boolean xmlOutput = false;
 
-        String v = request.getParameter("xml");
-        if ((v != null) && (v.equalsIgnoreCase("true"))) {
-            xmlOutput = true;
-        }
-        v = request.getParameter("xmlOutput");
+        String v = request.getParameter("xmlOutput");
         if ((v != null) && (v.equalsIgnoreCase("true"))) {
-            xmlOutput = true;
-        }
-        if (xmlOutput) {
             CMS.debug("xmlOutput true");
+            xmlOutput = true;
         } else {
             CMS.debug("xmlOutput false");
         }
@@ -925,7 +926,30 @@ public class ProfileSubmitServlet extends ProfileServlet {
         if (statsSub != null) {
           statsSub.startTiming("profile_authentication");
         }
-        if (authenticator != null) { 
+
+        if (authenticator != null) {
+
+            CMS.debug("ProfileSubmitServlet: authentication required.");
+            String uid_cred = "Unidentified";
+            String uid_attempted_cred = "Unidentified";
+            Enumeration authIds = authenticator.getValueNames();
+            //Attempt to possibly fetch attemped uid, may not always be available.
+            if (authIds != null) {
+                while (authIds.hasMoreElements()) {
+                    String authName = (String) authIds.nextElement();
+                    String value = request.getParameter(authName); 
+                    if (value != null) {
+                          if (authName.equals("uid")) {
+                              uid_attempted_cred = value;
+                          }
+                    }
+                }
+            }
+
+            String authSubjectID =  auditSubjectID();
+
+            String authMgrID = authenticator.getName(); 
+            String auditMessage = null; 
             try {
                 if (isRenewal) {
                     CMS.debug("ProfileSubmitServlet: renewal authenticate begins");
@@ -952,8 +976,41 @@ public class ProfileSubmitServlet extends ProfileServlet {
                 if (statsSub != null) {
                   statsSub.endTiming("enrollment");
                 }
+
+                //audit log our authentication failure
+
+                authSubjectID += " : " + uid_cred;
+                auditMessage = CMS.getLogMessage(
+                        LOGGING_SIGNED_AUDIT_AUTH_FAIL,
+                        authSubjectID,
+                        ILogger.FAILURE,
+                        authMgrID,
+                        uid_attempted_cred);
+                audit(auditMessage);
+
                 return;
             }
+
+            //Log successful authentication
+
+            //Attempt to get uid from authToken, most tokens respond to the "uid" cred.
+            uid_cred = authToken.getInString("uid");
+
+            if (uid_cred == null || uid_cred.length() == 0) {
+                uid_cred = "Unidentified";
+            }
+
+            authSubjectID = authSubjectID + " : " + uid_cred;
+             
+            // store a message in the signed audit log file
+            auditMessage = CMS.getLogMessage(
+                        LOGGING_SIGNED_AUDIT_AUTH_SUCCESS,
+                        authSubjectID,
+                        ILogger.SUCCESS,
+                        authMgrID);
+
+            audit(auditMessage);
+
         }
         if (statsSub != null) {
           statsSub.endTiming("profile_authentication");
author	jmagne <jmagne@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2011-07-07 00:51:16 +0000
committer	jmagne <jmagne@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2011-07-07 00:51:16 +0000
commit	3ffa3490b4c1879b8539597c15c193628cbbe123 (patch)
tree	3d993a66467aa503945e242811a203f263b9d323 /pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
parent	f1421d0aa5ae6fda6823df3ec64a88748542a3aa (diff)
download	pki-3ffa3490b4c1879b8539597c15c193628cbbe123.tar.gz pki-3ffa3490b4c1879b8539597c15c193628cbbe123.tar.xz pki-3ffa3490b4c1879b8539597c15c193628cbbe123.zip