Normally a successful CERT_REQUEST_PROCESSED event would be accompanied by a cert object, and a failed one would be accompanied by a request object.
However, the following code logs a failure with a cert object:
https://github.com/dogtagpki/pki/blob/master/base/server/cms/src/com/netscape/cms/servlet/connector/ConnectorServlet.java#L642
audit(new CertRequestProcessedEvent( auditSubjectID, ILogger.FAILURE, auditRequesterID, ILogger.SIGNED_AUDIT_ACCEPTANCE, x509cert));
If a cert has already been issued (which seems to be the case of the L642 in the above report), then as far as CertRequestProcessedEvent goes, it is supposed to be considered a SUCCESS (the cert has already been issued!!!!!); The fact that the code is under an Exception catch clause means something else happened, and it should be dealt with outside of the CertRequestProcessedEvent. I suggest you find out what would cause this to happen and see if it deserves any audit-worthy event to be recorded. If not, a debug message should do, since it already rethrown the exception a few lines down.
Metadata Update from @cfu: - Custom field component adjusted to General - Custom field feature adjusted to '' - Custom field origin adjusted to Community - Custom field proposedmilestone adjusted to '' - Custom field proposedpriority adjusted to '' - Custom field reviewer adjusted to '' - Custom field type adjusted to defect - Custom field version adjusted to ''
Metadata Update from @mharmsen: - Issue set to the milestone: 0.0 NEEDS_TRIAGE
The queue.processRequest() in line 618 is quite complex. There could be many things that could generate EBaseException, so I'll leave that to be handled by the caller in line 265.
I think the original intent of the code was to trigger a CERT_REQUEST_PROCESSED event if a new certificate was generated by queue.processRequest() regardless of the exception, so I'm moving the event trigger into a finally-clause.
Please see the following patch:
Metadata Update from @edewata: - Issue priority set to: major - Issue set to the milestone: 10.4.5 (was: 0.0 NEEDS_TRIAGE)
Metadata Update from @mharmsen: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1452250
On May 17, 2017, edewata pushed these changes:
Fixed CERT_REQUEST_PROCESSED events in ConnectorServlet.
The code that generates CERT_REQUEST_PROCESSED events in ConnectorServlet.processRequest() has been moved into a finally- clause that wraps around IRequestQueue.processRequest() to ensure that the events are generated properly. If a cert was issued for the request that has just been processed the event outcome is a Success, otherwise it's a Failure. Any exception thrown by the IRequestQueue.processRequest() will be passed to the ConnectorServlet.processRequest()'s callers.
https://pagure.io/dogtagpki/issue/2690 Change-Id: I07454afb75328fbee3e50e5852adb5085be0613e
Metadata Update from @mharmsen: - Issue assigned to edewata
Metadata Update from @mharmsen: - Custom field fixedinversion adjusted to pki-core-10.4.7-1.fc27
See also tickets #2693 and #2694.
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2810
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.