From 624dc7f769c2a7744bd390eff3e3c6cd0dbd140f Mon Sep 17 00:00:00 2001

From: Christina Fu <cfu@redhat.com>

Date: Thu, 17 Oct 2019 16:36:05 -0700

Subject: [PATCH] =?UTF-8?q?Bug=201523330=20-=20(addl=20fix)=20CC:=20missin?=

 =?UTF-8?q?g=20audit=20event=20for=20CS=20acting=20as=20TLS=20client=20Bug?=

 =?UTF-8?q?=201585722=20-=20TMS=20-=20PKISocketFactory=20=E2=80=93=20Modif?=

 =?UTF-8?q?y=20Logging=20to=20Allow=20External=20Use=20of=20class=20to=20w?=

 =?UTF-8?q?ork=20like=20CS8?=

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

Fix in 1523330 might have broken 1585722; This patch is to put the audit

call under if (!external) so that external apps calling this class would

not reach the audit code.

I only tested to be sure that the CA continues to work;  QE will need to

test both again.

https://bugzilla.redhat.com/show_bug.cgi?id=1523330

https://bugzilla.redhat.com/show_bug.cgi?id=1585722

(cherry picked from commit 4dfd4893b6598d79ad5d5542795c4792091905c7)

---

 .../cmscore/ldapconn/PKISocketFactory.java         | 27 ++++++++++++----------

 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java b/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java

index dc93f5d..6f5a876 100644

--- a/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java

+++ b/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java

@@ -85,12 +85,12 @@ public class PKISocketFactory implements LDAPSSLSocketFactoryExt {

             if(!external){

                 IConfigStore cs = CMS.getConfigStore();

                 keepAlive = cs.getBoolean("tcp.keepAlive", true);

+                sockListener = new PKIClientSocketListener();

             } else {

                 keepAlive = true;

             }

             log(Level.INFO, "TCP Keep-Alive: " + keepAlive, null);

-            sockListener = new PKIClientSocketListener();

         } catch (Exception e) {

             log(Level.SEVERE, null, e);

@@ -162,23 +162,26 @@ public class PKISocketFactory implements LDAPSSLSocketFactoryExt {

             s.setKeepAlive(keepAlive);

         } catch (Exception e) {

-            // for auditing

-            String localIP = "localhost";

-            try {

-                localIP = InetAddress.getLocalHost().getHostAddress();

-            } catch (UnknownHostException e2) {

-                // default to "localhost";

-            }

-            SignedAuditEvent auditEvent;

-            auditEvent = ClientAccessSessionEstablishEvent.createFailureEvent(

+            if (!external) {

+                // for auditing

+                String localIP = "localhost";

+                try {

+                    localIP = InetAddress.getLocalHost().getHostAddress();

+                } catch (UnknownHostException e2) {

+                    // default to "localhost";

+                }

+

+                SignedAuditEvent auditEvent;

+                auditEvent = ClientAccessSessionEstablishEvent.createFailureEvent(

                         localIP,

                         host,

                         Integer.toString(port),

                         "SYSTEM",

                         "connect:" +e.toString());

-            signedAuditLogger.log(auditEvent);

+                signedAuditLogger.log(auditEvent);

+            }

+            log(Level.SEVERE, null, e);

-            CMS.debug(e);

             if (s != null) {

                 try {

                     s.close();

-- 

1.8.3.1