From 3027b565320c96857b7f7fdffed9a5fbec084bab Mon Sep 17 00:00:00 2001
From: Ade Lee <alee@redhat.com>
Date: Thu, 18 May 2017 16:05:07 -0400
Subject: Fix auditing in retrieveKey

The auditing in retrieveKey is all messed up.
* Added new audit event to track accesses to KeyInfo queries.
  They may produce a lot of events, especially if events are
  generated for every listing of data.  By default, this event
  may be turned off.
* Added audit events for generation and processing of key
  recovery requests.

Change-Id: Icb695e712bdfadf0a80903aa52bd00b9d4883182
---
 .../logging/event/SecurityDataInfoEvent.java       | 49 ++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 base/common/src/com/netscape/certsrv/logging/event/SecurityDataInfoEvent.java

(limited to 'base/common/src/com')

diff --git a/base/common/src/com/netscape/certsrv/logging/event/SecurityDataInfoEvent.java b/base/common/src/com/netscape/certsrv/logging/event/SecurityDataInfoEvent.java
new file mode 100644
index 000000000..82c049e3b
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/logging/event/SecurityDataInfoEvent.java
@@ -0,0 +1,49 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2017 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.logging.event;
+
+import com.netscape.certsrv.dbs.keydb.KeyId;
+import com.netscape.certsrv.logging.AuditEvent;
+
+public class SecurityDataInfoEvent extends AuditEvent {
+
+    private static final long serialVersionUID = 1L;
+
+    private static final String LOGGING_PROPERTY =
+            "LOGGING_SIGNED_AUDIT_SECURITY_DATA_INFO";
+
+    public SecurityDataInfoEvent(
+            String subjectID,
+            String outcome,
+            KeyId keyID,
+            String clientKeyID,
+            String failureReason,
+            String pubKey) {
+
+        super(LOGGING_PROPERTY);
+
+        setParameters(new Object[] {
+                subjectID,
+                outcome,
+                keyID,
+                clientKeyID,
+                failureReason,
+                pubKey
+        });
+    }
+}
\ No newline at end of file
-- 
cgit