AuditVerify failed due to an audit log entry right before the failed one containing a line breaks and confused the AuditVerify tool.
Steps to Reproduce:
Retrieve the audit log file as an auditor user and verify signed audit logs as described in http://www.dogtagpki.org/wiki/Verifying_Signed_Audit_Logs 1. audit file has these entries where failure occured: 0.http-bio-31443-exec-25 - [11/Apr/2018:14:50:56 EDT] [14] [6] [AuditEvent=AUDIT_LOG_SIGNING][SubjectID=$System$][Outcome=Success] signature of audit buffer just flushed: sig: wZgV7M+H3xHhOAJvhTpUMKzxVMlfwwHqQyf/SCTyvcUUOyLZWlhzI9idtYqK4g5LC5qDFtjbB4MM2QWpW2rt3pA/TW+qhSay1oe1VisLpVVZOLKNFQBudH5MExu+iG/zdxOyaWvcISr79x82Zeo/MhjjX4gffVcSlCmoKu6qThT3svcMEMV+O4ls5cYgWsPQEivGW/KsB9bGepdwEJgEKLLiyBYk2kpatrMCike4p8cSG6sYYMHIQwF1q/PV0bJ0SmkqXDHKk7NdOBNG2tSiPPqBrdx7rCcZIHbIc830yA/yR1qqUIsKEW22Ey3T7SuMhOBYPAwH+f8FahLrMAQ7wg== 0.http-bio-31443-exec-25 - [11/Apr/2018:14:50:56 EDT] [14] [6] [AuditEvent=AUTHZ][SubjectID=caadmin][Outcome=Success][aclResource=certServer.ca.users][Op=execute][Info=UserResource.addUserCert] authorization success 0.http-bio-31443-exec-25 - [11/Apr/2018:14:50:56 EDT] [14] [6] [AuditEvent=CONFIG_ROLE][SubjectID=caadmin][Outcome=Failure][ParamNameValPairs=Scope;;certs+Operation;;OP_ADD+Resource;;CAadminV+cert;;-----BEGIN CERTIFICATE----- MIIDsDCCApigAwIBAgIEDYETuDANBgkqhkiG9w0BAQ0FADBdMRYwFAYDVQQKEw1F^M eGFtcGxlLVN1YkNBMSIwIAYDVQQLExlyaGNzOTMtVE1TLVN1YkNBLWFha2tpYW5n^M MR8wHQYDVQQDExZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTE4MDQxMTE4NDY0^M MVoXDTE4MTAwODE4NDY0MVowLjEYMBYGCgmSJomT8ixkAQEMCENBYWRtaW5WMRIw^M EAYDVQQDDAlDQSBhZG1pblYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB^M AQDBBeFrOvzADtc3uQc9m8/QchamqaaUYZdsTIBt9ODz2JpccV1CaWpWZ5tpPPnu^M o0bp17g4yTGAPNXTa75IiIU2EEWk98ZLLMJmPLdLuxJZbBIZaLADXLiW17FOC1ab^M +XPynJujU85d/3O6PgWpLaD335zmBpEBWS8Ldcwl/gu9ls9i8q5URMWYvNT8SzI3^M Axu4YUdDP8433sGNO9vFlMx+tUW1g1ID3hRZsJjPkCCImVBZMorqRtXM1eYl1caX^M p60mmKj7DXGh6KE4Fnd4rYPGZs/fBEWtoWqI34M2KLfLx2Srw8QMn1gjT3lhygTH^M TG1VkffMY5mbxZuUv1RHc9lhAgMBAAGjgaYwgaMwHwYDVR0jBBgwFoAUK4Bfo2u6^M SW0p6q58dlNCXxOVw30wUQYIKwYBBQUHAQEERTBDMEEGCCsGAQUFBzABhjVodHRw^M Oi8vY3NxYTEuaWRtLmxhYi5lbmcucmR1LnJlZGhhdC5jb206MzEwODAvY2Evb2Nz^M cDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwME^M MA0GCSqGSIb3DQEBDQUAA4IBAQANqT1giWsXRgZTikEAhoNuDtI/3JJol8EIT515^M BX7T0F9h7MhV3un4InXjLH3dz/DYporkSNnFc/vj/jIn1s6+5M5qS5kb9Dtm1hcz^M Y2TdMdeXk5zR/Vjlz7FCpMs75Zepozmlyo6vjs4zZb0bu1ESB5++iRBpa8Vin3yv^M hTHokz2fWzeFcTyzO/CrBzUE/FEZ+1qMXHQzhEp8LAKluOEDVJIhI4q0s8k/HgB6^M cFElkiG2SBzHf0Tdt3vjMd1NzV/OMPYhS0867AKJa7jfwS8nStD5toNxiAdLyL+V^M o1JlodHf7L69WzFnPtYzcS1Ej5cv77xNJ43z94lCqcNvximv^M -----END CERTIFICATE-----] role configuration parameter(s) change 0.http-bio-31443-exec-25 - [11/Apr/2018:14:50:56 EDT] [14] [6] [AuditEvent=AUDIT_LOG_SIGNING][SubjectID=$System$][Outcome=Success] signature of audit buffer just flushed: sig: EnvUJBvTSjCLnnXPHy8ImYHU8dRWiXH8pi+GUIu5Xp2XQ5BTuV2rIysNGUSfZwBKCJKa/hvhGvYh+toyk1ZU1pJHzOFsJZ0Vjxsm9fGH+5sUWMLLbCT/kJTmko2MxDQxY0o/dBt7PSACoArNFZvEZa8711up6Ds55V7dMxDgI27vR02hldW6FjQAMK9roi0xrJDh3DgfpaO33L7My+BxrIcH2TSLKHdCfoIveDLMJx2VY7grhkP/qD40etMk50oVKM0dgYFWcBd9EytDWigGaa/HgED2pxpUaZUtZaHmDzc7ouZwBJa9PeZ5XbZxSnRr1gvU6HQichgMEy5hpctiNA== 0.http-bio-31443-exec-25 - [11/Apr/2018:14:50:56 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=10.12.28.1][ServerIP=10.12.28.1][SubjectID=CN=PKI Administrator,E=example@redhat.com,OU=rhcs93-TMS-SubCA-aakkiang,O=Example-SubCA][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated 0./var/lib/pki/rhcs93-TMS-SubCA-aakkiang/logs/ca/signedAudit/ca_audit.flush-4 - [11/Apr/2018:14:51:00 EDT] [14] [6] [AuditEvent=AUDIT_LOG_SIGNING][SubjectID=$System$][Outcome=Success] signature of audit buffer just flushed: sig: dG5jAYj9TVNWhzFn2squJ0MC5o/9az62IG2ZycYAZXogB3jNm3oY94VxyV1PkbMwp9IcQ7qD/nQ/92aoGqLllOqWK+uQutKF+qgO1V9no/P2dQMMa4229GgYZ+b40WCSrtKfzaOWRW5vp3G4BXaEUecW79LD7jiwqmpRbm3i1ih7cumTY/8DuE5aWQKuHM6SKCyhL9/m2iUnEB4JG64uMwR8rlI4IWPlpwzgyYl+naSmJWCSBn5FUIH3Rm3A28tMaiUi/X5U+Yqz6zNAgdmVos5XNtXqAJazgtTtFSzqkpqauISMDKxV3ym+YRSCEPQl613rsKPGh+ryMoP1nzMT1w== 2. $ AuditVerify -d . -n "CA Audit Signing Certificate" -a audit.txt Enter password for NSS FIPS 140-2 User Private Key ====== File: ca_audit ====== Line 1964: VERIFICATION FAILED: signature of ca_audit:1940 to ca_audit:1963 Line 1997: VERIFICATION FAILED: signature of ca_audit:1973 to ca_audit:1996 Line 2044: VERIFICATION FAILED: signature of ca_audit:2020 to ca_audit:2043 Line 2793: VERIFICATION FAILED: signature of ca_audit:2769 to ca_audit:2792 Verification process complete. Valid signatures: 817 Invalid signatures: 4
Actual results:
AuditVerify tool got confused due to the line breaks and failed.
Expected results:
AuditVerify should be successful.
Metadata Update from @mharmsen: - Custom field component adjusted to None - Custom field feature adjusted to None - Custom field origin adjusted to None - Custom field proposedmilestone adjusted to None - Custom field proposedpriority adjusted to None - Custom field reviewer adjusted to None - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1572432 - Custom field type adjusted to None - Custom field version adjusted to None
Per 10.5.x/10.6 Triage: 10.5
Metadata Update from @cfu: - Issue assigned to cfu (was: edewata)
https://review.gerrithub.io/c/dogtagpki/pki/+/416765
commit e3c0a58596d969d0fe4a25b8ad087bc3f1cf1462 (HEAD -> master, origin/master, origin/HEAD) Author: Christina Fu cfu@cfu-fedora.usersys.redhat.com Date: Mon Jun 25 18:38:20 2018 -0700
Ticket 3003 AuditVerify failure due to line breaks This patch normalizes the CONFIG_ROLE audit event params to eliminate line breaks in audit entry from running pki ca-user-cert-add which would cause AuditVerify to fail. (note: adding user cert via the java console does not have such issue) fixes https://pagure.io/dogtagpki/issue/3003 Change-Id: Iac60089349e78755ff94ce3231ee294ce8668f72
Metadata Update from @cfu: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @mharmsen: - Custom field fixedinversion adjusted to pki-core-10.5.10-1.fc27 - Issue set to the milestone: 10.5.10 (was: 10.5)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/3121
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.