|
 |
92a605 |
--- patch/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java 2017-06-06 04:56:02.188426066 +0200
|
|
|
92a605 |
+++ pki/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java 2017-06-06 01:50:56.698341052 +0200
|
|
|
92a605 |
@@ -17,6 +17,8 @@
|
|
|
92a605 |
// --- END COPYRIGHT BLOCK ---
|
|
|
92a605 |
package com.netscape.kra;
|
|
|
92a605 |
|
|
|
92a605 |
+import java.math.BigInteger;
|
|
|
92a605 |
+
|
|
|
92a605 |
import com.netscape.certsrv.apps.CMS;
|
|
|
92a605 |
import com.netscape.certsrv.base.EBaseException;
|
|
|
92a605 |
import com.netscape.certsrv.dbs.keydb.KeyId;
|
|
|
92a605 |
@@ -41,6 +43,7 @@ public class SecurityDataRecoveryService
|
|
|
92a605 |
|
|
|
92a605 |
private IKeyRecoveryAuthority kra = null;
|
|
|
92a605 |
private SecurityDataProcessor processor = null;
|
|
|
92a605 |
+ private ILogger signedAuditLogger = CMS.getSignedAuditLogger();
|
|
|
92a605 |
|
|
|
92a605 |
public SecurityDataRecoveryService(IKeyRecoveryAuthority kra) {
|
|
|
92a605 |
this.kra = kra;
|
|
|
92a605 |
@@ -65,8 +68,66 @@ public class SecurityDataRecoveryService
|
|
|
92a605 |
throws EBaseException {
|
|
|
92a605 |
|
|
|
92a605 |
CMS.debug("SecurityDataRecoveryService.serviceRequest()");
|
|
|
92a605 |
- processor.recover(request);
|
|
|
92a605 |
- kra.getRequestQueue().updateRequest(request);
|
|
|
92a605 |
+
|
|
|
92a605 |
+ // parameters for auditing
|
|
|
92a605 |
+ String auditSubjectID = request.getExtDataInString(IRequest.ATTR_REQUEST_OWNER);
|
|
|
92a605 |
+ BigInteger serialNumber = request.getExtDataInBigInteger("serialNumber");
|
|
|
92a605 |
+ KeyId keyId = serialNumber != null ? new KeyId(serialNumber): null;
|
|
|
92a605 |
+ RequestId requestID = request.getRequestId();
|
|
|
92a605 |
+ String approvers = request.getExtDataInString(IRequest.ATTR_APPROVE_AGENTS);
|
|
|
92a605 |
+
|
|
|
92a605 |
+ try {
|
|
|
92a605 |
+ processor.recover(request);
|
|
|
92a605 |
+ kra.getRequestQueue().updateRequest(request);
|
|
|
92a605 |
+ auditRecoveryRequestProcessed(
|
|
|
92a605 |
+ auditSubjectID,
|
|
|
92a605 |
+ ILogger.SUCCESS,
|
|
|
92a605 |
+ requestID,
|
|
|
92a605 |
+ keyId,
|
|
|
92a605 |
+ null,
|
|
|
92a605 |
+ approvers);
|
|
|
92a605 |
+ } catch (EBaseException e) {
|
|
|
92a605 |
+ auditRecoveryRequestProcessed(
|
|
|
92a605 |
+ auditSubjectID,
|
|
|
92a605 |
+ ILogger.FAILURE,
|
|
|
92a605 |
+ requestID,
|
|
|
92a605 |
+ keyId,
|
|
|
92a605 |
+ e.getMessage(),
|
|
|
92a605 |
+ approvers);
|
|
|
92a605 |
+ throw e;
|
|
|
92a605 |
+ }
|
|
|
92a605 |
return false; //TODO: return true?
|
|
|
92a605 |
}
|
|
|
92a605 |
+
|
|
|
92a605 |
+ private void audit(AuditEvent event) {
|
|
|
92a605 |
+
|
|
|
92a605 |
+ String template = event.getMessage();
|
|
|
92a605 |
+ Object[] params = event.getParameters();
|
|
|
92a605 |
+
|
|
|
92a605 |
+ String message = CMS.getLogMessage(template, params);
|
|
|
92a605 |
+
|
|
|
92a605 |
+ audit(message);
|
|
|
92a605 |
+ }
|
|
|
92a605 |
+
|
|
|
92a605 |
+ private void audit(String msg) {
|
|
|
92a605 |
+ if (signedAuditLogger == null)
|
|
|
92a605 |
+ return;
|
|
|
92a605 |
+
|
|
|
92a605 |
+ signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
|
|
|
92a605 |
+ null,
|
|
|
92a605 |
+ ILogger.S_SIGNED_AUDIT,
|
|
|
92a605 |
+ ILogger.LL_SECURITY,
|
|
|
92a605 |
+ msg);
|
|
|
92a605 |
+ }
|
|
|
92a605 |
+
|
|
|
92a605 |
+ private void auditRecoveryRequestProcessed(String subjectID, String status, RequestId requestID,
|
|
|
92a605 |
+ KeyId keyID, String reason, String recoveryAgents) {
|
|
|
92a605 |
+ audit(new SecurityDataRecoveryProcessedEvent(
|
|
|
92a605 |
+ subjectID,
|
|
|
92a605 |
+ status,
|
|
|
92a605 |
+ requestID,
|
|
|
92a605 |
+ keyID,
|
|
|
92a605 |
+ reason,
|
|
|
92a605 |
+ recoveryAgents));
|
|
|
92a605 |
+ }
|
|
|
92a605 |
}
|