Merge branch 'snapshot/3.1.x' into nightlybuild

# Conflicts: # moaSig/build.gradle # moaSig/common/build.gradle # moaSig/moa-asic/build.gradle # moaSig/moa-sig-lib/build.gradle # moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java # moaSig/moa-sig/build.gradle
author: Thomas <> 2023-01-25 07:24:35 +0100
committer: Thomas <> 2023-01-25 07:24:35 +0100
commit: a9582ca0832254241ab25aefaf434df4c6b66683 (patch)
tree: 7a0198515b80b69c065e1568cac5129a3c4e6eeb /moaSig/moa-sig-lib/src/main/java
parent: 11041becfdb6f55c11ad4a8ba3832559fcb34527 (diff)
parent: 1988be4a03eb212261f190df16e9b657a101f8ba (diff)
download: moa-sig-a9582ca0832254241ab25aefaf434df4c6b66683.tar.gz
moa-sig-a9582ca0832254241ab25aefaf434df4c6b66683.tar.bz2
moa-sig-a9582ca0832254241ab25aefaf434df4c6b66683.zip
2 files changed, 86 insertions, 13 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
index 3472419..55e9ad7 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
@@ -44,6 +44,8 @@ import at.gv.egovernment.moa.spss.util.SecProviderUtils;
 import at.gv.egovernment.moaspss.logging.LogMsg;
 import at.gv.egovernment.moaspss.logging.Logger;
 import iaik.logging.LogFactory;
+import iaik.pki.PKIException;
+import iaik.pki.PKIFactory;
 import iaik.pki.store.revocation.RevocationFactory;
 import iaik.pki.store.revocation.RevocationSourceStore;
 import iaik.pki.store.truststore.TrustStoreFactory;
@@ -52,6 +54,8 @@ import iaik.server.Configurator;
 import iaik.server.modules.keys.KeyEntryID;
 import iaik.server.modules.keys.KeyModule;
 import iaik.server.modules.keys.KeyModuleFactory;
+import iaik.servertools.PublicAuthorityIdentifier;
+import iaik.x509.X509Extensions;
 
 /**
  * A class responsible for configuring the IAIK MOA modules.
@@ -59,7 +63,7 @@ import iaik.server.modules.keys.KeyModuleFactory;
  * @author Patrick Peck
  * @version $Id$
  */
-public class IaikConfigurator {
+public class IaikConfigurator extends Configurator {
 
   private static final org.slf4j.Logger logger = LoggerFactory.getLogger(IaikConfigurator.class);
 
@@ -89,17 +93,12 @@ public class IaikConfigurator {
 
       LogFactory.configure(configData.getLoggerConfig());
 
-      try {
-        iaik.pki.Configurator.initCommon(configData.getLoggerConfig(),
-            transId);
-        // SecProviderUtils.dumpSecProviders("initCommon");
-        final String certStoreRoot = moaConfig.getCertStoreLocation();
-        CertStoreConverter.convert(certStoreRoot, transId);
-      } finally {
-        // Security.removeProvider(ECCelerate.getInstance().getName());
-      }
-
-      Configurator.init(configData, transId);
+      
+      // initialize PKI commons
+      initializePkiCommons(moaConfig, transId, configData);
+      
+      // initialze IAIK MOA
+      customIaikInit(configData, transId);
 
       SecProviderUtils.dumpSecProviders("Fully configured!");
 
@@ -125,6 +124,52 @@ public class IaikConfigurator {
     }
   }
 
+  public static void customIaikInit(ConfigurationData config, TransactionId transactionId) throws ConfigurationException, iaik.server.ConfigurationException {
+    if (config == null) {
+      throw new NullPointerException("Config data must not be null");
+    } else {
+      logger.trace("Setting up IAIK-MOA crypto backend ... ");
+      
+      initXSect(LogFactory.getLog("init-xsect"), transactionId);            
+      X509Extensions.register(PublicAuthorityIdentifier.oid, PublicAuthorityIdentifier.class);
+      
+      // initialize PKI module only if it is not done yet
+      if (!PKIFactory.getInstance().isAlreadyConfigured()) {
+        initPkiModule(config.getPKIConfiguration(), transactionId);
+        
+      } else {
+        logger.trace("IAIK PKI-module is still configurated");
+        
+      }
+      
+      
+      initCryptoModule(config.getCryptoModuleConfigurations(), transactionId);
+      initKeyModule(config.getKeyModuleConfigurations(), transactionId);
+    }
+  }
+  
+  
+  private static void initializePkiCommons(ConfigurationProvider moaConfig, TransactionId transId, ConfigurationData configData) throws PKIException {
+    if (!iaik.pki.Configurator.isInitialized()) {
+      logger.info("Initializing IAIK PKI-Commons ... ");
+      try {
+        iaik.pki.Configurator.initCommon(configData.getLoggerConfig(),
+            transId);
+        
+        final String certStoreRoot = moaConfig.getCertStoreLocation();
+        CertStoreConverter.convert(certStoreRoot, transId);
+        
+      } finally {
+        // Security.removeProvider(ECCelerate.getInstance().getName());
+      }      
+      
+    } else {
+      logger.trace("IAIK PKI-Commons already initialized");
+      
+    }
+        
+  }
+
   private static void logException(Throwable e) {
     final StringWriter out = new StringWriter();
     final PrintWriter writer = new PrintWriter(out);
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java
index 84dc8bf..2ddb783 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java
@@ -24,11 +24,14 @@
 package at.gv.egovernment.moa.spss.server.logging;
 
 import java.util.ArrayList;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 import java.util.stream.IntStream;
+import java.util.stream.Stream;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -50,12 +53,30 @@ public class IaikLog implements iaik.logging.Log {
   /** The node ID to use. */
   private String nodeId;
 
+  private static final Set<String> LOGLEVEL_INFO_RECLASSIFICATION = Stream.of(
+      "Max. cert info store size exceeded, consider using a larger certinfostore.")
+      .collect(Collectors.toCollection(HashSet::new));
+  
+  
   public static final String X509_INFO_CLEARING_PATTERN = "(?!serialNumber)(=)(.*?)(,|\"|$)";
   
   private static Pattern multilinePattern;
   private static List<String> maskPatterns = new ArrayList<>();
   
   /**
+   * Add log message that should be logged on INFO level instead of WARN.
+   * 
+   * <p>IAIK-MOA and some other IAIK libs sometimes log on level WARN but it's only an info. 
+   * However, log level WARN can trigger wrong alerts in monitoring systems.</p>
+   * 
+   * @param msg
+   */
+  public static void addLogMsgForReclassification(String msg) {    
+    LOGLEVEL_INFO_RECLASSIFICATION.add(msg);
+    
+  }
+  
+  /**
    * Add masking pattern into logger.
    * 
    * @param maskPattern
@@ -130,7 +151,14 @@ public class IaikLog implements iaik.logging.Log {
     Object blankedMsg = log.isTraceEnabled() ? message : maskMessage(message);
     final IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, blankedMsg);
 
-    log.warn(msg.toString(), t);
+    // log some messages on INFO. That's a work-around for suboptimal levels in third-party libs.
+    if (LOGLEVEL_INFO_RECLASSIFICATION.contains(blankedMsg)) {
+      log.info(msg.toString(), t);
+      
+    } else {
+      log.warn(msg.toString(), t);  
+      
+    }        
   }
 
   /**
author	Thomas <>	2023-01-25 07:24:35 +0100
committer	Thomas <>	2023-01-25 07:24:35 +0100
commit	a9582ca0832254241ab25aefaf434df4c6b66683 (patch)
tree	7a0198515b80b69c065e1568cac5129a3c4e6eeb /moaSig/moa-sig-lib/src/main/java
parent	11041becfdb6f55c11ad4a8ba3832559fcb34527 (diff)
parent	1988be4a03eb212261f190df16e9b657a101f8ba (diff)
download	moa-sig-a9582ca0832254241ab25aefaf434df4c6b66683.tar.gz moa-sig-a9582ca0832254241ab25aefaf434df4c6b66683.tar.bz2 moa-sig-a9582ca0832254241ab25aefaf434df4c6b66683.zip