diff options
Diffstat (limited to 'base')
-rw-r--r-- | base/server/cms/src/org/dogtagpki/server/PKIServerSocketListener.java | 39 | ||||
-rw-r--r-- | base/server/cmsbundle/src/LogMessages.properties | 2 |
2 files changed, 39 insertions, 2 deletions
diff --git a/base/server/cms/src/org/dogtagpki/server/PKIServerSocketListener.java b/base/server/cms/src/org/dogtagpki/server/PKIServerSocketListener.java index f147c7710..adba676ac 100644 --- a/base/server/cms/src/org/dogtagpki/server/PKIServerSocketListener.java +++ b/base/server/cms/src/org/dogtagpki/server/PKIServerSocketListener.java @@ -41,6 +41,42 @@ public class PKIServerSocketListener implements SSLSocketListener { @Override public void alertReceived(SSLAlertEvent event) { + try { + SSLSocket socket = event.getSocket(); + + SocketAddress remoteSocketAddress = socket.getRemoteSocketAddress(); + InetAddress clientAddress = remoteSocketAddress == null ? null : ((InetSocketAddress)remoteSocketAddress).getAddress(); + InetAddress serverAddress = socket.getLocalAddress(); + String clientIP = clientAddress == null ? "" : clientAddress.getHostAddress(); + String serverIP = serverAddress == null ? "" : serverAddress.getHostAddress(); + + SSLSecurityStatus status = socket.getStatus(); + X509Certificate peerCertificate = status.getPeerCertificate(); + Principal subjectDN = peerCertificate == null ? null : peerCertificate.getSubjectDN(); + String subjectID = subjectDN == null ? "" : subjectDN.toString(); + + int description = event.getDescription(); + String reason = SSLAlertDescription.valueOf(description).toString(); + + logger.debug("SSL alert received:"); + logger.debug(" - client: " + clientAddress); + logger.debug(" - server: " + serverAddress); + logger.debug(" - reason: " + reason); + + IAuditor auditor = CMS.getAuditor(); + + String auditMessage = CMS.getLogMessage( + "LOGGING_SIGNED_AUDIT_ACCESS_SESSION_TERMINATED", + clientIP, + serverIP, + subjectID, + reason); + + auditor.log(auditMessage); + + } catch (Exception e) { + e.printStackTrace(); + } } @Override @@ -75,7 +111,8 @@ public class PKIServerSocketListener implements SSLSocketListener { "LOGGING_SIGNED_AUDIT_ACCESS_SESSION_TERMINATED", clientIP, serverIP, - subjectID); + subjectID, + reason); auditor.log(auditMessage); diff --git a/base/server/cmsbundle/src/LogMessages.properties b/base/server/cmsbundle/src/LogMessages.properties index dde53ba73..7572db456 100644 --- a/base/server/cmsbundle/src/LogMessages.properties +++ b/base/server/cmsbundle/src/LogMessages.properties @@ -2737,7 +2737,7 @@ LOGGING_SIGNED_AUDIT_ACCESS_SESSION_ESTABLISH_SUCCESS=\ # separated by + (if more than one name;;value pair) of config params changed # LOGGING_SIGNED_AUDIT_ACCESS_SESSION_TERMINATED=\ -<type=ACCESS_SESSION_TERMINATED>:[AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP={0}][ServerIP={1}][SubjectID={2}][Outcome=Success] access session terminated +<type=ACCESS_SESSION_TERMINATED>:[AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP={0}][ServerIP={1}][SubjectID={2}][Outcome=Success][Info={3}] access session terminated ########################### |