summaryrefslogtreecommitdiffstats
path: root/pki/base
diff options
context:
space:
mode:
authorvakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2011-06-07 04:38:49 +0000
committervakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2011-06-07 04:38:49 +0000
commit4a7cd900f0f7cda8a44d11baf88fe15075e1d941 (patch)
tree582c72cc78e7a48f6ecc65b8102d0c7623edb8e6 /pki/base
parent4aa0cc3ed8294117293c59d1dce48304c8033f7c (diff)
downloadpki-4a7cd900f0f7cda8a44d11baf88fe15075e1d941.tar.gz
pki-4a7cd900f0f7cda8a44d11baf88fe15075e1d941.tar.xz
pki-4a7cd900f0f7cda8a44d11baf88fe15075e1d941.zip
Bugzilla BZ 707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2017 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base')
-rw-r--r--pki/base/ca/shared/conf/CS.cfg.in4
-rw-r--r--pki/base/common/src/LogMessages.properties19
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java142
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java89
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java89
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java45
-rw-r--r--pki/base/kra/shared/conf/CS.cfg.in4
7 files changed, 368 insertions, 24 deletions
diff --git a/pki/base/ca/shared/conf/CS.cfg.in b/pki/base/ca/shared/conf/CS.cfg.in
index 8a0802161..289f65147 100644
--- a/pki/base/ca/shared/conf/CS.cfg.in
+++ b/pki/base/ca/shared/conf/CS.cfg.in
@@ -885,11 +885,11 @@ log.instance.SignedAudit._001=## Signed Audit Logging
log.instance.SignedAudit._002=##
log.instance.SignedAudit._003=##
log.instance.SignedAudit._004=## Available Audit events:
-log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION
+log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,SECURITY_DOMAIN_UPDATE,CONFIG_SERIAL_NUMBER
log.instance.SignedAudit._006=##
log.instance.SignedAudit.bufferSize=512
log.instance.SignedAudit.enable=true
-log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION
+log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,SECURITY_DOMAIN_UPDATE,CONFIG_SERIAL_NUMBER
log.instance.SignedAudit.expirationTime=0
log.instance.SignedAudit.fileName=[PKI_INSTANCE_PATH]/logs/signedAudit/ca_audit
log.instance.SignedAudit.flushInterval=5
diff --git a/pki/base/common/src/LogMessages.properties b/pki/base/common/src/LogMessages.properties
index 7a31e66d8..fada5eb88 100644
--- a/pki/base/common/src/LogMessages.properties
+++ b/pki/base/common/src/LogMessages.properties
@@ -2363,6 +2363,25 @@ LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE_8=<type=ENCRYPT_DATA
#
#
#
+# LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE
+# - used when updating contents of security domain
+# (add/remove a subsystem)
+# ParamNameValPairs must be a name;;value pair
+# (where name and value are separated by the delimiter ;;)
+# separated by + (if more than one name;;value pair) of config params changed
+#
+LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1=<type=SECURITY_DOMAIN_UPDATE>:[AuditEvent=SECURITY_DOMAIN_UPDATE][SubjectID={0}][Outcome={1}][ParamNameValPairs={2}] security domain update
+#
+#
+#
+# LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER
+# - used when configuring serial number ranges
+# (when requesting a serial number range when cloning, for example)
+# ParamNameValPairs must be a name;;value pair
+# (where name and value are separated by the delimiter ;;)
+# separated by + (if more than one name;;value pair) of config params changed
+#
+LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1=<type=CONFIG_SERIAL_NUMBER>:[AuditEvent=CONFIG_SERIAL_NUMBER][SubjectID={0}][Outcome={1}][ParamNameValPairs={2}] serial number range update
###########################
diff --git a/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java b/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java
index 1445d285c..7898ce2c1 100644
--- a/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java
+++ b/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java
@@ -37,12 +37,19 @@ import java.util.*;
*/
public class SubsystemGroupUpdater implements IProfileUpdater {
- public IProfile mProfile = null;
- public EnrollProfile mEnrollProfile = null;
- public IConfigStore mConfig = null;
- public ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
- public Vector mConfigNames = new Vector();
- public Vector mValueNames = new Vector();
+ private IProfile mProfile = null;
+ private EnrollProfile mEnrollProfile = null;
+ private IConfigStore mConfig = null;
+ private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
+ private Vector mConfigNames = new Vector();
+ private Vector mValueNames = new Vector();
+
+ private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE =
+ "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
+ private final static String SIGNED_AUDIT_PASSWORD_VALUE = "********";
+ private final static String SIGNED_AUDIT_EMPTY_NAME_VALUE_PAIR = "Unknown";
+ private final static String SIGNED_AUDIT_NAME_VALUE_DELIMITER = ";;";
+ private final static String SIGNED_AUDIT_NAME_VALUE_PAIRS_DELIMITER = "+";
public SubsystemGroupUpdater() {
}
@@ -90,7 +97,10 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
public void update(IRequest req, RequestStatus status)
throws EProfileException {
-
+
+ String auditMessage = null;
+ String auditSubjectID = auditSubjectID();
+
CMS.debug("SubsystemGroupUpdater update starts");
if (status != req.getRequestStatus()) {
return;
@@ -126,6 +136,11 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
mainConfig.commit(false);
} catch (Exception e) {
}
+ String auditParams = "Scope;;users+Operation;;OP_ADD+source;;SubsystemGroupUpdater" +
+ "+Resource;;"+ id +
+ "+fullname;;" + id +
+ "+state;;1" +
+ "+userType;;agentType+email;;<null>+password;;<null>+phone;;<null>";
IUser user = null;
CMS.debug("SubsystemGroupUpdater adduser");
@@ -140,32 +155,108 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
X509CertImpl[] certs = new X509CertImpl[1];
certs[0] = cert;
user.setX509Certificates(certs);
+
system.addUser(user);
CMS.debug("SubsystemGroupUpdater update: successfully add the user");
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams);
+ audit(auditMessage);
+
+ String b64 = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
+ try {
+ byte[] certEncoded = cert.getEncoded();
+ b64 = CMS.BtoA(certEncoded).trim();
+
+ // extract all line separators
+ StringBuffer sb = new StringBuffer();
+ for (int i = 0; i < b64.length(); i++) {
+ if (!Character.isWhitespace(b64.charAt(i))) {
+ sb.append(b64.charAt(i));
+ }
+ }
+ b64 = sb.toString();
+ } catch (Exception ence) {
+ CMS.debug("SubsystemGroupUpdater update: user cert encoding failed: " + ence);
+ }
+
+ auditParams = "Scope;;certs+Operation;;OP_ADD+source;;SubsystemGroupUpdater" +
+ "+Resource;;"+ id +
+ "+cert;;"+ b64;
+
system.addUserCert(user);
CMS.debug("SubsystemGroupUpdater update: successfully add the user certificate");
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams);
+ audit(auditMessage);
} catch (LDAPException e) {
CMS.debug("UpdateSubsystemGroup: update " + e.toString());
if (e.getLDAPResultCode() != LDAPException.ENTRY_ALREADY_EXISTS) {
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams);
+ audit(auditMessage);
throw new EProfileException(e.toString());
}
} catch (Exception e) {
CMS.debug("UpdateSubsystemGroup: update addUser " + e.toString());
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams);
+ audit(auditMessage);
throw new EProfileException(e.toString());
}
IGroup group = null;
String groupName = "Subsystem Group";
+ auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;SubsystemGroupUpdater" +
+ "+Resource;;"+ groupName;
try {
group = system.getGroupFromName(groupName);
+
+ auditParams += "+user;;";
+ Enumeration members = group.getMemberNames();
+ while (members.hasMoreElements()) {
+ auditParams += (String) members.nextElement();
+ if (members.hasMoreElements()) {
+ auditParams +=",";
+ }
+ }
+
if (!group.isMember(id)) {
+ auditParams += "," + id;
group.addMemberName(id);
system.modifyGroup(group);
+
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams);
+ audit(auditMessage);
+
CMS.debug("UpdateSubsystemGroup: update: successfully added the user to the group.");
+ } else {
+ CMS.debug("UpdateSubsystemGroup: update: user already a member of the group");
}
} catch (Exception e) {
CMS.debug("UpdateSubsystemGroup update: modifyGroup " + e.toString());
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams);
+ audit(auditMessage);
}
}
@@ -176,4 +267,41 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
public String getText(Locale locale) {
return CMS.getUserMessage(locale, "CMS_PROFILE_UPDATER_SUBSYSTEM_TEXT");
}
+
+ private void audit(String msg) {
+ if (mSignedAuditLogger == null) {
+ return;
+ }
+
+ mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
+ null,
+ ILogger.S_SIGNED_AUDIT,
+ ILogger.LL_SECURITY,
+ msg);
+ }
+
+ private String auditSubjectID() {
+ if (mSignedAuditLogger == null) {
+ return null;
+ }
+
+ String subjectID = null;
+
+ // Initialize subjectID
+ SessionContext auditContext = SessionContext.getExistingContext();
+
+ if (auditContext != null) {
+ subjectID = (String)
+ auditContext.get(SessionContext.USER_ID);
+
+ if (subjectID != null) {
+ subjectID = subjectID.trim();
+ } else {
+ subjectID = ILogger.NONROLEUSER;
+ }
+ } else {
+ subjectID = ILogger.UNIDENTIFIED;
+ }
+ return subjectID;
+ }
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java
index 2bc5f94fc..e7a1286c0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java
@@ -65,6 +65,9 @@ public class RegisterUser extends CMSServlet {
private final static String FAILED = "1";
private final static String AUTH_FAILURE = "2";
private String mGroupName = null;
+ private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE =
+ "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
+
public RegisterUser() {
super();
@@ -143,6 +146,14 @@ public class RegisterUser extends CMSServlet {
CMS.debug("RegisterUser got name=" + name);
CMS.debug("RegisterUser got certsString=" + certsString);
+ String auditMessage = null;
+ String auditSubjectID = auditSubjectID();
+ String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" +
+ "+Resource;;"+ uid +
+ "+fullname;;"+ name +
+ "+state;;1" +
+ "+userType;;<null>+email;;<null>+password;;<null>+phone;;<null>";
+
IUGSubsystem ugsys = (IUGSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_UG);
IUser user = null;
@@ -187,29 +198,95 @@ public class RegisterUser extends CMSServlet {
user.setEmail("");
user.setPhone("");
user.setPassword("");
+
ugsys.addUser(user);
CMS.debug("RegisterUser created user " + uid);
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams);
+ audit(auditMessage);
}
+ // extract all line separators
+ StringBuffer sb = new StringBuffer();
+ for (int i = 0; i < certsString.length(); i++) {
+ if (!Character.isWhitespace(certsString.charAt(i))) {
+ sb.append(certsString.charAt(i));
+ }
+ }
+ certsString = sb.toString();
+
+ auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" +
+ "+Resource;;"+ uid +
+ "+cert;;"+certsString;
+
user.setX509Certificates(certs);
if (!foundByCert) {
ugsys.addUserCert(user);
CMS.debug("RegisterUser added user certificate");
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams);
+ audit(auditMessage);
} else
CMS.debug("RegisterUser no need to add user certificate");
- } catch (Exception eee) {
+ } catch (Exception eee) {
CMS.debug("RegisterUser error " + eee.toString());
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams);
+
+ audit(auditMessage);
outputError(httpResp, "Error: Certificate malformed");
return;
}
// add user to the group
- Enumeration groups = ugsys.findGroups(mGroupName);
- IGroup group = (IGroup)groups.nextElement();
- group.addMemberName(user.getUserID());
- ugsys.modifyGroup(group);
- CMS.debug("RegisterUser modified group");
+ auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;RegisterUser" +
+ "+Resource;;"+ mGroupName;
+ try {
+ Enumeration groups = ugsys.findGroups(mGroupName);
+ IGroup group = (IGroup)groups.nextElement();
+
+ auditParams += "+user;;";
+ Enumeration members = group.getMemberNames();
+ while (members.hasMoreElements()) {
+ auditParams += (String) members.nextElement();
+ if (members.hasMoreElements()) {
+ auditParams +=",";
+ }
+ }
+
+ if (!group.isMember(user.getUserID())) {
+ auditParams += "," + user.getUserID();
+ group.addMemberName(user.getUserID());
+ ugsys.modifyGroup(group);
+ CMS.debug("RegisterUser modified group");
+
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams);
+
+ audit(auditMessage);
+ }
+ } catch (Exception e) {
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams);
+
+ audit(auditMessage);
+ }
// send success status back to the requestor
try {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java
index 6de314284..78763dfb2 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java
@@ -54,6 +54,10 @@ public class UpdateDomainXML extends CMSServlet {
private final static String SUCCESS = "0";
private final static String FAILED = "1";
+ private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE =
+ "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
+ private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE =
+ "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
public UpdateDomainXML() {
super();
@@ -194,6 +198,7 @@ public class UpdateDomainXML extends CMSServlet {
protected void process(CMSRequest cmsReq) throws EBaseException {
CMS.debug("UpdateDomainXML: processing...");
String status = SUCCESS;
+ String status2 = SUCCESS;
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -264,16 +269,31 @@ public class UpdateDomainXML extends CMSServlet {
if ((sport == null) || sport.equals("")) {
missing += " sport ";
}
+ if ((type == null) || type.equals("")) {
+ missing += " type ";
+ }
if ((clone == null) || clone.equals("")) {
clone = "false";
}
if (! missing.equals("")) {
- CMS.debug("UpdateDomainXML process: required parameters:" + missing + "not provided in request");
- outputError(httpResp, "Error: required parameters: " + missing + "not provided in request");
+ CMS.debug("UpdateDomainXML process: required parameters:" + missing +
+ "not provided in request");
+ outputError(httpResp, "Error: required parameters: " + missing +
+ "not provided in request");
return;
}
+ String auditMessage = null;
+ String auditSubjectID = auditSubjectID();
+ String auditParams = "host;;"+host+"+name;;"+name+"+sport;;"+sport+
+ "+clone;;"+clone+"+type;;"+type;
+ if (operation != null) {
+ auditParams += "+operation;;"+operation;
+ } else {
+ auditParams += "+operation;;add";
+ }
+
String basedn = null;
String secstore = null;
@@ -340,21 +360,53 @@ public class UpdateDomainXML extends CMSServlet {
} else {
adminUserDN = "uid=" + type + "-" + host + "-" + sport + ",ou=People," + basedn;
}
+ String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML" +
+ "+resource;;"+adminUserDN;
if (status.equals(SUCCESS)) {
- // remove the client cert for this subsystem's admin
- status = remove_from_ldap(adminUserDN);
- if (status.equals(SUCCESS)) {
+ // remove the user for this subsystem's admin
+ status2 = remove_from_ldap(adminUserDN);
+ if (status2.equals(SUCCESS)) {
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ userAuditParams);
+ audit(auditMessage);
+
// remove this user from the subsystem group
+ userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER" +
+ "+source;;UpdateDomainXML" +
+ "+resource;;Subsystem Group+user;;"+adminUserDN;
dn = "cn=Subsystem Group, ou=groups," + basedn;
LDAPModification mod = new LDAPModification(LDAPModification.DELETE,
new LDAPAttribute("uniqueMember", adminUserDN));
- status = modify_ldap(dn, mod);
+ status2 = modify_ldap(dn, mod);
+ if (status2.equals(SUCCESS)) {
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ userAuditParams);
+ } else {
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ userAuditParams);
+ }
+ audit(auditMessage);
+ } else { // error deleting user
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ userAuditParams);
+ audit(auditMessage);
}
}
} else {
status = add_to_ldap(entry, dn);
}
-
}
else {
// update the domain.xml file
@@ -439,8 +491,31 @@ public class UpdateDomainXML extends CMSServlet {
CMS.debug("Failed to update domain.xml file" + e.toString());
status = FAILED;
}
+
}
+ if (status.equals(SUCCESS)) {
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams);
+ } else {
+ // what if already exists or already deleted
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams);
+ }
+ audit(auditMessage);
+
+ if (status.equals(SUCCESS) && status2.equals(SUCCESS)) {
+ status = SUCCESS;
+ } else {
+ status = FAILED;
+ }
+
try {
// send success status back to the requestor
CMS.debug("UpdateDomainXML: Sending response");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
index 890d6dfb1..77650dbfd 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
@@ -58,6 +58,8 @@ public class UpdateNumberRange extends CMSServlet {
private final static String SUCCESS = "0";
private final static String FAILED = "1";
private final static String AUTH_FAILURE = "2";
+ private final static String LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER =
+ "LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1";
public UpdateNumberRange() {
super();
@@ -116,11 +118,17 @@ public class UpdateNumberRange extends CMSServlet {
return;
}
+ String auditMessage = null;
+ String auditSubjectID = auditSubjectID();
+ String auditParams = "source;;updateNumberRange";
+
try {
String type = httpReq.getParameter("type");
IConfigStore cs = CMS.getConfigStore();
String cstype = cs.getString("cs.type", "");
+ auditParams += "+type;;" + type;
+
BigInteger beginNum = null;
BigInteger endNum = null;
BigInteger oneNum = new BigInteger("1");
@@ -201,6 +209,12 @@ public class UpdateNumberRange extends CMSServlet {
if (endNum2 == null) {
CMS.debug("UpdateNumberRange::process() - " +
"Unused requests less than cloneTransferNumber!" );
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams);
+ audit(auditMessage);
return;
} else {
CMS.debug("Transferring from the end of on-deck range");
@@ -221,12 +235,24 @@ public class UpdateNumberRange extends CMSServlet {
if( beginNum == null ) {
CMS.debug( "UpdateNumberRange::process() - " +
"beginNum is null!" );
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams);
+ audit(auditMessage);
return;
}
if( endNum == null ) {
CMS.debug( "UpdateNumberRange::process() - " +
"endNum is null!" );
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams);
+ audit(auditMessage);
return;
}
@@ -249,8 +275,27 @@ public class UpdateNumberRange extends CMSServlet {
outputResult(httpResp, "application/xml", cb);
cs.commit(false);
+
+ auditParams += "+beginNumber;;" + beginNum.toString(radix) +
+ "+endNumber;;" + endNum.toString(radix);
+
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams);
+ audit(auditMessage);
+
} catch (Exception e) {
CMS.debug("UpdateNumberRange: Failed to update number range. Exception: "+e.toString());
+
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams);
+ audit(auditMessage);
+
outputError(httpResp, "Error: Failed to update number range.");
}
}
diff --git a/pki/base/kra/shared/conf/CS.cfg.in b/pki/base/kra/shared/conf/CS.cfg.in
index 0fc2b1e58..9332d119e 100644
--- a/pki/base/kra/shared/conf/CS.cfg.in
+++ b/pki/base/kra/shared/conf/CS.cfg.in
@@ -265,11 +265,11 @@ log.instance.SignedAudit._001=## Signed Audit Logging
log.instance.SignedAudit._002=##
log.instance.SignedAudit._003=##
log.instance.SignedAudit._004=## Available Audit events:
-log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION
+log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,CONFIG_SERIAL_NUMBER
log.instance.SignedAudit._006=##
log.instance.SignedAudit.bufferSize=512
log.instance.SignedAudit.enable=true
-log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION
+log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,CONFIG_SERIAL_NUMBER
log.instance.SignedAudit.expirationTime=0
log.instance.SignedAudit.fileName=[PKI_INSTANCE_PATH]/logs/signedAudit/kra_cert-kra_audit
log.instance.SignedAudit.flushInterval=5
generated by cgit (git 2.34.1) at 2024-11-10 06:32:53 +0000