diff options
author | vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-04-05 16:16:55 +0000 |
---|---|---|
committer | vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-04-05 16:16:55 +0000 |
commit | 0fe646e7211a2707836afe8cd0dd3ce0132fd872 (patch) | |
tree | 808fe8280148be7ed1c0ea94339ec3dc31d14bbb /pki | |
parent | 22c9a1a31a9a5cf4a1234c373c98d3388210f62c (diff) | |
download | pki-0fe646e7211a2707836afe8cd0dd3ce0132fd872.tar.gz pki-0fe646e7211a2707836afe8cd0dd3ce0132fd872.tar.xz pki-0fe646e7211a2707836afe8cd0dd3ce0132fd872.zip |
Bugzilla Bug 692990: Audit log messages needed to match CC doc: DRM Recovery audit log messages
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1943 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki')
3 files changed, 68 insertions, 6 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java index e4008ab8d..58ffe9e6e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -421,6 +421,7 @@ public abstract class CMSServlet extends HttpServlet { pn.equalsIgnoreCase("pin") || pn.equalsIgnoreCase("pwd") || pn.equalsIgnoreCase("pwdagain") || + pn.startsWith("p12Password") || pn.equalsIgnoreCase("uPasswd") ) { CMS.debug("CMSServlet::service() param name='" + pn + "' value='(sensitive)'" ); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java index eb510bf59..47ed5d0e9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java @@ -68,6 +68,14 @@ public class GetAsyncPk12 extends CMSServlet { private com.netscape.certsrv.kra.IKeyService mService = null; private final static String OUT_STATUS = "status"; + private final static String + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; + + private final static String + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; + private String mFormPath = null; /** @@ -112,6 +120,9 @@ public class GetAsyncPk12 extends CMSServlet { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); + String auditMessage = null; + String agent = null; + String reqID = null; IAuthToken authToken = authenticate(cmsReq); @@ -153,12 +164,11 @@ public class GetAsyncPk12 extends CMSServlet { // get status and populate argSet try { - String reqID = req.getParameter("reqID"); + reqID = req.getParameter("reqID"); header.addStringValue("reqID", reqID); // only the init DRM agent can get the pkcs12 SessionContext sContext = SessionContext.getContext(); - String agent = null; if (sContext != null) { agent = (String) sContext.get(SessionContext.USER_ID); @@ -208,6 +218,16 @@ public class GetAsyncPk12 extends CMSServlet { resp.setContentType("application/x-pkcs12"); resp.getOutputStream().write(pkcs12); mRenderResult = false; + + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, + agent, + ILogger.SUCCESS, + reqID, + ""); + + audit(auditMessage); + return; } catch (IOException e) { header.addStringValue(OUT_ERROR, @@ -224,6 +244,17 @@ public class GetAsyncPk12 extends CMSServlet { header.addStringValue(OUT_ERROR, e.toString(locale[0])); } + if ((agent != null) && (reqID != null)) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, + agent, + ILogger.FAILURE, + reqID, + ""); + + audit(auditMessage); + } + try { ServletOutputStream out = resp.getOutputStream(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java index cd43cc8eb..4c5f86c3e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java @@ -66,6 +66,14 @@ public class GetPk12 extends CMSServlet { private com.netscape.certsrv.kra.IKeyService mService = null; private final static String OUT_STATUS = "status"; + private final static String + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; + + private final static String + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; + private String mFormPath = null; /** @@ -110,6 +118,9 @@ public class GetPk12 extends CMSServlet { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); + String auditMessage = null; + String recoveryID = null; + String agent = null; IAuthToken authToken = authenticate(cmsReq); @@ -151,7 +162,7 @@ public class GetPk12 extends CMSServlet { // get status and populate argSet try { - String recoveryID = req.getParameter("recoveryID"); + recoveryID = req.getParameter("recoveryID"); header.addStringValue("recoveryID", recoveryID); @@ -166,8 +177,6 @@ public class GetPk12 extends CMSServlet { // only the init DRM agent can get the pkcs12 SessionContext sContext = SessionContext.getContext(); - String agent = null; - if (sContext != null) { agent = (String) sContext.get(SessionContext.USER_ID); } @@ -202,13 +211,23 @@ public class GetPk12 extends CMSServlet { resp.setContentType("application/x-pkcs12"); resp.getOutputStream().write(pkcs12); mRenderResult = false; + + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, + agent, + ILogger.SUCCESS, + recoveryID, + ""); + + audit(auditMessage); + return; } catch (IOException e) { header.addStringValue(OUT_ERROR, CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } } else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) { - // error in recovery process + // error in recovery process header.addStringValue(OUT_ERROR, ((IKeyRecoveryAuthority) mService).getError(recoveryID)); } else { @@ -218,6 +237,17 @@ public class GetPk12 extends CMSServlet { header.addStringValue(OUT_ERROR, e.toString(locale[0])); } + if ((agent != null) && (recoveryID != null)) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, + agent, + ILogger.FAILURE, + recoveryID, + ""); + + audit(auditMessage); + } + try { ServletOutputStream out = resp.getOutputStream(); |