diff options
Diffstat (limited to 'moaSig/moa-sig-lib/src/main')
2 files changed, 86 insertions, 13 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java index 3472419..55e9ad7 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java @@ -44,6 +44,8 @@ import at.gv.egovernment.moa.spss.util.SecProviderUtils; import at.gv.egovernment.moaspss.logging.LogMsg; import at.gv.egovernment.moaspss.logging.Logger; import iaik.logging.LogFactory; +import iaik.pki.PKIException; +import iaik.pki.PKIFactory; import iaik.pki.store.revocation.RevocationFactory; import iaik.pki.store.revocation.RevocationSourceStore; import iaik.pki.store.truststore.TrustStoreFactory; @@ -52,6 +54,8 @@ import iaik.server.Configurator; import iaik.server.modules.keys.KeyEntryID; import iaik.server.modules.keys.KeyModule; import iaik.server.modules.keys.KeyModuleFactory; +import iaik.servertools.PublicAuthorityIdentifier; +import iaik.x509.X509Extensions; /** * A class responsible for configuring the IAIK MOA modules. @@ -59,7 +63,7 @@ import iaik.server.modules.keys.KeyModuleFactory; * @author Patrick Peck * @version $Id$ */ -public class IaikConfigurator { +public class IaikConfigurator extends Configurator { private static final org.slf4j.Logger logger = LoggerFactory.getLogger(IaikConfigurator.class); @@ -89,17 +93,12 @@ public class IaikConfigurator { LogFactory.configure(configData.getLoggerConfig()); - try { - iaik.pki.Configurator.initCommon(configData.getLoggerConfig(), - transId); - // SecProviderUtils.dumpSecProviders("initCommon"); - final String certStoreRoot = moaConfig.getCertStoreLocation(); - CertStoreConverter.convert(certStoreRoot, transId); - } finally { - // Security.removeProvider(ECCelerate.getInstance().getName()); - } - - Configurator.init(configData, transId); + + // initialize PKI commons + initializePkiCommons(moaConfig, transId, configData); + + // initialze IAIK MOA + customIaikInit(configData, transId); SecProviderUtils.dumpSecProviders("Fully configured!"); @@ -125,6 +124,52 @@ public class IaikConfigurator { } } + public static void customIaikInit(ConfigurationData config, TransactionId transactionId) throws ConfigurationException, iaik.server.ConfigurationException { + if (config == null) { + throw new NullPointerException("Config data must not be null"); + } else { + logger.trace("Setting up IAIK-MOA crypto backend ... "); + + initXSect(LogFactory.getLog("init-xsect"), transactionId); + X509Extensions.register(PublicAuthorityIdentifier.oid, PublicAuthorityIdentifier.class); + + // initialize PKI module only if it is not done yet + if (!PKIFactory.getInstance().isAlreadyConfigured()) { + initPkiModule(config.getPKIConfiguration(), transactionId); + + } else { + logger.trace("IAIK PKI-module is still configurated"); + + } + + + initCryptoModule(config.getCryptoModuleConfigurations(), transactionId); + initKeyModule(config.getKeyModuleConfigurations(), transactionId); + } + } + + + private static void initializePkiCommons(ConfigurationProvider moaConfig, TransactionId transId, ConfigurationData configData) throws PKIException { + if (!iaik.pki.Configurator.isInitialized()) { + logger.info("Initializing IAIK PKI-Commons ... "); + try { + iaik.pki.Configurator.initCommon(configData.getLoggerConfig(), + transId); + + final String certStoreRoot = moaConfig.getCertStoreLocation(); + CertStoreConverter.convert(certStoreRoot, transId); + + } finally { + // Security.removeProvider(ECCelerate.getInstance().getName()); + } + + } else { + logger.trace("IAIK PKI-Commons already initialized"); + + } + + } + private static void logException(Throwable e) { final StringWriter out = new StringWriter(); final PrintWriter writer = new PrintWriter(out); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java index 84dc8bf..2ddb783 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java @@ -24,11 +24,14 @@ package at.gv.egovernment.moa.spss.server.logging; import java.util.ArrayList; +import java.util.HashSet; import java.util.List; +import java.util.Set; import java.util.regex.Matcher; import java.util.regex.Pattern; import java.util.stream.Collectors; import java.util.stream.IntStream; +import java.util.stream.Stream; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -50,12 +53,30 @@ public class IaikLog implements iaik.logging.Log { /** The node ID to use. */ private String nodeId; + private static final Set<String> LOGLEVEL_INFO_RECLASSIFICATION = Stream.of( + "Max. cert info store size exceeded, consider using a larger certinfostore.") + .collect(Collectors.toCollection(HashSet::new)); + + public static final String X509_INFO_CLEARING_PATTERN = "(?!serialNumber)(=)(.*?)(,|\"|$)"; private static Pattern multilinePattern; private static List<String> maskPatterns = new ArrayList<>(); /** + * Add log message that should be logged on INFO level instead of WARN. + * + * <p>IAIK-MOA and some other IAIK libs sometimes log on level WARN but it's only an info. + * However, log level WARN can trigger wrong alerts in monitoring systems.</p> + * + * @param msg + */ + public static void addLogMsgForReclassification(String msg) { + LOGLEVEL_INFO_RECLASSIFICATION.add(msg); + + } + + /** * Add masking pattern into logger. * * @param maskPattern @@ -130,7 +151,14 @@ public class IaikLog implements iaik.logging.Log { Object blankedMsg = log.isTraceEnabled() ? message : maskMessage(message); final IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, blankedMsg); - log.warn(msg.toString(), t); + // log some messages on INFO. That's a work-around for suboptimal levels in third-party libs. + if (LOGLEVEL_INFO_RECLASSIFICATION.contains(blankedMsg)) { + log.info(msg.toString(), t); + + } else { + log.warn(msg.toString(), t); + + } } /** |