diff options
author | Thomas <> | 2023-01-25 07:24:35 +0100 |
---|---|---|
committer | Thomas <> | 2023-01-25 07:24:35 +0100 |
commit | a9582ca0832254241ab25aefaf434df4c6b66683 (patch) | |
tree | 7a0198515b80b69c065e1568cac5129a3c4e6eeb /moaSig/moa-sig-lib/src | |
parent | 11041becfdb6f55c11ad4a8ba3832559fcb34527 (diff) | |
parent | 1988be4a03eb212261f190df16e9b657a101f8ba (diff) | |
download | moa-sig-a9582ca0832254241ab25aefaf434df4c6b66683.tar.gz moa-sig-a9582ca0832254241ab25aefaf434df4c6b66683.tar.bz2 moa-sig-a9582ca0832254241ab25aefaf434df4c6b66683.zip |
Merge branch 'snapshot/3.1.x' into nightlybuild
# Conflicts:
# moaSig/build.gradle
# moaSig/common/build.gradle
# moaSig/moa-asic/build.gradle
# moaSig/moa-sig-lib/build.gradle
# moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
# moaSig/moa-sig/build.gradle
Diffstat (limited to 'moaSig/moa-sig-lib/src')
3 files changed, 124 insertions, 13 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java index 3472419..55e9ad7 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java @@ -44,6 +44,8 @@ import at.gv.egovernment.moa.spss.util.SecProviderUtils; import at.gv.egovernment.moaspss.logging.LogMsg; import at.gv.egovernment.moaspss.logging.Logger; import iaik.logging.LogFactory; +import iaik.pki.PKIException; +import iaik.pki.PKIFactory; import iaik.pki.store.revocation.RevocationFactory; import iaik.pki.store.revocation.RevocationSourceStore; import iaik.pki.store.truststore.TrustStoreFactory; @@ -52,6 +54,8 @@ import iaik.server.Configurator; import iaik.server.modules.keys.KeyEntryID; import iaik.server.modules.keys.KeyModule; import iaik.server.modules.keys.KeyModuleFactory; +import iaik.servertools.PublicAuthorityIdentifier; +import iaik.x509.X509Extensions; /** * A class responsible for configuring the IAIK MOA modules. @@ -59,7 +63,7 @@ import iaik.server.modules.keys.KeyModuleFactory; * @author Patrick Peck * @version $Id$ */ -public class IaikConfigurator { +public class IaikConfigurator extends Configurator { private static final org.slf4j.Logger logger = LoggerFactory.getLogger(IaikConfigurator.class); @@ -89,17 +93,12 @@ public class IaikConfigurator { LogFactory.configure(configData.getLoggerConfig()); - try { - iaik.pki.Configurator.initCommon(configData.getLoggerConfig(), - transId); - // SecProviderUtils.dumpSecProviders("initCommon"); - final String certStoreRoot = moaConfig.getCertStoreLocation(); - CertStoreConverter.convert(certStoreRoot, transId); - } finally { - // Security.removeProvider(ECCelerate.getInstance().getName()); - } - - Configurator.init(configData, transId); + + // initialize PKI commons + initializePkiCommons(moaConfig, transId, configData); + + // initialze IAIK MOA + customIaikInit(configData, transId); SecProviderUtils.dumpSecProviders("Fully configured!"); @@ -125,6 +124,52 @@ public class IaikConfigurator { } } + public static void customIaikInit(ConfigurationData config, TransactionId transactionId) throws ConfigurationException, iaik.server.ConfigurationException { + if (config == null) { + throw new NullPointerException("Config data must not be null"); + } else { + logger.trace("Setting up IAIK-MOA crypto backend ... "); + + initXSect(LogFactory.getLog("init-xsect"), transactionId); + X509Extensions.register(PublicAuthorityIdentifier.oid, PublicAuthorityIdentifier.class); + + // initialize PKI module only if it is not done yet + if (!PKIFactory.getInstance().isAlreadyConfigured()) { + initPkiModule(config.getPKIConfiguration(), transactionId); + + } else { + logger.trace("IAIK PKI-module is still configurated"); + + } + + + initCryptoModule(config.getCryptoModuleConfigurations(), transactionId); + initKeyModule(config.getKeyModuleConfigurations(), transactionId); + } + } + + + private static void initializePkiCommons(ConfigurationProvider moaConfig, TransactionId transId, ConfigurationData configData) throws PKIException { + if (!iaik.pki.Configurator.isInitialized()) { + logger.info("Initializing IAIK PKI-Commons ... "); + try { + iaik.pki.Configurator.initCommon(configData.getLoggerConfig(), + transId); + + final String certStoreRoot = moaConfig.getCertStoreLocation(); + CertStoreConverter.convert(certStoreRoot, transId); + + } finally { + // Security.removeProvider(ECCelerate.getInstance().getName()); + } + + } else { + logger.trace("IAIK PKI-Commons already initialized"); + + } + + } + private static void logException(Throwable e) { final StringWriter out = new StringWriter(); final PrintWriter writer = new PrintWriter(out); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java index 84dc8bf..2ddb783 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java @@ -24,11 +24,14 @@ package at.gv.egovernment.moa.spss.server.logging; import java.util.ArrayList; +import java.util.HashSet; import java.util.List; +import java.util.Set; import java.util.regex.Matcher; import java.util.regex.Pattern; import java.util.stream.Collectors; import java.util.stream.IntStream; +import java.util.stream.Stream; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -50,12 +53,30 @@ public class IaikLog implements iaik.logging.Log { /** The node ID to use. */ private String nodeId; + private static final Set<String> LOGLEVEL_INFO_RECLASSIFICATION = Stream.of( + "Max. cert info store size exceeded, consider using a larger certinfostore.") + .collect(Collectors.toCollection(HashSet::new)); + + public static final String X509_INFO_CLEARING_PATTERN = "(?!serialNumber)(=)(.*?)(,|\"|$)"; private static Pattern multilinePattern; private static List<String> maskPatterns = new ArrayList<>(); /** + * Add log message that should be logged on INFO level instead of WARN. + * + * <p>IAIK-MOA and some other IAIK libs sometimes log on level WARN but it's only an info. + * However, log level WARN can trigger wrong alerts in monitoring systems.</p> + * + * @param msg + */ + public static void addLogMsgForReclassification(String msg) { + LOGLEVEL_INFO_RECLASSIFICATION.add(msg); + + } + + /** * Add masking pattern into logger. * * @param maskPattern @@ -130,7 +151,14 @@ public class IaikLog implements iaik.logging.Log { Object blankedMsg = log.isTraceEnabled() ? message : maskMessage(message); final IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, blankedMsg); - log.warn(msg.toString(), t); + // log some messages on INFO. That's a work-around for suboptimal levels in third-party libs. + if (LOGLEVEL_INFO_RECLASSIFICATION.contains(blankedMsg)) { + log.info(msg.toString(), t); + + } else { + log.warn(msg.toString(), t); + + } } /** diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java index b3bf0e8..da8a8aa 100644 --- a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java +++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java @@ -171,7 +171,45 @@ public class IaikLoggerMaskingTest { } + @Test + public void noMsgReclassification() { + String msg = RandomStringUtils.randomAlphanumeric(25); + + //test + log.warn(transId, msg, null); + + //verify log + assertTrue("Log Msg on Level WARN", verifyMsgOnLevel(Level.WARN, msg)); + + } + @Test + public void msgReclassification() { + String msg1 = "Max. cert info store size exceeded, consider using a larger certinfostore."; + String msg2 = "my new test mgs"; + IaikLog.addLogMsgForReclassification(msg2); + + //test + log.warn(transId, msg1, null); + log.warn(transId, msg2, null); + + //verify log + assertFalse("Log Msg on wrong", verifyMsgOnLevel(Level.WARN, msg1)); + assertTrue("Log Msg on wrong", verifyMsgOnLevel(Level.INFO, msg1)); + + assertFalse("Log Msg on wrong", verifyMsgOnLevel(Level.WARN, msg2)); + assertTrue("Log Msg on wrong", verifyMsgOnLevel(Level.INFO, msg2)); + + } + + private boolean verifyMsgOnLevel(Level level, String msg) { + return memoryAppender.getLoggedEvents().stream() + .filter(el -> el.getLevel().equals(level)) + .filter(el -> el.getMessage().contains(msg)) + .findFirst() + .isPresent(); + } + private void verifyLogMessge(List<String> checks) { assertEquals("no log", 1, memoryAppender.getSize()); checks.stream().forEach( |