diff options
-rw-r--r-- | moaSig/build.gradle | 2 | ||||
-rw-r--r-- | moaSig/common/build.gradle | 2 | ||||
-rw-r--r-- | moaSig/libs/iaik_moa-2.07.jar | bin | 523817 -> 0 bytes | |||
-rw-r--r-- | moaSig/libs/iaik_moa-2.08.jar | bin | 0 -> 526995 bytes | |||
-rw-r--r-- | moaSig/moa-asic/build.gradle | 1 | ||||
-rw-r--r-- | moaSig/moa-sig-lib/build.gradle | 14 | ||||
-rw-r--r-- | moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java | 69 | ||||
-rw-r--r-- | moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java | 30 | ||||
-rw-r--r-- | moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java | 38 | ||||
-rw-r--r-- | moaSig/moa-sig/build.gradle | 8 |
10 files changed, 138 insertions, 26 deletions
diff --git a/moaSig/build.gradle b/moaSig/build.gradle index d5625af..c4e8a3a 100644 --- a/moaSig/build.gradle +++ b/moaSig/build.gradle @@ -38,7 +38,7 @@ subprojects { dependencies { testImplementation 'junit:junit:4.13.2' } - + jar { manifest.attributes provider: 'EGIZ', 'Specification-Version': getCheckedOutGitCommitHash(), 'Implementation-Version': project.version } compileJava { diff --git a/moaSig/common/build.gradle b/moaSig/common/build.gradle index f91112d..6d90201 100644 --- a/moaSig/common/build.gradle +++ b/moaSig/common/build.gradle @@ -4,7 +4,7 @@ dependencies { api 'xerces:xercesImpl:2.12.2' api 'xalan:xalan:2.7.1' api group: 'xalan', name: 'serializer', version: '2.7.1' - api 'joda-time:joda-time:2.10.14' + api 'joda-time:joda-time:2.11.2' api 'jaxen:jaxen:1.2.0' } diff --git a/moaSig/libs/iaik_moa-2.07.jar b/moaSig/libs/iaik_moa-2.07.jar Binary files differdeleted file mode 100644 index b3436ef..0000000 --- a/moaSig/libs/iaik_moa-2.07.jar +++ /dev/null diff --git a/moaSig/libs/iaik_moa-2.08.jar b/moaSig/libs/iaik_moa-2.08.jar Binary files differnew file mode 100644 index 0000000..a6a1a5e --- /dev/null +++ b/moaSig/libs/iaik_moa-2.08.jar diff --git a/moaSig/moa-asic/build.gradle b/moaSig/moa-asic/build.gradle index 89a4a6a..1cb1ef5 100644 --- a/moaSig/moa-asic/build.gradle +++ b/moaSig/moa-asic/build.gradle @@ -23,6 +23,7 @@ dependencies { implementation project(':moa-sig-lib') api 'jakarta.xml.bind:jakarta.xml.bind-api:3.0.1' api 'jakarta.xml.ws:jakarta.xml.ws-api:3.0.1' + implementation 'org.apache.logging.log4j:log4j-slf4j-impl:2.19.0' } diff --git a/moaSig/moa-sig-lib/build.gradle b/moaSig/moa-sig-lib/build.gradle index af96f6a..3ba7574 100644 --- a/moaSig/moa-sig-lib/build.gradle +++ b/moaSig/moa-sig-lib/build.gradle @@ -17,17 +17,17 @@ dependencies { api 'commons-io:commons-io:2.11.0' api 'commons-codec:commons-codec:1.15' api 'org.apache.axis:axis-jaxrpc:1.4' - api 'org.xerial:sqlite-jdbc:3.36.0.3' + api 'org.xerial:sqlite-jdbc:3.39.3.0' api 'javax.activation:activation:1.1.1' api 'jakarta.xml.bind:jakarta.xml.bind-api:3.0.1' api 'com.sun.xml.bind:jaxb-core:3.0.2' api 'com.sun.xml.bind:jaxb-impl:3.0.2' - api 'org.postgresql:postgresql:42.3.3' - api group: 'org.apache.pdfbox', name: 'pdfbox', version: '2.0.26' - api group: 'org.apache.pdfbox', name: 'pdfbox-tools', version: '2.0.26' - api group: 'org.apache.pdfbox', name: 'pdfbox-app', version: '2.0.26' - api group: 'org.apache.pdfbox', name: 'preflight', version: '2.0.26' - api group: 'org.apache.pdfbox', name: 'preflight-app', version: '2.0.26' + api 'org.postgresql:postgresql:42.5.0' + api group: 'org.apache.pdfbox', name: 'pdfbox', version: '2.0.27' + api group: 'org.apache.pdfbox', name: 'pdfbox-tools', version: '2.0.27' + api group: 'org.apache.pdfbox', name: 'pdfbox-app', version: '2.0.27' + api group: 'org.apache.pdfbox', name: 'preflight', version: '2.0.27' + api group: 'org.apache.pdfbox', name: 'preflight-app', version: '2.0.27' api group: 'org.apache.commons', name: 'commons-lang3', version: '3.12.0' api group: 'org.apache.httpcomponents', name: 'httpclient-cache', version: '4.5.13' api group: 'org.slf4j', name: 'jcl-over-slf4j', version: '1.7.36' diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java index 3472419..55e9ad7 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java @@ -44,6 +44,8 @@ import at.gv.egovernment.moa.spss.util.SecProviderUtils; import at.gv.egovernment.moaspss.logging.LogMsg; import at.gv.egovernment.moaspss.logging.Logger; import iaik.logging.LogFactory; +import iaik.pki.PKIException; +import iaik.pki.PKIFactory; import iaik.pki.store.revocation.RevocationFactory; import iaik.pki.store.revocation.RevocationSourceStore; import iaik.pki.store.truststore.TrustStoreFactory; @@ -52,6 +54,8 @@ import iaik.server.Configurator; import iaik.server.modules.keys.KeyEntryID; import iaik.server.modules.keys.KeyModule; import iaik.server.modules.keys.KeyModuleFactory; +import iaik.servertools.PublicAuthorityIdentifier; +import iaik.x509.X509Extensions; /** * A class responsible for configuring the IAIK MOA modules. @@ -59,7 +63,7 @@ import iaik.server.modules.keys.KeyModuleFactory; * @author Patrick Peck * @version $Id$ */ -public class IaikConfigurator { +public class IaikConfigurator extends Configurator { private static final org.slf4j.Logger logger = LoggerFactory.getLogger(IaikConfigurator.class); @@ -89,17 +93,12 @@ public class IaikConfigurator { LogFactory.configure(configData.getLoggerConfig()); - try { - iaik.pki.Configurator.initCommon(configData.getLoggerConfig(), - transId); - // SecProviderUtils.dumpSecProviders("initCommon"); - final String certStoreRoot = moaConfig.getCertStoreLocation(); - CertStoreConverter.convert(certStoreRoot, transId); - } finally { - // Security.removeProvider(ECCelerate.getInstance().getName()); - } - - Configurator.init(configData, transId); + + // initialize PKI commons + initializePkiCommons(moaConfig, transId, configData); + + // initialze IAIK MOA + customIaikInit(configData, transId); SecProviderUtils.dumpSecProviders("Fully configured!"); @@ -125,6 +124,52 @@ public class IaikConfigurator { } } + public static void customIaikInit(ConfigurationData config, TransactionId transactionId) throws ConfigurationException, iaik.server.ConfigurationException { + if (config == null) { + throw new NullPointerException("Config data must not be null"); + } else { + logger.trace("Setting up IAIK-MOA crypto backend ... "); + + initXSect(LogFactory.getLog("init-xsect"), transactionId); + X509Extensions.register(PublicAuthorityIdentifier.oid, PublicAuthorityIdentifier.class); + + // initialize PKI module only if it is not done yet + if (!PKIFactory.getInstance().isAlreadyConfigured()) { + initPkiModule(config.getPKIConfiguration(), transactionId); + + } else { + logger.trace("IAIK PKI-module is still configurated"); + + } + + + initCryptoModule(config.getCryptoModuleConfigurations(), transactionId); + initKeyModule(config.getKeyModuleConfigurations(), transactionId); + } + } + + + private static void initializePkiCommons(ConfigurationProvider moaConfig, TransactionId transId, ConfigurationData configData) throws PKIException { + if (!iaik.pki.Configurator.isInitialized()) { + logger.info("Initializing IAIK PKI-Commons ... "); + try { + iaik.pki.Configurator.initCommon(configData.getLoggerConfig(), + transId); + + final String certStoreRoot = moaConfig.getCertStoreLocation(); + CertStoreConverter.convert(certStoreRoot, transId); + + } finally { + // Security.removeProvider(ECCelerate.getInstance().getName()); + } + + } else { + logger.trace("IAIK PKI-Commons already initialized"); + + } + + } + private static void logException(Throwable e) { final StringWriter out = new StringWriter(); final PrintWriter writer = new PrintWriter(out); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java index 84dc8bf..2ddb783 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java @@ -24,11 +24,14 @@ package at.gv.egovernment.moa.spss.server.logging; import java.util.ArrayList; +import java.util.HashSet; import java.util.List; +import java.util.Set; import java.util.regex.Matcher; import java.util.regex.Pattern; import java.util.stream.Collectors; import java.util.stream.IntStream; +import java.util.stream.Stream; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -50,12 +53,30 @@ public class IaikLog implements iaik.logging.Log { /** The node ID to use. */ private String nodeId; + private static final Set<String> LOGLEVEL_INFO_RECLASSIFICATION = Stream.of( + "Max. cert info store size exceeded, consider using a larger certinfostore.") + .collect(Collectors.toCollection(HashSet::new)); + + public static final String X509_INFO_CLEARING_PATTERN = "(?!serialNumber)(=)(.*?)(,|\"|$)"; private static Pattern multilinePattern; private static List<String> maskPatterns = new ArrayList<>(); /** + * Add log message that should be logged on INFO level instead of WARN. + * + * <p>IAIK-MOA and some other IAIK libs sometimes log on level WARN but it's only an info. + * However, log level WARN can trigger wrong alerts in monitoring systems.</p> + * + * @param msg + */ + public static void addLogMsgForReclassification(String msg) { + LOGLEVEL_INFO_RECLASSIFICATION.add(msg); + + } + + /** * Add masking pattern into logger. * * @param maskPattern @@ -130,7 +151,14 @@ public class IaikLog implements iaik.logging.Log { Object blankedMsg = log.isTraceEnabled() ? message : maskMessage(message); final IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, blankedMsg); - log.warn(msg.toString(), t); + // log some messages on INFO. That's a work-around for suboptimal levels in third-party libs. + if (LOGLEVEL_INFO_RECLASSIFICATION.contains(blankedMsg)) { + log.info(msg.toString(), t); + + } else { + log.warn(msg.toString(), t); + + } } /** diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java index b3bf0e8..da8a8aa 100644 --- a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java +++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java @@ -171,7 +171,45 @@ public class IaikLoggerMaskingTest { } + @Test + public void noMsgReclassification() { + String msg = RandomStringUtils.randomAlphanumeric(25); + + //test + log.warn(transId, msg, null); + + //verify log + assertTrue("Log Msg on Level WARN", verifyMsgOnLevel(Level.WARN, msg)); + + } + @Test + public void msgReclassification() { + String msg1 = "Max. cert info store size exceeded, consider using a larger certinfostore."; + String msg2 = "my new test mgs"; + IaikLog.addLogMsgForReclassification(msg2); + + //test + log.warn(transId, msg1, null); + log.warn(transId, msg2, null); + + //verify log + assertFalse("Log Msg on wrong", verifyMsgOnLevel(Level.WARN, msg1)); + assertTrue("Log Msg on wrong", verifyMsgOnLevel(Level.INFO, msg1)); + + assertFalse("Log Msg on wrong", verifyMsgOnLevel(Level.WARN, msg2)); + assertTrue("Log Msg on wrong", verifyMsgOnLevel(Level.INFO, msg2)); + + } + + private boolean verifyMsgOnLevel(Level level, String msg) { + return memoryAppender.getLoggedEvents().stream() + .filter(el -> el.getLevel().equals(level)) + .filter(el -> el.getMessage().contains(msg)) + .findFirst() + .isPresent(); + } + private void verifyLogMessge(List<String> checks) { assertEquals("no log", 1, memoryAppender.getSize()); checks.stream().forEach( diff --git a/moaSig/moa-sig/build.gradle b/moaSig/moa-sig/build.gradle index b734dcc..821d82e 100644 --- a/moaSig/moa-sig/build.gradle +++ b/moaSig/moa-sig/build.gradle @@ -17,16 +17,16 @@ dependencies { implementation project(':moa-asic') implementation fileTree(dir: 'libs', include: '*.jar') compileOnly 'javax.servlet:javax.servlet-api:3.1.0' - - implementation 'commons-discovery:commons-discovery:0.5' - implementation 'org.apache.logging.log4j:log4j-1.2-api:2.17.2' - implementation group: 'org.apache.logging.log4j', name: 'log4j-to-slf4j', version: '2.17.2' + implementation 'commons-discovery:commons-discovery:0.5' + implementation 'org.apache.logging.log4j:log4j-slf4j-impl:2.19.0' + implementation 'org.apache.logging.log4j:log4j-1.2-api:2.19.0' implementation group: 'javax.jws', name: 'javax.jws-api', version: '1.1' implementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.11' testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-migrationsupport', version: '5.8.2' testImplementation group: 'org.junit.platform', name: 'junit-platform-engine', version: '1.8.2' testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-engine', version: '5.8.2' + testImplementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.3' } |