clean up audit #42

xipki · Oct 26, 2016 · 9a5280d · 9a5280d
1 parent 3c47125
commit 9a5280d
Show file tree

Hide file tree

Showing 16 changed files with 1,215 additions and 1,131 deletions.
diff --git a/ca/ca-server/src/main/java/org/xipki/pki/ca/server/impl/CaAuditConstants.java b/ca/ca-server/src/main/java/org/xipki/pki/ca/server/impl/CaAuditConstants.java
@@ -0,0 +1,169 @@
+/*
+ *
+ * Copyright (c) 2013 - 2016 Lijun Liao
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License version 3
+ * as published by the Free Software Foundation with the addition of the
+ * following permission added to Section 15 as permitted in Section 7(a):
+ *
+ * FOR ANY PART OF THE COVERED WORK IN WHICH THE COPYRIGHT IS OWNED BY
+ * THE AUTHOR LIJUN LIAO. LIJUN LIAO DISCLAIMS THE WARRANTY OF NON INFRINGEMENT
+ * OF THIRD PARTY RIGHTS.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU Affero General Public License.
+ *
+ * You can be released from the requirements of the license by purchasing
+ * a commercial license. Buying such a license is mandatory as soon as you
+ * develop commercial activities involving the XiPKI software without
+ * disclosing the source code of your own applications.
+ *
+ * For more information, please contact Lijun Liao at this
+ * address: lijun.liao@gmail.com
+ */
+
+package org.xipki.pki.ca.server.impl;
+
+/**
+ * @author Lijun Liao
+ * @since 2.1.0
+ */
+
+public class CaAuditConstants {
+
+    public static final String APPNAME = "CA";
+
+    public static final String MSGID_CA_routine = "CA_routine";
+
+    public static final String MSGID_CA_mgmt = "CA_mgmt";
+
+    public static final String NAME_CA = "CA";
+
+    public static final String NAME_certprofile = "certprofile";
+
+    public static final String NAME_crlNumber = "crlNumber";
+
+    public static final String NAME_crlType = "crlType";
+
+    public static final String NAME_invalidityTime = "invalidityTime";
+
+    public static final String NAME_issuer = "issuer";
+
+    public static final String NAME_message = "message";
+
+    public static final String NAME_mid = "mid";
+
+    public static final String NAME_nextUpdate = "nextUpdate";
+
+    public static final String NAME_notBefore = "notBefore";
+
+    public static final String NAME_notAfter = "notAfter";
+
+    public static final String NAME_num = "num";
+
+    public static final String NAME_PERF = "PERF";
+
+    public static final String NAME_reason = "reason";
+
+    public static final String NAME_reqType = "reqType";
+
+    public static final String NAME_reqSubject = "reqSubject";
+
+    public static final String NAME_requestor = "requestor";
+
+    public static final String NAME_subject = "subject";
+
+    public static final String NAME_SCEP_signature = "signature";
+
+    public static final String NAME_SCEP_decryption = "decryption";
+
+    public static final String NAME_SCEP_failureMessage = "failureMessage";
+
+    public static final String NAME_SCEP_messageType = "messageType";
+
+    public static final String NAME_SCEP_pkiStatus = "pkiStatus";
+
+    public static final String NAME_SCEP_failInfo = "failInfo";
+
+    public static final String NAME_SCEP_name = "name";
+
+    public static final String NAME_SCEP_operation = "operation";
+
+    public static final String NAME_serial = "serial";
+
+    public static final String NAME_thisUpdate = "thisUpdate";
+
+    public static final String NAME_tid = "tid";
+
+    public static final String NAME_user = "user";
+
+    // eventType
+    public static final String TYPE_cleanup_CRL = "cleanup_CRL";
+
+    public static final String TYPE_download_CRL = "download_CRL";
+
+    public static final String TYPE_downlaod_CRLforNumber = "download_CRLforNumber";
+
+    public static final String TYPE_get_systeminfo = "get_systeminfo";
+
+    public static final String TYPE_gen_cert = "gen_cert";
+
+    public static final String TYPE_gen_CRL = "gen_CRL";
+
+    public static final String TYPE_regen_cert = "regenerate_cert";
+
+    public static final String TYPE_revoke_CA = "revoke_CA";
+
+    public static final String TYPE_remove_cert = "remove_cert";
+
+    public static final String TYPE_remove_expiredCerts = "remove_expiredCerts";
+
+    public static final String TYPE_revoke_suspendedCert = "revoke_suspendedCert";
+
+    public static final String TYPE_revoke_suspendedCerts = "revoke_suspendedCerts";
+
+    public static final String TYPE_revoke_cert = "revoke_cert";
+
+    public static final String TYPE_unrevoke_CA = "unrevoke_CA";
+
+    public static final String TYPE_unrevoke_CERT = "unrevoke_cert";
+
+    public static final String TYPE_CMP_cr = "cr";
+
+    public static final String TYPE_CMP_p10Cr = "p10Cr";
+
+    public static final String TYPE_CMP_kur = "kur";
+
+    public static final String TYPE_CMP_ccr = "ccr";
+
+    public static final String TYPE_CMP_certConf = "certConf";
+
+    public static final String TYPE_CMP_pkiConf = "pkiConf";
+
+    public static final String TYPE_CMP_error = "error";
+
+    public static final String TYPE_CMP_rr_revoke = "rr_revoke";
+
+    public static final String TYPE_CMP_rr_unrevoke = "rr_unrevoke";
+
+    public static final String TYPE_CMP_rr_remove = "rr_remove";
+
+    public static final String TYPE_CMP_genm_currentCrl = "genm_currentCrl";
+
+    public static final String TYPE_CMP_genm_genCrl = "genm_genCrl";
+
+    public static final String TYPE_CMP_genm_crlForNumber = "genm_crlForNumber";
+
+    public static final String TYPE_CMP_genm_cainfo = "genm_cainfo";
+
+}
diff --git a/ca/ca-server/src/main/java/org/xipki/pki/ca/server/impl/CaManagerImpl.java b/ca/ca-server/src/main/java/org/xipki/pki/ca/server/impl/CaManagerImpl.java
@@ -181,7 +181,6 @@
  * @author Lijun Liao
  * @since 2.0.0
  */
-
 public class CaManagerImpl implements CaManager, CmpResponderManager, ScepManager {
 
     private class ScheduledPublishQueueCleaner implements Runnable {
@@ -2234,7 +2233,7 @@ public boolean revokeCa(final String caName, final CertRevocationInfo revocation
         }
 
         try {
-            ca.revoke(revocationInfo);
+            ca.revokeCa(revocationInfo, CaAuditConstants.MSGID_CA_mgmt);
         } catch (OperationException ex) {
             throw new CaMgmtException("could not revoke CA " + ex.getMessage(), ex);
         }
@@ -2261,7 +2260,7 @@ public boolean unrevokeCa(final String caName) throws CaMgmtException {
 
         X509Ca ca = x509cas.get(lcoalCaName);
         try {
-            ca.unrevoke();
+            ca.unrevokeCa(CaAuditConstants.MSGID_CA_mgmt);
         } catch (OperationException ex) {
             throw new CaMgmtException("could not unrevoke of CA " + ex.getMessage(), ex);
         }
@@ -2355,7 +2354,8 @@ public boolean revokeCertificate(final String caName, final BigInteger serialNum
         ParamUtil.requireNonNull("serialNumber", serialNumber);
         X509Ca ca = getX509Ca(caName);
         try {
-            return ca.revokeCertificate(serialNumber, reason, invalidityTime) != null;
+            return ca.revokeCertificate(serialNumber, reason, invalidityTime,
+                    CaAuditConstants.MSGID_CA_mgmt) != null;
         } catch (OperationException ex) {
             throw new CaMgmtException(ex.getMessage(), ex);
         }
@@ -2368,7 +2368,7 @@ public boolean unrevokeCertificate(final String caName, final BigInteger serialN
         ParamUtil.requireNonNull("serialNumber", serialNumber);
         X509Ca ca = getX509Ca(caName);
         try {
-            return ca.unrevokeCertificate(serialNumber) != null;
+            return ca.unrevokeCertificate(serialNumber, CaAuditConstants.MSGID_CA_mgmt) != null;
         } catch (OperationException ex) {
             throw new CaMgmtException(ex.getMessage(), ex);
         }
@@ -2386,7 +2386,7 @@ public boolean removeCertificate(final String caName, final BigInteger serialNum
         }
 
         try {
-            return ca.removeCertificate(serialNumber) != null;
+            return ca.removeCertificate(serialNumber, CaAuditConstants.MSGID_CA_mgmt) != null;
         } catch (OperationException ex) {
             throw new CaMgmtException(ex.getMessage(), ex);
         }
@@ -2400,6 +2400,11 @@ public X509Certificate generateCertificate(final String caName, final String pro
         ParamUtil.requireNonBlank("profileName", profileName);
         ParamUtil.requireNonNull("encodedCsr", encodedCsr);
 
+        AuditEvent auditEvent = new AuditEvent(new Date());
+        auditEvent.setApplicationName("CA");
+        auditEvent.setName("PERF");
+        auditEvent.addEventData("eventType", "CAMGMT_CRL_GEN_ONDEMAND");
+
         X509Ca ca = getX509Ca(caName);
         CertificationRequest csr;
         try {
@@ -2432,7 +2437,7 @@ public X509Certificate generateCertificate(final String caName, final String pro
         X509CertificateInfo certInfo;
         try {
             certInfo = ca.generateCertificate(certTemplateData, false, null, user, RequestType.CA,
-                    (byte[]) null);
+                    (byte[]) null, CaAuditConstants.MSGID_CA_mgmt);
         } catch (OperationException ex) {
             throw new CaMgmtException(ex.getMessage(), ex);
         }
@@ -2691,17 +2696,11 @@ public UserEntry getUser(final String username) throws CaMgmtException {
     public X509CRL generateCrlOnDemand(final String caName) throws CaMgmtException {
         ParamUtil.requireNonBlank("caName", caName);
 
-        AuditEvent auditEvent = new AuditEvent(new Date());
-        auditEvent.addEventData("eventType", "CAMGMT_CRL_GEN_ONDEMAND");
         X509Ca ca = getX509Ca(caName);
         try {
-            return ca.generateCrlOnDemand(auditEvent);
+            return ca.generateCrlOnDemand(CaAuditConstants.MSGID_CA_mgmt);
         } catch (OperationException ex) {
-            auditEvent.setStatus(AuditStatus.FAILED);
-            auditEvent.addEventData("message", ex.getErrorCode().name());
             throw new CaMgmtException(ex.getMessage(), ex);
-        } finally {
-            auditServiceRegister.getAuditService().logEvent(auditEvent);
         }
     } // method generateCrlOnDemand
 
@@ -2710,54 +2709,37 @@ public X509CRL getCrl(final String caName, final BigInteger crlNumber) throws Ca
         ParamUtil.requireNonBlank("caName", caName);
         ParamUtil.requireNonNull("crlNumber", crlNumber);
 
-        AuditEvent auditEvent = new AuditEvent(new Date());
-        auditEvent.addEventData("eventType", "CRL_DOWNLOAD_WITH_SN");
-        auditEvent.addEventData("crlNumber", crlNumber.toString());
         X509Ca ca = getX509Ca(caName);
         try {
             CertificateList crl = ca.getCrl(crlNumber);
             if (crl == null) {
-                auditEvent.addEventData("message", "found no CRL");
+                LOG.warn("found no CRL for CA {} and crlNumber {}", caName, crlNumber);
                 return null;
             }
             return new X509CRLObject(crl);
         } catch (OperationException ex) {
-            auditEvent.setStatus(AuditStatus.FAILED);
-            auditEvent.addEventData("message", ex.getErrorCode().name());
             throw new CaMgmtException(ex.getMessage(), ex);
         } catch (CRLException ex) {
-            auditEvent.setStatus(AuditStatus.FAILED);
-            auditEvent.addEventData("message", "CRLException");
             throw new CaMgmtException(ex.getMessage(), ex);
-        } finally {
-            auditServiceRegister.getAuditService().logEvent(auditEvent);
         }
     } // method getCrl
 
     @Override
     public X509CRL getCurrentCrl(final String caName) throws CaMgmtException {
         ParamUtil.requireNonBlank("caName", caName);
 
-        AuditEvent auditEvent = new AuditEvent(new Date());
-        auditEvent.addEventData("eventType", "CAMGMT_CRL_DOWNLOAD");
         X509Ca ca = getX509Ca(caName);
         try {
             CertificateList crl = ca.getCurrentCrl();
             if (crl == null) {
-                auditEvent.addEventData("message", "found no CRL");
+                LOG.warn("found no CRL for CA {}", caName);
                 return null;
             }
             return new X509CRLObject(crl);
         } catch (OperationException ex) {
-            auditEvent.setStatus(AuditStatus.FAILED);
-            auditEvent.addEventData("message", ex.getErrorCode().name());
             throw new CaMgmtException(ex.getMessage(), ex);
         } catch (CRLException ex) {
-            auditEvent.setStatus(AuditStatus.FAILED);
-            auditEvent.addEventData("message", "CRLException");
             throw new CaMgmtException(ex.getMessage(), ex);
-        } finally {
-            auditServiceRegister.getAuditService().logEvent(auditEvent);
         }
     } // method getCurrentCrl