From 624dc7f769c2a7744bd390eff3e3c6cd0dbd140f Mon Sep 17 00:00:00 2001
From: Christina Fu <cfu@redhat.com>
Date: Thu, 17 Oct 2019 16:36:05 -0700
Subject: [PATCH] =?UTF-8?q?Bug=201523330=20-=20(addl=20fix)=20CC:=20missin?=
 =?UTF-8?q?g=20audit=20event=20for=20CS=20acting=20as=20TLS=20client=20Bug?=
 =?UTF-8?q?=201585722=20-=20TMS=20-=20PKISocketFactory=20=E2=80=93=20Modif?=
 =?UTF-8?q?y=20Logging=20to=20Allow=20External=20Use=20of=20class=20to=20w?=
 =?UTF-8?q?ork=20like=20CS8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fix in 1523330 might have broken 1585722; This patch is to put the audit
call under if (!external) so that external apps calling this class would
not reach the audit code.
I only tested to be sure that the CA continues to work;  QE will need to
test both again.

https://bugzilla.redhat.com/show_bug.cgi?id=1523330
https://bugzilla.redhat.com/show_bug.cgi?id=1585722
(cherry picked from commit 4dfd4893b6598d79ad5d5542795c4792091905c7)
---
 .../cmscore/ldapconn/PKISocketFactory.java         | 27 ++++++++++++----------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java b/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java
index dc93f5d..6f5a876 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java
@@ -85,12 +85,12 @@ public class PKISocketFactory implements LDAPSSLSocketFactoryExt {
             if(!external){
                 IConfigStore cs = CMS.getConfigStore();
                 keepAlive = cs.getBoolean("tcp.keepAlive", true);
+                sockListener = new PKIClientSocketListener();
             } else {
                 keepAlive = true;
             }
 
             log(Level.INFO, "TCP Keep-Alive: " + keepAlive, null);
-            sockListener = new PKIClientSocketListener();
 
         } catch (Exception e) {
             log(Level.SEVERE, null, e);
@@ -162,23 +162,26 @@ public class PKISocketFactory implements LDAPSSLSocketFactoryExt {
             s.setKeepAlive(keepAlive);
 
         } catch (Exception e) {
-            // for auditing
-            String localIP = "localhost";
-            try {
-                localIP = InetAddress.getLocalHost().getHostAddress();
-            } catch (UnknownHostException e2) {
-                // default to "localhost";
-            }
-            SignedAuditEvent auditEvent;
-            auditEvent = ClientAccessSessionEstablishEvent.createFailureEvent(
+            if (!external) {
+                // for auditing
+                String localIP = "localhost";
+                try {
+                    localIP = InetAddress.getLocalHost().getHostAddress();
+                } catch (UnknownHostException e2) {
+                    // default to "localhost";
+                }
+
+                SignedAuditEvent auditEvent;
+                auditEvent = ClientAccessSessionEstablishEvent.createFailureEvent(
                         localIP,
                         host,
                         Integer.toString(port),
                         "SYSTEM",
                         "connect:" +e.toString());
-            signedAuditLogger.log(auditEvent);
+                signedAuditLogger.log(auditEvent);
+            }
+            log(Level.SEVERE, null, e);
 
-            CMS.debug(e);
             if (s != null) {
                 try {
                     s.close();
-- 
1.8.3.1