[Pki-devel] [PATCH] 0054 Lightweight CAs: add audit events
Fraser Tweedale
ftweedal at redhat.com
Wed Mar 2 00:13:21 UTC 2016
On Wed, Mar 02, 2016 at 10:05:56AM +1000, Fraser Tweedale wrote:
> On Mon, Feb 22, 2016 at 02:21:58PM -0500, Ade Lee wrote:
> > This patch needs to be rebased.
> >
> > Tt was possible, however, to review the contents. In general,
> > everything looks good. It would be be useful though, to be able to
> > distinguish the many failure cases. For instance --
> >
> > try {
> > ca.modifyAuthority(data.getEnabled(), data.getDescription());
> > + audit(ILogger.SUCCESS, OpDef.OP_MODIFY, ca.getAuthorityID().toString(), auditParams);
> > return createOKResponse(readAuthorityData(ca));
> > } catch (CATypeException e) {
> > + audit(ILogger.FAILURE, OpDef.OP_MODIFY, ca.getAuthorityID().toString(), auditParams);
> > throw new ForbiddenException(e.toString());
> > } catch (IssuerUnavailableException e) {
> > + audit(ILogger.FAILURE, OpDef.OP_MODIFY, ca.getAuthorityID().toString(), auditParams);
> > throw new ConflictingOperationException(e.toString());
> > } catch (EBaseException e) {
> > CMS.debug(e);
> > + audit(ILogger.FAILURE, OpDef.OP_MODIFY, ca.getAuthorityID().toString(), auditParams);
> > throw new PKIException("Error modifying authority: " + e.toString());
> > }
> >
> > It would be nice to be able to determine if the modify failed because of permissions or otherwise.
> > Can we add the exception error message to the auditParams?
> >
> > Ade
> >
> Updated patch attached. The "exception" key is added to the
> auditParams map to indicate the exception (if any), rather than
> adding a whole new audit message parameter.
>
> Cheers,
> Fraser
FRACKed by Ade (Fix, retest -> ACK).
Pushed to master (2d7722f2c9b8230e79d258ad7aa1be1e87804518)
More information about the Pki-devel
mailing list