[Pki-devel] [PATCH] 0054 Lightweight CAs: add audit events
Ade Lee
alee at redhat.com
Mon Feb 22 19:21:58 UTC 2016
This patch needs to be rebased.
Tt was possible, however, to review the contents. In general,
everything looks good. It would be be useful though, to be able to
distinguish the many failure cases. For instance --
try {
ca.modifyAuthority(data.getEnabled(), data.getDescription());
+ audit(ILogger.SUCCESS, OpDef.OP_MODIFY, ca.getAuthorityID().toString(), auditParams);
return createOKResponse(readAuthorityData(ca));
} catch (CATypeException e) {
+ audit(ILogger.FAILURE, OpDef.OP_MODIFY, ca.getAuthorityID().toString(), auditParams);
throw new ForbiddenException(e.toString());
} catch (IssuerUnavailableException e) {
+ audit(ILogger.FAILURE, OpDef.OP_MODIFY, ca.getAuthorityID().toString(), auditParams);
throw new ConflictingOperationException(e.toString());
} catch (EBaseException e) {
CMS.debug(e);
+ audit(ILogger.FAILURE, OpDef.OP_MODIFY, ca.getAuthorityID().toString(), auditParams);
throw new PKIException("Error modifying authority: " + e.toString());
}
It would be nice to be able to determine if the modify failed because of permissions or otherwise.
Can we add the exception error message to the auditParams?
Ade
On Mon, 2015-11-02 at 17:14 +1000, Fraser Tweedale wrote:
> The attached patch adds audit events for lightweight CA
> administration, fixing https://fedorahosted.org/pki/ticket/1590.
>
> Cheers,
> Fraser
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list