Re: [Pki-devel] [PATCH] 0054 Lightweight CAs: add audit events

This patch needs to be rebased. Tt was possible, however, to review the contents. In general, everything looks good. It would be be useful though, to be able to distinguish the many failure cases. For instance -- try { ca.modifyAuthority(data.getEnabled(), data.getDescription()); + audit(ILogger.SUCCESS, OpDef.OP_MODIFY, ca.getAuthorityID().toString(), auditParams); return createOKResponse(readAuthorityData(ca)); } catch (CATypeException e) { + audit(ILogger.FAILURE, OpDef.OP_MODIFY, ca.getAuthorityID().toString(), auditParams); throw new ForbiddenException(e.toString()); } catch (IssuerUnavailableException e) { + audit(ILogger.FAILURE, OpDef.OP_MODIFY, ca.getAuthorityID().toString(), auditParams); throw new ConflictingOperationException(e.toString()); } catch (EBaseException e) { CMS.debug(e); + audit(ILogger.FAILURE, OpDef.OP_MODIFY, ca.getAuthorityID().toString(), auditParams); throw new PKIException("Error modifying authority: " + e.toString()); } It would be nice to be able to determine if the modify failed because of permissions or otherwise. Can we add the exception error message to the auditParams? Ade On Mon, 2015-11-02 at 17:14 +1000, Fraser Tweedale wrote: