Merge branch 'snapshot/3.1.x' into nightlybuild

# Conflicts:
#	moaSig/build.gradle
#	moaSig/common/build.gradle
#	moaSig/moa-asic/build.gradle
#	moaSig/moa-sig-lib/build.gradle
#	moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
#	moaSig/moa-sig/build.gradle

10 files changed, 138 insertions, 26 deletions

diff --git a/moaSig/build.gradle b/moaSig/build.gradle
index d5625af..c4e8a3a 100644
--- a/moaSig/build.gradle
+++ b/moaSig/build.gradle
@@ -38,7 +38,7 @@ subprojects {
     dependencies {
         testImplementation 'junit:junit:4.13.2'
     }
-  
+    
     jar { manifest.attributes provider: 'EGIZ', 'Specification-Version': getCheckedOutGitCommitHash(), 'Implementation-Version': project.version  }
 
 	compileJava {
diff --git a/moaSig/common/build.gradle b/moaSig/common/build.gradle
index f91112d..6d90201 100644
--- a/moaSig/common/build.gradle
+++ b/moaSig/common/build.gradle
@@ -4,7 +4,7 @@ dependencies {
 	api 'xerces:xercesImpl:2.12.2'
 	api 'xalan:xalan:2.7.1'
 	api group: 'xalan', name: 'serializer', version: '2.7.1'
-	api 'joda-time:joda-time:2.10.14'
+	api 'joda-time:joda-time:2.11.2'
 	api 'jaxen:jaxen:1.2.0'
 }
 
diff --git a/moaSig/libs/iaik_moa-2.07.jar b/moaSig/libs/iaik_moa-2.07.jar
deleted file mode 100644
index b3436ef..0000000
--- a/moaSig/libs/iaik_moa-2.07.jar
+++ /dev/null
diff --git a/moaSig/libs/iaik_moa-2.08.jar b/moaSig/libs/iaik_moa-2.08.jar
new file mode 100644
index 0000000..a6a1a5e
--- /dev/null
+++ b/moaSig/libs/iaik_moa-2.08.jar
diff --git a/moaSig/moa-asic/build.gradle b/moaSig/moa-asic/build.gradle
index 89a4a6a..1cb1ef5 100644
--- a/moaSig/moa-asic/build.gradle
+++ b/moaSig/moa-asic/build.gradle
@@ -23,6 +23,7 @@ dependencies {
     implementation project(':moa-sig-lib')
 	api 'jakarta.xml.bind:jakarta.xml.bind-api:3.0.1'
 	api 'jakarta.xml.ws:jakarta.xml.ws-api:3.0.1'
+	implementation 'org.apache.logging.log4j:log4j-slf4j-impl:2.19.0'
 
 }
 
diff --git a/moaSig/moa-sig-lib/build.gradle b/moaSig/moa-sig-lib/build.gradle
index af96f6a..3ba7574 100644
--- a/moaSig/moa-sig-lib/build.gradle
+++ b/moaSig/moa-sig-lib/build.gradle
@@ -17,17 +17,17 @@ dependencies {
 	api 'commons-io:commons-io:2.11.0'
 	api 'commons-codec:commons-codec:1.15'
 	api 'org.apache.axis:axis-jaxrpc:1.4'
-	api 'org.xerial:sqlite-jdbc:3.36.0.3'
+	api 'org.xerial:sqlite-jdbc:3.39.3.0'
 	api 'javax.activation:activation:1.1.1'	
 	api 'jakarta.xml.bind:jakarta.xml.bind-api:3.0.1'
 	api 'com.sun.xml.bind:jaxb-core:3.0.2'
 	api 'com.sun.xml.bind:jaxb-impl:3.0.2'
-	api 'org.postgresql:postgresql:42.3.3'		
-	api group: 'org.apache.pdfbox', name: 'pdfbox', version: '2.0.26'
-	api group: 'org.apache.pdfbox', name: 'pdfbox-tools', version: '2.0.26'
-	api group: 'org.apache.pdfbox', name: 'pdfbox-app', version: '2.0.26'
-	api group: 'org.apache.pdfbox', name: 'preflight', version: '2.0.26'
-	api group: 'org.apache.pdfbox', name: 'preflight-app', version: '2.0.26'
+	api 'org.postgresql:postgresql:42.5.0'		
+	api group: 'org.apache.pdfbox', name: 'pdfbox', version: '2.0.27'
+	api group: 'org.apache.pdfbox', name: 'pdfbox-tools', version: '2.0.27'
+	api group: 'org.apache.pdfbox', name: 'pdfbox-app', version: '2.0.27'
+	api group: 'org.apache.pdfbox', name: 'preflight', version: '2.0.27'
+	api group: 'org.apache.pdfbox', name: 'preflight-app', version: '2.0.27'
 	api group: 'org.apache.commons', name: 'commons-lang3', version: '3.12.0'
 	api group: 'org.apache.httpcomponents', name: 'httpclient-cache', version: '4.5.13'
 	api group: 'org.slf4j', name: 'jcl-over-slf4j', version: '1.7.36'
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
index 3472419..55e9ad7 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
@@ -44,6 +44,8 @@ import at.gv.egovernment.moa.spss.util.SecProviderUtils;
 import at.gv.egovernment.moaspss.logging.LogMsg;
 import at.gv.egovernment.moaspss.logging.Logger;
 import iaik.logging.LogFactory;
+import iaik.pki.PKIException;
+import iaik.pki.PKIFactory;
 import iaik.pki.store.revocation.RevocationFactory;
 import iaik.pki.store.revocation.RevocationSourceStore;
 import iaik.pki.store.truststore.TrustStoreFactory;
@@ -52,6 +54,8 @@ import iaik.server.Configurator;
 import iaik.server.modules.keys.KeyEntryID;
 import iaik.server.modules.keys.KeyModule;
 import iaik.server.modules.keys.KeyModuleFactory;
+import iaik.servertools.PublicAuthorityIdentifier;
+import iaik.x509.X509Extensions;
 
 /**
  * A class responsible for configuring the IAIK MOA modules.
@@ -59,7 +63,7 @@ import iaik.server.modules.keys.KeyModuleFactory;
  * @author Patrick Peck
  * @version $Id$
  */
-public class IaikConfigurator {
+public class IaikConfigurator extends Configurator {
 
   private static final org.slf4j.Logger logger = LoggerFactory.getLogger(IaikConfigurator.class);
 
@@ -89,17 +93,12 @@ public class IaikConfigurator {
 
       LogFactory.configure(configData.getLoggerConfig());
 
-      try {
-        iaik.pki.Configurator.initCommon(configData.getLoggerConfig(),
-            transId);
-        // SecProviderUtils.dumpSecProviders("initCommon");
-        final String certStoreRoot = moaConfig.getCertStoreLocation();
-        CertStoreConverter.convert(certStoreRoot, transId);
-      } finally {
-        // Security.removeProvider(ECCelerate.getInstance().getName());
-      }
-
-      Configurator.init(configData, transId);
+      
+      // initialize PKI commons
+      initializePkiCommons(moaConfig, transId, configData);
+      
+      // initialze IAIK MOA
+      customIaikInit(configData, transId);
 
       SecProviderUtils.dumpSecProviders("Fully configured!");
 
@@ -125,6 +124,52 @@ public class IaikConfigurator {
     }
   }
 
+  public static void customIaikInit(ConfigurationData config, TransactionId transactionId) throws ConfigurationException, iaik.server.ConfigurationException {
+    if (config == null) {
+      throw new NullPointerException("Config data must not be null");
+    } else {
+      logger.trace("Setting up IAIK-MOA crypto backend ... ");
+      
+      initXSect(LogFactory.getLog("init-xsect"), transactionId);            
+      X509Extensions.register(PublicAuthorityIdentifier.oid, PublicAuthorityIdentifier.class);
+      
+      // initialize PKI module only if it is not done yet
+      if (!PKIFactory.getInstance().isAlreadyConfigured()) {
+        initPkiModule(config.getPKIConfiguration(), transactionId);
+        
+      } else {
+        logger.trace("IAIK PKI-module is still configurated");
+        
+      }
+      
+      
+      initCryptoModule(config.getCryptoModuleConfigurations(), transactionId);
+      initKeyModule(config.getKeyModuleConfigurations(), transactionId);
+    }
+  }
+  
+  
+  private static void initializePkiCommons(ConfigurationProvider moaConfig, TransactionId transId, ConfigurationData configData) throws PKIException {
+    if (!iaik.pki.Configurator.isInitialized()) {
+      logger.info("Initializing IAIK PKI-Commons ... ");
+      try {
+        iaik.pki.Configurator.initCommon(configData.getLoggerConfig(),
+            transId);
+        
+        final String certStoreRoot = moaConfig.getCertStoreLocation();
+        CertStoreConverter.convert(certStoreRoot, transId);
+        
+      } finally {
+        // Security.removeProvider(ECCelerate.getInstance().getName());
+      }      
+      
+    } else {
+      logger.trace("IAIK PKI-Commons already initialized");
+      
+    }
+        
+  }
+
   private static void logException(Throwable e) {
     final StringWriter out = new StringWriter();
     final PrintWriter writer = new PrintWriter(out);
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java
index 84dc8bf..2ddb783 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java
@@ -24,11 +24,14 @@
 package at.gv.egovernment.moa.spss.server.logging;
 
 import java.util.ArrayList;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 import java.util.stream.IntStream;
+import java.util.stream.Stream;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -50,12 +53,30 @@ public class IaikLog implements iaik.logging.Log {
   /** The node ID to use. */
   private String nodeId;
 
+  private static final Set<String> LOGLEVEL_INFO_RECLASSIFICATION = Stream.of(
+      "Max. cert info store size exceeded, consider using a larger certinfostore.")
+      .collect(Collectors.toCollection(HashSet::new));
+  
+  
   public static final String X509_INFO_CLEARING_PATTERN = "(?!serialNumber)(=)(.*?)(,|\"|$)";
   
   private static Pattern multilinePattern;
   private static List<String> maskPatterns = new ArrayList<>();
   
   /**
+   * Add log message that should be logged on INFO level instead of WARN.
+   * 
+   * <p>IAIK-MOA and some other IAIK libs sometimes log on level WARN but it's only an info. 
+   * However, log level WARN can trigger wrong alerts in monitoring systems.</p>
+   * 
+   * @param msg
+   */
+  public static void addLogMsgForReclassification(String msg) {    
+    LOGLEVEL_INFO_RECLASSIFICATION.add(msg);
+    
+  }
+  
+  /**
    * Add masking pattern into logger.
    * 
    * @param maskPattern
@@ -130,7 +151,14 @@ public class IaikLog implements iaik.logging.Log {
     Object blankedMsg = log.isTraceEnabled() ? message : maskMessage(message);
     final IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, blankedMsg);
 
-    log.warn(msg.toString(), t);
+    // log some messages on INFO. That's a work-around for suboptimal levels in third-party libs.
+    if (LOGLEVEL_INFO_RECLASSIFICATION.contains(blankedMsg)) {
+      log.info(msg.toString(), t);
+      
+    } else {
+      log.warn(msg.toString(), t);  
+      
+    }        
   }
 
   /**
diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java
index b3bf0e8..da8a8aa 100644
--- a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java
@@ -171,7 +171,45 @@ public class IaikLoggerMaskingTest {
     
   }
   
+  @Test
+  public void noMsgReclassification() {
+    String msg = RandomStringUtils.randomAlphanumeric(25);
+    
+    //test
+    log.warn(transId, msg, null);
+        
+    //verify log
+    assertTrue("Log Msg on Level WARN", verifyMsgOnLevel(Level.WARN, msg));
+                
+  }
   
+  @Test
+  public void msgReclassification() {        
+    String msg1 = "Max. cert info store size exceeded, consider using a larger certinfostore.";
+    String msg2 = "my new test mgs";
+    IaikLog.addLogMsgForReclassification(msg2);
+    
+    //test
+    log.warn(transId, msg1, null);
+    log.warn(transId, msg2, null);
+        
+    //verify log
+    assertFalse("Log Msg on wrong", verifyMsgOnLevel(Level.WARN, msg1));
+    assertTrue("Log Msg on wrong", verifyMsgOnLevel(Level.INFO, msg1));
+    
+    assertFalse("Log Msg on wrong", verifyMsgOnLevel(Level.WARN, msg2));
+    assertTrue("Log Msg on wrong", verifyMsgOnLevel(Level.INFO, msg2));
+                
+  }
+  
+  private boolean verifyMsgOnLevel(Level level, String msg) {
+    return memoryAppender.getLoggedEvents().stream()
+        .filter(el -> el.getLevel().equals(level))
+        .filter(el -> el.getMessage().contains(msg))
+        .findFirst()
+        .isPresent();
+  }
+
   private void verifyLogMessge(List<String> checks) {
     assertEquals("no log", 1, memoryAppender.getSize());
     checks.stream().forEach(
diff --git a/moaSig/moa-sig/build.gradle b/moaSig/moa-sig/build.gradle
index b734dcc..821d82e 100644
--- a/moaSig/moa-sig/build.gradle
+++ b/moaSig/moa-sig/build.gradle
@@ -17,16 +17,16 @@ dependencies {
     implementation project(':moa-asic')
 	implementation fileTree(dir: 'libs', include: '*.jar')
 	compileOnly 'javax.servlet:javax.servlet-api:3.1.0'
-	
-	implementation 'commons-discovery:commons-discovery:0.5'	
-	implementation 'org.apache.logging.log4j:log4j-1.2-api:2.17.2'
-	implementation group: 'org.apache.logging.log4j', name: 'log4j-to-slf4j', version: '2.17.2'
+	implementation 'commons-discovery:commons-discovery:0.5'
+	implementation 'org.apache.logging.log4j:log4j-slf4j-impl:2.19.0'
+	implementation 'org.apache.logging.log4j:log4j-1.2-api:2.19.0'
     implementation group: 'javax.jws', name: 'javax.jws-api', version: '1.1'
     implementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.11'
 
 	testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-migrationsupport', version: '5.8.2'
 	testImplementation group: 'org.junit.platform', name: 'junit-platform-engine', version: '1.8.2'
 	testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-engine', version: '5.8.2'
+	testImplementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.3'
 		
 }