aboutsummaryrefslogtreecommitdiff
path: root/moaSig/moa-sig-lib/src
diff options
context:
space:
mode:
authorThomas <>2023-01-25 07:24:35 +0100
committerThomas <>2023-01-25 07:24:35 +0100
commita9582ca0832254241ab25aefaf434df4c6b66683 (patch)
tree7a0198515b80b69c065e1568cac5129a3c4e6eeb /moaSig/moa-sig-lib/src
parent11041becfdb6f55c11ad4a8ba3832559fcb34527 (diff)
parent1988be4a03eb212261f190df16e9b657a101f8ba (diff)
downloadmoa-sig-a9582ca0832254241ab25aefaf434df4c6b66683.tar.gz
moa-sig-a9582ca0832254241ab25aefaf434df4c6b66683.tar.bz2
moa-sig-a9582ca0832254241ab25aefaf434df4c6b66683.zip
Merge branch 'snapshot/3.1.x' into nightlybuild
# Conflicts: # moaSig/build.gradle # moaSig/common/build.gradle # moaSig/moa-asic/build.gradle # moaSig/moa-sig-lib/build.gradle # moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java # moaSig/moa-sig/build.gradle
Diffstat (limited to 'moaSig/moa-sig-lib/src')
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java69
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java30
-rw-r--r--moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java38
3 files changed, 124 insertions, 13 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
index 3472419..55e9ad7 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
@@ -44,6 +44,8 @@ import at.gv.egovernment.moa.spss.util.SecProviderUtils;
import at.gv.egovernment.moaspss.logging.LogMsg;
import at.gv.egovernment.moaspss.logging.Logger;
import iaik.logging.LogFactory;
+import iaik.pki.PKIException;
+import iaik.pki.PKIFactory;
import iaik.pki.store.revocation.RevocationFactory;
import iaik.pki.store.revocation.RevocationSourceStore;
import iaik.pki.store.truststore.TrustStoreFactory;
@@ -52,6 +54,8 @@ import iaik.server.Configurator;
import iaik.server.modules.keys.KeyEntryID;
import iaik.server.modules.keys.KeyModule;
import iaik.server.modules.keys.KeyModuleFactory;
+import iaik.servertools.PublicAuthorityIdentifier;
+import iaik.x509.X509Extensions;
/**
* A class responsible for configuring the IAIK MOA modules.
@@ -59,7 +63,7 @@ import iaik.server.modules.keys.KeyModuleFactory;
* @author Patrick Peck
* @version $Id$
*/
-public class IaikConfigurator {
+public class IaikConfigurator extends Configurator {
private static final org.slf4j.Logger logger = LoggerFactory.getLogger(IaikConfigurator.class);
@@ -89,17 +93,12 @@ public class IaikConfigurator {
LogFactory.configure(configData.getLoggerConfig());
- try {
- iaik.pki.Configurator.initCommon(configData.getLoggerConfig(),
- transId);
- // SecProviderUtils.dumpSecProviders("initCommon");
- final String certStoreRoot = moaConfig.getCertStoreLocation();
- CertStoreConverter.convert(certStoreRoot, transId);
- } finally {
- // Security.removeProvider(ECCelerate.getInstance().getName());
- }
-
- Configurator.init(configData, transId);
+
+ // initialize PKI commons
+ initializePkiCommons(moaConfig, transId, configData);
+
+ // initialze IAIK MOA
+ customIaikInit(configData, transId);
SecProviderUtils.dumpSecProviders("Fully configured!");
@@ -125,6 +124,52 @@ public class IaikConfigurator {
}
}
+ public static void customIaikInit(ConfigurationData config, TransactionId transactionId) throws ConfigurationException, iaik.server.ConfigurationException {
+ if (config == null) {
+ throw new NullPointerException("Config data must not be null");
+ } else {
+ logger.trace("Setting up IAIK-MOA crypto backend ... ");
+
+ initXSect(LogFactory.getLog("init-xsect"), transactionId);
+ X509Extensions.register(PublicAuthorityIdentifier.oid, PublicAuthorityIdentifier.class);
+
+ // initialize PKI module only if it is not done yet
+ if (!PKIFactory.getInstance().isAlreadyConfigured()) {
+ initPkiModule(config.getPKIConfiguration(), transactionId);
+
+ } else {
+ logger.trace("IAIK PKI-module is still configurated");
+
+ }
+
+
+ initCryptoModule(config.getCryptoModuleConfigurations(), transactionId);
+ initKeyModule(config.getKeyModuleConfigurations(), transactionId);
+ }
+ }
+
+
+ private static void initializePkiCommons(ConfigurationProvider moaConfig, TransactionId transId, ConfigurationData configData) throws PKIException {
+ if (!iaik.pki.Configurator.isInitialized()) {
+ logger.info("Initializing IAIK PKI-Commons ... ");
+ try {
+ iaik.pki.Configurator.initCommon(configData.getLoggerConfig(),
+ transId);
+
+ final String certStoreRoot = moaConfig.getCertStoreLocation();
+ CertStoreConverter.convert(certStoreRoot, transId);
+
+ } finally {
+ // Security.removeProvider(ECCelerate.getInstance().getName());
+ }
+
+ } else {
+ logger.trace("IAIK PKI-Commons already initialized");
+
+ }
+
+ }
+
private static void logException(Throwable e) {
final StringWriter out = new StringWriter();
final PrintWriter writer = new PrintWriter(out);
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java
index 84dc8bf..2ddb783 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java
@@ -24,11 +24,14 @@
package at.gv.egovernment.moa.spss.server.logging;
import java.util.ArrayList;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.IntStream;
+import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -50,12 +53,30 @@ public class IaikLog implements iaik.logging.Log {
/** The node ID to use. */
private String nodeId;
+ private static final Set<String> LOGLEVEL_INFO_RECLASSIFICATION = Stream.of(
+ "Max. cert info store size exceeded, consider using a larger certinfostore.")
+ .collect(Collectors.toCollection(HashSet::new));
+
+
public static final String X509_INFO_CLEARING_PATTERN = "(?!serialNumber)(=)(.*?)(,|\"|$)";
private static Pattern multilinePattern;
private static List<String> maskPatterns = new ArrayList<>();
/**
+ * Add log message that should be logged on INFO level instead of WARN.
+ *
+ * <p>IAIK-MOA and some other IAIK libs sometimes log on level WARN but it's only an info.
+ * However, log level WARN can trigger wrong alerts in monitoring systems.</p>
+ *
+ * @param msg
+ */
+ public static void addLogMsgForReclassification(String msg) {
+ LOGLEVEL_INFO_RECLASSIFICATION.add(msg);
+
+ }
+
+ /**
* Add masking pattern into logger.
*
* @param maskPattern
@@ -130,7 +151,14 @@ public class IaikLog implements iaik.logging.Log {
Object blankedMsg = log.isTraceEnabled() ? message : maskMessage(message);
final IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, blankedMsg);
- log.warn(msg.toString(), t);
+ // log some messages on INFO. That's a work-around for suboptimal levels in third-party libs.
+ if (LOGLEVEL_INFO_RECLASSIFICATION.contains(blankedMsg)) {
+ log.info(msg.toString(), t);
+
+ } else {
+ log.warn(msg.toString(), t);
+
+ }
}
/**
diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java
index b3bf0e8..da8a8aa 100644
--- a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java
@@ -171,7 +171,45 @@ public class IaikLoggerMaskingTest {
}
+ @Test
+ public void noMsgReclassification() {
+ String msg = RandomStringUtils.randomAlphanumeric(25);
+
+ //test
+ log.warn(transId, msg, null);
+
+ //verify log
+ assertTrue("Log Msg on Level WARN", verifyMsgOnLevel(Level.WARN, msg));
+
+ }
+ @Test
+ public void msgReclassification() {
+ String msg1 = "Max. cert info store size exceeded, consider using a larger certinfostore.";
+ String msg2 = "my new test mgs";
+ IaikLog.addLogMsgForReclassification(msg2);
+
+ //test
+ log.warn(transId, msg1, null);
+ log.warn(transId, msg2, null);
+
+ //verify log
+ assertFalse("Log Msg on wrong", verifyMsgOnLevel(Level.WARN, msg1));
+ assertTrue("Log Msg on wrong", verifyMsgOnLevel(Level.INFO, msg1));
+
+ assertFalse("Log Msg on wrong", verifyMsgOnLevel(Level.WARN, msg2));
+ assertTrue("Log Msg on wrong", verifyMsgOnLevel(Level.INFO, msg2));
+
+ }
+
+ private boolean verifyMsgOnLevel(Level level, String msg) {
+ return memoryAppender.getLoggedEvents().stream()
+ .filter(el -> el.getLevel().equals(level))
+ .filter(el -> el.getMessage().contains(msg))
+ .findFirst()
+ .isPresent();
+ }
+
private void verifyLogMessge(List<String> checks) {
assertEquals("no log", 1, memoryAppender.getSize());
checks.stream().forEach(