diff options
5 files changed, 302 insertions, 302 deletions
diff --git a/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java b/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java index 80f206817..980fe2d01 100644 --- a/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java +++ b/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java @@ -234,12 +234,12 @@ public class TPSTokendb { public void tdbAddCertificatesForCUID(String cuid, ArrayList<TPSCertRecord> certs, ExternalRegAttrs erAttrs) throws TPSException { String method = "TPSTokendb.tdbAddCertificatesForCUID (with erAttrs): "; - String auditMsg = ""; + String logMsg = ""; CMS.debug(method + "begins"); if (cuid == null || certs== null || certs.isEmpty() || erAttrs == null) { - auditMsg = "params cuid, certs and erAttrs cannot be null or empty"; - CMS.debug(method + auditMsg); - throw new TPSException(method + auditMsg, TPSStatus.STATUS_ERROR_CONTACT_ADMIN); + logMsg = "params cuid, certs and erAttrs cannot be null or empty"; + CMS.debug(method + logMsg); + throw new TPSException(method + logMsg, TPSStatus.STATUS_ERROR_CONTACT_ADMIN); } CMS.debug("TPSTokendb.tdbAddCertificatesForCUID: number of certs to update:"+ certs.size()); @@ -490,7 +490,7 @@ public class TPSTokendb { String method = "TPSTokendb.revokeCertsByCUID"; if (cuid == null) throw new TPSException(method + ": cuid null"); - String auditMsg; + String logMsg; IConfigStore configStore = CMS.getConfigStore(); ArrayList<TPSCertRecord> certRecords = tps.getTokendb().tdbGetCertRecordsByCUID(cuid); if (tokenReason != null) { @@ -498,9 +498,9 @@ public class TPSTokendb { !tokenReason.equalsIgnoreCase("destroyed") && !tokenReason.equalsIgnoreCase("keyCompromise") && !tokenReason.equalsIgnoreCase("terminated")) { - auditMsg = "unknown tokenRecord lost reason:" + tokenReason; - CMS.debug(method + ":" + auditMsg); - throw new Exception(method + ":" + auditMsg); + logMsg = "unknown tokenRecord lost reason:" + tokenReason; + CMS.debug(method + ":" + logMsg); + throw new Exception(method + ":" + logMsg); } } @@ -512,17 +512,17 @@ public class TPSTokendb { RevocationReason revokeReason = RevocationReason.UNSPECIFIED; if (isRevoke) { - auditMsg = "called to revoke"; - CMS.debug(method + ":" + auditMsg); + logMsg = "called to revoke"; + CMS.debug(method + ":" + logMsg); boolean revokeCert = shouldRevoke(cert, cuid, tokenReason, ipAddress, remoteUser); if (!revokeCert) { - auditMsg = "cert not to be revoked:" + cert.getSerialNumber(); - CMS.debug(method + ":" + auditMsg); + logMsg = "cert not to be revoked:" + cert.getSerialNumber(); + CMS.debug(method + ":" + logMsg); continue; } - auditMsg = "cert to be revoked:" + cert.getSerialNumber(); - CMS.debug(method + ":" + auditMsg); + logMsg = "cert to be revoked:" + cert.getSerialNumber(); + CMS.debug(method + ":" + logMsg); // get revoke reason config = "op.enroll." + cert.getType() + ".keyGen." + cert.getKeyType() + @@ -530,11 +530,11 @@ public class TPSTokendb { int reasonInt = configStore.getInteger(config, 0); revokeReason = RevocationReason.fromInt(reasonInt); } else { // is unrevoke - auditMsg = "called to unrevoke"; - CMS.debug(method + ":" + auditMsg); + logMsg = "called to unrevoke"; + CMS.debug(method + ":" + logMsg); if (!cert.getStatus().equalsIgnoreCase("revoked_on_hold")) { - auditMsg = "cert record current status is not revoked_on_hold; cannot unrevoke"; - CMS.debug(method + ":" + auditMsg); + logMsg = "cert record current status is not revoked_on_hold; cannot unrevoke"; + CMS.debug(method + ":" + logMsg); continue;// TODO: continue or bail? } } @@ -553,9 +553,9 @@ public class TPSTokendb { revokeReason); CMS.debug(method + ": response status =" + response.getStatus()); } else { - auditMsg = "mulformed hex serial number :" + hexSerial; - CMS.debug(method + ": " + auditMsg); - throw new Exception(auditMsg); + logMsg = "mulformed hex serial number :" + hexSerial; + CMS.debug(method + ": " + logMsg); + throw new Exception(logMsg); } // update certificate status @@ -569,8 +569,8 @@ public class TPSTokendb { updateCertsStatus(cert.getSerialNumber(), cert.getIssuedBy(), "active"); } - auditMsg = "cert (un)revoked:" + cert.getSerialNumber(); - CMS.debug(method + ":" + auditMsg); + logMsg = "cert (un)revoked:" + cert.getSerialNumber(); + CMS.debug(method + ":" + logMsg); //TODO: tdbActivity } } diff --git a/base/tps/src/org/dogtagpki/server/tps/main/ExternalRegAttrs.java b/base/tps/src/org/dogtagpki/server/tps/main/ExternalRegAttrs.java index d45f78d7c..b90888839 100644 --- a/base/tps/src/org/dogtagpki/server/tps/main/ExternalRegAttrs.java +++ b/base/tps/src/org/dogtagpki/server/tps/main/ExternalRegAttrs.java @@ -116,12 +116,12 @@ public class ExternalRegAttrs { */ public ExternalRegCertToRecover.CertStatus getCertStatus(String serialString) throws TPSException { String method = "ExternalRegAttrs.getCertStatus:"; - String auditMsg = ""; + String logMsg = ""; CMS.debug(method + "begins. getCertsToRecoverCount=" + getCertsToRecoverCount()); if (serialString == null) { - auditMsg = "parameter serialString cannnot be null"; - CMS.debug(method + auditMsg); - throw new TPSException(method + auditMsg, TPSStatus.STATUS_ERROR_CONTACT_ADMIN); + logMsg = "parameter serialString cannnot be null"; + CMS.debug(method + logMsg); + throw new TPSException(method + logMsg, TPSStatus.STATUS_ERROR_CONTACT_ADMIN); } else CMS.debug(method + "searching for serialString =" + serialString); if (serialString.startsWith("0x")) { @@ -136,8 +136,8 @@ public class ExternalRegAttrs { return cert.getCertStatus(); } } - auditMsg = "cert not found in ExternalReg, status not reset"; - CMS.debug(method + auditMsg); + logMsg = "cert not found in ExternalReg, status not reset"; + CMS.debug(method + logMsg); // no match means cert was not one of the ExternalReg recovered certs; so don't reset // use UNINITIALIZED to mean not found, as all certs in externalReg must have been set by now return ExternalRegCertToRecover.CertStatus.UNINITIALIZED; diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java index 02806aab1..e21f7caf3 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java @@ -89,7 +89,7 @@ public class TPSEnrollProcessor extends TPSProcessor { private void enroll() throws TPSException, IOException { String method = "TPSEnrollProcessor.enroll:"; CMS.debug(method + " entering..."); - String auditMsg = null; + String logMsg = null; TPSSubsystem tps = (TPSSubsystem) CMS.getSubsystem(TPSSubsystem.ID); TPSTokenPolicy tokenPolicy = new TPSTokenPolicy(tps); IConfigStore configStore = CMS.getConfigStore(); @@ -100,8 +100,8 @@ public class TPSEnrollProcessor extends TPSProcessor { try { appletInfo = getAppletInfo(); } catch (TPSException e) { - auditMsg = e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); throw e; @@ -144,11 +144,11 @@ public class TPSEnrollProcessor extends TPSProcessor { authId = configStore.getString(configName); } catch (EBaseException e) { CMS.debug(method + " Internal Error obtaining mandatory config values. Error: " + e); - auditMsg = "TPS error getting config values from config store." + e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = "TPS error getting config values from config store." + e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); } try { @@ -159,23 +159,23 @@ public class TPSEnrollProcessor extends TPSProcessor { } catch (Exception e) { // all exceptions are considered login failure CMS.debug(method + ": authentication exception thrown: " + e); - auditMsg = "ExternalReg authentication failed, status = STATUS_ERROR_LOGIN"; + logMsg = "ExternalReg authentication failed, status = STATUS_ERROR_LOGIN"; - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_LOGIN); } try { erAttrs = processExternalRegAttrs(authId); } catch (Exception ee) { - auditMsg = "after processExternalRegAttrs: " + ee.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = "after processExternalRegAttrs: " + ee.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); } /* @@ -190,15 +190,15 @@ public class TPSEnrollProcessor extends TPSProcessor { CMS.debug(method + " erAttrs.getTokenCUID()=" + erAttrs.getTokenCUID()); CMS.debug(method + " tokenRecord.getId()=" + tokenRecord.getId()); if (!tokenRecord.getId().equalsIgnoreCase(erAttrs.getTokenCUID())) { - auditMsg = "isExternalReg: token CUID not matching record:" + tokenRecord.getId() + " : " + + logMsg = "isExternalReg: token CUID not matching record:" + tokenRecord.getId() + " : " + erAttrs.getTokenCUID(); - CMS.debug(method + auditMsg); - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + CMS.debug(method + logMsg); + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_NOT_TOKEN_OWNER); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_NOT_TOKEN_OWNER); } else { - auditMsg = "isExternalReg: token CUID matches record"; - CMS.debug(method + auditMsg); + logMsg = "isExternalReg: token CUID matches record"; + CMS.debug(method + logMsg); } } else { CMS.debug(method + " no need to check if token cuid matches record"); @@ -224,11 +224,11 @@ public class TPSEnrollProcessor extends TPSProcessor { } catch (EBaseException e) { CMS.debug(method + " Internal Error obtaining mandatory config values. Error: " + e); - auditMsg = "TPS error getting config values from config store." + e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = "TPS error getting config values from config store." + e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); } } @@ -253,11 +253,11 @@ public class TPSEnrollProcessor extends TPSProcessor { CMS.debug(method + " resolved keySet: " + keySet); } } catch (TPSException e) { - auditMsg = e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); } } else { CMS.debug("In TPSEnrollProcessor.enroll isExternalReg: OFF"); @@ -281,11 +281,11 @@ public class TPSEnrollProcessor extends TPSProcessor { CMS.debug(method + " resolved tokenType: " + tokenType); } } catch (TPSException e) { - auditMsg = e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); } } @@ -302,13 +302,13 @@ public class TPSEnrollProcessor extends TPSProcessor { CMS.debug(method + " token transition disallowed " + tokenRecord.getTokenStatus() + " to " + newState); - auditMsg = "Operation for CUID " + cuid + + logMsg = "Operation for CUID " + cuid + " Disabled, illegal transition attempted " + tokenRecord.getTokenStatus() + " to " + newState; - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_DISABLED_TOKEN); } else { CMS.debug("TPSPEnrollrocessor.enroll: token transition allowed " + @@ -322,16 +322,16 @@ public class TPSEnrollProcessor extends TPSProcessor { !tokenPolicy.isAllowdTokenReenroll(cuid) && !tokenPolicy.isAllowdTokenRenew(cuid)) { CMS.debug(method + " token renewal or reEnroll disallowed "); - auditMsg = "Operation renewal or reEnroll for CUID " + cuid + + logMsg = "Operation renewal or reEnroll for CUID " + cuid + " Disabled"; - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_DISABLED_TOKEN); } else { - auditMsg = "isExternalReg: skip token policy (reenroll, renewal) check"; - CMS.debug(method + auditMsg); + logMsg = "isExternalReg: skip token policy (reenroll, renewal) check"; + CMS.debug(method + logMsg); } } else { CMS.debug(method + " token does not exist"); @@ -373,11 +373,11 @@ public class TPSEnrollProcessor extends TPSProcessor { try { pkcs11objx = getCurrentObjectsOnToken(channel); } catch (DataFormatException e) { - auditMsg = method + " Failed to parse original token data: " + e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = method + " Failed to parse original token data: " + e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg); + throw new TPSException(logMsg); } pkcs11objx.setCUID(appletInfo.getCUID()); @@ -387,10 +387,10 @@ public class TPSEnrollProcessor extends TPSProcessor { tps.tdb.tdbAddTokenEntry(tokenRecord, "uninitialized"); } catch (Exception e) { String failMsg = "add token failure"; - auditMsg = failMsg + ":" + e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = failMsg + ":" + e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg); + throw new TPSException(logMsg); } } @@ -419,22 +419,22 @@ public class TPSEnrollProcessor extends TPSProcessor { else if (status == TPSStatus.STATUS_ERROR_RECOVERY_IS_PROCESSED) { statusString = "Recovery processed"; recovered = true; - tps.tdb.tdbActivity(ActivityDatabase.OP_RECOVERY, tokenRecord, session.getIpAddress(), auditMsg, "success"); + tps.tdb.tdbActivity(ActivityDatabase.OP_RECOVERY, tokenRecord, session.getIpAddress(), logMsg, "success"); } else if (status == TPSStatus.STATUS_ERROR_RENEWAL_IS_PROCESSED) { statusString = "Renewal processed"; renewed = true; - tps.tdb.tdbActivity(ActivityDatabase.OP_RENEWAL, tokenRecord, session.getIpAddress(), auditMsg, "success"); + tps.tdb.tdbActivity(ActivityDatabase.OP_RENEWAL, tokenRecord, session.getIpAddress(), logMsg, "success"); } else { - auditMsg = " generateCertsAfterRenewalRecoveryPolicy returned status=" + status; - CMS.debug(method + auditMsg); - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = " generateCertsAfterRenewalRecoveryPolicy returned status=" + status; + CMS.debug(method + logMsg); + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg); + throw new TPSException(logMsg); } if (!isExternalReg) { - auditMsg = "generateCertsAfterRenewalRecoveryPolicy returns status:" + logMsg = "generateCertsAfterRenewalRecoveryPolicy returns status:" + EndOpMsg.statusToInt(status) + " : " + statusString; - CMS.debug(method + auditMsg); + CMS.debug(method + logMsg); } if (status == TPSStatus.STATUS_NO_ERROR) { if (!generateCertificates(certsInfo, channel, appletInfo)) { @@ -444,7 +444,7 @@ public class TPSEnrollProcessor extends TPSProcessor { CMS.debug(method + "generateCertificates returned false means some certs failed enrollment; clean up (format) the token"); format(true /*skipAuth*/); } - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); throw new TPSException("generateCertificates failed"); } else { @@ -466,29 +466,29 @@ public class TPSEnrollProcessor extends TPSProcessor { CMS.debug(method + " after externalRegRecover status is:" + recoverStatus); if (recoverStatus == TPSStatus.STATUS_ERROR_RECOVERY_IS_PROCESSED) { recovered = true; - auditMsg = method + " externalRegRecover returned: recoverStatus=" + recoverStatus; - tps.tdb.tdbActivity(ActivityDatabase.OP_RECOVERY, tokenRecord, session.getIpAddress(), auditMsg, "success"); + logMsg = method + " externalRegRecover returned: recoverStatus=" + recoverStatus; + tps.tdb.tdbActivity(ActivityDatabase.OP_RECOVERY, tokenRecord, session.getIpAddress(), logMsg, "success"); } else { - auditMsg = method + " externalRegRecover returned: recoverStatus=" + recoverStatus; - CMS.debug(auditMsg); + logMsg = method + " externalRegRecover returned: recoverStatus=" + recoverStatus; + CMS.debug(logMsg); tps.tdb.tdbActivity(ActivityDatabase.OP_RECOVERY, tokenRecord, session.getIpAddress(), - auditMsg, + logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_BAD_STATUS); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_BAD_STATUS); } } catch (EBaseException e) { - auditMsg = method + " externalRegRecover: " + e; - CMS.debug(auditMsg); + logMsg = method + " externalRegRecover: " + e; + CMS.debug(logMsg); tps.tdb.tdbActivity(ActivityDatabase.OP_RECOVERY, tokenRecord, session.getIpAddress(), - auditMsg, + logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_BAD_STATUS); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_BAD_STATUS); } } else { //TODO: - //tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + //tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, //"success"); } } @@ -555,10 +555,10 @@ public class TPSEnrollProcessor extends TPSProcessor { tps.tdb.tdbUpdateTokenEntry(tokenRecord); } catch (Exception e) { String failMsg = "update token failure"; - auditMsg = failMsg + ":" + e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = failMsg + ":" + e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg); + throw new TPSException(logMsg); } //update the tokendb with new certs CMS.debug(method + " updating tokendb with certs."); @@ -566,9 +566,9 @@ public class TPSEnrollProcessor extends TPSProcessor { // clean up the cert records used to belong to this token in tokendb tps.tdb.tdbRemoveCertificatesByCUID(tokenRecord.getId()); } catch (Exception e) { - auditMsg = "Attempt to clean up record with tdbRemoveCertificatesByCUID failed; token probably clean; continue anyway:" + logMsg = "Attempt to clean up record with tdbRemoveCertificatesByCUID failed; token probably clean; continue anyway:" + e; - CMS.debug(method + auditMsg); + CMS.debug(method + logMsg); } CMS.debug(method + " adding certs to token with tdbAddCertificatesForCUID..."); ArrayList<TPSCertRecord> certRecords = certsInfo.toTPSCertRecords(tokenRecord.getId(), tokenRecord.getUserID()); @@ -578,8 +578,8 @@ public class TPSEnrollProcessor extends TPSProcessor { tps.tdb.tdbAddCertificatesForCUID(tokenRecord.getId(), certRecords); CMS.debug(method + " tokendb updated with certs to the cuid so that it reflects what's on the token"); - auditMsg = "appletVersion=" + lastObjVer + "; tokenType =" + selectedTokenType + "; userid =" + userid; - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = "appletVersion=" + lastObjVer + "; tokenType =" + selectedTokenType + "; userid =" + userid; + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "success"); CMS.debug(method + " leaving ..."); @@ -1014,7 +1014,7 @@ public class TPSEnrollProcessor extends TPSProcessor { AppletInfo aInfo) throws TPSException, IOException { TPSStatus status = TPSStatus.STATUS_NO_ERROR; - String auditMsg; + String logMsg; final String method = "TPSEnrollProcessor.generateCertsAfterRenewalRecoveryPolicy"; CMS.debug(method + ": begins"); IConfigStore configStore = CMS.getConfigStore(); @@ -1029,9 +1029,9 @@ public class TPSEnrollProcessor extends TPSProcessor { } catch (Exception e) { //TODO: when do you get here? // no existing record, means no "renewal" or "recovery" actions needed - auditMsg = "no token associated with user: " + userid; - CMS.debug(method + auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_INACTIVE_TOKEN_NOT_FOUND); + logMsg = "no token associated with user: " + userid; + CMS.debug(method + logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_INACTIVE_TOKEN_NOT_FOUND); } CMS.debug(method + " found " + tokenRecords.size() + " tokens for user:" + userid); boolean isRecover = false; @@ -1045,8 +1045,8 @@ public class TPSEnrollProcessor extends TPSProcessor { //Is this the same token (current token)? if (tokenRecord.getId().equals(aInfo.getCUIDhexStringPlain())) { //same token - auditMsg = "found current token entry"; - CMS.debug(method + ":" + auditMsg); + logMsg = "found current token entry"; + CMS.debug(method + ":" + logMsg); if (tokenRecord.getStatus().equals("uninitialized")) { // this is the current token if (tokenRecords.size() == 1) { @@ -1070,70 +1070,70 @@ public class TPSEnrollProcessor extends TPSProcessor { isRecover = true; continue; // TODO: or break? } - auditMsg = method + ": user already has an active token"; - CMS.debug(auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_HAS_AT_LEAST_ONE_ACTIVE_TOKEN); + logMsg = method + ": user already has an active token"; + CMS.debug(logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_HAS_AT_LEAST_ONE_ACTIVE_TOKEN); } } else if (tokenRecord.getStatus().equals("active")) { // current token is already active; renew if allowed if (tokenPolicy.isAllowdTokenRenew(aInfo.getCUIDhexStringPlain())) { return processRenewal(certsInfo, channel, aInfo, tokenRecord); } else { - auditMsg = "token is already active; can't renew because renewal is not allowed; will re-enroll if allowed"; - CMS.debug(method + ":" + auditMsg); + logMsg = "token is already active; can't renew because renewal is not allowed; will re-enroll if allowed"; + CMS.debug(method + ":" + logMsg); } break; } else if (tokenRecord.getStatus().equals("terminated")) { - auditMsg = "terminated token cuid=" + logMsg = "terminated token cuid=" + aInfo.getCUIDhexStringPlain() + " cannot be reused"; - CMS.debug(method + ":" + auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_CONTACT_ADMIN); + CMS.debug(method + ":" + logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_CONTACT_ADMIN); } else if (tokenRecord.getStatus().equals("lost")) { String reasonStr = tokenRecord.getReason(); if (reasonStr.equals("keyCompromise")) { - auditMsg = "This token cannot be reused because it has been reported lost"; + logMsg = "This token cannot be reused because it has been reported lost"; CMS.debug(method + ": " - + auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_UNUSABLE_TOKEN_KEYCOMPROMISE); + + logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_UNUSABLE_TOKEN_KEYCOMPROMISE); } else if (reasonStr.equals("onHold")) { try { tps.tdb.tdbHasActiveToken(userid); - auditMsg = "user already has an active token"; + logMsg = "user already has an active token"; CMS.debug(method + ": " - + auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_HAS_AT_LEAST_ONE_ACTIVE_TOKEN); + + logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_HAS_AT_LEAST_ONE_ACTIVE_TOKEN); } catch (Exception e2) { - auditMsg = "User needs to contact administrator to report lost token (it should be put on Hold)."; + logMsg = "User needs to contact administrator to report lost token (it should be put on Hold)."; CMS.debug(method + ": " - + auditMsg); + + logMsg); break; } } else if (reasonStr.equals("destroyed")) { - auditMsg = "This destroyed lost case should not be executed because the token is so damaged. It should not get here"; + logMsg = "This destroyed lost case should not be executed because the token is so damaged. It should not get here"; CMS.debug(method + ": " - + auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_TOKEN_DISABLED); + + logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_TOKEN_DISABLED); } else { - auditMsg = "No such lost reason: " + reasonStr + " for this cuid: " + logMsg = "No such lost reason: " + reasonStr + " for this cuid: " + aInfo.getCUIDhexStringPlain(); - CMS.debug(method + ":" + auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_NO_SUCH_LOST_REASON); + CMS.debug(method + ":" + logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_NO_SUCH_LOST_REASON); } } else { - auditMsg = "No such token status for this cuid=" + aInfo.getCUIDhexStringPlain(); - CMS.debug(method + ":" + auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_NO_SUCH_TOKEN_STATE); + logMsg = "No such token status for this cuid=" + aInfo.getCUIDhexStringPlain(); + CMS.debug(method + ":" + logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_NO_SUCH_TOKEN_STATE); } } else { //cuid != current token - auditMsg = "found token entry different from current token"; - CMS.debug(method + ":" + auditMsg); + logMsg = "found token entry different from current token"; + CMS.debug(method + ":" + logMsg); if (tokenRecord.getStatus().equals("lost")) { //lostostToken keeps track of the latest token that's lost //last one in the look should be the latest lostToken = tokenRecord; - auditMsg = "found a lost token: cuid = " + tokenRecord.getId(); - CMS.debug(method + ":" + auditMsg); + logMsg = "found a lost token: cuid = " + tokenRecord.getId(); + CMS.debug(method + ":" + logMsg); } continue; } @@ -1141,14 +1141,14 @@ public class TPSEnrollProcessor extends TPSProcessor { if (isRecover == true) { // this could be set in previous iteration if (lostToken == null) { - auditMsg = "No lost token to be recovered; do enrollment"; - CMS.debug(method + ":" + auditMsg); + logMsg = "No lost token to be recovered; do enrollment"; + CMS.debug(method + ":" + logMsg); //shouldn't even get here; But if we do, just enroll } else { String reasonStr = lostToken.getReason(); //RevocationReason reason = RevocationReason.valueOf(reasonStr); - auditMsg = "isRecover true; reasonStr =" + reasonStr; - CMS.debug(method + ":" + auditMsg); + logMsg = "isRecover true; reasonStr =" + reasonStr; + CMS.debug(method + ":" + logMsg); if (reasonStr.equals("keyCompromise")) { return processRecovery(lostToken, certsInfo, channel, aInfo); @@ -1170,22 +1170,22 @@ public class TPSEnrollProcessor extends TPSProcessor { String tmpTokenType = configStore.getString(configName); setSelectedTokenType(tmpTokenType); } catch (EPropertyNotFound e) { - auditMsg = " configuration " + configName + " not found"; - CMS.debug(method + ":" + auditMsg); - throw new TPSException(method + ":" + auditMsg); + logMsg = " configuration " + configName + " not found"; + CMS.debug(method + ":" + logMsg); + throw new TPSException(method + ":" + logMsg); } catch (EBaseException e) { - auditMsg = " configuration " + configName + " not found"; - CMS.debug(method + ":" + auditMsg); - throw new TPSException(method + ":" + auditMsg); + logMsg = " configuration " + configName + " not found"; + CMS.debug(method + ":" + logMsg); + throw new TPSException(method + ":" + logMsg); } return processRecovery(lostToken, certsInfo, channel, aInfo); } else if (reasonStr.equals("destroyed")) { return processRecovery(lostToken, certsInfo, channel, aInfo); } else { - auditMsg = "No such lost reason: " + reasonStr + " for this cuid: " + aInfo.getCUIDhexStringPlain(); - CMS.debug(method + ":" + auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_NO_SUCH_LOST_REASON); + logMsg = "No such lost reason: " + reasonStr + " for this cuid: " + aInfo.getCUIDhexStringPlain(); + CMS.debug(method + ":" + logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_NO_SUCH_LOST_REASON); } } } @@ -1215,7 +1215,7 @@ public class TPSEnrollProcessor extends TPSProcessor { throws EBaseException, IOException { String method = "TPSEnrollProcessor.externalRegRecover:"; - String auditMsg; + String logMsg; CMS.debug(method + "begins"); TPSStatus status = TPSStatus.STATUS_ERROR_RECOVERY_IS_PROCESSED; if (session == null || session.getExternalRegAttrs() == null || @@ -1240,16 +1240,16 @@ public class TPSEnrollProcessor extends TPSProcessor { status = TPSStatus.STATUS_ERROR_RECOVERY_FAILED; return status; } - auditMsg = "ExternalReg cert record: serial=" + + logMsg = "ExternalReg cert record: serial=" + serial.toString(); - CMS.debug(method + auditMsg); + CMS.debug(method + logMsg); // recover cert CARemoteRequestHandler caRH = new CARemoteRequestHandler(caConn); CARetrieveCertResponse certResp = caRH.retrieveCertificate(serial); if (certResp == null) { - auditMsg = "In recovery mode, CARetieveCertResponse object not found!"; - CMS.debug(method + auditMsg); + logMsg = "In recovery mode, CARetieveCertResponse object not found!"; + CMS.debug(method + logMsg); return TPSStatus.STATUS_ERROR_RECOVERY_FAILED; } @@ -1264,16 +1264,16 @@ public class TPSEnrollProcessor extends TPSProcessor { CMS.debug(method + "recovered: retCertB64: " + cert_bytes_buf.toHexString()); } else { - auditMsg = "recovering cert b64 not found"; - CMS.debug(method + auditMsg); + logMsg = "recovering cert b64 not found"; + CMS.debug(method + logMsg); return TPSStatus.STATUS_ERROR_RECOVERY_FAILED; } if (certResp.isCertRevoked()) { CMS.debug(method + " cert revoked"); if (!allowRecoverInvalidCert()) { - auditMsg = "revoked cert not allowed on token per policy;"; - CMS.debug(method + auditMsg); + logMsg = "revoked cert not allowed on token per policy;"; + CMS.debug(method + logMsg); return TPSStatus.STATUS_ERROR_RECOVERY_FAILED; } erCert.setCertStatus(CertStatus.REVOKED); @@ -1284,43 +1284,43 @@ public class TPSEnrollProcessor extends TPSProcessor { // check if expired or not yet valid if (!certResp.isCertValid()) { - auditMsg = "cert expired or not yet valid"; - CMS.debug(auditMsg); + logMsg = "cert expired or not yet valid"; + CMS.debug(logMsg); erCert.setCertStatus(CertStatus.EXPIRED); // it could be not yet valid } } if (keyid == null) { - auditMsg = " no keyid; skip key recovery; continue"; - CMS.debug(method + auditMsg); + logMsg = " no keyid; skip key recovery; continue"; + CMS.debug(method + logMsg); continue; } else if ( keyid.compareTo(BigInteger.valueOf(0))==0) { - auditMsg = " keyid is 0; invalid; skip key recovery; continue"; - CMS.debug(method + auditMsg); + logMsg = " keyid is 0; invalid; skip key recovery; continue"; + CMS.debug(method + logMsg); continue; } // recover keys - auditMsg = " recovering for keyid: " + keyid.toString(); - CMS.debug(method + auditMsg); + logMsg = " recovering for keyid: " + keyid.toString(); + CMS.debug(method + logMsg); KRARecoverKeyResponse keyResp = null; if (kraConn != null) { - auditMsg = "kraConn not null:" + kraConn; - CMS.debug(method + auditMsg); + logMsg = "kraConn not null:" + kraConn; + CMS.debug(method + logMsg); KRARemoteRequestHandler kraRH = new KRARemoteRequestHandler(kraConn); if (channel.getDRMWrappedDesKey() == null) { - auditMsg = "channel.getDRMWrappedDesKey() null"; - CMS.debug(method + auditMsg); + logMsg = "channel.getDRMWrappedDesKey() null"; + CMS.debug(method + logMsg); return TPSStatus.STATUS_ERROR_RECOVERY_FAILED; } else { - auditMsg = "channel.getDRMWrappedDesKey() not null"; - CMS.debug(method + auditMsg); + logMsg = "channel.getDRMWrappedDesKey() not null"; + CMS.debug(method + logMsg); } keyResp = kraRH.recoverKey(cuid, userid, Util.specialURLEncode(channel.getDRMWrappedDesKey()), null, keyid); if (keyResp == null) { - auditMsg = "recovering key not found"; - CMS.debug(method + auditMsg); + logMsg = "recovering key not found"; + CMS.debug(method + logMsg); return TPSStatus.STATUS_ERROR_RECOVERY_FAILED; } } @@ -1367,7 +1367,7 @@ public class TPSEnrollProcessor extends TPSProcessor { throws TPSException, IOException { TPSStatus status = TPSStatus.STATUS_ERROR_RENEWAL_FAILED; String method = "TPSEnrollProcess.processRenewal"; - String auditMsg; + String logMsg; CMS.debug(method + ": begins"); boolean noFailedCerts = true; @@ -1502,9 +1502,9 @@ public class TPSEnrollProcessor extends TPSProcessor { if (!noFailedCerts) { // TODO: handle cleanup - auditMsg = "There has been failed cert renewal"; - CMS.debug(method + ":" + auditMsg); - throw new TPSException(auditMsg + TPSStatus.STATUS_ERROR_RENEWAL_FAILED); + logMsg = "There has been failed cert renewal"; + CMS.debug(method + ":" + logMsg); + throw new TPSException(logMsg + TPSStatus.STATUS_ERROR_RENEWAL_FAILED); } return status; } @@ -1655,7 +1655,7 @@ public class TPSEnrollProcessor extends TPSProcessor { private TPSStatus processRecovery(TokenRecord toBeRecovered, EnrolledCertsInfo certsInfo, SecureChannel channel, AppletInfo aInfo) throws TPSException, IOException { String method = "TPSEnrollProcessor.processRecover"; - String auditMsg; + String logMsg; TPSStatus status = TPSStatus.STATUS_ERROR_RECOVERY_IS_PROCESSED; TPSSubsystem tps = (TPSSubsystem) CMS.getSubsystem(TPSSubsystem.ID); @@ -1772,10 +1772,10 @@ public class TPSEnrollProcessor extends TPSProcessor { try { caConnId = configStore.getString(config); } catch (Exception e) { - auditMsg = "cannot find config:" + config; - CMS.debug(method + ":" + auditMsg); + logMsg = "cannot find config:" + config; + CMS.debug(method + ":" + logMsg); throw new TPSException( - method + ":" + auditMsg, + method + ":" + logMsg, TPSStatus.STATUS_ERROR_RECOVERY_FAILED); } CMS.debug("TPSEnrollProcessor.processRecovery: Selecting cert to recover: " + serialToRecover); @@ -1801,8 +1801,8 @@ public class TPSEnrollProcessor extends TPSProcessor { // unrevoke cert if needed if (certToRecover.getStatus().equalsIgnoreCase("revoked_on_hold")) { - auditMsg = "unrevoking cert..."; - CMS.debug(method + ":" + auditMsg); + logMsg = "unrevoking cert..."; + CMS.debug(method + ":" + logMsg); CARemoteRequestHandler caRH = null; try { @@ -1815,9 +1815,9 @@ public class TPSEnrollProcessor extends TPSProcessor { CMS.debug(method + ": response status =" + response.getStatus()); } catch (EBaseException e) { - auditMsg = "failed getting CARemoteRequestHandler"; - CMS.debug(method + ":" + auditMsg); - throw new TPSException(method + ":" + auditMsg, TPSStatus.STATUS_ERROR_RECOVERY_FAILED); + logMsg = "failed getting CARemoteRequestHandler"; + CMS.debug(method + ":" + logMsg); + throw new TPSException(method + ":" + logMsg, TPSStatus.STATUS_ERROR_RECOVERY_FAILED); } } @@ -1827,9 +1827,9 @@ public class TPSEnrollProcessor extends TPSProcessor { certToRecover.getIssuedBy(), "active"); } catch (Exception e) { - auditMsg = "failed tdbUpdateCertEntry"; - CMS.debug(method + ":" + auditMsg); - throw new TPSException(method + ":" + auditMsg, TPSStatus.STATUS_ERROR_RECOVERY_FAILED); + logMsg = "failed tdbUpdateCertEntry"; + CMS.debug(method + ":" + logMsg); + throw new TPSException(method + ":" + logMsg, TPSStatus.STATUS_ERROR_RECOVERY_FAILED); } } else { @@ -3200,7 +3200,7 @@ public class TPSEnrollProcessor extends TPSProcessor { protected int getNumberCertsToEnroll() throws TPSException { String method = "TPSEnrollProcessor.getNumberCertsToEnroll:"; - String auditMsg; + String logMsg; IConfigStore configStore = CMS.getConfigStore(); int keyTypeNum = 0; try { @@ -3211,8 +3211,8 @@ public class TPSEnrollProcessor extends TPSProcessor { configValue, 0); } catch (EBaseException e) { - auditMsg = "Internal error finding config value: " + e; - throw new TPSException(method + auditMsg, + logMsg = "Internal error finding config value: " + e; + throw new TPSException(method + logMsg, TPSStatus.STATUS_ERROR_UPGRADE_APPLET); } diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSPinResetProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSPinResetProcessor.java index da2cab4d7..2c29b21e8 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSPinResetProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSPinResetProcessor.java @@ -62,7 +62,7 @@ public class TPSPinResetProcessor extends TPSProcessor { // a completely stand alone pin reset of an already enrolled token. CMS.debug(method + ": entering..."); - String auditMsg = null; + String logMsg = null; TPSSubsystem tps = (TPSSubsystem) CMS.getSubsystem(TPSSubsystem.ID); AppletInfo appletInfo = null; @@ -73,8 +73,8 @@ public class TPSPinResetProcessor extends TPSProcessor { try { appletInfo = getAppletInfo(); } catch (TPSException e) { - auditMsg = e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg, "failure"); throw e; @@ -121,11 +121,11 @@ public class TPSPinResetProcessor extends TPSProcessor { CMS.debug(method + " resolved tokenType: " + tokenType); } } catch (TPSException e) { - auditMsg = e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_PIN_RESET, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_PIN_RESET, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); } statusUpdate(15, "PROGRESS_PIN_RESET_RESOLVE_PROFILE"); @@ -149,16 +149,16 @@ public class TPSPinResetProcessor extends TPSProcessor { CMS.debug(method + ": token record updated!"); } catch (Exception e) { String failMsg = "update token failure"; - auditMsg = failMsg + ":" + e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_PIN_RESET, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = failMsg + ":" + e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_PIN_RESET, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg); + throw new TPSException(logMsg); } statusUpdate(100, "PROGRESS_PIN_RESET_COMPLETE"); - auditMsg = "pin reset operation completed successfully"; - tps.tdb.tdbActivity(ActivityDatabase.OP_PIN_RESET, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = "pin reset operation completed successfully"; + tps.tdb.tdbActivity(ActivityDatabase.OP_PIN_RESET, tokenRecord, session.getIpAddress(), logMsg, "success"); CMS.debug(method + ": Token Pin successfully reset!"); diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java index 6ea8fa2ba..bf757c722 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java @@ -986,12 +986,12 @@ public class TPSProcessor { public TPSAuthenticator getAuthentication(String prefix, String tokenType) throws EBaseException { CMS.debug("TPSProcessor.getAuthentication"); - String auditMsg = null; + String logMsg = null; if (prefix.isEmpty() || tokenType.isEmpty()) { - auditMsg = "TPSProcessor.getAuthentication: missing parameters: prefix or tokenType"; - CMS.debug(auditMsg); - throw new EBaseException(auditMsg); + logMsg = "TPSProcessor.getAuthentication: missing parameters: prefix or tokenType"; + CMS.debug(logMsg); + throw new EBaseException(logMsg); } IConfigStore configStore = CMS.getConfigStore(); String configName = prefix + "." + tokenType + ".auth.id"; @@ -1001,9 +1001,9 @@ public class TPSProcessor { configName); authId = configStore.getString(configName); if (authId == null) { - auditMsg = "TPSProcessor.getAuthentication: config param not found:" + configName; - CMS.debug(auditMsg); - throw new EBaseException(auditMsg); + logMsg = "TPSProcessor.getAuthentication: config param not found:" + configName; + CMS.debug(logMsg); + throw new EBaseException(logMsg); } return getAuthentication(authId); } @@ -1011,12 +1011,12 @@ public class TPSProcessor { public TPSAuthenticator getAuthentication(String authId) throws EBaseException { CMS.debug("TPSProcessor.getAuthentication"); - String auditMsg = null; + String logMsg = null; if (authId.isEmpty()) { - auditMsg = "TPSProcessor.getAuthentication: missing parameters: authId"; - CMS.debug(auditMsg); - throw new EBaseException(auditMsg); + logMsg = "TPSProcessor.getAuthentication: missing parameters: authId"; + CMS.debug(logMsg); + throw new EBaseException(logMsg); } IConfigStore configStore = CMS.getConfigStore(); @@ -1029,9 +1029,9 @@ public class TPSProcessor { authCredNameConf); String authCredName = configStore.getString(authCredNameConf); if (authCredName == null) { - auditMsg = "TPSProcessor.getAuthentication: config param not found:" + authCredNameConf; - CMS.debug(auditMsg); - throw new EBaseException(auditMsg); + logMsg = "TPSProcessor.getAuthentication: config param not found:" + authCredNameConf; + CMS.debug(logMsg); + throw new EBaseException(logMsg); } authInst.setAuthCredName(authCredName); @@ -1041,13 +1041,13 @@ public class TPSProcessor { authLdapStringAttrs); String authLdapStringAttributes = configStore.getString(authLdapStringAttrs, ""); if (authLdapStringAttributes != null && !authLdapStringAttributes.equals("")) { - auditMsg = "TPSProcessor.getAuthentication: got ldapStringAttributes... setting up"; - CMS.debug(auditMsg); + logMsg = "TPSProcessor.getAuthentication: got ldapStringAttributes... setting up"; + CMS.debug(logMsg); ldapStringAttrs = Arrays.asList(authLdapStringAttributes.split(",")); } else { // not set is okay - auditMsg = "TPSProcessor.getAuthentication: config param not set:" + authLdapStringAttributes; - CMS.debug(auditMsg); + logMsg = "TPSProcessor.getAuthentication: config param not set:" + authLdapStringAttributes; + CMS.debug(logMsg); } return authInst; @@ -1090,12 +1090,12 @@ public class TPSProcessor { IAuthCredentials userCred) throws EBaseException, TPSException { - String auditMsg = null; + String logMsg = null; CMS.debug("TPSProcessor.authenticateUser"); if (op.isEmpty() || userAuth == null || userCred == null) { - auditMsg = "TPSProcessor.authenticateUser: missing parameter(s): op, userAuth, or userCred"; - CMS.debug(auditMsg); - throw new EBaseException(auditMsg); + logMsg = "TPSProcessor.authenticateUser: missing parameter(s): op, userAuth, or userCred"; + CMS.debug(logMsg); + throw new EBaseException(logMsg); } IAuthManager auth = userAuth.getAuthManager(); @@ -1389,7 +1389,7 @@ public class TPSProcessor { */ protected boolean revokeCertsAtFormat() { String method = "revokeCertsAtFormat"; - String auditMsg; + String logMsg; CMS.debug(method + ": begins"); IConfigStore configStore = CMS.getConfigStore(); @@ -1398,20 +1398,20 @@ public class TPSProcessor { try { revokeCert = configStore.getBoolean(configName, false); } catch (EBaseException e) { - auditMsg = method + ": config not found: " + configName + + logMsg = method + ": config not found: " + configName + "; default to false"; - CMS.debug(auditMsg); + CMS.debug(logMsg); } if (!revokeCert) { - auditMsg = method + ": revokeCert = false"; - CMS.debug(auditMsg); + logMsg = method + ": revokeCert = false"; + CMS.debug(logMsg); } return revokeCert; } protected RevocationReason getRevocationReasonAtFormat() { String method = "getRevocationReasonAtFormat"; - String auditMsg; + String logMsg; IConfigStore configStore = CMS.getConfigStore(); String configName = TPSEngine.OP_FORMAT_PREFIX + "." + selectedTokenType + ".revokeCert.revokeReason"; @@ -1420,9 +1420,9 @@ public class TPSProcessor { int revokeReasonInt = configStore.getInteger(configName); revokeReason = RevocationReason.fromInt(revokeReasonInt); } catch (EBaseException e) { - auditMsg = method + ": config not found: " + configName + + logMsg = method + ": config not found: " + configName + "; default to unspecified"; - CMS.debug(auditMsg); + CMS.debug(logMsg); revokeReason = RevocationReason.UNSPECIFIED; } @@ -1432,36 +1432,36 @@ public class TPSProcessor { /* * revokeCertificates revokes certificates on the token specified * @param cuid the cuid of the token to revoke certificates - * @return auditMsg captures the audit message + * @return logMsg captures the audit message * @throws TPSException in case of error * * TODO: maybe make this a callback function later */ protected void revokeCertificates(String cuid, RevocationReason revokeReason, String caConnId) throws TPSException { - String auditMsg = ""; + String logMsg = ""; final String method = "TPSProcessor.revokeCertificates"; if (cuid == null) { - auditMsg = "cuid null"; - CMS.debug(method + ":" + auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); + logMsg = "cuid null"; + CMS.debug(method + ":" + logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); } CMS.debug(method + ": begins for cuid:" + cuid); TPSSubsystem tps = (TPSSubsystem) CMS.getSubsystem(TPSSubsystem.ID); boolean isTokenPresent = tps.tdb.isTokenPresent(cuid); if (!isTokenPresent) { - auditMsg = method + ": token not found: " + cuid; - CMS.debug(auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); + logMsg = method + ": token not found: " + cuid; + CMS.debug(logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); } CARemoteRequestHandler caRH = null; try { caRH = new CARemoteRequestHandler(caConnId); } catch (EBaseException e) { - auditMsg = method + ": getting CARemoteRequestHandler failure"; - CMS.debug(auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); + logMsg = method + ": getting CARemoteRequestHandler failure"; + CMS.debug(logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); } //find all certs belonging to the token ArrayList<TPSCertRecord> certRecords = tps.tdb.tdbGetCertRecordsByCUID(cuid); @@ -1476,9 +1476,9 @@ public class TPSProcessor { try { tps.certDatabase.removeRecord(cert.getId()); } catch (Exception e) { - auditMsg = method + ": removeRecord failed"; - CMS.debug(auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); + logMsg = method + ": removeRecord failed"; + CMS.debug(logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); } continue; } @@ -1499,9 +1499,9 @@ public class TPSProcessor { try { tps.certDatabase.removeRecord(cert.getId()); } catch (Exception e) { - auditMsg = method + ": removeRecord failed"; - CMS.debug(auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); + logMsg = method + ": removeRecord failed"; + CMS.debug(logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); } continue; } @@ -1521,9 +1521,9 @@ public class TPSProcessor { try { tps.certDatabase.removeRecord(cert.getId()); } catch (Exception e) { - auditMsg = method + ": removeRecord failed"; - CMS.debug(auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); + logMsg = method + ": removeRecord failed"; + CMS.debug(logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); } continue; } @@ -1541,30 +1541,30 @@ public class TPSProcessor { revokeReason); CMS.debug(method + ": response status =" + response.getStatus()); } catch (EBaseException e) { - auditMsg = method + ": revokeCertificate from CA failed:" + e; - CMS.debug(auditMsg); + logMsg = method + ": revokeCertificate from CA failed:" + e; + CMS.debug(logMsg); if (revokeReason == RevocationReason.CERTIFICATE_HOLD) { tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, session.getTokenRecord(), - session.getIpAddress(), auditMsg, + session.getIpAddress(), logMsg, "failure"); } else { tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, session.getTokenRecord(), - session.getIpAddress(), auditMsg, + session.getIpAddress(), logMsg, "failure"); } - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); } } else { - auditMsg = "mulformed hex serial number :" + hexSerial; - CMS.debug(method + ": " + auditMsg); + logMsg = "mulformed hex serial number :" + hexSerial; + CMS.debug(method + ": " + logMsg); tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, session.getTokenRecord(), session.getIpAddress(), - auditMsg, + logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED); } - auditMsg = "Certificate " + hexSerial + " revoked"; - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, session.getTokenRecord(), session.getIpAddress(), auditMsg, + logMsg = "Certificate " + hexSerial + " revoked"; + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, session.getTokenRecord(), session.getIpAddress(), logMsg, "success"); // delete cert from tokendb @@ -1573,9 +1573,9 @@ public class TPSProcessor { try { tps.certDatabase.removeRecord(cert.getId()); } catch (Exception e) { - auditMsg = "removeRecord failed:" + e; - CMS.debug(method + ": " + auditMsg); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_UPDATE_TOKENDB_FAILED); + logMsg = "removeRecord failed:" + e; + CMS.debug(method + ": " + logMsg); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_UPDATE_TOKENDB_FAILED); } continue; } @@ -1735,7 +1735,7 @@ public class TPSProcessor { IConfigStore configStore = CMS.getConfigStore(); String configName = null; - String auditMsg = null; + String logMsg = null; String appletVersion = null; TPSSubsystem tps = (TPSSubsystem) CMS.getSubsystem(TPSSubsystem.ID); @@ -1745,8 +1745,8 @@ public class TPSProcessor { try { appletInfo = getAppletInfo(); } catch (TPSException e) { - auditMsg = e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "failure"); throw e; @@ -1810,11 +1810,11 @@ public class TPSProcessor { requireLoginRequest = configStore.getBoolean(configName, false); } catch (EBaseException e) { CMS.debug("TPSProcessor.format: Internal Error obtaining mandatory config values. Error: " + e); - auditMsg = "TPS error getting config values from config store." + e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = "TPS error getting config values from config store." + e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); } if (!requireLoginRequest) { CMS.debug("In TPSProcessor.format: no Login required"); @@ -1826,11 +1826,11 @@ public class TPSProcessor { setSelectedTokenType(tokenType); } catch (EBaseException e) { CMS.debug("TPSProcessor.format: Internal Error obtaining mandatory config values. Error: " + e); - auditMsg = "TPS error getting config values from config store." + e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = "TPS error getting config values from config store." + e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); } CMS.debug("In TPSProcessor.format: isExternalReg: setting tokenType to default first:" + tokenType); @@ -1843,11 +1843,11 @@ public class TPSProcessor { authId = configStore.getString(configName); } catch (EBaseException e) { CMS.debug("TPSProcessor.format: Internal Error obtaining mandatory config values. Error: " + e); - auditMsg = "TPS error getting config values from config store." + e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = "TPS error getting config values from config store." + e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); } try { TPSAuthenticator userAuth = @@ -1857,12 +1857,12 @@ public class TPSProcessor { } catch (Exception e) { // all exceptions are considered login failure CMS.debug("TPSProcessor.format:: authentication exception thrown: " + e); - auditMsg = "authentication failed, status = STATUS_ERROR_LOGIN"; + logMsg = "authentication failed, status = STATUS_ERROR_LOGIN"; - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_LOGIN); } @@ -1870,11 +1870,11 @@ public class TPSProcessor { try { erAttrs = processExternalRegAttrs(/*authToken,*/authId); } catch (Exception ee) { - auditMsg = "processExternalRegAttrs: " + ee.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = "processExternalRegAttrs: " + ee.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); } session.setExternalRegAttrs(erAttrs); /* test @@ -1915,11 +1915,11 @@ public class TPSProcessor { CMS.debug("In TPSProcessor.format: resolved keySet: " + keySet); } } catch (TPSException e) { - auditMsg = e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); } } else { CMS.debug("In TPSProcessor.format isExternalReg: OFF"); @@ -1943,11 +1943,11 @@ public class TPSProcessor { CMS.debug("In TPSProcessor.format: resolved tokenType: " + tokenType); } } catch (TPSException e) { - auditMsg = e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); } CMS.debug("TPSProcessor.format: calculated tokenType: " + tokenType); } @@ -1962,11 +1962,11 @@ public class TPSProcessor { isAuthRequired = configStore.getBoolean(configName, true); } catch (EBaseException e) { CMS.debug("TPSProcessor.format: Internal Error obtaining mandatory config values. Error: " + e); - auditMsg = "TPS error getting config values from config store." + e.toString(); - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, + logMsg = "TPS error getting config values from config store." + e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_MISCONFIGURATION); } if (isAuthRequired && !skipAuth) { @@ -1977,12 +1977,12 @@ public class TPSProcessor { } catch (Exception e) { // all exceptions are considered login failure CMS.debug("TPSProcessor.format:: authentication exception thrown: " + e); - auditMsg = "authentication failed, status = STATUS_ERROR_LOGIN"; + logMsg = "authentication failed, status = STATUS_ERROR_LOGIN"; - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_LOGIN); } } // TODO: if no auth required, should wipe out existing tokenRecord entry data later? @@ -2000,14 +2000,14 @@ public class TPSProcessor { CMS.debug("TPSProcessor.format: token transition disallowed " + tokenRecord.getTokenStatus() + " to " + newState); - auditMsg = "Operation for CUID " + appletInfo.getCUIDhexStringPlain() + + logMsg = "Operation for CUID " + appletInfo.getCUIDhexStringPlain() + " Disabled, illegal transition attempted " + tokenRecord.getTokenStatus() + " to " + newState; - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "failure"); - throw new TPSException(auditMsg, + throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_DISABLED_TOKEN); } else { CMS.debug("TPSProcessor.format: token transition allowed " + @@ -2064,7 +2064,7 @@ public class TPSProcessor { revokeCertificates(tokenRecord.getId(), reason, caConnId); } catch (TPSException te) { // failed revocation; capture message and continue - auditMsg = te.getMessage(); + logMsg = te.getMessage(); } } @@ -2074,16 +2074,16 @@ public class TPSProcessor { tps.tdb.tdbUpdateTokenEntry(tokenRecord); } catch (Exception e) { String failMsg = "update token failure"; - auditMsg = failMsg + ":" + e.toString(); + logMsg = failMsg + ":" + e.toString(); tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), failMsg, "failure"); - throw new TPSException(auditMsg); + throw new TPSException(logMsg); } - auditMsg = "format operation succeeded"; + logMsg = "format operation succeeded"; - tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), auditMsg, "success"); + tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg, "success"); CMS.debug("TPSProcessor.format:: ends"); |