[Pki-devel] [PATCH] 0054 Lightweight CAs: add audit events

[Fraser Tweedale]

On Wed, Mar 02, 2016 at 10:05:56AM +1000, Fraser Tweedale wrote:
> On Mon, Feb 22, 2016 at 02:21:58PM -0500, Ade Lee wrote:
> > This patch needs to be rebased.
> > 
> > Tt was possible, however, to review the contents.  In general,
> > everything looks good.  It would be be useful though, to be able to
> > distinguish the many failure cases.  For instance --
> > 
> >          try {
> >              ca.modifyAuthority(data.getEnabled(), data.getDescription());
> > +            audit(ILogger.SUCCESS, OpDef.OP_MODIFY, ca.getAuthorityID().toString(), auditParams);
> >              return createOKResponse(readAuthorityData(ca));
> >          } catch (CATypeException e) {
> > +            audit(ILogger.FAILURE, OpDef.OP_MODIFY, ca.getAuthorityID().toString(), auditParams);
> >              throw new ForbiddenException(e.toString());
> >          } catch (IssuerUnavailableException e) {
> > +            audit(ILogger.FAILURE, OpDef.OP_MODIFY, ca.getAuthorityID().toString(), auditParams);
> >              throw new ConflictingOperationException(e.toString());
> >          } catch (EBaseException e) {
> >              CMS.debug(e);
> > +            audit(ILogger.FAILURE, OpDef.OP_MODIFY, ca.getAuthorityID().toString(), auditParams);
> >              throw new PKIException("Error modifying authority: " + e.toString());
> >          }
> > 
> > It would be nice to be able to determine if the modify failed because of permissions or otherwise.
> > Can we add the exception error message to the auditParams?
> > 
> > Ade 
> >
> Updated patch attached.  The "exception" key is added to the
> auditParams map to indicate the exception (if any), rather than
> adding a whole new audit message parameter.
> 
> Cheers,
> Fraser

FRACKed by Ade (Fix, retest -> ACK).
Pushed to master (2d7722f2c9b8230e79d258ad7aa1be1e87804518)