summaryrefslogtreecommitdiffstats
path: root/pki
diff options
context:
space:
mode:
authorjmagne <jmagne@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2011-07-07 00:51:16 +0000
committerjmagne <jmagne@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2011-07-07 00:51:16 +0000
commit3ffa3490b4c1879b8539597c15c193628cbbe123 (patch)
tree3d993a66467aa503945e242811a203f263b9d323 /pki
parentf1421d0aa5ae6fda6823df3ec64a88748542a3aa (diff)
downloadpki-3ffa3490b4c1879b8539597c15c193628cbbe123.tar.gz
pki-3ffa3490b4c1879b8539597c15c193628cbbe123.tar.xz
pki-3ffa3490b4c1879b8539597c15c193628cbbe123.zip
Fix Bugzilla Bug#718607 CC_LAB_EVAL: No AUTH message is generated in CA's signedaudit log when a directory based user enrollment is performed
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2048 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java75
1 files changed, 66 insertions, 9 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
index 389267678..1026eef30 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
@@ -75,6 +75,13 @@ public class ProfileSubmitServlet extends ProfileServlet {
private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
"LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
+
+ private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL =
+ "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
+ private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS =
+ "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
+
+
public ProfileSubmitServlet() {
}
@@ -423,16 +430,10 @@ public class ProfileSubmitServlet extends ProfileServlet {
HttpServletResponse response = cmsReq.getHttpResp();
boolean xmlOutput = false;
- String v = request.getParameter("xml");
- if ((v != null) && (v.equalsIgnoreCase("true"))) {
- xmlOutput = true;
- }
- v = request.getParameter("xmlOutput");
+ String v = request.getParameter("xmlOutput");
if ((v != null) && (v.equalsIgnoreCase("true"))) {
- xmlOutput = true;
- }
- if (xmlOutput) {
CMS.debug("xmlOutput true");
+ xmlOutput = true;
} else {
CMS.debug("xmlOutput false");
}
@@ -925,7 +926,30 @@ public class ProfileSubmitServlet extends ProfileServlet {
if (statsSub != null) {
statsSub.startTiming("profile_authentication");
}
- if (authenticator != null) {
+
+ if (authenticator != null) {
+
+ CMS.debug("ProfileSubmitServlet: authentication required.");
+ String uid_cred = "Unidentified";
+ String uid_attempted_cred = "Unidentified";
+ Enumeration authIds = authenticator.getValueNames();
+ //Attempt to possibly fetch attemped uid, may not always be available.
+ if (authIds != null) {
+ while (authIds.hasMoreElements()) {
+ String authName = (String) authIds.nextElement();
+ String value = request.getParameter(authName);
+ if (value != null) {
+ if (authName.equals("uid")) {
+ uid_attempted_cred = value;
+ }
+ }
+ }
+ }
+
+ String authSubjectID = auditSubjectID();
+
+ String authMgrID = authenticator.getName();
+ String auditMessage = null;
try {
if (isRenewal) {
CMS.debug("ProfileSubmitServlet: renewal authenticate begins");
@@ -952,8 +976,41 @@ public class ProfileSubmitServlet extends ProfileServlet {
if (statsSub != null) {
statsSub.endTiming("enrollment");
}
+
+ //audit log our authentication failure
+
+ authSubjectID += " : " + uid_cred;
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_AUTH_FAIL,
+ authSubjectID,
+ ILogger.FAILURE,
+ authMgrID,
+ uid_attempted_cred);
+ audit(auditMessage);
+
return;
}
+
+ //Log successful authentication
+
+ //Attempt to get uid from authToken, most tokens respond to the "uid" cred.
+ uid_cred = authToken.getInString("uid");
+
+ if (uid_cred == null || uid_cred.length() == 0) {
+ uid_cred = "Unidentified";
+ }
+
+ authSubjectID = authSubjectID + " : " + uid_cred;
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_AUTH_SUCCESS,
+ authSubjectID,
+ ILogger.SUCCESS,
+ authMgrID);
+
+ audit(auditMessage);
+
}
if (statsSub != null) {
statsSub.endTiming("profile_authentication");