<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    This patch (pki-cfu-0062) is to replace pki-cfu-0060<br>
    after receiving help from Endi on how to test these key options
    (thanks Endi!), I have made some code changes for the tests I ran.<br>
    <br>
    Just to show some of the test results:<br>
    <br>
    ...key-mod 0x2 --status active yields the following audit messages:<br>
    0.http-bio-28443-exec-13 - [13/May/2015:19:04:01 EDT] [14] [6]
    [AuditEvent=KEY_STATUS_CHANGE][SubjectID=kraadmin][Outcome=Success][KeyID=3][OldStatus=active][NewStatus=active][Info=KeyService.modifyKeyStatus]

    Key Status Change<br>
    0.http-bio-28443-exec-14 - [13/May/2015:19:04:02 EDT] [14] [6]
    [AuditEvent=SECURITY_DATA_RETRIEVE_KEY][SubjectID=kraadmin][Outcome=Success][RecoveryID=null][KeyID=3][Info=KeyService.getKeyInfo]

    security data retrieval request<br>
    <br>
     key-generate test3 --key-algorithm RSA --key-size 1024 yields the
    following audit message:<br>
    0.http-bio-28443-exec-19 - [13/May/2015:19:10:24 EDT] [14] [6]
    [AuditEvent=ASYMKEY_GENERATION_REQUEST][SubjectID=kraadmin][Outcome=Success][GenerationRequestID=6][ClientKeyID=test3]

    Asymkey generation request made<br>
    [AuditEvent=ASYMKEY_GENERATION_REQUEST_PROCESSED][SubjectID=kraadmin][Outcome=Success][GenerationRequestID=6][ClientKeyID=test3][KeyID=4][FailureReason=None]

    Asymkey generation request processed<br>
    <br>
    key-archive  --clientKeyID test4 --passphrase  "cfu secret" yields
    the following audit messages:<br>
    0.http-bio-28443-exec-24 - [13/May/2015:19:21:37 EDT] [14] [6]
    [AuditEvent=SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED][SubjectID=kraadmin][Outcome=Success][ArchivalRequestID=7][ClientKeyID=test4][KeyID=5][FailureReason=None]

    security data archival request processed<br>
    0.http-bio-28443-exec-24 - [13/May/2015:19:21:37 EDT] [14] [6]
    [AuditEvent=SECURITY_DATA_ARCHIVAL_REQUEST][SubjectID=kraadmin][Outcome=Success][ArchivalRequestID=7][ClientKeyID=test4]

    security data archival request made<br>
    <br>
    thanks,<br>
    Christina<br>
    <br>
    <br>
    <div class="moz-cite-prefix">On 05/11/2015 06:09 PM, Christina Fu
      wrote:<br>
    </div>
    <blockquote cite="mid:555152D3.4060708@redhat.com" type="cite">This
      is the 2nd part of the patch for <a class="moz-txt-link-freetext"
        href="https://fedorahosted.org/pki/ticket/1160">https://fedorahosted.org/pki/ticket/1160</a>
      audit logging needed: REST API auth/authz; kra for getKeyInfo <br>
      which addresses the missing audit for kra getKeyInfo. <br>
      <br>
      note: this patch has no dependency on the first patch that I
      submitted earlier, which addresses the missing auth/authz audit
      for REST interface. <br>
      <br>
      This is for preliminary review, as I don't have first hand info on
      how to run most of the services offered here to properly test
      everything.  For efficiency purpose, I'm hoping to enlist some
      help from edewata/alee. <br>
      <br>
      thanks, <br>
      Christina <br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Pki-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Pki-devel@redhat.com">Pki-devel@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pki-devel">https://www.redhat.com/mailman/listinfo/pki-devel</a></pre>
    </blockquote>
    <br>
  </body>
</html>