summaryrefslogtreecommitdiffstats
path: root/pki/base/tps
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/tps')
-rw-r--r--pki/base/tps/src/processor/RA_Enroll_Processor.cpp21
-rw-r--r--pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp16
-rw-r--r--pki/base/tps/src/processor/RA_Processor.cpp17
3 files changed, 52 insertions, 2 deletions
diff --git a/pki/base/tps/src/processor/RA_Enroll_Processor.cpp b/pki/base/tps/src/processor/RA_Enroll_Processor.cpp
index c7c64c663..f0bbe3ea2 100644
--- a/pki/base/tps/src/processor/RA_Enroll_Processor.cpp
+++ b/pki/base/tps/src/processor/RA_Enroll_Processor.cpp
@@ -1187,6 +1187,7 @@ bool RA_Enroll_Processor::CheckAndUpgradeApplet(
RA_Status &o_status,
char **keyVersion )
{
+ int rc = 0;
const char *FN = "RA_Enroll_Processor::CheckAndUpgradeApplet";
bool r = true;
const char *applet_dir=NULL;
@@ -1230,7 +1231,7 @@ bool RA_Enroll_Processor::CheckAndUpgradeApplet(
RA::Debug(FN, "TKS connection id =%s", connid);
//StatusUpdate(a_session, a_extensions, 5, "PROGRESS_UPGRADE_APPLET");
- if (UpgradeApplet(a_session, (char *) OP_PREFIX, (char*) a_tokenType,
+ if (rc = UpgradeApplet(a_session, (char *) OP_PREFIX, (char*) a_tokenType,
o_major_version, o_minor_version,
g_applet_target_version,
applet_dir, security_level,
@@ -1248,6 +1249,18 @@ bool RA_Enroll_Processor::CheckAndUpgradeApplet(
o_status = STATUS_ERROR_UPGRADE_APPLET;
r = false;
+ if (rc == -1) {
+ RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE,
+ a_userid, a_cuid, a_msn, "Failure", "enrollment",
+ *keyVersion != NULL? *keyVersion : "", o_current_applet_on_token, g_applet_target_version, "failed to setup secure channel");
+ } else {
+
+ RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE,
+ a_userid, a_cuid, a_msn, "Success", "enrollment",
+ *keyVersion != NULL? *keyVersion : "", o_current_applet_on_token, g_applet_target_version, "setup secure channel");
+ }
+
+
RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE,
a_userid, a_cuid, a_msn, "Failure", "enrollment",
*keyVersion != NULL? *keyVersion : "",
@@ -1261,7 +1274,11 @@ bool RA_Enroll_Processor::CheckAndUpgradeApplet(
}
// Upgrade Applet reported success
-
+
+ RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE,
+ a_userid, a_cuid, a_msn, "Success", "enrollment",
+ *keyVersion != NULL? *keyVersion : "", o_current_applet_on_token, g_applet_target_version, "setup secure channel");
+
RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE,
a_userid, a_cuid, a_msn, "Success", "enrollment",
*keyVersion != NULL? *keyVersion : "",
diff --git a/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp b/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp
index 07c1b6e76..984de7401 100644
--- a/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp
+++ b/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp
@@ -324,6 +324,17 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa
*/
SelectApplet(session, 0x04, 0x00, NetKeyAID);
+ if (upgrade_rc == -1) {
+ RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE,
+ userid, cuid, msn, "Failure", "pin_reset",
+ keyVersion != NULL? keyVersion : "", appletVersion, expected_version, "failed to setup secure channel");
+ } else {
+
+ RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE,
+ userid, cuid, msn, "Success", "pin_reset",
+ keyVersion != NULL? keyVersion : "", appletVersion, expected_version, "setup secure channel");
+ }
+
RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE,
userid, cuid, msn, "Failure", "pin_reset",
keyVersion != NULL? keyVersion : "",
@@ -331,6 +342,11 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa
goto loser;
}
+
+ RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE,
+ userid, cuid, msn, "Success", "pin_reset",
+ keyVersion != NULL? keyVersion : "", appletVersion, expected_version, "setup secure channel");
+
RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE,
userid, cuid, msn, "Success", "pin_reset",
keyVersion != NULL? keyVersion : "",
diff --git a/pki/base/tps/src/processor/RA_Processor.cpp b/pki/base/tps/src/processor/RA_Processor.cpp
index f70ee2398..b83190282 100644
--- a/pki/base/tps/src/processor/RA_Processor.cpp
+++ b/pki/base/tps/src/processor/RA_Processor.cpp
@@ -382,6 +382,7 @@ int RA_Processor::UpgradeApplet(RA_Session *session, char *prefix, char *tokenTy
if (channel == NULL) {
RA::Error(LL_PER_PDU, "RA_Processor::UpgradeApplet",
"channel creation failure");
+ rc = -1;
goto loser;
}
@@ -3085,6 +3086,18 @@ locale),
*/
SelectApplet(session, 0x04, 0x00, NetKeyAID);
RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "applet upgrade error", "", tokenType);
+ // rc = -1 denotes Secure Channel Failure
+
+ if (rc == -1) {
+ RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE,
+ userid, cuid, msn, "Failure", "format",
+ keyVersion != NULL? keyVersion : "", appletVersion, expected_version, "failed to setup secure channel");
+ } else {
+
+ RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE,
+ userid, cuid, msn, "Success", "format",
+ keyVersion != NULL? keyVersion : "", appletVersion, expected_version, "setup secure channel");
+ }
RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE,
userid, cuid, msn, "Failure", "format",
@@ -3093,6 +3106,10 @@ locale),
goto loser;
}
+ RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE,
+ userid, cuid, msn, "Success", "format",
+ keyVersion != NULL? keyVersion : "", appletVersion, expected_version, "setup secure channel");
+
RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE,
userid, cuid, msn, "Success", "format",
keyVersion != NULL? keyVersion : "", appletVersion, expected_version, "applet upgrade");
generated by cgit (git 2.34.1) at 2024-07-08 06:00:27 +0000