Examples with AuditEvent org.xipki.audit.AuditEvent used on opensource projects

Search in sources :

Example 6 with AuditEvent

use of org.xipki.audit.AuditEvent in project xipki by xipki.

the class X509Ca method revokeSuspendedCert.

// method revokeCertificate0
private X509CertWithRevocationInfo revokeSuspendedCert(BigInteger serialNumber, CrlReason reason, String msgId) throws OperationException {
    AuditEvent event = newPerfAuditEvent(CaAuditConstants.TYPE_revoke_suspendedCert, msgId);
    boolean successful = false;
    try {
        X509CertWithRevocationInfo ret = revokeSuspendedCert0(serialNumber, reason, event);
        successful = (ret != null);
        return ret;
    } finally {
        finish(event, successful);
    }
}
Also used : AuditEvent(org.xipki.audit.AuditEvent) X509CertWithRevocationInfo(org.xipki.ca.server.impl.store.X509CertWithRevocationInfo)

Example 7 with AuditEvent

use of org.xipki.audit.AuditEvent in project xipki by xipki.

the class HttpRestServlet method service0.

private void service0(HttpServletRequest req, HttpServletResponse resp, boolean viaPost) throws IOException {
    AuditServiceRegister auditServiceRegister = ServletHelper.getAuditServiceRegister();
    if (auditServiceRegister == null) {
        LOG.error("ServletHelper.auditServiceRegister not configured");
        sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        return;
    }
    ResponderManager responderManager = ServletHelper.getResponderManager();
    if (responderManager == null) {
        LOG.error("ServletHelper.responderManager not configured");
        sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        return;
    }
    AuditService auditService = auditServiceRegister.getAuditService();
    AuditEvent event = new AuditEvent(new Date());
    try {
        Rest rest = responderManager.getRest();
        String path = StringUtil.getRelativeRequestUri(req.getServletPath(), req.getRequestURI());
        HttpRequestMetadataRetriever httpRetriever = new HttpRequestMetadataRetrieverImpl(req);
        byte[] requestBytes = IoUtil.read(req.getInputStream());
        RestResponse response = rest.service(path, event, requestBytes, httpRetriever);
        resp.setStatus(response.getStatusCode());
        if (resp.getContentType() != null) {
            resp.setContentType(resp.getContentType());
        }
        for (String headerName : response.getHeaders().keySet()) {
            resp.setHeader(headerName, response.getHeaders().get(headerName));
        }
        byte[] respBody = response.getBody();
        if (respBody == null) {
            resp.setContentLength(0);
        } else {
            resp.setContentLength(respBody.length);
            resp.getOutputStream().write(respBody);
        }
    } finally {
        event.finish();
        auditService.logEvent(event);
    }
}
Also used : HttpRequestMetadataRetriever(org.xipki.ca.server.api.HttpRequestMetadataRetriever) Rest(org.xipki.ca.server.api.Rest) RestResponse(org.xipki.ca.server.api.RestResponse) ResponderManager(org.xipki.ca.server.api.ResponderManager) AuditEvent(org.xipki.audit.AuditEvent) AuditServiceRegister(org.xipki.audit.AuditServiceRegister) AuditService(org.xipki.audit.AuditService) Date(java.util.Date)

Example 8 with AuditEvent

use of org.xipki.audit.AuditEvent in project xipki by xipki.

the class OcspCertPublisher method logAndAudit.

private void logAndAudit(String issuer, X509Cert cert, Exception ex, String messagePrefix) {
    String subjectText = cert.getSubject();
    String serialText = LogUtil.formatCsn(cert.getCert().getSerialNumber());
    LOG.error("{} (issuser='{}': subject='{}', serialNumber={}). Message: {}", messagePrefix, issuer, subjectText, serialText, ex.getMessage());
    LOG.debug("error", ex);
    AuditEvent event = new AuditEvent(new Date());
    event.setApplicationName("CAPublisher");
    event.setName("SYSTEM");
    event.setLevel(AuditLevel.ERROR);
    event.setStatus(AuditStatus.FAILED);
    if (cert instanceof X509CertWithDbId) {
        Long certId = ((X509CertWithDbId) cert).getCertId();
        if (certId != null) {
            event.addEventData(CaAuditConstants.NAME_id, certId);
        }
    }
    event.addEventData(CaAuditConstants.NAME_issuer, issuer);
    event.addEventData(CaAuditConstants.NAME_subject, subjectText);
    event.addEventData(CaAuditConstants.NAME_serial, serialText);
    event.addEventData(CaAuditConstants.NAME_message, messagePrefix);
    auditServiceRegister.getAuditService().logEvent(event);
}
Also used : AuditEvent(org.xipki.audit.AuditEvent) X509CertWithDbId(org.xipki.ca.api.X509CertWithDbId) Date(java.util.Date)

Example 9 with AuditEvent

use of org.xipki.audit.AuditEvent in project xipki by xipki.

the class CaManagerImpl method generateCertificate.

// method removeCertificate
@Override
public X509Certificate generateCertificate(String caName, String profileName, byte[] encodedCsr, Date notBefore, Date notAfter) throws CaMgmtException {
    caName = ParamUtil.requireNonBlank("caName", caName).toLowerCase();
    profileName = ParamUtil.requireNonBlank("profileName", profileName).toLowerCase();
    ParamUtil.requireNonNull("encodedCsr", encodedCsr);
    AuditEvent event = new AuditEvent(new Date());
    event.setApplicationName(CaAuditConstants.APPNAME);
    event.setName(CaAuditConstants.NAME_PERF);
    event.addEventType("CAMGMT_CRL_GEN_ONDEMAND");
    X509Ca ca = getX509Ca(caName);
    CertificationRequest csr;
    try {
        csr = CertificationRequest.getInstance(encodedCsr);
    } catch (Exception ex) {
        throw new CaMgmtException(concat("invalid CSR request. ERROR: ", ex.getMessage()));
    }
    CmpControl cmpControl = getCmpControlObject(ca.getCaInfo().getCmpControlName());
    if (!securityFactory.verifyPopo(csr, cmpControl.getPopoAlgoValidator())) {
        throw new CaMgmtException("could not validate POP for the CSR");
    }
    CertificationRequestInfo certTemp = csr.getCertificationRequestInfo();
    Extensions extensions = null;
    ASN1Set attrs = certTemp.getAttributes();
    for (int i = 0; i < attrs.size(); i++) {
        Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
        if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
            extensions = Extensions.getInstance(attr.getAttributeValues()[0]);
        }
    }
    X500Name subject = certTemp.getSubject();
    SubjectPublicKeyInfo publicKeyInfo = certTemp.getSubjectPublicKeyInfo();
    CertTemplateData certTemplateData = new CertTemplateData(subject, publicKeyInfo, notBefore, notAfter, extensions, profileName);
    X509CertificateInfo certInfo;
    try {
        certInfo = ca.generateCertificate(certTemplateData, byCaRequestor, RequestType.CA, (byte[]) null, CaAuditConstants.MSGID_ca_mgmt);
    } catch (OperationException ex) {
        throw new CaMgmtException(ex.getMessage(), ex);
    }
    if (ca.getCaInfo().isSaveRequest()) {
        try {
            long dbId = ca.addRequest(encodedCsr);
            ca.addRequestCert(dbId, certInfo.getCert().getCertId());
        } catch (OperationException ex) {
            LogUtil.warn(LOG, ex, "could not save request");
        }
    }
    return certInfo.getCert().getCert();
}
Also used : CertificationRequestInfo(org.bouncycastle.asn1.pkcs.CertificationRequestInfo) Attribute(org.bouncycastle.asn1.pkcs.Attribute) X509CertificateInfo(org.xipki.ca.api.publisher.x509.X509CertificateInfo) X500Name(org.bouncycastle.asn1.x500.X500Name) Extensions(org.bouncycastle.asn1.x509.Extensions) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date) CertprofileException(org.xipki.ca.api.profile.CertprofileException) KeyStoreException(java.security.KeyStoreException) XiSecurityException(org.xipki.security.exception.XiSecurityException) CertificateEncodingException(java.security.cert.CertificateEncodingException) InvalidConfException(org.xipki.common.InvalidConfException) SocketException(java.net.SocketException) IOException(java.io.IOException) CertPublisherException(org.xipki.ca.api.publisher.CertPublisherException) OperationException(org.xipki.ca.api.OperationException) CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) ObjectCreationException(org.xipki.common.ObjectCreationException) DataAccessException(org.xipki.datasource.DataAccessException) JAXBException(javax.xml.bind.JAXBException) FileNotFoundException(java.io.FileNotFoundException) SAXException(org.xml.sax.SAXException) CertificateException(java.security.cert.CertificateException) PasswordResolverException(org.xipki.password.PasswordResolverException) CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) ASN1Set(org.bouncycastle.asn1.ASN1Set) CmpControl(org.xipki.ca.server.mgmt.api.CmpControl) PciAuditEvent(org.xipki.audit.PciAuditEvent) AuditEvent(org.xipki.audit.AuditEvent) CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest) OperationException(org.xipki.ca.api.OperationException)

Example 10 with AuditEvent

use of org.xipki.audit.AuditEvent in project xipki by xipki.

the class X509Ca method cleanupCrls.

private void cleanupCrls(String msgId) throws OperationException {
    int numCrls = caInfo.getNumCrls();
    LOG.info("     START cleanupCrls: ca={}, numCrls={}", caIdent, numCrls);
    boolean successful = false;
    AuditEvent event = newPerfAuditEvent(CaAuditConstants.TYPE_cleanup_crl, msgId);
    try {
        int num = (numCrls <= 0) ? 0 : certstore.cleanupCrls(caIdent, caInfo.getNumCrls());
        successful = true;
        event.addEventData(CaAuditConstants.NAME_num, num);
        LOG.info("SUCCESSFUL cleanupCrls: ca={}, num={}", caIdent, num);
    } catch (RuntimeException ex) {
        throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
    } finally {
        if (!successful) {
            LOG.info("    FAILED cleanupCrls: ca={}", caIdent);
        }
        finish(event, successful);
    }
}
Also used : AuditEvent(org.xipki.audit.AuditEvent) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) OperationException(org.xipki.ca.api.OperationException)

Aggregations

AuditEvent (org.xipki.audit.AuditEvent)20 Date (java.util.Date)9 OperationException (org.xipki.ca.api.OperationException)9 AuditService (org.xipki.audit.AuditService)5 EOFException (java.io.EOFException)4 IOException (java.io.IOException)4 AuditLevel (org.xipki.audit.AuditLevel)4 AuditStatus (org.xipki.audit.AuditStatus)4 HttpMethod (io.netty.handler.codec.http.HttpMethod)3 HttpVersion (io.netty.handler.codec.http.HttpVersion)3 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)3 IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)3 AuditServiceRegister (org.xipki.audit.AuditServiceRegister)3 ResponderManager (org.xipki.ca.server.api.ResponderManager)3 HttpResponseStatus (io.netty.handler.codec.http.HttpResponseStatus)2 X509Certificate (java.security.cert.X509Certificate)2 ServletException (javax.servlet.ServletException)2 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)2 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)2 PKIMessage (org.bouncycastle.asn1.cmp.PKIMessage)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial