From b5655c1f309893919435766e0e17f8d811680abb Mon Sep 17 00:00:00 2001
From: Christina Fu <cfu@cfu-rhel7.usersys.redhat.com>
Date: Fri, 6 Sep 2019 16:49:00 -0400
Subject: [PATCH] Bug 1523330 - CC: missing audit event for CS acting as TLS
client
This patch adds failed CLIENT_ACCESS_SESSION_ESTABLISH audit event for the case
when internal ldap server goes down
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1523330
(cherry picked from commit 10d52dd0d6b562edc9e32c543017c67c1c0212a8)
---
.../netscape/cmscore/ldapconn/PKISocketFactory.java | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java b/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java
index e9f28c9..e992016 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java
@@ -31,6 +31,9 @@ import org.mozilla.jss.ssl.SSLSocket;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.certsrv.logging.event.ClientAccessSessionEstablishEvent;
+import com.netscape.certsrv.logging.SignedAuditEvent;
+import com.netscape.cms.logging.SignedAuditLogger;
import netscape.ldap.LDAPException;
import netscape.ldap.LDAPSSLSocketFactoryExt;
@@ -44,6 +47,8 @@ import org.dogtagpki.server.PKIClientSocketListener;
*/
public class PKISocketFactory implements LDAPSSLSocketFactoryExt {
+ private static SignedAuditLogger signedAuditLogger = SignedAuditLogger.getLogger();
+
private boolean secure;
private String mClientAuthCertNickname;
private boolean mClientAuth;
@@ -140,6 +145,22 @@ public class PKISocketFactory implements LDAPSSLSocketFactoryExt {
s.setKeepAlive(keepAlive);
} catch (Exception e) {
+ // for auditing
+ String localIP = "localhost";
+ try {
+ localIP = InetAddress.getLocalHost().getHostAddress();
+ } catch (UnknownHostException e2) {
+ // default to "localhost";
+ }
+ SignedAuditEvent auditEvent;
+ auditEvent = ClientAccessSessionEstablishEvent.createFailureEvent(
+ localIP,
+ host,
+ Integer.toString(port),
+ "SYSTEM",
+ "connect:" +e.toString());
+ signedAuditLogger.log(auditEvent);
+
CMS.debug(e);
if (s != null) {
try {
--
1.8.3.1