Previous Contents DocHome Index Next |
iPlanet Trustbase Transaction Manager 2.2.1 Developer Guide |
Chapter 7 Identrus logging
The Identrus Transaction Coordinator specifications identify two specific logging actions, these being:
Logging of all messages sent and received by the Transaction Coordinator (Raw logging)
Overview
The iPlanet Trustbase Transaction Manager fulfils both of these requirements as a default action of processing an Identrus message. The data is stored within the RDBMS specified at installation time, and the tables are available for developers via standard JDBC to provide services that use this information.The following sections define the tables stored in the RDBMS and identify the relationships between each table. The iPlanet Trustbase Transaction Manager will utilise all of the tables described below for all Identrus messages; there should be no requirement for a developer to write to any of these tables.
Connection information
The SSL proxy and the SMTP mail listener both log data about the connections made through them. Table 7-1 provides the column definitions for the SSL Proxy:
Table 7-1    SSL Connection
ssl_connection table
The time at which the connection was made, this is an ORACLE DateTime field
Integer value indicating if the connection failed - a value of 1 indicates a failure.
The tables below provide the column definitions for the SMTP/SMIME connection logs: Data in Table 7-2 is extracted from the SMIME v2 signature body part on the message.
Table 7-2    SMIME Transport
smime_transport table
Provides a link back to the smtp_message table
The issuer_dn of the certificate that was used to verify the message
The serial number of the certificate used to verify the message.
Table 7-3    SMTP Connection
smtp_connection table
Provides a link back to the smtp_message table
Table 7-4    SMTP Message
smtp_message table
The ssl_connection and smtp_message tables both have connection_id fields that are passed to the iPlanet Trustbase Transaction Manager running in the application server. This connection_id is stored within the Raw Log table allowing queries that link the originator information with the actual requests made.
Table 7-5    OCSP
ocsp_data table
The URL to which the request was submitted to or the response was received from
Raw log tables
The default presentation handlers for Identrus messages record the following data for each message that is sent or received:
Table 7-6    Raw log
raw_data table
The DOCTYPE of the message. e.g. CSCRequest, PingRequest etc.
The connection id to link this record to the SSL or SMIME connection logs.
The protocol over which the message arrived. e.g. HTTP or SMTP
Was this message inbound to the iPlanet Trustbase Transaction Manager or outbound? A value of 1 indicates it was incoming.
An integer which represents the UNIX time at which the record was logged.
The Identrus Message XML, without the CertBundle fields. The certificates from the bundle are logged separately in the cert_data table.
An RSA signature of this record and data from the previous record.
The issuer DN of the certificate used to verify the signature
The serial number of the certificate used to verify the signature.
In order to reduce the volume of data logged with each Identrus message the certificates contained with the message header are stripped out and stored in a certificate table. If the iPlanet Trustbase Transaction Manager has already logged a particular certificate in the table it will not be logged again. The information stored within the table is:
Table 7-7    Certdata
cert_data table
The issuer distinguished name of the certificate, RFC 2253 format string.
This data is designed to be tamper evident, and services should under no circumstances modify data within the Raw Log or Tamper tables. The tamper checking is achieved by producing a continuous hash that is stored with each record, and the current hash is stored within a signed record within a separate tamper table. The Tamper table fields are not described here, see the Installation and Configuration Guide for information on how to check the tamper status of records in the raw log.
Billing records
Billing records are a sub-set of the information within the raw message log that provides sufficient information to determine who made each transaction. These tables are designed for used by third party tools that generate the actual Bill for the customer. The definitions for the bill table columns are as follows:
Table 7-8    Bill data
Previous Contents DocHome Index Next
Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.
Last Updated April 19, 2001