The PKIServerSocketListener.alertReceived() has been fixed to generate audit log when the SSL socket is closed by the client.
The log message has been modified to include the reason for the termination. https://pagure.io/dogtagpki/issue/2602 Pushed to master under trivial rule. -- Endi S. Dewata
From 4ab0608cbda0c9336c5eb9ea40a7d3ca769ab17b Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" <edew...@redhat.com> Date: Tue, 4 Apr 2017 17:53:53 +0200 Subject: [PATCH] Fixed PKIServerSocketListener. The PKIServerSocketListener.alertReceived() has been fixed to generate audit log when the SSL socket is closed by the client. The log message has been modified to include the reason for the termination. https://pagure.io/dogtagpki/issue/2602 Change-Id: Ief2817f2b2b31cf6f60fae0ee4c55c17024f7988 --- .../dogtagpki/server/PKIServerSocketListener.java | 39 +++++++++++++++++++++- base/server/cmsbundle/src/LogMessages.properties | 2 +- 2 files changed, 39 insertions(+), 2 deletions(-) diff --git a/base/server/cms/src/org/dogtagpki/server/PKIServerSocketListener.java b/base/server/cms/src/org/dogtagpki/server/PKIServerSocketListener.java index f147c771062d4224330fa115e7848221d56cad38..adba676ac18a7f4cffcfdfb2a15b66705414fb47 100644 --- a/base/server/cms/src/org/dogtagpki/server/PKIServerSocketListener.java +++ b/base/server/cms/src/org/dogtagpki/server/PKIServerSocketListener.java @@ -41,6 +41,42 @@ public class PKIServerSocketListener implements SSLSocketListener { @Override public void alertReceived(SSLAlertEvent event) { + try { + SSLSocket socket = event.getSocket(); + + SocketAddress remoteSocketAddress = socket.getRemoteSocketAddress(); + InetAddress clientAddress = remoteSocketAddress == null ? null : ((InetSocketAddress)remoteSocketAddress).getAddress(); + InetAddress serverAddress = socket.getLocalAddress(); + String clientIP = clientAddress == null ? "" : clientAddress.getHostAddress(); + String serverIP = serverAddress == null ? "" : serverAddress.getHostAddress(); + + SSLSecurityStatus status = socket.getStatus(); + X509Certificate peerCertificate = status.getPeerCertificate(); + Principal subjectDN = peerCertificate == null ? null : peerCertificate.getSubjectDN(); + String subjectID = subjectDN == null ? "" : subjectDN.toString(); + + int description = event.getDescription(); + String reason = SSLAlertDescription.valueOf(description).toString(); + + logger.debug("SSL alert received:"); + logger.debug(" - client: " + clientAddress); + logger.debug(" - server: " + serverAddress); + logger.debug(" - reason: " + reason); + + IAuditor auditor = CMS.getAuditor(); + + String auditMessage = CMS.getLogMessage( + "LOGGING_SIGNED_AUDIT_ACCESS_SESSION_TERMINATED", + clientIP, + serverIP, + subjectID, + reason); + + auditor.log(auditMessage); + + } catch (Exception e) { + e.printStackTrace(); + } } @Override @@ -75,7 +111,8 @@ public class PKIServerSocketListener implements SSLSocketListener { "LOGGING_SIGNED_AUDIT_ACCESS_SESSION_TERMINATED", clientIP, serverIP, - subjectID); + subjectID, + reason); auditor.log(auditMessage); diff --git a/base/server/cmsbundle/src/LogMessages.properties b/base/server/cmsbundle/src/LogMessages.properties index dde53ba73e676df87509bdcb55640f97bc4dfa6c..7572db4568003f8038cf0fbd67534b4fc662ca69 100644 --- a/base/server/cmsbundle/src/LogMessages.properties +++ b/base/server/cmsbundle/src/LogMessages.properties @@ -2737,7 +2737,7 @@ LOGGING_SIGNED_AUDIT_ACCESS_SESSION_ESTABLISH_SUCCESS=\ # separated by + (if more than one name;;value pair) of config params changed # LOGGING_SIGNED_AUDIT_ACCESS_SESSION_TERMINATED=\ -<type=ACCESS_SESSION_TERMINATED>:[AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP={0}][ServerIP={1}][SubjectID={2}][Outcome=Success] access session terminated +<type=ACCESS_SESSION_TERMINATED>:[AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP={0}][ServerIP={1}][SubjectID={2}][Outcome=Success][Info={3}] access session terminated ########################### -- 2.9.3
_______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel