use of org.xipki.audit.AuditStatus in project xipki by xipki.
the class HttpCmpServlet method doPost.
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
AuditServiceRegister auditServiceRegister = ServletHelper.getAuditServiceRegister();
if (auditServiceRegister == null) {
LOG.error("ServletHelper.auditServiceRegister not configured");
sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
}
ResponderManager responderManager = ServletHelper.getResponderManager();
if (responderManager == null) {
LOG.error("ServletHelper.responderManager not configured");
sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
}
X509Certificate clientCert = ClientCertCache.getTlsClientCert(req);
AuditService auditService = auditServiceRegister.getAuditService();
AuditEvent event = new AuditEvent(new Date());
event.setApplicationName(CaAuditConstants.APPNAME);
event.setName(CaAuditConstants.NAME_PERF);
event.addEventData(CaAuditConstants.NAME_reqType, RequestType.CMP.name());
AuditLevel auditLevel = AuditLevel.INFO;
AuditStatus auditStatus = AuditStatus.SUCCESSFUL;
String auditMessage = null;
try {
String reqContentType = req.getHeader("Content-Type");
if (!CT_REQUEST.equalsIgnoreCase(reqContentType)) {
String message = "unsupported media type " + reqContentType;
throw new HttpRespAuditException(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, message, AuditLevel.INFO, AuditStatus.FAILED);
}
String caName = null;
X509CaCmpResponder responder = null;
String path = StringUtil.getRelativeRequestUri(req.getServletPath(), req.getRequestURI());
if (path.length() > 1) {
// skip the first char which is always '/'
String caAlias = path.substring(1);
caName = responderManager.getCaNameForAlias(caAlias);
if (caName == null) {
caName = caAlias.toLowerCase();
}
responder = responderManager.getX509CaResponder(caName);
}
if (caName == null || responder == null || !responder.isOnService()) {
String message;
if (caName == null) {
message = "no CA is specified";
} else if (responder == null) {
message = "unknown CA '" + caName + "'";
} else {
message = "CA '" + caName + "' is out of service";
}
LOG.warn(message);
throw new HttpRespAuditException(HttpServletResponse.SC_NOT_FOUND, message, AuditLevel.INFO, AuditStatus.FAILED);
}
event.addEventData(CaAuditConstants.NAME_ca, responder.getCaName());
byte[] reqContent = IoUtil.read(req.getInputStream());
PKIMessage pkiReq;
try {
pkiReq = PKIMessage.getInstance(reqContent);
} catch (Exception ex) {
LogUtil.error(LOG, ex, "could not parse the request (PKIMessage)");
throw new HttpRespAuditException(HttpServletResponse.SC_BAD_REQUEST, "bad request", AuditLevel.INFO, AuditStatus.FAILED);
}
PKIMessage pkiResp = responder.processPkiMessage(pkiReq, clientCert, event);
byte[] encodedPkiResp = pkiResp.getEncoded();
resp.setContentType(CT_RESPONSE);
resp.setContentLength(encodedPkiResp.length);
resp.getOutputStream().write(encodedPkiResp);
} catch (HttpRespAuditException ex) {
auditStatus = ex.getAuditStatus();
auditLevel = ex.getAuditLevel();
auditMessage = ex.getAuditMessage();
sendError(resp, ex.getHttpStatus());
} catch (Throwable th) {
if (th instanceof EOFException) {
LogUtil.warn(LOG, th, "connection reset by peer");
} else {
LOG.error("Throwable thrown, this should not happen!", th);
}
auditLevel = AuditLevel.ERROR;
auditStatus = AuditStatus.FAILED;
auditMessage = "internal error";
sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
} finally {
resp.flushBuffer();
audit(auditService, event, auditLevel, auditStatus, auditMessage);
}
}
use of org.xipki.audit.AuditStatus in project xipki by xipki.
the class SyslogAuditServiceImpl method logEvent0.
@Override
protected void logEvent0(AuditEvent event) {
if (!initialized) {
LOG.error("syslog audit not initialized");
return;
}
CharArrayWriter sb = new CharArrayWriter(150);
if (notEmpty(prefix)) {
sb.append(prefix);
}
AuditStatus status = event.getStatus();
if (status == null) {
status = AuditStatus.UNDEFINED;
}
sb.append("\tstatus: ").append(status.name());
long duration = event.getDuration();
if (duration >= 0) {
sb.append("\tduration: ").append(Long.toString(duration));
}
List<AuditEventData> eventDataArray = event.getEventDatas();
for (AuditEventData m : eventDataArray) {
if (duration >= 0 && "duration".equalsIgnoreCase(m.getName())) {
continue;
}
sb.append("\t").append(m.getName()).append(": ").append(m.getValue());
}
final int n = sb.size();
if (n > maxMessageLength) {
LOG.warn("syslog message exceeds the maximal allowed length: {} > {}, ignore it", n, maxMessageLength);
return;
}
SyslogMessage sm = new SyslogMessage();
sm.setFacility(syslog.getDefaultFacility());
if (notEmpty(localname)) {
sm.setHostname(localname);
}
sm.setAppName(event.getApplicationName());
sm.setSeverity(getSeverity(event.getLevel()));
Date timestamp = event.getTimestamp();
if (timestamp != null) {
sm.setTimestamp(timestamp);
}
sm.setMsgId(event.getName());
sm.setMsg(sb);
try {
syslog.sendMessage(sm);
} catch (IOException ex) {
LOG.error("could not send syslog message: {}", ex.getMessage());
LOG.debug("could not send syslog message", ex);
}
}
Aggregations