diff options
Diffstat (limited to 'pki/base/tps')
-rw-r--r-- | pki/base/tps/src/processor/RA_Enroll_Processor.cpp | 21 | ||||
-rw-r--r-- | pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp | 16 | ||||
-rw-r--r-- | pki/base/tps/src/processor/RA_Processor.cpp | 17 |
3 files changed, 52 insertions, 2 deletions
diff --git a/pki/base/tps/src/processor/RA_Enroll_Processor.cpp b/pki/base/tps/src/processor/RA_Enroll_Processor.cpp index c7c64c663..f0bbe3ea2 100644 --- a/pki/base/tps/src/processor/RA_Enroll_Processor.cpp +++ b/pki/base/tps/src/processor/RA_Enroll_Processor.cpp @@ -1187,6 +1187,7 @@ bool RA_Enroll_Processor::CheckAndUpgradeApplet( RA_Status &o_status, char **keyVersion ) { + int rc = 0; const char *FN = "RA_Enroll_Processor::CheckAndUpgradeApplet"; bool r = true; const char *applet_dir=NULL; @@ -1230,7 +1231,7 @@ bool RA_Enroll_Processor::CheckAndUpgradeApplet( RA::Debug(FN, "TKS connection id =%s", connid); //StatusUpdate(a_session, a_extensions, 5, "PROGRESS_UPGRADE_APPLET"); - if (UpgradeApplet(a_session, (char *) OP_PREFIX, (char*) a_tokenType, + if (rc = UpgradeApplet(a_session, (char *) OP_PREFIX, (char*) a_tokenType, o_major_version, o_minor_version, g_applet_target_version, applet_dir, security_level, @@ -1248,6 +1249,18 @@ bool RA_Enroll_Processor::CheckAndUpgradeApplet( o_status = STATUS_ERROR_UPGRADE_APPLET; r = false; + if (rc == -1) { + RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE, + a_userid, a_cuid, a_msn, "Failure", "enrollment", + *keyVersion != NULL? *keyVersion : "", o_current_applet_on_token, g_applet_target_version, "failed to setup secure channel"); + } else { + + RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE, + a_userid, a_cuid, a_msn, "Success", "enrollment", + *keyVersion != NULL? *keyVersion : "", o_current_applet_on_token, g_applet_target_version, "setup secure channel"); + } + + RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE, a_userid, a_cuid, a_msn, "Failure", "enrollment", *keyVersion != NULL? *keyVersion : "", @@ -1261,7 +1274,11 @@ bool RA_Enroll_Processor::CheckAndUpgradeApplet( } // Upgrade Applet reported success - + + RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE, + a_userid, a_cuid, a_msn, "Success", "enrollment", + *keyVersion != NULL? *keyVersion : "", o_current_applet_on_token, g_applet_target_version, "setup secure channel"); + RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE, a_userid, a_cuid, a_msn, "Success", "enrollment", *keyVersion != NULL? *keyVersion : "", diff --git a/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp b/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp index 07c1b6e76..984de7401 100644 --- a/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp +++ b/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp @@ -324,6 +324,17 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa */ SelectApplet(session, 0x04, 0x00, NetKeyAID); + if (upgrade_rc == -1) { + RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE, + userid, cuid, msn, "Failure", "pin_reset", + keyVersion != NULL? keyVersion : "", appletVersion, expected_version, "failed to setup secure channel"); + } else { + + RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE, + userid, cuid, msn, "Success", "pin_reset", + keyVersion != NULL? keyVersion : "", appletVersion, expected_version, "setup secure channel"); + } + RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE, userid, cuid, msn, "Failure", "pin_reset", keyVersion != NULL? keyVersion : "", @@ -331,6 +342,11 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa goto loser; } + + RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE, + userid, cuid, msn, "Success", "pin_reset", + keyVersion != NULL? keyVersion : "", appletVersion, expected_version, "setup secure channel"); + RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE, userid, cuid, msn, "Success", "pin_reset", keyVersion != NULL? keyVersion : "", diff --git a/pki/base/tps/src/processor/RA_Processor.cpp b/pki/base/tps/src/processor/RA_Processor.cpp index f70ee2398..b83190282 100644 --- a/pki/base/tps/src/processor/RA_Processor.cpp +++ b/pki/base/tps/src/processor/RA_Processor.cpp @@ -382,6 +382,7 @@ int RA_Processor::UpgradeApplet(RA_Session *session, char *prefix, char *tokenTy if (channel == NULL) { RA::Error(LL_PER_PDU, "RA_Processor::UpgradeApplet", "channel creation failure"); + rc = -1; goto loser; } @@ -3085,6 +3086,18 @@ locale), */ SelectApplet(session, 0x04, 0x00, NetKeyAID); RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "applet upgrade error", "", tokenType); + // rc = -1 denotes Secure Channel Failure + + if (rc == -1) { + RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE, + userid, cuid, msn, "Failure", "format", + keyVersion != NULL? keyVersion : "", appletVersion, expected_version, "failed to setup secure channel"); + } else { + + RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE, + userid, cuid, msn, "Success", "format", + keyVersion != NULL? keyVersion : "", appletVersion, expected_version, "setup secure channel"); + } RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE, userid, cuid, msn, "Failure", "format", @@ -3093,6 +3106,10 @@ locale), goto loser; } + RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE, + userid, cuid, msn, "Success", "format", + keyVersion != NULL? keyVersion : "", appletVersion, expected_version, "setup secure channel"); + RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE, userid, cuid, msn, "Success", "format", keyVersion != NULL? keyVersion : "", appletVersion, expected_version, "applet upgrade"); |