aboutsummaryrefslogtreecommitdiff
path: root/moaSig
diff options
context:
space:
mode:
Diffstat (limited to 'moaSig')
-rw-r--r--moaSig/build.gradle2
-rw-r--r--moaSig/common/build.gradle2
-rw-r--r--moaSig/libs/iaik_moa-2.07.jarbin523817 -> 0 bytes
-rw-r--r--moaSig/libs/iaik_moa-2.08.jarbin0 -> 526995 bytes
-rw-r--r--moaSig/moa-asic/build.gradle1
-rw-r--r--moaSig/moa-sig-lib/build.gradle14
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java69
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java30
-rw-r--r--moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java38
-rw-r--r--moaSig/moa-sig/build.gradle8
10 files changed, 138 insertions, 26 deletions
diff --git a/moaSig/build.gradle b/moaSig/build.gradle
index d5625af..c4e8a3a 100644
--- a/moaSig/build.gradle
+++ b/moaSig/build.gradle
@@ -38,7 +38,7 @@ subprojects {
dependencies {
testImplementation 'junit:junit:4.13.2'
}
-
+
jar { manifest.attributes provider: 'EGIZ', 'Specification-Version': getCheckedOutGitCommitHash(), 'Implementation-Version': project.version }
compileJava {
diff --git a/moaSig/common/build.gradle b/moaSig/common/build.gradle
index f91112d..6d90201 100644
--- a/moaSig/common/build.gradle
+++ b/moaSig/common/build.gradle
@@ -4,7 +4,7 @@ dependencies {
api 'xerces:xercesImpl:2.12.2'
api 'xalan:xalan:2.7.1'
api group: 'xalan', name: 'serializer', version: '2.7.1'
- api 'joda-time:joda-time:2.10.14'
+ api 'joda-time:joda-time:2.11.2'
api 'jaxen:jaxen:1.2.0'
}
diff --git a/moaSig/libs/iaik_moa-2.07.jar b/moaSig/libs/iaik_moa-2.07.jar
deleted file mode 100644
index b3436ef..0000000
--- a/moaSig/libs/iaik_moa-2.07.jar
+++ /dev/null
Binary files differ
diff --git a/moaSig/libs/iaik_moa-2.08.jar b/moaSig/libs/iaik_moa-2.08.jar
new file mode 100644
index 0000000..a6a1a5e
--- /dev/null
+++ b/moaSig/libs/iaik_moa-2.08.jar
Binary files differ
diff --git a/moaSig/moa-asic/build.gradle b/moaSig/moa-asic/build.gradle
index 89a4a6a..1cb1ef5 100644
--- a/moaSig/moa-asic/build.gradle
+++ b/moaSig/moa-asic/build.gradle
@@ -23,6 +23,7 @@ dependencies {
implementation project(':moa-sig-lib')
api 'jakarta.xml.bind:jakarta.xml.bind-api:3.0.1'
api 'jakarta.xml.ws:jakarta.xml.ws-api:3.0.1'
+ implementation 'org.apache.logging.log4j:log4j-slf4j-impl:2.19.0'
}
diff --git a/moaSig/moa-sig-lib/build.gradle b/moaSig/moa-sig-lib/build.gradle
index af96f6a..3ba7574 100644
--- a/moaSig/moa-sig-lib/build.gradle
+++ b/moaSig/moa-sig-lib/build.gradle
@@ -17,17 +17,17 @@ dependencies {
api 'commons-io:commons-io:2.11.0'
api 'commons-codec:commons-codec:1.15'
api 'org.apache.axis:axis-jaxrpc:1.4'
- api 'org.xerial:sqlite-jdbc:3.36.0.3'
+ api 'org.xerial:sqlite-jdbc:3.39.3.0'
api 'javax.activation:activation:1.1.1'
api 'jakarta.xml.bind:jakarta.xml.bind-api:3.0.1'
api 'com.sun.xml.bind:jaxb-core:3.0.2'
api 'com.sun.xml.bind:jaxb-impl:3.0.2'
- api 'org.postgresql:postgresql:42.3.3'
- api group: 'org.apache.pdfbox', name: 'pdfbox', version: '2.0.26'
- api group: 'org.apache.pdfbox', name: 'pdfbox-tools', version: '2.0.26'
- api group: 'org.apache.pdfbox', name: 'pdfbox-app', version: '2.0.26'
- api group: 'org.apache.pdfbox', name: 'preflight', version: '2.0.26'
- api group: 'org.apache.pdfbox', name: 'preflight-app', version: '2.0.26'
+ api 'org.postgresql:postgresql:42.5.0'
+ api group: 'org.apache.pdfbox', name: 'pdfbox', version: '2.0.27'
+ api group: 'org.apache.pdfbox', name: 'pdfbox-tools', version: '2.0.27'
+ api group: 'org.apache.pdfbox', name: 'pdfbox-app', version: '2.0.27'
+ api group: 'org.apache.pdfbox', name: 'preflight', version: '2.0.27'
+ api group: 'org.apache.pdfbox', name: 'preflight-app', version: '2.0.27'
api group: 'org.apache.commons', name: 'commons-lang3', version: '3.12.0'
api group: 'org.apache.httpcomponents', name: 'httpclient-cache', version: '4.5.13'
api group: 'org.slf4j', name: 'jcl-over-slf4j', version: '1.7.36'
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
index 3472419..55e9ad7 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
@@ -44,6 +44,8 @@ import at.gv.egovernment.moa.spss.util.SecProviderUtils;
import at.gv.egovernment.moaspss.logging.LogMsg;
import at.gv.egovernment.moaspss.logging.Logger;
import iaik.logging.LogFactory;
+import iaik.pki.PKIException;
+import iaik.pki.PKIFactory;
import iaik.pki.store.revocation.RevocationFactory;
import iaik.pki.store.revocation.RevocationSourceStore;
import iaik.pki.store.truststore.TrustStoreFactory;
@@ -52,6 +54,8 @@ import iaik.server.Configurator;
import iaik.server.modules.keys.KeyEntryID;
import iaik.server.modules.keys.KeyModule;
import iaik.server.modules.keys.KeyModuleFactory;
+import iaik.servertools.PublicAuthorityIdentifier;
+import iaik.x509.X509Extensions;
/**
* A class responsible for configuring the IAIK MOA modules.
@@ -59,7 +63,7 @@ import iaik.server.modules.keys.KeyModuleFactory;
* @author Patrick Peck
* @version $Id$
*/
-public class IaikConfigurator {
+public class IaikConfigurator extends Configurator {
private static final org.slf4j.Logger logger = LoggerFactory.getLogger(IaikConfigurator.class);
@@ -89,17 +93,12 @@ public class IaikConfigurator {
LogFactory.configure(configData.getLoggerConfig());
- try {
- iaik.pki.Configurator.initCommon(configData.getLoggerConfig(),
- transId);
- // SecProviderUtils.dumpSecProviders("initCommon");
- final String certStoreRoot = moaConfig.getCertStoreLocation();
- CertStoreConverter.convert(certStoreRoot, transId);
- } finally {
- // Security.removeProvider(ECCelerate.getInstance().getName());
- }
-
- Configurator.init(configData, transId);
+
+ // initialize PKI commons
+ initializePkiCommons(moaConfig, transId, configData);
+
+ // initialze IAIK MOA
+ customIaikInit(configData, transId);
SecProviderUtils.dumpSecProviders("Fully configured!");
@@ -125,6 +124,52 @@ public class IaikConfigurator {
}
}
+ public static void customIaikInit(ConfigurationData config, TransactionId transactionId) throws ConfigurationException, iaik.server.ConfigurationException {
+ if (config == null) {
+ throw new NullPointerException("Config data must not be null");
+ } else {
+ logger.trace("Setting up IAIK-MOA crypto backend ... ");
+
+ initXSect(LogFactory.getLog("init-xsect"), transactionId);
+ X509Extensions.register(PublicAuthorityIdentifier.oid, PublicAuthorityIdentifier.class);
+
+ // initialize PKI module only if it is not done yet
+ if (!PKIFactory.getInstance().isAlreadyConfigured()) {
+ initPkiModule(config.getPKIConfiguration(), transactionId);
+
+ } else {
+ logger.trace("IAIK PKI-module is still configurated");
+
+ }
+
+
+ initCryptoModule(config.getCryptoModuleConfigurations(), transactionId);
+ initKeyModule(config.getKeyModuleConfigurations(), transactionId);
+ }
+ }
+
+
+ private static void initializePkiCommons(ConfigurationProvider moaConfig, TransactionId transId, ConfigurationData configData) throws PKIException {
+ if (!iaik.pki.Configurator.isInitialized()) {
+ logger.info("Initializing IAIK PKI-Commons ... ");
+ try {
+ iaik.pki.Configurator.initCommon(configData.getLoggerConfig(),
+ transId);
+
+ final String certStoreRoot = moaConfig.getCertStoreLocation();
+ CertStoreConverter.convert(certStoreRoot, transId);
+
+ } finally {
+ // Security.removeProvider(ECCelerate.getInstance().getName());
+ }
+
+ } else {
+ logger.trace("IAIK PKI-Commons already initialized");
+
+ }
+
+ }
+
private static void logException(Throwable e) {
final StringWriter out = new StringWriter();
final PrintWriter writer = new PrintWriter(out);
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java
index 84dc8bf..2ddb783 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java
@@ -24,11 +24,14 @@
package at.gv.egovernment.moa.spss.server.logging;
import java.util.ArrayList;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.IntStream;
+import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -50,12 +53,30 @@ public class IaikLog implements iaik.logging.Log {
/** The node ID to use. */
private String nodeId;
+ private static final Set<String> LOGLEVEL_INFO_RECLASSIFICATION = Stream.of(
+ "Max. cert info store size exceeded, consider using a larger certinfostore.")
+ .collect(Collectors.toCollection(HashSet::new));
+
+
public static final String X509_INFO_CLEARING_PATTERN = "(?!serialNumber)(=)(.*?)(,|\"|$)";
private static Pattern multilinePattern;
private static List<String> maskPatterns = new ArrayList<>();
/**
+ * Add log message that should be logged on INFO level instead of WARN.
+ *
+ * <p>IAIK-MOA and some other IAIK libs sometimes log on level WARN but it's only an info.
+ * However, log level WARN can trigger wrong alerts in monitoring systems.</p>
+ *
+ * @param msg
+ */
+ public static void addLogMsgForReclassification(String msg) {
+ LOGLEVEL_INFO_RECLASSIFICATION.add(msg);
+
+ }
+
+ /**
* Add masking pattern into logger.
*
* @param maskPattern
@@ -130,7 +151,14 @@ public class IaikLog implements iaik.logging.Log {
Object blankedMsg = log.isTraceEnabled() ? message : maskMessage(message);
final IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, blankedMsg);
- log.warn(msg.toString(), t);
+ // log some messages on INFO. That's a work-around for suboptimal levels in third-party libs.
+ if (LOGLEVEL_INFO_RECLASSIFICATION.contains(blankedMsg)) {
+ log.info(msg.toString(), t);
+
+ } else {
+ log.warn(msg.toString(), t);
+
+ }
}
/**
diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java
index b3bf0e8..da8a8aa 100644
--- a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java
@@ -171,7 +171,45 @@ public class IaikLoggerMaskingTest {
}
+ @Test
+ public void noMsgReclassification() {
+ String msg = RandomStringUtils.randomAlphanumeric(25);
+
+ //test
+ log.warn(transId, msg, null);
+
+ //verify log
+ assertTrue("Log Msg on Level WARN", verifyMsgOnLevel(Level.WARN, msg));
+
+ }
+ @Test
+ public void msgReclassification() {
+ String msg1 = "Max. cert info store size exceeded, consider using a larger certinfostore.";
+ String msg2 = "my new test mgs";
+ IaikLog.addLogMsgForReclassification(msg2);
+
+ //test
+ log.warn(transId, msg1, null);
+ log.warn(transId, msg2, null);
+
+ //verify log
+ assertFalse("Log Msg on wrong", verifyMsgOnLevel(Level.WARN, msg1));
+ assertTrue("Log Msg on wrong", verifyMsgOnLevel(Level.INFO, msg1));
+
+ assertFalse("Log Msg on wrong", verifyMsgOnLevel(Level.WARN, msg2));
+ assertTrue("Log Msg on wrong", verifyMsgOnLevel(Level.INFO, msg2));
+
+ }
+
+ private boolean verifyMsgOnLevel(Level level, String msg) {
+ return memoryAppender.getLoggedEvents().stream()
+ .filter(el -> el.getLevel().equals(level))
+ .filter(el -> el.getMessage().contains(msg))
+ .findFirst()
+ .isPresent();
+ }
+
private void verifyLogMessge(List<String> checks) {
assertEquals("no log", 1, memoryAppender.getSize());
checks.stream().forEach(
diff --git a/moaSig/moa-sig/build.gradle b/moaSig/moa-sig/build.gradle
index b734dcc..821d82e 100644
--- a/moaSig/moa-sig/build.gradle
+++ b/moaSig/moa-sig/build.gradle
@@ -17,16 +17,16 @@ dependencies {
implementation project(':moa-asic')
implementation fileTree(dir: 'libs', include: '*.jar')
compileOnly 'javax.servlet:javax.servlet-api:3.1.0'
-
- implementation 'commons-discovery:commons-discovery:0.5'
- implementation 'org.apache.logging.log4j:log4j-1.2-api:2.17.2'
- implementation group: 'org.apache.logging.log4j', name: 'log4j-to-slf4j', version: '2.17.2'
+ implementation 'commons-discovery:commons-discovery:0.5'
+ implementation 'org.apache.logging.log4j:log4j-slf4j-impl:2.19.0'
+ implementation 'org.apache.logging.log4j:log4j-1.2-api:2.19.0'
implementation group: 'javax.jws', name: 'javax.jws-api', version: '1.1'
implementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.11'
testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-migrationsupport', version: '5.8.2'
testImplementation group: 'org.junit.platform', name: 'junit-platform-engine', version: '1.8.2'
testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-engine', version: '5.8.2'
+ testImplementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.3'
}