From b5655c1f309893919435766e0e17f8d811680abb Mon Sep 17 00:00:00 2001
From: Christina Fu <cfu@cfu-rhel7.usersys.redhat.com>
Date: Fri, 6 Sep 2019 16:49:00 -0400
Subject: [PATCH] Bug 1523330 - CC: missing audit event for CS acting as TLS
 client

This patch adds failed CLIENT_ACCESS_SESSION_ESTABLISH audit event for the case
when internal ldap server goes down

fixes https://bugzilla.redhat.com/show_bug.cgi?id=1523330

(cherry picked from commit 10d52dd0d6b562edc9e32c543017c67c1c0212a8)
---
 .../netscape/cmscore/ldapconn/PKISocketFactory.java | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java b/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java
index e9f28c9..e992016 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java
@@ -31,6 +31,9 @@ import org.mozilla.jss.ssl.SSLSocket;
 
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.certsrv.logging.event.ClientAccessSessionEstablishEvent;
+import com.netscape.certsrv.logging.SignedAuditEvent;
+import com.netscape.cms.logging.SignedAuditLogger;
 
 import netscape.ldap.LDAPException;
 import netscape.ldap.LDAPSSLSocketFactoryExt;
@@ -44,6 +47,8 @@ import org.dogtagpki.server.PKIClientSocketListener;
  */
 public class PKISocketFactory implements LDAPSSLSocketFactoryExt {
 
+    private static SignedAuditLogger signedAuditLogger = SignedAuditLogger.getLogger();
+
     private boolean secure;
     private String mClientAuthCertNickname;
     private boolean mClientAuth;
@@ -140,6 +145,22 @@ public class PKISocketFactory implements LDAPSSLSocketFactoryExt {
             s.setKeepAlive(keepAlive);
 
         } catch (Exception e) {
+            // for auditing
+            String localIP = "localhost";
+            try {
+                localIP = InetAddress.getLocalHost().getHostAddress();
+            } catch (UnknownHostException e2) {
+                // default to "localhost";
+            }
+            SignedAuditEvent auditEvent;
+            auditEvent = ClientAccessSessionEstablishEvent.createFailureEvent(
+                        localIP,
+                        host,
+                        Integer.toString(port),
+                        "SYSTEM",
+                        "connect:" +e.toString());
+            signedAuditLogger.log(auditEvent);
+
             CMS.debug(e);
             if (s != null) {
                 try {
-- 
1.8.3.1