[Pki-devel] [PATCH] 1010-1017 Fixed unnecessary CLI connection.
Additional changes to remove unnecessary CLI connection using lazy
initialization.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From a6b64e4f45348011885f268db92beab0d563ff22 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Fri, 24 Mar 2017 03:42:55 +0100
Subject: [PATCH] Refactored ActivityCLI.
The ActivityCLI and its submodules have been modified to use lazy
initialization to get the PKIClient object.
---
.../src/com/netscape/cmstools/logging/ActivityCLI.java | 9 ++---
.../src/com/netscape/cmstools/logging/ActivityFindCLI.java | 4 +++-
.../src/com/netscape/cmstools/logging/ActivityShowCLI.java | 4 +++-
3 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/base/java-tools/src/com/netscape/cmstools/logging/ActivityCLI.java b/base/java-tools/src/com/netscape/cmstools/logging/ActivityCLI.java
index f53e687001f80ce6976ba537abcd6b00572e55c2..f0f125edd1ef080d767bc7c8e478e65a9edc08f9 100644
--- a/base/java-tools/src/com/netscape/cmstools/logging/ActivityCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/logging/ActivityCLI.java
@@ -20,6 +20,7 @@ package com.netscape.cmstools.logging;
import org.jboss.resteasy.plugins.providers.atom.Link;
+import com.netscape.certsrv.client.PKIClient;
import com.netscape.certsrv.logging.ActivityClient;
import com.netscape.certsrv.logging.ActivityData;
import com.netscape.cmstools.cli.CLI;
@@ -38,12 +39,14 @@ public class ActivityCLI extends CLI {
addModule(new ActivityShowCLI(this));
}
-public void execute(String[] args) throws Exception {
+public ActivityClient getActivityClient() throws Exception {
-client = parent.getClient();
+if (activityClient != null) return activityClient;
+
+PKIClient client = getClient();
activityClient = (ActivityClient)parent.getClient("activity");
-super.execute(args);
+return activityClient;
}
public static void printActivity(ActivityData activity, boolean showAll) {
diff --git a/base/java-tools/src/com/netscape/cmstools/logging/ActivityFindCLI.java b/base/java-tools/src/com/netscape/cmstools/logging/ActivityFindCLI.java
index 9e31795b4415fe34dc37a6e2f835c4a0a39b3d3e..75c635bdcff0cc525f8f70d73d984f739761ccb6 100644
--- a/base/java-tools/src/com/netscape/cmstools/logging/ActivityFindCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/logging/ActivityFindCLI.java
@@ -24,6 +24,7 @@ import java.util.Collection;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.Option;
+import com.netscape.certsrv.logging.ActivityClient;
import com.netscape.certsrv.logging.ActivityCollection;
import com.netscape.certsrv.logging.ActivityData;
import com.netscape.cmstools.cli.CLI;
@@ -75,7 +76,8 @@ public class ActivityFindCLI extends CLI {
s = cmd.getOptionValue("size");
Integer size = s == null ? null : Integer.valueOf(s);
-ActivityCollection result = activityCLI.activityClient.findActivities(filter, start, size);
+ActivityClient activityClient = activityCLI.getActivityClient();
+ActivityCollection result = activityClient.findActivities(filter, start, size);
MainCLI.printMessage(result.getTotal() + " entries matched");
if (result.getTotal() == 0) return;
diff --git a/base/java-tools/src/com/netscape/cmstools/logging/ActivityShowCLI.java b/base/java-tools/src/com/netscape/cmstools/logging/ActivityShowCLI.java
index bae172c7912eb854ecdfb716cb1eafa67efdcfa3..e31cbf6ab50159ae1995f12533900270eabf7af4 100644
--- a/base/java-tools/src/com/netscape/cmstools/logging/ActivityShowCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/logging/ActivityShowCLI.java
@@ -22,6 +22,7 @@ import java.util.Arrays;
import org.apache.commons.cli.CommandLine;
+import com.netscape.certsrv.logging.ActivityClient;
import com.netscape.certsrv.logging.ActivityData;
import com.netscape.cmstools.cli.CLI;
import com.netscape.cmstools.cli.MainCLI;
@@ -59,7 +60,8 @@ public class ActivityShowCLI extends CLI {
String activityID = args[0];
-ActivityData activityData = activityCLI.activityClient.getActivity(activityID);
+ActivityClient activityClient = activityCLI.getActivityClient();
+ActivityData activityData = activityClient.getActivity(activityID);
MainCLI.printMessage("Activity \"" + activityID + "\"");
--
2.9.3
>From ca04971010a92f84db8b0f18df0761192ea26023 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Fri, 24 Mar 2017 03:46:09 +0100
Subject: [PATCH] Refactored AuditCLI.
The AuditCLI and its submodules have been modified to use lazy
initialization to get the PKIClient object.
---
base/java-tools/src/com/netscape/cmstools/logging/AuditCLI.java | 9 ++---
.../src/com/netscape/cmstools/logging/AuditModifyCLI.java| 6 --
.../src/com/netscape/cmstools/logging/AuditShowCLI.java | 4 +++-
3 files changed, 13 insertions(+), 6 deletions(-)
diff --git a/ba
[Pki-devel] [PATCH] 1009 Added audit logs for SSL/TLS events.
The CMSStartServlet has been modified to register an SSL socket listener called PKIServerSocketListener to TomcatJSS. The PKIServerSocketListener will receive the alerts generated by SSL server sockets and generate ACCESS_SESSION_* audit logs. The CS.cfg for all subsystems have been modified to include ACCESS_SESSION_* audit events. https://pagure.io/dogtagpki/issue/2602 ACKed by cfu with a few changes. Pushed to master. -- Endi S. Dewata From 18412763e4ec09f4892c2a7b502d72ebfd9fec2a Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Tue, 17 Jan 2017 12:19:52 +0100 Subject: [PATCH] Added audit logs for SSL/TLS events. The CMSStartServlet has been modified to register an SSL socket listener called PKIServerSocketListener to TomcatJSS. The PKIServerSocketListener will receive the alerts generated by SSL server sockets and generate ACCESS_SESSION_* audit logs. The CS.cfg for all subsystems have been modified to include ACCESS_SESSION_* audit events. https://pagure.io/dogtagpki/issue/2602 Change-Id: If7fb6c1b096ec8c68d1fd08f9132baf099816f11 --- base/CMakeLists.txt| 7 ++ base/ca/shared/conf/CS.cfg | 4 +- .../src/com/netscape/certsrv/common/ScopeDef.java | 3 + base/kra/shared/conf/CS.cfg| 4 +- base/ocsp/shared/conf/CS.cfg | 4 +- base/server/cms/src/CMakeLists.txt | 3 +- .../netscape/cms/servlet/base/CMSStartServlet.java | 7 ++ .../dogtagpki/server/PKIServerSocketListener.java | 134 + base/server/cmsbundle/src/LogMessages.properties | 27 + base/tks/shared/conf/CS.cfg| 4 +- base/tps/shared/conf/CS.cfg| 4 +- 11 files changed, 190 insertions(+), 11 deletions(-) create mode 100644 base/server/cms/src/org/dogtagpki/server/PKIServerSocketListener.java diff --git a/base/CMakeLists.txt b/base/CMakeLists.txt index 92ebe4313154710ab2a45adea8d4ed63904e8a34..d2ea9a55596121b4a4b9599cf416d71e7e77b4a8 100644 --- a/base/CMakeLists.txt +++ b/base/CMakeLists.txt @@ -72,6 +72,13 @@ find_file(TOMCAT_UTIL_SCAN_JAR /usr/share/java/tomcat ) +find_file(TOMCATJSS_JAR +NAMES +tomcatjss.jar +PATHS +/usr/share/java +) + # The order is important! if (APPLICATION_FLAVOR_PKI_CORE) diff --git a/base/ca/shared/conf/CS.cfg b/base/ca/shared/conf/CS.cfg index 3beb45c5392427dec411fda0bb12769b9d279f43..2d7cb9895c6ac435b99ac7739a170dc1de21da74 100644 --- a/base/ca/shared/conf/CS.cfg +++ b/base/ca/shared/conf/CS.cfg @@ -903,11 +903,11 @@ log.instance.SignedAudit._001=## Signed Audit Logging log.instance.SignedAudit._002=## log.instance.SignedAudit._003=## log.instance.SignedAudit._004=## Available Audit events: -log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,SECURITY_DOMAIN_UPDATE,CONFIG_SERIAL_NUMBER,AUTHORITY_CONFIG +log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESS
[Pki-devel] [PATCH] 1002-1008 Fixed unnecessary CLI connection.
Additional changes to remove unnecessary CLI connection using lazy
initialization.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 043aa471f9e243faad58917e9e055affdb694c79 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Fri, 24 Mar 2017 02:02:51 +0100
Subject: [PATCH] Refactored AuthorityCLI.
The AuthorityCLI and its submodules have been modified to use lazy
initialization to get the PKIClient object.
---
.../src/com/netscape/cmstools/authority/AuthorityCLI.java | 11 ---
.../com/netscape/cmstools/authority/AuthorityCreateCLI.java | 4 +++-
.../com/netscape/cmstools/authority/AuthorityDisableCLI.java | 4 +++-
.../com/netscape/cmstools/authority/AuthorityEnableCLI.java | 4 +++-
.../src/com/netscape/cmstools/authority/AuthorityFindCLI.java | 4 +++-
.../com/netscape/cmstools/authority/AuthorityRemoveCLI.java | 4 +++-
.../src/com/netscape/cmstools/authority/AuthorityShowCLI.java | 4 +++-
7 files changed, 26 insertions(+), 9 deletions(-)
diff --git a/base/java-tools/src/com/netscape/cmstools/authority/AuthorityCLI.java b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityCLI.java
index a3fccbb027e4391b2fb83621ff829117a07fa76f..c8d469937e93a89f0901d1ca267ef1bc2b886988 100644
--- a/base/java-tools/src/com/netscape/cmstools/authority/AuthorityCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityCLI.java
@@ -4,6 +4,7 @@ import java.math.BigInteger;
import com.netscape.certsrv.authority.AuthorityClient;
import com.netscape.certsrv.authority.AuthorityData;
+import com.netscape.certsrv.client.PKIClient;
import com.netscape.cmstools.cli.CLI;
import com.netscape.cmstools.cli.MainCLI;
@@ -32,10 +33,14 @@ public class AuthorityCLI extends CLI {
}
}
-public void execute(String[] args) throws Exception {
-client = parent.getClient();
+public AuthorityClient getAuthorityClient() throws Exception {
+
+if (authorityClient != null) return authorityClient;
+
+PKIClient client = getClient();
authorityClient = new AuthorityClient(client, "ca");
-super.execute(args);
+
+return authorityClient;
}
protected static void printAuthorityData(AuthorityData data) {
diff --git a/base/java-tools/src/com/netscape/cmstools/authority/AuthorityCreateCLI.java b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityCreateCLI.java
index 9cea963bfd09e025e2dbabafd72f4b04278322b9..e39a126e01d2b5ffccc5e9839d8c9b0aea4edf0f 100644
--- a/base/java-tools/src/com/netscape/cmstools/authority/AuthorityCreateCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityCreateCLI.java
@@ -5,6 +5,7 @@ import java.util.Arrays;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.Option;
+import com.netscape.certsrv.authority.AuthorityClient;
import com.netscape.certsrv.authority.AuthorityData;
import com.netscape.certsrv.ca.AuthorityID;
import com.netscape.cmstools.cli.CLI;
@@ -67,7 +68,8 @@ public class AuthorityCreateCLI extends CLI {
String dn = cmdArgs[0];
AuthorityData data = new AuthorityData(
null, dn, null, parentAIDString, null, null, true /* enabled */, desc, null);
-AuthorityData newData = authorityCLI.authorityClient.createCA(data);
+AuthorityClient authorityClient = authorityCLI.getAuthorityClient();
+AuthorityData newData = authorityClient.createCA(data);
AuthorityCLI.printAuthorityData(newData);
}
diff --git a/base/java-tools/src/com/netscape/cmstools/authority/AuthorityDisableCLI.java b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityDisableCLI.java
index 7c5da13de3357d853e5e376786a98a9b9d505600..bae8ada7355c44a813e40167c765a796eed348fb 100644
--- a/base/java-tools/src/com/netscape/cmstools/authority/AuthorityDisableCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityDisableCLI.java
@@ -4,6 +4,7 @@ import java.util.Arrays;
import org.apache.commons.cli.CommandLine;
+import com.netscape.certsrv.authority.AuthorityClient;
import com.netscape.certsrv.authority.AuthorityData;
import com.netscape.cmstools.cli.CLI;
@@ -37,7 +38,8 @@ public class AuthorityDisableCLI extends CLI {
AuthorityData data = new AuthorityData(
null, null, cmdArgs[0], null, null, null, false, null, null);
-data = authorityCLI.authorityClient.modifyCA(data);
+AuthorityClient authorityClient = authorityCLI.getAuthorityClient();
+data = authorityClient.modifyCA(data);
AuthorityCLI.printAuthorityData(data);
}
diff --git a/base/java-tools/src/com/netscape/cmstools/authority/AuthorityEnableCLI.java b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityEnableCLI.java
index 7ff25a45011e3355bb1c9632ab6f5457d46ed5c8..2b2eac1f03832b0087cc7ba9b49528db845b4209 100644
--- a/base/java-tools/src/com/netscape/cmstools/authority/AuthorityEnableCLI.java
+++ b/base/java-tools/src/com/ne
