From fac7ebb8fd21f60a06241d6e132c8a4f5972a773 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Mon, 12 Jun 2017 17:06:07 +0200
Subject: Fixed audit log signature problem due to rotation.

The LogFile has been modified to set up log signing during its
initialization to ensure the signing works properly during log
rotation.

https://pagure.io/dogtagpki/issue/2561

Change-Id: I69d54a359ebe74557ca9b12ea7582f712fb31949
---
 .../cms/src/com/netscape/cms/logging/LogFile.java  | 43 ++++++++++++----------
 1 file changed, 24 insertions(+), 19 deletions(-)

(limited to 'base/server/cms/src/com')

diff --git a/base/server/cms/src/com/netscape/cms/logging/LogFile.java b/base/server/cms/src/com/netscape/cms/logging/LogFile.java
index 772607edd..ba5a026ff 100644
--- a/base/server/cms/src/com/netscape/cms/logging/LogFile.java
+++ b/base/server/cms/src/com/netscape/cms/logging/LogFile.java
@@ -302,6 +302,30 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
         } catch (IOException e) {
             throw new ELogException(CMS.getUserMessage("CMS_LOG_UNEXPECTED_EXCEPTION", e.toString()));
         }
+
+        // set up signing here to ensure audit logs generated during
+        // subsequent component initialization are signed properly
+        if (mOn && mLogSigning) {
+
+            try {
+                CMS.debug("LogFile: setting up log signing");
+                setupSigning();
+
+                audit(CMS.getLogMessage(
+                        AuditEvent.AUDIT_LOG_STARTUP,
+                        ILogger.SYSTEM_UID,
+                        ILogger.SUCCESS));
+
+            } catch (EBaseException e) {
+
+                audit(CMS.getLogMessage(
+                        AuditEvent.AUDIT_LOG_STARTUP,
+                        ILogger.SYSTEM_UID,
+                        ILogger.FAILURE));
+
+                throw e;
+            }
+        }
     }
 
     /**
@@ -636,25 +660,6 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
      * @exception EBaseException if an internal error occurred
      */
     public void startup() throws EBaseException {
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        CMS.debug("LogFile: entering LogFile.startup()");
-        if (mOn && mLogSigning) {
-            try {
-                setupSigning();
-                audit(CMS.getLogMessage(
-                        AuditEvent.AUDIT_LOG_STARTUP,
-                        ILogger.SYSTEM_UID,
-                        ILogger.SUCCESS));
-            } catch (EBaseException e) {
-                audit(CMS.getLogMessage(
-                        AuditEvent.AUDIT_LOG_STARTUP,
-                        ILogger.SYSTEM_UID,
-                        ILogger.FAILURE));
-                throw e;
-            }
-        }
-
     }
 
     /**
-- 
cgit