diff options
Diffstat (limited to 'pki/base/kra/src')
4 files changed, 254 insertions, 130 deletions
diff --git a/pki/base/kra/src/com/netscape/kra/EnrollmentService.java b/pki/base/kra/src/com/netscape/kra/EnrollmentService.java index c1aed4725..307f01518 100644 --- a/pki/base/kra/src/com/netscape/kra/EnrollmentService.java +++ b/pki/base/kra/src/com/netscape/kra/EnrollmentService.java @@ -92,12 +92,12 @@ public class EnrollmentService implements IService { LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4"; private final static String - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_PROCESSED = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_PROCESSED_3"; + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED_3"; private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST = "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_4"; - private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED = - "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED_4"; + private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED_4"; /** * Constructs request processor. * <P> @@ -455,7 +455,7 @@ public class EnrollmentService implements IService { // store a message in the signed audit log file auditPublicKey = auditPublicKey(rec); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_PROCESSED, + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED, auditSubjectID, ILogger.SUCCESS, auditPublicKey); diff --git a/pki/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java b/pki/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java index ce2a03b20..fd5537c31 100644 --- a/pki/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java +++ b/pki/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java @@ -120,16 +120,16 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4"; private final static String - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_PROCESSED = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_PROCESSED_3"; + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED_3"; private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST = "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_4"; private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_ASYNC = "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_ASYNC_4"; - private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED = - "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED_4"; - private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED_ASYNC = - "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED_ASYNC_4"; + private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED_4"; + private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED_ASYNC = + "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED_ASYNC_4"; /** * Constructs an escrow authority. @@ -695,7 +695,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove * <li>signed.audit LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST used * whenever a user private key archive request is made (this is when the * DRM receives the request) - * <li>signed.audit LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_PROCESSED used + * <li>signed.audit LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED used * whenever a user private key archive request is processed (this is when * the DRM processes the request) * </ul> @@ -765,7 +765,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_PROCESSED, + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED, auditSubjectID, ILogger.SUCCESS, auditPublicKey); @@ -774,7 +774,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_PROCESSED, + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED, auditSubjectID, ILogger.FAILURE, auditPublicKey); @@ -944,7 +944,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST used whenever * a user private key recovery request is made (this is when the DRM * receives the request) - * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED used whenever + * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED used whenever * a user private key recovery request is processed (this is when the DRM * processes the request) * </ul> @@ -1036,7 +1036,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED, + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED, auditSubjectID, ILogger.SUCCESS, auditRecoveryID, @@ -1050,7 +1050,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED, + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED, auditSubjectID, ILogger.FAILURE, auditRecoveryID, @@ -1063,7 +1063,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED, + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED, auditSubjectID, ILogger.FAILURE, auditRecoveryID, @@ -1084,7 +1084,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST used whenever * a user private key recovery request is made (this is when the DRM * receives the request) - * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED used whenever + * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED used whenever * a user private key recovery request is processed (this is when the DRM * processes the request) * </ul> @@ -1133,7 +1133,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED_ASYNC, + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED_ASYNC, auditSubjectID, ILogger.SUCCESS, auditRecoveryID, @@ -1147,7 +1147,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED_ASYNC, + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED_ASYNC, auditSubjectID, ILogger.FAILURE, auditRecoveryID, @@ -1160,7 +1160,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED_ASYNC, + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED_ASYNC, auditSubjectID, ILogger.FAILURE, auditRecoveryID, diff --git a/pki/base/kra/src/com/netscape/kra/NetkeyKeygenService.java b/pki/base/kra/src/com/netscape/kra/NetkeyKeygenService.java index 4f41eac7d..694e91ab3 100644 --- a/pki/base/kra/src/com/netscape/kra/NetkeyKeygenService.java +++ b/pki/base/kra/src/com/netscape/kra/NetkeyKeygenService.java @@ -97,15 +97,24 @@ public class NetkeyKeygenService implements IService { LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4"; private final static String - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_PROCESSED = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_PROCESSED_3"; + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED_3"; // these need to be defined in LogMessages_en.properties later when we do this private final static String - LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST = - "LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST_3"; + LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST = + "LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST_3"; private final static String - LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_PROCESSED = - "LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_PROCESSED_3"; + LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS_4"; + private final static String + LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE_3"; + private final static String + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; + private final static String + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; private IKeyRecoveryAuthority mKRA = null; private ITransportKeyUnit mTransportUnit = null; private IStorageKeyUnit mStorageUnit = null; @@ -350,20 +359,20 @@ public class NetkeyKeygenService implements IService { int keysize = Integer.parseInt(rKeysize); auditSubjectID=rCUID+":"+rUserid; - SessionContext sContext = SessionContext.getContext(); - String agentId=""; - if (sContext != null) { + SessionContext sContext = SessionContext.getContext(); + String agentId=""; + if (sContext != null) { agentId = (String) sContext.get(SessionContext.USER_ID); - } + } - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - agentId); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST, + agentId, + ILogger.SUCCESS, + auditSubjectID); - audit(auditMessage); + audit(auditMessage); String rWrappedDesKeyString = request.getExtDataInString(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY); @@ -384,7 +393,7 @@ public class NetkeyKeygenService implements IService { (wrapped_des_key.length > 0)) { // unwrap the DES key - sk= (PK11SymKey) mTransportUnit.unwrap_sym(wrapped_des_key); + sk= (PK11SymKey) mTransportUnit.unwrap_sym(wrapped_des_key); /* XXX could be done in HSM*/ KeyPair keypair = null; @@ -399,41 +408,51 @@ public class NetkeyKeygenService implements IService { request.setExtData(IRequest.RESULT, Integer.valueOf(4)); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_PROCESSED, - auditSubjectID, + LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE, + agentId, ILogger.FAILURE, - agentId); + auditSubjectID); audit(auditMessage); return false; - } else { - CMS.debug("NetkeyKeygenService: finished generate key pair for " +rCUID+":"+rUserid); - CMS.debug("NetkeyKeygenService: server-side key generated at keysize "+keysize); + } + CMS.debug("NetkeyKeygenService: finished generate key pair for " +rCUID+":"+rUserid); + + try { + publicKeyData = keypair.getPublic().getEncoded(); + if (publicKeyData == null) { + request.setExtData(IRequest.RESULT, Integer.valueOf(4)); + CMS.debug("NetkeyKeygenService: failed getting publickey encoded"); + return false; + } else { + //CMS.debug("NetkeyKeygenService: public key binary length ="+ publicKeyData.length); + PubKey = base64Encode(publicKeyData); + + //CMS.debug("NetkeyKeygenService: public key length =" + PubKey.length()); + request.setExtData("public_key", PubKey); + } auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_PROCESSED, + LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS, + agentId, + ILogger.SUCCESS, auditSubjectID, - ILogger.SUCCESS, - agentId); + PubKey); audit(auditMessage); - } - - //...extract the private key handle (not privatekeydata) - java.security.PrivateKey privKey = - keypair.getPrivate(); + //...extract the private key handle (not privatekeydata) + java.security.PrivateKey privKey = + keypair.getPrivate(); - if (privKey == null) { - request.setExtData(IRequest.RESULT, Integer.valueOf(4)); - CMS.debug("NetkeyKeygenService: failed getting private key"); - return false; - } else { - CMS.debug("NetkeyKeygenService: got private key"); - } - - try { + if (privKey == null) { + request.setExtData(IRequest.RESULT, Integer.valueOf(4)); + CMS.debug("NetkeyKeygenService: failed getting private key"); + return false; + } else { + CMS.debug("NetkeyKeygenService: got private key"); + } if (sk == null) { CMS.debug("NetkeyKeygenService: no DES key"); @@ -472,22 +491,25 @@ public class NetkeyKeygenService implements IService { if (wrappedPrivKeyString == null) { request.setExtData(IRequest.RESULT, Integer.valueOf(4)); CMS.debug("NetkeyKeygenService: failed generating wrapped private key"); - return false; - } else { - request.setExtData("wrappedUserPrivate", wrappedPrivKeyString); - } + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, + agentId, + ILogger.FAILURE, + auditSubjectID, + PubKey); - publicKeyData = keypair.getPublic().getEncoded(); - if (publicKeyData == null) { - request.setExtData(IRequest.RESULT, Integer.valueOf(4)); - CMS.debug("NetkeyKeygenService: failed getting publickey encoded"); + audit(auditMessage); return false; } else { - //CMS.debug("NetkeyKeygenService: public key binary length ="+ publicKeyData.length); - PubKey = base64Encode(publicKeyData); + request.setExtData("wrappedUserPrivate", wrappedPrivKeyString); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, + agentId, + ILogger.SUCCESS, + auditSubjectID, + PubKey); - //CMS.debug("NetkeyKeygenService: public key length =" + PubKey.length()); - request.setExtData("public_key", PubKey); + audit(auditMessage); } iv_s = /*base64Encode(iv);*/com.netscape.cmsutil.util.Utils.SpecialEncode(iv); @@ -506,6 +528,14 @@ public class NetkeyKeygenService implements IService { // // mKRA.log(ILogger.LL_INFO, "KRA encrypts internal private"); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + agentId, + ILogger.SUCCESS, + auditSubjectID, + auditArchiveID); + + audit(auditMessage); CMS.debug("KRA encrypts private key to put on internal ldap db"); byte privateKeyData[] = mStorageUnit.wrap((org.mozilla.jss.crypto.PrivateKey) privKey); @@ -556,8 +586,8 @@ public class NetkeyKeygenService implements IService { CMS.debug("NetkeyKeygenService: key archived for "+rCUID+":"+rUserid); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_PROCESSED, - auditSubjectID, + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED, + agentId, ILogger.SUCCESS, PubKey); @@ -566,12 +596,11 @@ public class NetkeyKeygenService implements IService { } //if archive request.setExtData(IRequest.RESULT, Integer.valueOf(1)); - } catch (Exception e) { - CMS.debug("NetKeyKeygenService: " + e.toString()); - Debug.printStackTrace(e); - request.setExtData(IRequest.RESULT, Integer.valueOf(4)); - - } + } catch (Exception e) { + CMS.debug("NetKeyKeygenService: " + e.toString()); + Debug.printStackTrace(e); + request.setExtData(IRequest.RESULT, Integer.valueOf(4)); + } } else request.setExtData(IRequest.RESULT, Integer.valueOf(2)); diff --git a/pki/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java b/pki/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java index daafb8b7f..77752cffa 100644 --- a/pki/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java +++ b/pki/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java @@ -90,8 +90,8 @@ public class TokenKeyRecoveryService implements IService { "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_4"; private final static String - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED = - "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED_4"; + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED_4"; private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); /** @@ -243,7 +243,7 @@ public class TokenKeyRecoveryService implements IService { wrapped_des_key = null; - PK11SymKey sk= null; + PK11SymKey sk= null; String rCUID = request.getExtDataInString(IRequest.NETKEY_ATTR_CUID); String rUserid = request.getExtDataInString(IRequest.NETKEY_ATTR_USERID); @@ -260,40 +260,72 @@ public class TokenKeyRecoveryService implements IService { // unwrap the des key sk = (PK11SymKey) mTransportUnit.unwrap_encrypt_sym(wrapped_des_key); - if (sk == null) { - CMS.debug("TokenKeyRecoveryService: no des key"); - request.setExtData(IRequest.RESULT, Integer.valueOf(4)); - } else { - CMS.debug("TokenKeyRecoveryService: received des key"); - } + if (sk == null) { + CMS.debug("TokenKeyRecoveryService: no des key"); + request.setExtData(IRequest.RESULT, Integer.valueOf(4)); + } else { + CMS.debug("TokenKeyRecoveryService: received des key"); + } } else { - CMS.debug("TokenKeyRecoveryService: not receive des key"); + CMS.debug("TokenKeyRecoveryService: not receive des key"); request.setExtData(IRequest.RESULT, Integer.valueOf(4)); - return false; - } + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRecoveryID, + agentId); + + audit(auditMessage); + return false; + } // retrieve based on Certificate - String cert_s = request.getExtDataInString(ATTR_USER_CERT); - if (cert_s == null) { - CMS.debug("TokenKeyRecoveryService: not receive cert"); + String cert_s = request.getExtDataInString(ATTR_USER_CERT); + if (cert_s == null) { + CMS.debug("TokenKeyRecoveryService: not receive cert"); request.setExtData(IRequest.RESULT, Integer.valueOf(3)); - return false; - } + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRecoveryID, + agentId); - String cert = normalizeCertStr(cert_s); - java.security.cert.X509Certificate x509cert = null; - try { - x509cert= (java.security.cert.X509Certificate) Cert.mapCert(cert); - if (x509cert == null) { - CMS.debug("cert mapping failed"); - request.setExtData(IRequest.RESULT, Integer.valueOf(5)); - return false; - } - } catch (IOException e) { - CMS.debug("TokenKeyRecoveryService: mapCert failed"); + audit(auditMessage); + return false; + } + + String cert = normalizeCertStr(cert_s); + java.security.cert.X509Certificate x509cert = null; + try { + x509cert= (java.security.cert.X509Certificate) Cert.mapCert(cert); + if (x509cert == null) { + CMS.debug("cert mapping failed"); + request.setExtData(IRequest.RESULT, Integer.valueOf(5)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRecoveryID, + agentId); + + audit(auditMessage); + return false; + } + } catch (IOException e) { + CMS.debug("TokenKeyRecoveryService: mapCert failed"); request.setExtData(IRequest.RESULT, Integer.valueOf(6)); - return false; - } + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRecoveryID, + agentId); + + audit(auditMessage); + return false; + } try { /* @@ -301,12 +333,11 @@ public class TokenKeyRecoveryService implements IService { CryptoManager.getInstance().getInternalKeyStorageToken(); */ CryptoToken token = mStorageUnit.getToken(); - CMS.debug("NetkeyKeygenService: got token slot:"+token.getName()); + CMS.debug("TokenKeyRecoveryService: got token slot:"+token.getName()); IVParameterSpec algParam = new IVParameterSpec(iv); Cipher cipher = token.getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD); - KeyRecord keyRecord = null; CMS.debug( "KRA reading key record"); try { @@ -316,11 +347,27 @@ public class TokenKeyRecoveryService implements IService { else { CMS.debug("key record not found"); request.setExtData(IRequest.RESULT, Integer.valueOf(8)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRecoveryID, + agentId); + + audit(auditMessage); return false; } }catch (Exception e) { com.netscape.cmscore.util.Debug.printStackTrace(e); request.setExtData(IRequest.RESULT, Integer.valueOf(9)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRecoveryID, + agentId); + + audit(auditMessage); return false; } @@ -342,6 +389,14 @@ public class TokenKeyRecoveryService implements IService { if (inputPubData.length != pubData.length) { mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_PUBLIC_KEY_LEN")); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRecoveryID, + agentId); + + audit(auditMessage); throw new EKRAException( CMS.getUserMessage("CMS_KRA_PUBLIC_KEY_NOT_MATCHED")); } @@ -349,6 +404,14 @@ public class TokenKeyRecoveryService implements IService { for (int i = 0; i < pubData.length; i++) { if (pubData[i] != inputPubData[i]) { mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_PUBLIC_KEY_LEN")); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRecoveryID, + agentId); + + audit(auditMessage); throw new EKRAException( CMS.getUserMessage("CMS_KRA_PUBLIC_KEY_NOT_MATCHED")); } @@ -359,10 +422,18 @@ public class TokenKeyRecoveryService implements IService { privateKeyData = recoverKey(params, keyRecord); if (privateKeyData == null) { request.setExtData(IRequest.RESULT, Integer.valueOf(4)); - CMS.debug("NetkeyKeygenService: failed getting private key"); + CMS.debug("TokenKeyRecoveryService: failed getting private key"); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRecoveryID, + agentId); + + audit(auditMessage); return false; } - CMS.debug("NetkeyKeygenService: got private key...about to verify"); + CMS.debug("TokenKeyRecoveryService: got private key...about to verify"); /* LunaSA returns data with padding which we need to remove */ ByteArrayInputStream dis = new ByteArrayInputStream(privateKeyData); @@ -378,10 +449,18 @@ public class TokenKeyRecoveryService implements IService { if (verifyKeyPair(pubData, privateKeyData) == false) { mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_PUBLIC_NOT_FOUND")); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRecoveryID, + agentId); + + audit(auditMessage); throw new EKRAException( CMS.getUserMessage("CMS_KRA_INVALID_PUBLIC_KEY")); } else { - CMS.debug("NetkeyKeygenService: private key verified with public key"); + CMS.debug("TokenKeyRecoveryService: private key verified with public key"); } //encrypt and put in private key @@ -392,14 +471,22 @@ public class TokenKeyRecoveryService implements IService { com.netscape.cmsutil.util.Utils.SpecialEncode(wrapped); if (wrappedPrivKeyString == null) { request.setExtData(IRequest.RESULT, Integer.valueOf(4)); - CMS.debug("NetkeyKeygenService: failed generating wrapped private key"); + CMS.debug("TokenKeyRecoveryService: failed generating wrapped private key"); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRecoveryID, + agentId); + + audit(auditMessage); return false; } else { - CMS.debug("NetkeyKeygenService: got private key data wrapped"); + CMS.debug("TokenKeyRecoveryService: got private key data wrapped"); request.setExtData("wrappedUserPrivate", wrappedPrivKeyString); request.setExtData(IRequest.RESULT, Integer.valueOf(1)); - CMS.debug( "NetkeyKeygenService: key for " +rCUID+":"+rUserid +" recovered"); + CMS.debug( "TokenKeyRecoveryService: key for " +rCUID+":"+rUserid +" recovered"); } //convert and put in the public key @@ -416,23 +503,31 @@ public class TokenKeyRecoveryService implements IService { if (b64PKey == null) { request.setExtData(IRequest.RESULT, Integer.valueOf(4)); - CMS.debug("NetkeyKeygenService: failed getting publickey encoded"); + CMS.debug("TokenKeyRecoveryService: failed getting publickey encoded"); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRecoveryID, + agentId); + + audit(auditMessage); return false; } else { - CMS.debug("NetkeyKeygenService: got publicKeyData b64 = "+ + CMS.debug("TokenKeyRecoveryService: got publicKeyData b64 = "+ b64PKey); } request.setExtData("public_key", b64PKey); - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRecoveryID, - agentId); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRecoveryID, + agentId); - audit(auditMessage); + audit(auditMessage); - return true; + return true; } catch (Exception e) { CMS.debug("TokenKeyRecoveryService: " + e.toString()); |