Examples with AuditEvent org.xipki.audit.AuditEvent used on opensource projects

Search in sources :

Example 1 with AuditEvent

use of org.xipki.audit.AuditEvent in project xipki by xipki.

the class X509Ca method newAuditEvent.

private AuditEvent newAuditEvent(String name, String eventType, String msgId) {
    ParamUtil.requireNonNull("name", name);
    ParamUtil.requireNonNull("eventType", eventType);
    ParamUtil.requireNonNull("msgId", msgId);
    AuditEvent event = new AuditEvent(new Date());
    event.setApplicationName(CaAuditConstants.APPNAME);
    event.setName(name);
    event.addEventData(CaAuditConstants.NAME_ca, caIdent.getName());
    event.addEventType(eventType);
    event.addEventData(CaAuditConstants.NAME_mid, msgId);
    return event;
}
Also used : AuditEvent(org.xipki.audit.AuditEvent) Date(java.util.Date)

Example 2 with AuditEvent

use of org.xipki.audit.AuditEvent in project xipki by xipki.

the class X509Ca method unrevokeCa.

// method revokeCa
public void unrevokeCa(String msgId) throws OperationException {
    caInfo.setRevocationInfo(null);
    if (caInfo.isSelfSigned()) {
        AuditEvent event = newPerfAuditEvent(CaAuditConstants.TYPE_unrevoke_cert, msgId);
        boolean successful = true;
        try {
            unrevokeCertificate0(caInfo.getSerialNumber(), true, event);
            successful = true;
        } finally {
            finish(event, successful);
        }
    }
    boolean failed = false;
    for (IdentifiedX509CertPublisher publisher : publishers()) {
        NameId ident = publisher.getIdent();
        boolean successful = publisher.caUnrevoked(caCert);
        if (successful) {
            LOG.info("published event caUnrevoked of CA {} to publisher {}", caIdent, ident);
        } else {
            failed = true;
            LOG.error("could not publish event caUnrevoked of CA {} to publisher {}", caIdent, ident);
        }
    }
    if (failed) {
        final String message = "could not event caUnrevoked of CA " + caIdent + " to at least one publisher";
        throw new OperationException(ErrorCode.SYSTEM_FAILURE, message);
    }
}
Also used : NameId(org.xipki.ca.api.NameId) AuditEvent(org.xipki.audit.AuditEvent) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) OperationException(org.xipki.ca.api.OperationException)

Example 3 with AuditEvent

use of org.xipki.audit.AuditEvent in project xipki by xipki.

the class X509Ca method unrevokeCertificate.

// method revokeCertificate
public X509CertWithDbId unrevokeCertificate(BigInteger serialNumber, String msgId) throws OperationException {
    if (caInfo.isSelfSigned() && caInfo.getSerialNumber().equals(serialNumber)) {
        throw new OperationException(ErrorCode.NOT_PERMITTED, "insufficient permission unrevoke CA certificate");
    }
    AuditEvent event = newPerfAuditEvent(CaAuditConstants.TYPE_unrevoke_cert, msgId);
    boolean successful = true;
    try {
        X509CertWithDbId ret = unrevokeCertificate0(serialNumber, false, event);
        successful = true;
        return ret;
    } finally {
        finish(event, successful);
    }
}
Also used : AuditEvent(org.xipki.audit.AuditEvent) X509CertWithDbId(org.xipki.ca.api.X509CertWithDbId) OperationException(org.xipki.ca.api.OperationException)

Example 4 with AuditEvent

use of org.xipki.audit.AuditEvent in project xipki by xipki.

the class X509Ca method revokeCertificate.

// method publishCrl
public X509CertWithRevocationInfo revokeCertificate(BigInteger serialNumber, CrlReason reason, Date invalidityTime, String msgId) throws OperationException {
    if (caInfo.isSelfSigned() && caInfo.getSerialNumber().equals(serialNumber)) {
        throw new OperationException(ErrorCode.NOT_PERMITTED, "insufficient permission to revoke CA certificate");
    }
    CrlReason tmpReason = reason;
    if (tmpReason == null) {
        tmpReason = CrlReason.UNSPECIFIED;
    }
    switch(tmpReason) {
        case CA_COMPROMISE:
        case AA_COMPROMISE:
        case REMOVE_FROM_CRL:
            throw new OperationException(ErrorCode.NOT_PERMITTED, "Insufficient permission revoke certificate with reason " + tmpReason.getDescription());
        case UNSPECIFIED:
        case KEY_COMPROMISE:
        case AFFILIATION_CHANGED:
        case SUPERSEDED:
        case CESSATION_OF_OPERATION:
        case CERTIFICATE_HOLD:
        case PRIVILEGE_WITHDRAWN:
            break;
        default:
            throw new RuntimeException("unknown CRL reason " + tmpReason);
    }
    // switch (reason)
    AuditEvent event = newPerfAuditEvent(CaAuditConstants.TYPE_revoke_cert, msgId);
    boolean successful = true;
    try {
        X509CertWithRevocationInfo ret = revokeCertificate0(serialNumber, reason, invalidityTime, false, event);
        successful = (ret != null);
        return ret;
    } finally {
        finish(event, successful);
    }
}
Also used : AuditEvent(org.xipki.audit.AuditEvent) CrlReason(org.xipki.security.CrlReason) OperationException(org.xipki.ca.api.OperationException) X509CertWithRevocationInfo(org.xipki.ca.server.impl.store.X509CertWithRevocationInfo)

Example 5 with AuditEvent

use of org.xipki.audit.AuditEvent in project xipki by xipki.

the class X509Ca method removeExpirtedCerts.

// method getCrlNextUpdate
private int removeExpirtedCerts(Date expiredAtTime, String msgId) throws OperationException {
    LOG.debug("revoking suspended certificates");
    AuditEvent event = newPerfAuditEvent(CaAuditConstants.TYPE_remove_expiredCerts, msgId);
    boolean successful = false;
    try {
        int num = removeExpirtedCerts0(expiredAtTime, event, msgId);
        LOG.info("removed {} expired certificates of CA {}", num, caIdent);
        successful = true;
        return num;
    } finally {
        finish(event, successful);
    }
}
Also used : AuditEvent(org.xipki.audit.AuditEvent) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)

Aggregations

AuditEvent (org.xipki.audit.AuditEvent)20 Date (java.util.Date)9 OperationException (org.xipki.ca.api.OperationException)9 AuditService (org.xipki.audit.AuditService)5 EOFException (java.io.EOFException)4 IOException (java.io.IOException)4 AuditLevel (org.xipki.audit.AuditLevel)4 AuditStatus (org.xipki.audit.AuditStatus)4 HttpMethod (io.netty.handler.codec.http.HttpMethod)3 HttpVersion (io.netty.handler.codec.http.HttpVersion)3 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)3 IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)3 AuditServiceRegister (org.xipki.audit.AuditServiceRegister)3 ResponderManager (org.xipki.ca.server.api.ResponderManager)3 HttpResponseStatus (io.netty.handler.codec.http.HttpResponseStatus)2 X509Certificate (java.security.cert.X509Certificate)2 ServletException (javax.servlet.ServletException)2 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)2 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)2 PKIMessage (org.bouncycastle.asn1.cmp.PKIMessage)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial