summaryrefslogtreecommitdiffstats
path: root/base/kra/src/com/netscape/kra/SymKeyGenService.java
diff options
context:
space:
mode:
Diffstat (limited to 'base/kra/src/com/netscape/kra/SymKeyGenService.java')
-rw-r--r--base/kra/src/com/netscape/kra/SymKeyGenService.java43
1 files changed, 8 insertions, 35 deletions
diff --git a/base/kra/src/com/netscape/kra/SymKeyGenService.java b/base/kra/src/com/netscape/kra/SymKeyGenService.java
index 774bbcda9..46c8265f0 100644
--- a/base/kra/src/com/netscape/kra/SymKeyGenService.java
+++ b/base/kra/src/com/netscape/kra/SymKeyGenService.java
@@ -34,7 +34,6 @@ import org.mozilla.jss.crypto.TokenException;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.SessionContext;
import com.netscape.certsrv.dbs.keydb.IKeyRecord;
import com.netscape.certsrv.dbs.keydb.IKeyRepository;
import com.netscape.certsrv.key.KeyRequestResource;
@@ -56,7 +55,6 @@ import com.netscape.cmscore.dbs.KeyRecord;
*/
public class SymKeyGenService implements IService {
- private final static String DEFAULT_OWNER = "IPA Agent";
public final static String ATTR_KEY_RECORD = "keyRecord";
private final static String STATUS_ACTIVE = "active";
@@ -102,12 +100,12 @@ public class SymKeyGenService implements IService {
CMS.debug("SymKeyGenService.serviceRequest. Request id: " + id);
CMS.debug("SymKeyGenService.serviceRequest algorithm: " + algorithm);
- String owner = getOwnerName(request);
- String subjectID = auditSubjectID();
+ String owner = request.getExtDataInString(IRequest.ATTR_REQUEST_OWNER);
+ String auditSubjectID = owner;
//Check here even though restful layer checks for this.
if (algorithm == null || clientKeyId == null || keySize <= 0) {
- auditSymKeyGenRequestProcessed(subjectID, ILogger.FAILURE, request.getRequestId(),
+ auditSymKeyGenRequestProcessed(auditSubjectID, ILogger.FAILURE, request.getRequestId(),
clientKeyId, null, "Bad data in request");
throw new EBaseException("Bad data in SymKeyGenService.serviceRequest");
}
@@ -167,7 +165,7 @@ public class SymKeyGenService implements IService {
} catch (TokenException | IllegalStateException | CharConversionException | NoSuchAlgorithmException
| InvalidAlgorithmParameterException e) {
CMS.debugStackTrace();
- auditSymKeyGenRequestProcessed(subjectID, ILogger.FAILURE, request.getRequestId(),
+ auditSymKeyGenRequestProcessed(auditSubjectID, ILogger.FAILURE, request.getRequestId(),
clientKeyId, null, "Failed to generate symmetric key");
throw new EBaseException("Errors in generating symmetric key: " + e);
}
@@ -178,7 +176,7 @@ public class SymKeyGenService implements IService {
if (sk != null) {
privateSecurityData = mStorageUnit.wrap(sk);
} else { // We have no data.
- auditSymKeyGenRequestProcessed(subjectID, ILogger.FAILURE, request.getRequestId(),
+ auditSymKeyGenRequestProcessed(auditSubjectID, ILogger.FAILURE, request.getRequestId(),
clientKeyId, null, "Failed to create security data to archive");
throw new EBaseException("Failed to create security data to archive!");
}
@@ -192,7 +190,7 @@ public class SymKeyGenService implements IService {
//Now we need a serial number for our new key.
if (rec.getSerialNumber() != null) {
- auditSymKeyGenRequestProcessed(subjectID, ILogger.FAILURE, request.getRequestId(),
+ auditSymKeyGenRequestProcessed(auditSubjectID, ILogger.FAILURE, request.getRequestId(),
clientKeyId, null, CMS.getUserMessage("CMS_KRA_INVALID_STATE"));
throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_STATE"));
}
@@ -203,7 +201,7 @@ public class SymKeyGenService implements IService {
if (serialNo == null) {
mKRA.log(ILogger.LL_FAILURE,
CMS.getLogMessage("CMSCORE_KRA_GET_NEXT_SERIAL"));
- auditSymKeyGenRequestProcessed(subjectID, ILogger.FAILURE, request.getRequestId(),
+ auditSymKeyGenRequestProcessed(auditSubjectID, ILogger.FAILURE, request.getRequestId(),
clientKeyId, null, "Failed to get next Key ID");
throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_STATE"));
}
@@ -218,7 +216,7 @@ public class SymKeyGenService implements IService {
CMS.debug("KRA adding Security Data key record " + serialNo);
storage.addKeyRecord(rec);
- auditSymKeyGenRequestProcessed(subjectID, ILogger.SUCCESS, request.getRequestId(),
+ auditSymKeyGenRequestProcessed(auditSubjectID, ILogger.SUCCESS, request.getRequestId(),
clientKeyId, serialNo.toString(), "None");
request.setExtData(IRequest.RESULT, IRequest.RES_SUCCESS);
@@ -227,11 +225,6 @@ public class SymKeyGenService implements IService {
return true;
}
- //ToDo: return real owner with auth
- private String getOwnerName(IRequest request) {
- return DEFAULT_OWNER;
- }
-
private void audit(String msg) {
if (signedAuditLogger == null)
return;
@@ -243,26 +236,6 @@ public class SymKeyGenService implements IService {
msg);
}
- private String auditSubjectID() {
- if (signedAuditLogger == null) {
- return null;
- }
-
- String subjectID = null;
-
- // Initialize subjectID
- SessionContext auditContext = SessionContext.getExistingContext();
-
- if (auditContext != null) {
- subjectID = (String) auditContext.get(SessionContext.USER_ID);
- subjectID = (subjectID != null) ? subjectID.trim() : ILogger.NONROLEUSER;
- } else {
- subjectID = ILogger.UNIDENTIFIED;
- }
-
- return subjectID;
- }
-
private void auditSymKeyGenRequestProcessed(String subjectID, String status, RequestId requestID, String clientKeyID,
String keyID, String reason) {
String auditMessage = CMS.getLogMessage(
generated by cgit (git 2.34.1) at 2024-09-25 15:52:52 +0000