/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License, Version 1.0 only * (the "License"). You may not use this file except in compliance * with the License. * * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt * or http://forgerock.org/license/CDDLv1.0.html. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at legal-notices/CDDLv1_0.txt. * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: * Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END * * * Copyright 2015 ForgeRock AS */ package org.opends.server.loggers; import static org.opends.messages.LoggerMessages.*; import static org.opends.server.util.StaticUtils.getFileForPath; import static org.opends.server.util.StaticUtils.stackTraceToSingleLineString; import java.io.File; import java.io.IOException; import java.nio.file.Files; import java.util.List; import org.forgerock.i18n.LocalizableMessage; import org.forgerock.i18n.LocalizableMessageDescriptor; import org.forgerock.opendj.config.server.ConfigChangeResult; import org.opends.server.admin.server.ConfigurationChangeListener; import org.opends.server.admin.std.server.CsvFileAccessLogPublisherCfg; import org.opends.server.types.DN; /** * Common Audit publisher which publishes access events to CSV files. */ final class CsvFileAccessLogPublisher extends CommonAuditAccessLogPublisher implements ConfigurationChangeListener { @Override boolean shouldLogControlOids() { return getConfig().isLogControlOids(); } @Override public ConfigChangeResult applyConfigurationChange(final CsvFileAccessLogPublisherCfg config) { setConfig(config); return new ConfigChangeResult(); } @Override public boolean isConfigurationAcceptable(final CsvFileAccessLogPublisherCfg configuration, final List unacceptableReasons) { return super.isConfigurationAcceptable(configuration, unacceptableReasons) && isTamperEvidentConfigurationAcceptable(configuration, unacceptableReasons); } @Override public boolean isConfigurationChangeAcceptable(final CsvFileAccessLogPublisherCfg config, final List unacceptableReasons) { return isTamperEvidentConfigurationAcceptable(config, unacceptableReasons); } private boolean isTamperEvidentConfigurationAcceptable(final CsvFileAccessLogPublisherCfg config, final List unacceptableReasons) { return !config.isTamperEvident() || (isKeyStoreFileAcceptable(config, unacceptableReasons) && isKeyStorePinFileAcceptable(config, unacceptableReasons)); } private boolean isKeyStorePinFileAcceptable( final CsvFileAccessLogPublisherCfg config, final List unacceptableReasons) { return isFileAcceptable(config.getKeyStorePinFile(), config.dn(), ERR_COMMON_AUDIT_KEYSTORE_PIN_FILE_MISSING, ERR_COMMON_AUDIT_KEYSTORE_PIN_FILE_CONTAINS_EMPTY_PIN, ERR_COMMON_AUDIT_ERROR_READING_KEYSTORE_PIN_FILE, unacceptableReasons); } private boolean isKeyStoreFileAcceptable( final CsvFileAccessLogPublisherCfg config, final List unacceptableReasons) { return isFileAcceptable(config.getKeyStoreFile(), config.dn(), ERR_COMMON_AUDIT_KEYSTORE_FILE_MISSING, ERR_COMMON_AUDIT_KEYSTORE_FILE_IS_EMPTY, ERR_COMMON_AUDIT_ERROR_READING_KEYSTORE_FILE, unacceptableReasons); } private boolean isFileAcceptable( final String fileName, final DN dn, final LocalizableMessageDescriptor.Arg2 missingMsg, final LocalizableMessageDescriptor.Arg2 emptyMsg, final LocalizableMessageDescriptor.Arg3 ioErrorMsg, final List unacceptableReasons) { final File file = getFileForPath(fileName); if (!file.isFile()) { unacceptableReasons.add(missingMsg.get(dn, file)); return false; } try { if (Files.size(file.toPath()) == 0) { unacceptableReasons.add(emptyMsg.get(dn, file)); return false; } return true; } catch (IOException e) { unacceptableReasons.add(ioErrorMsg.get(dn, file, stackTraceToSingleLineString(e))); return false; } } }