Search in sources :

Example 6 with AuditStatus

use of org.xipki.audit.AuditStatus in project xipki by xipki.

the class HttpCmpServlet method doPost.

@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    AuditServiceRegister auditServiceRegister = ServletHelper.getAuditServiceRegister();
    if (auditServiceRegister == null) {
        LOG.error("ServletHelper.auditServiceRegister not configured");
        sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        return;
    }
    ResponderManager responderManager = ServletHelper.getResponderManager();
    if (responderManager == null) {
        LOG.error("ServletHelper.responderManager not configured");
        sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        return;
    }
    X509Certificate clientCert = ClientCertCache.getTlsClientCert(req);
    AuditService auditService = auditServiceRegister.getAuditService();
    AuditEvent event = new AuditEvent(new Date());
    event.setApplicationName(CaAuditConstants.APPNAME);
    event.setName(CaAuditConstants.NAME_PERF);
    event.addEventData(CaAuditConstants.NAME_reqType, RequestType.CMP.name());
    AuditLevel auditLevel = AuditLevel.INFO;
    AuditStatus auditStatus = AuditStatus.SUCCESSFUL;
    String auditMessage = null;
    try {
        String reqContentType = req.getHeader("Content-Type");
        if (!CT_REQUEST.equalsIgnoreCase(reqContentType)) {
            String message = "unsupported media type " + reqContentType;
            throw new HttpRespAuditException(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, message, AuditLevel.INFO, AuditStatus.FAILED);
        }
        String caName = null;
        X509CaCmpResponder responder = null;
        String path = StringUtil.getRelativeRequestUri(req.getServletPath(), req.getRequestURI());
        if (path.length() > 1) {
            // skip the first char which is always '/'
            String caAlias = path.substring(1);
            caName = responderManager.getCaNameForAlias(caAlias);
            if (caName == null) {
                caName = caAlias.toLowerCase();
            }
            responder = responderManager.getX509CaResponder(caName);
        }
        if (caName == null || responder == null || !responder.isOnService()) {
            String message;
            if (caName == null) {
                message = "no CA is specified";
            } else if (responder == null) {
                message = "unknown CA '" + caName + "'";
            } else {
                message = "CA '" + caName + "' is out of service";
            }
            LOG.warn(message);
            throw new HttpRespAuditException(HttpServletResponse.SC_NOT_FOUND, message, AuditLevel.INFO, AuditStatus.FAILED);
        }
        event.addEventData(CaAuditConstants.NAME_ca, responder.getCaName());
        byte[] reqContent = IoUtil.read(req.getInputStream());
        PKIMessage pkiReq;
        try {
            pkiReq = PKIMessage.getInstance(reqContent);
        } catch (Exception ex) {
            LogUtil.error(LOG, ex, "could not parse the request (PKIMessage)");
            throw new HttpRespAuditException(HttpServletResponse.SC_BAD_REQUEST, "bad request", AuditLevel.INFO, AuditStatus.FAILED);
        }
        PKIMessage pkiResp = responder.processPkiMessage(pkiReq, clientCert, event);
        byte[] encodedPkiResp = pkiResp.getEncoded();
        resp.setContentType(CT_RESPONSE);
        resp.setContentLength(encodedPkiResp.length);
        resp.getOutputStream().write(encodedPkiResp);
    } catch (HttpRespAuditException ex) {
        auditStatus = ex.getAuditStatus();
        auditLevel = ex.getAuditLevel();
        auditMessage = ex.getAuditMessage();
        sendError(resp, ex.getHttpStatus());
    } catch (Throwable th) {
        if (th instanceof EOFException) {
            LogUtil.warn(LOG, th, "connection reset by peer");
        } else {
            LOG.error("Throwable thrown, this should not happen!", th);
        }
        auditLevel = AuditLevel.ERROR;
        auditStatus = AuditStatus.FAILED;
        auditMessage = "internal error";
        sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
    } finally {
        resp.flushBuffer();
        audit(auditService, event, auditLevel, auditStatus, auditMessage);
    }
}
Also used : PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) AuditLevel(org.xipki.audit.AuditLevel) ResponderManager(org.xipki.ca.server.api.ResponderManager) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) EOFException(java.io.EOFException) AuditStatus(org.xipki.audit.AuditStatus) X509CaCmpResponder(org.xipki.ca.server.api.X509CaCmpResponder) EOFException(java.io.EOFException) AuditEvent(org.xipki.audit.AuditEvent) AuditServiceRegister(org.xipki.audit.AuditServiceRegister) AuditService(org.xipki.audit.AuditService)

Example 7 with AuditStatus

use of org.xipki.audit.AuditStatus in project xipki by xipki.

the class SyslogAuditServiceImpl method logEvent0.

@Override
protected void logEvent0(AuditEvent event) {
    if (!initialized) {
        LOG.error("syslog audit not initialized");
        return;
    }
    CharArrayWriter sb = new CharArrayWriter(150);
    if (notEmpty(prefix)) {
        sb.append(prefix);
    }
    AuditStatus status = event.getStatus();
    if (status == null) {
        status = AuditStatus.UNDEFINED;
    }
    sb.append("\tstatus: ").append(status.name());
    long duration = event.getDuration();
    if (duration >= 0) {
        sb.append("\tduration: ").append(Long.toString(duration));
    }
    List<AuditEventData> eventDataArray = event.getEventDatas();
    for (AuditEventData m : eventDataArray) {
        if (duration >= 0 && "duration".equalsIgnoreCase(m.getName())) {
            continue;
        }
        sb.append("\t").append(m.getName()).append(": ").append(m.getValue());
    }
    final int n = sb.size();
    if (n > maxMessageLength) {
        LOG.warn("syslog message exceeds the maximal allowed length: {} > {}, ignore it", n, maxMessageLength);
        return;
    }
    SyslogMessage sm = new SyslogMessage();
    sm.setFacility(syslog.getDefaultFacility());
    if (notEmpty(localname)) {
        sm.setHostname(localname);
    }
    sm.setAppName(event.getApplicationName());
    sm.setSeverity(getSeverity(event.getLevel()));
    Date timestamp = event.getTimestamp();
    if (timestamp != null) {
        sm.setTimestamp(timestamp);
    }
    sm.setMsgId(event.getName());
    sm.setMsg(sb);
    try {
        syslog.sendMessage(sm);
    } catch (IOException ex) {
        LOG.error("could not send syslog message: {}", ex.getMessage());
        LOG.debug("could not send syslog message", ex);
    }
}
Also used : AuditStatus(org.xipki.audit.AuditStatus) SyslogMessage(com.cloudbees.syslog.SyslogMessage) IOException(java.io.IOException) AuditEventData(org.xipki.audit.AuditEventData) CharArrayWriter(java.io.CharArrayWriter) Date(java.util.Date)

Aggregations

AuditStatus (org.xipki.audit.AuditStatus)7 Date (java.util.Date)6 EOFException (java.io.EOFException)5 AuditLevel (org.xipki.audit.AuditLevel)5 IOException (java.io.IOException)4 AuditEvent (org.xipki.audit.AuditEvent)4 AuditService (org.xipki.audit.AuditService)4 X509Certificate (java.security.cert.X509Certificate)3 PKIMessage (org.bouncycastle.asn1.cmp.PKIMessage)3 OperationException (org.xipki.ca.api.OperationException)3 ErrorCode (org.xipki.ca.api.OperationException.ErrorCode)3 HttpMethod (io.netty.handler.codec.http.HttpMethod)2 HttpVersion (io.netty.handler.codec.http.HttpVersion)2 ServletException (javax.servlet.ServletException)2 ContentInfo (org.bouncycastle.asn1.cms.ContentInfo)2 CMSSignedData (org.bouncycastle.cms.CMSSignedData)2 AuditServiceRegister (org.xipki.audit.AuditServiceRegister)2 InsuffientPermissionException (org.xipki.ca.api.InsuffientPermissionException)2 ResponderManager (org.xipki.ca.server.api.ResponderManager)2 Scep (org.xipki.ca.server.api.Scep)2