[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Pki-devel] [PATCH] 0054 Lightweight CAs: add audit events



This patch needs to be rebased.

Tt was possible, however, to review the contents.  In general,
everything looks good.  It would be be useful though, to be able to
distinguish the many failure cases.  For instance --

         try {
             ca.modifyAuthority(data.getEnabled(), data.getDescription());
+            audit(ILogger.SUCCESS, OpDef.OP_MODIFY, ca.getAuthorityID().toString(), auditParams);
             return createOKResponse(readAuthorityData(ca));
         } catch (CATypeException e) {
+            audit(ILogger.FAILURE, OpDef.OP_MODIFY, ca.getAuthorityID().toString(), auditParams);
             throw new ForbiddenException(e.toString());
         } catch (IssuerUnavailableException e) {
+            audit(ILogger.FAILURE, OpDef.OP_MODIFY, ca.getAuthorityID().toString(), auditParams);
             throw new ConflictingOperationException(e.toString());
         } catch (EBaseException e) {
             CMS.debug(e);
+            audit(ILogger.FAILURE, OpDef.OP_MODIFY, ca.getAuthorityID().toString(), auditParams);
             throw new PKIException("Error modifying authority: " + e.toString());
         }

It would be nice to be able to determine if the modify failed because of permissions or otherwise.
Can we add the exception error message to the auditParams?

Ade 

On Mon, 2015-11-02 at 17:14 +1000, Fraser Tweedale wrote:
> The attached patch adds audit events for lightweight CA
> administration, fixing https://fedorahosted.org/pki/ticket/1590.
> 
> Cheers,
> Fraser
> _______________________________________________
> Pki-devel mailing list
> Pki-devel redhat com
> https://www.redhat.com/mailman/listinfo/pki-devel


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]