This patch needs to be rebased.
Tt was possible, however, to review the contents. In general,
everything looks good. It would be be useful though, to be able to
distinguish the many failure cases. For instance --
try {
ca.modifyAuthority(data.getEnabled(), data.getDescription());
+ audit(ILogger.SUCCESS, OpDef.OP_MODIFY,
ca.getAuthorityID().toString(), auditParams);
return createOKResponse(readAuthorityData(ca));
} catch (CATypeException e) {
+ audit(ILogger.FAILURE, OpDef.OP_MODIFY,
ca.getAuthorityID().toString(), auditParams);
throw new ForbiddenException(e.toString());
} catch (IssuerUnavailableException e) {
+ audit(ILogger.FAILURE, OpDef.OP_MODIFY,
ca.getAuthorityID().toString(), auditParams);
throw new ConflictingOperationException(e.toString());
} catch (EBaseException e) {
CMS.debug(e);
+ audit(ILogger.FAILURE, OpDef.OP_MODIFY,
ca.getAuthorityID().toString(), auditParams);
throw new PKIException("Error modifying authority: " +
e.toString());
}
It would be nice to be able to determine if the modify failed because of
permissions or otherwise.
Can we add the exception error message to the auditParams?
Ade
On Mon, 2015-11-02 at 17:14 +1000, Fraser Tweedale wrote:
> The attached patch adds audit events for lightweight CA
> administration, fixing https://fedorahosted.org/pki/ticket/1590.
>
> Cheers,
> Fraser
> _______________________________________________
> Pki-devel mailing list
> [email protected]
> https://www.redhat.com/mailman/listinfo/pki-devel
_______________________________________________
Pki-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/pki-devel
