From 624dc7f769c2a7744bd390eff3e3c6cd0dbd140f Mon Sep 17 00:00:00 2001
From: Christina Fu <cfu@redhat.com>
Date: Thu, 17 Oct 2019 16:36:05 -0700
Subject: [PATCH] =?UTF-8?q?Bug=201523330=20-=20(addl=20fix)=20CC:=20missin?=
=?UTF-8?q?g=20audit=20event=20for=20CS=20acting=20as=20TLS=20client=20Bug?=
=?UTF-8?q?=201585722=20-=20TMS=20-=20PKISocketFactory=20=E2=80=93=20Modif?=
=?UTF-8?q?y=20Logging=20to=20Allow=20External=20Use=20of=20class=20to=20w?=
=?UTF-8?q?ork=20like=20CS8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fix in 1523330 might have broken 1585722; This patch is to put the audit
call under if (!external) so that external apps calling this class would
not reach the audit code.
I only tested to be sure that the CA continues to work; QE will need to
test both again.
https://bugzilla.redhat.com/show_bug.cgi?id=1523330
https://bugzilla.redhat.com/show_bug.cgi?id=1585722
(cherry picked from commit 4dfd4893b6598d79ad5d5542795c4792091905c7)
---
.../cmscore/ldapconn/PKISocketFactory.java | 27 ++++++++++++----------
1 file changed, 15 insertions(+), 12 deletions(-)
diff --git a/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java b/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java
index dc93f5d..6f5a876 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java
@@ -85,12 +85,12 @@ public class PKISocketFactory implements LDAPSSLSocketFactoryExt {
if(!external){
IConfigStore cs = CMS.getConfigStore();
keepAlive = cs.getBoolean("tcp.keepAlive", true);
+ sockListener = new PKIClientSocketListener();
} else {
keepAlive = true;
}
log(Level.INFO, "TCP Keep-Alive: " + keepAlive, null);
- sockListener = new PKIClientSocketListener();
} catch (Exception e) {
log(Level.SEVERE, null, e);
@@ -162,23 +162,26 @@ public class PKISocketFactory implements LDAPSSLSocketFactoryExt {
s.setKeepAlive(keepAlive);
} catch (Exception e) {
- // for auditing
- String localIP = "localhost";
- try {
- localIP = InetAddress.getLocalHost().getHostAddress();
- } catch (UnknownHostException e2) {
- // default to "localhost";
- }
- SignedAuditEvent auditEvent;
- auditEvent = ClientAccessSessionEstablishEvent.createFailureEvent(
+ if (!external) {
+ // for auditing
+ String localIP = "localhost";
+ try {
+ localIP = InetAddress.getLocalHost().getHostAddress();
+ } catch (UnknownHostException e2) {
+ // default to "localhost";
+ }
+
+ SignedAuditEvent auditEvent;
+ auditEvent = ClientAccessSessionEstablishEvent.createFailureEvent(
localIP,
host,
Integer.toString(port),
"SYSTEM",
"connect:" +e.toString());
- signedAuditLogger.log(auditEvent);
+ signedAuditLogger.log(auditEvent);
+ }
+ log(Level.SEVERE, null, e);
- CMS.debug(e);
if (s != null) {
try {
s.close();
--
1.8.3.1