From 33e99dc7b05e3d3ac38e2331b60395cfdc1b7e7e Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 15 Sep 2022 09:16:49 +0200 Subject: refact(iaik-moa): switch to static IAIK-MOA initializer implementation --- .../moa/spss/server/iaik/config/IaikConfigurator.java | 16 +++++++--------- .../moa/spss/server/init/SystemInitializer.java | 2 +- 2 files changed, 8 insertions(+), 10 deletions(-) (limited to 'moaSig/moa-sig-lib') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java index 8ca19e4..3472419 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java @@ -64,7 +64,7 @@ public class IaikConfigurator { private static final org.slf4j.Logger logger = LoggerFactory.getLogger(IaikConfigurator.class); /** The warnings encountered during configuration. */ - private List warnings = new ArrayList(); + private static List warnings = new ArrayList<>(); /** * Configure the IAIK MOA subsystem. @@ -75,12 +75,10 @@ public class IaikConfigurator { * @throws ConfigurationException An error occurred configuring the IAIK MOA * subsystem. */ - public ConfigurationData configure(ConfigurationProvider moaConfig) + public static ConfigurationData configure(ConfigurationProvider moaConfig) throws ConfigurationException { final ConfigurationData configData = new ConfigurationDataImpl(moaConfig); - warnings = new ArrayList(); - try { final TransactionId transId = new TransactionId("IaikConfigurator"); @@ -127,7 +125,7 @@ public class IaikConfigurator { } } - private void logException(Throwable e) { + private static void logException(Throwable e) { final StringWriter out = new StringWriter(); final PrintWriter writer = new PrintWriter(out); e.printStackTrace(writer); @@ -148,7 +146,7 @@ public class IaikConfigurator { * Dump all KeyEntryIDs contained in the configured * KeyModules to the log file. */ - private void dumpKeyEntryIDs() { + private static void dumpKeyEntryIDs() { final MessageProvider msg = MessageProvider.getInstance(); final KeyModule module = KeyModuleFactory.getInstance(new TransactionId("dump")); final Set keyEntryIds = module.getPrivateKeyEntryIDs(); @@ -169,7 +167,7 @@ public class IaikConfigurator { * * @param moaConfig The MOA configuration to check. */ - private void checkKeyGroupConfig(ConfigurationProvider moaConfig) { + private static void checkKeyGroupConfig(ConfigurationProvider moaConfig) { final Map keyGroups = moaConfig.getKeyGroups(); Iterator iter; @@ -202,7 +200,7 @@ public class IaikConfigurator { * @return true, if the keyGroupEntry could be * resolved to a KeyEntryID; otherwise false. */ - private boolean findKeyEntryID(KeyGroupEntry keyGroupEntry) { + private static boolean findKeyEntryID(KeyGroupEntry keyGroupEntry) { final KeyModule module = KeyModuleFactory.getInstance(new TransactionId("check")); final Set keyEntryIDs = module.getPrivateKeyEntryIDs(); Iterator iter; @@ -228,7 +226,7 @@ public class IaikConfigurator { * @param args Additional parameters for the message. * @see at.gv.egovernment.moa.spss.server.util.MessageProvider */ - private void warn(String messageId, Object[] args) { + private static void warn(String messageId, Object[] args) { final MessageProvider msg = MessageProvider.getInstance(); final String txt = msg.getMessage(messageId, args); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java index 7cb23df..3d935df 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java @@ -177,7 +177,7 @@ public class SystemInitializer { new ObjectID("2.5.4.97", "organizationIdentifier", (String) null, false)); Logger.info("Building IAIK-MOA configuration ... "); - iaikConfiguration = new IaikConfigurator().configure(config); + iaikConfiguration = IaikConfigurator.configure(config); runInitializer(config); -- cgit v1.2.3 From 2288715938cfd407883516f83dec941a645ea371 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Tue, 27 Sep 2022 16:27:04 +0200 Subject: refact(iaik-pki): only configurate PKI commons if they are not set yet --- .../spss/server/iaik/config/IaikConfigurator.java | 38 ++++++++++++++++------ 1 file changed, 28 insertions(+), 10 deletions(-) (limited to 'moaSig/moa-sig-lib') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java index 3472419..c9a76f4 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java @@ -44,6 +44,7 @@ import at.gv.egovernment.moa.spss.util.SecProviderUtils; import at.gv.egovernment.moaspss.logging.LogMsg; import at.gv.egovernment.moaspss.logging.Logger; import iaik.logging.LogFactory; +import iaik.pki.PKIException; import iaik.pki.store.revocation.RevocationFactory; import iaik.pki.store.revocation.RevocationSourceStore; import iaik.pki.store.truststore.TrustStoreFactory; @@ -52,6 +53,7 @@ import iaik.server.Configurator; import iaik.server.modules.keys.KeyEntryID; import iaik.server.modules.keys.KeyModule; import iaik.server.modules.keys.KeyModuleFactory; +import iaik.util.logging.Log; /** * A class responsible for configuring the IAIK MOA modules. @@ -89,16 +91,11 @@ public class IaikConfigurator { LogFactory.configure(configData.getLoggerConfig()); - try { - iaik.pki.Configurator.initCommon(configData.getLoggerConfig(), - transId); - // SecProviderUtils.dumpSecProviders("initCommon"); - final String certStoreRoot = moaConfig.getCertStoreLocation(); - CertStoreConverter.convert(certStoreRoot, transId); - } finally { - // Security.removeProvider(ECCelerate.getInstance().getName()); - } - + + // initialize PKI commons + initializePkiCommons(moaConfig, transId, configData); + + // initialze IAIK MOA Configurator.init(configData, transId); SecProviderUtils.dumpSecProviders("Fully configured!"); @@ -125,6 +122,27 @@ public class IaikConfigurator { } } + private static void initializePkiCommons(ConfigurationProvider moaConfig, TransactionId transId, ConfigurationData configData) throws PKIException { + if (!iaik.pki.Configurator.isInitialized()) { + logger.info("Initializing IAIK PKI-Commons ... "); + try { + iaik.pki.Configurator.initCommon(configData.getLoggerConfig(), + transId); + + final String certStoreRoot = moaConfig.getCertStoreLocation(); + CertStoreConverter.convert(certStoreRoot, transId); + + } finally { + // Security.removeProvider(ECCelerate.getInstance().getName()); + } + + } else { + logger.debug("IAIK PKI-Commons already initialized"); + + } + + } + private static void logException(Throwable e) { final StringWriter out = new StringWriter(); final PrintWriter writer = new PrintWriter(out); -- cgit v1.2.3 From 2f27021c8b5ee53c0d03d5fbf442c202e4cc4750 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Tue, 27 Sep 2022 17:42:41 +0200 Subject: refact(iaik-moa): implement custom IAIK-MOA configuration because original implementation initialize Commons-PKI twice --- .../spss/server/iaik/config/IaikConfigurator.java | 31 +++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) (limited to 'moaSig/moa-sig-lib') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java index c9a76f4..54e1e17 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java @@ -45,6 +45,7 @@ import at.gv.egovernment.moaspss.logging.LogMsg; import at.gv.egovernment.moaspss.logging.Logger; import iaik.logging.LogFactory; import iaik.pki.PKIException; +import iaik.pki.PKIFactory; import iaik.pki.store.revocation.RevocationFactory; import iaik.pki.store.revocation.RevocationSourceStore; import iaik.pki.store.truststore.TrustStoreFactory; @@ -53,7 +54,8 @@ import iaik.server.Configurator; import iaik.server.modules.keys.KeyEntryID; import iaik.server.modules.keys.KeyModule; import iaik.server.modules.keys.KeyModuleFactory; -import iaik.util.logging.Log; +import iaik.servertools.PublicAuthorityIdentifier; +import iaik.x509.X509Extensions; /** * A class responsible for configuring the IAIK MOA modules. @@ -61,7 +63,7 @@ import iaik.util.logging.Log; * @author Patrick Peck * @version $Id$ */ -public class IaikConfigurator { +public class IaikConfigurator extends Configurator { private static final org.slf4j.Logger logger = LoggerFactory.getLogger(IaikConfigurator.class); @@ -96,7 +98,7 @@ public class IaikConfigurator { initializePkiCommons(moaConfig, transId, configData); // initialze IAIK MOA - Configurator.init(configData, transId); + customIaikInit(configData, transId); SecProviderUtils.dumpSecProviders("Fully configured!"); @@ -122,6 +124,29 @@ public class IaikConfigurator { } } + public static void customIaikInit(ConfigurationData config, TransactionId transactionId) throws ConfigurationException, iaik.server.ConfigurationException { + if (config == null) { + throw new NullPointerException("Config data must not be null"); + } else { + initXSect(LogFactory.getLog("init-xsect"), transactionId); + X509Extensions.register(PublicAuthorityIdentifier.oid, PublicAuthorityIdentifier.class); + + // initialize PKI module only if it is not done yet + if (!PKIFactory.getInstance().isAlreadyConfigured()) { + initPkiModule(config.getPKIConfiguration(), transactionId); + + } else { + logger.trace("IAIK PKI-module is still configurated"); + + } + + + initCryptoModule(config.getCryptoModuleConfigurations(), transactionId); + initKeyModule(config.getKeyModuleConfigurations(), transactionId); + } + } + + private static void initializePkiCommons(ConfigurationProvider moaConfig, TransactionId transId, ConfigurationData configData) throws PKIException { if (!iaik.pki.Configurator.isInitialized()) { logger.info("Initializing IAIK PKI-Commons ... "); -- cgit v1.2.3 From 6b4e087245bcac2b0d3c1ef86f487dd59fa446d6 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Wed, 28 Sep 2022 09:00:52 +0200 Subject: chore(log): add trace-log for IAIK-MOA initialization --- .../at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java | 2 ++ 1 file changed, 2 insertions(+) (limited to 'moaSig/moa-sig-lib') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java index 54e1e17..d70b1b2 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java @@ -128,6 +128,8 @@ public class IaikConfigurator extends Configurator { if (config == null) { throw new NullPointerException("Config data must not be null"); } else { + logger.trace("Setting up IAIK-MOA crypto backend ... "); + initXSect(LogFactory.getLog("init-xsect"), transactionId); X509Extensions.register(PublicAuthorityIdentifier.oid, PublicAuthorityIdentifier.class); -- cgit v1.2.3 From f610232026d3da2d5ddd447e2d06c8e0292a87f4 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Wed, 28 Sep 2022 13:54:15 +0200 Subject: build(core): switch to new snapshot version that includes updates IAIK-MOA --- .../at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'moaSig/moa-sig-lib') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java index d70b1b2..55e9ad7 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java @@ -164,7 +164,7 @@ public class IaikConfigurator extends Configurator { } } else { - logger.debug("IAIK PKI-Commons already initialized"); + logger.trace("IAIK PKI-Commons already initialized"); } -- cgit v1.2.3 From d0017b73e8dcd2e9b41fe2ee0e89b5bd36fb0353 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 13 Oct 2022 07:30:27 +0200 Subject: feat(iaiklogger): add interface to re-classify log msg from WARN to INFO --- .../moa/spss/server/logging/IaikLog.java | 30 ++++++++++++++++- .../moa/spss/logger/IaikLoggerMaskingTest.java | 38 ++++++++++++++++++++++ 2 files changed, 67 insertions(+), 1 deletion(-) (limited to 'moaSig/moa-sig-lib') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java index 84dc8bf..2ddb783 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java @@ -24,11 +24,14 @@ package at.gv.egovernment.moa.spss.server.logging; import java.util.ArrayList; +import java.util.HashSet; import java.util.List; +import java.util.Set; import java.util.regex.Matcher; import java.util.regex.Pattern; import java.util.stream.Collectors; import java.util.stream.IntStream; +import java.util.stream.Stream; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -50,11 +53,29 @@ public class IaikLog implements iaik.logging.Log { /** The node ID to use. */ private String nodeId; + private static final Set LOGLEVEL_INFO_RECLASSIFICATION = Stream.of( + "Max. cert info store size exceeded, consider using a larger certinfostore.") + .collect(Collectors.toCollection(HashSet::new)); + + public static final String X509_INFO_CLEARING_PATTERN = "(?!serialNumber)(=)(.*?)(,|\"|$)"; private static Pattern multilinePattern; private static List maskPatterns = new ArrayList<>(); + /** + * Add log message that should be logged on INFO level instead of WARN. + * + *

IAIK-MOA and some other IAIK libs sometimes log on level WARN but it's only an info. + * However, log level WARN can trigger wrong alerts in monitoring systems.

+ * + * @param msg + */ + public static void addLogMsgForReclassification(String msg) { + LOGLEVEL_INFO_RECLASSIFICATION.add(msg); + + } + /** * Add masking pattern into logger. * @@ -130,7 +151,14 @@ public class IaikLog implements iaik.logging.Log { Object blankedMsg = log.isTraceEnabled() ? message : maskMessage(message); final IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, blankedMsg); - log.warn(msg.toString(), t); + // log some messages on INFO. That's a work-around for suboptimal levels in third-party libs. + if (LOGLEVEL_INFO_RECLASSIFICATION.contains(blankedMsg)) { + log.info(msg.toString(), t); + + } else { + log.warn(msg.toString(), t); + + } } /** diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java index b3bf0e8..da8a8aa 100644 --- a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java +++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java @@ -171,7 +171,45 @@ public class IaikLoggerMaskingTest { } + @Test + public void noMsgReclassification() { + String msg = RandomStringUtils.randomAlphanumeric(25); + + //test + log.warn(transId, msg, null); + + //verify log + assertTrue("Log Msg on Level WARN", verifyMsgOnLevel(Level.WARN, msg)); + + } + @Test + public void msgReclassification() { + String msg1 = "Max. cert info store size exceeded, consider using a larger certinfostore."; + String msg2 = "my new test mgs"; + IaikLog.addLogMsgForReclassification(msg2); + + //test + log.warn(transId, msg1, null); + log.warn(transId, msg2, null); + + //verify log + assertFalse("Log Msg on wrong", verifyMsgOnLevel(Level.WARN, msg1)); + assertTrue("Log Msg on wrong", verifyMsgOnLevel(Level.INFO, msg1)); + + assertFalse("Log Msg on wrong", verifyMsgOnLevel(Level.WARN, msg2)); + assertTrue("Log Msg on wrong", verifyMsgOnLevel(Level.INFO, msg2)); + + } + + private boolean verifyMsgOnLevel(Level level, String msg) { + return memoryAppender.getLoggedEvents().stream() + .filter(el -> el.getLevel().equals(level)) + .filter(el -> el.getMessage().contains(msg)) + .findFirst() + .isPresent(); + } + private void verifyLogMessge(List checks) { assertEquals("no log", 1, memoryAppender.getSize()); checks.stream().forEach( -- cgit v1.2.3 From 64716b4da8a0549ca7c0678fc5509d8d38069140 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 13 Oct 2022 07:35:31 +0200 Subject: chore(core): update third-party libs --- moaSig/moa-sig-lib/build.gradle | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'moaSig/moa-sig-lib') diff --git a/moaSig/moa-sig-lib/build.gradle b/moaSig/moa-sig-lib/build.gradle index 0be9afc..80c5cba 100644 --- a/moaSig/moa-sig-lib/build.gradle +++ b/moaSig/moa-sig-lib/build.gradle @@ -17,16 +17,16 @@ dependencies { api 'commons-io:commons-io:2.8.0' api 'commons-codec:commons-codec:1.15' api 'org.apache.axis:axis-jaxrpc:1.4' - api 'org.xerial:sqlite-jdbc:3.34.0' + api 'org.xerial:sqlite-jdbc:3.39.3.0' api 'javax.xml.bind:jaxb-api:2.3.1' api 'com.sun.xml.bind:jaxb-core:2.3.0.1' api 'com.sun.xml.bind:jaxb-impl:2.3.2' - api 'org.postgresql:postgresql:42.2.19.jre7' - api group: 'org.apache.pdfbox', name: 'pdfbox', version: '2.0.24' - api group: 'org.apache.pdfbox', name: 'pdfbox-tools', version: '2.0.24' - api group: 'org.apache.pdfbox', name: 'pdfbox-app', version: '2.0.24' - api group: 'org.apache.pdfbox', name: 'preflight', version: '2.0.24' - api group: 'org.apache.pdfbox', name: 'preflight-app', version: '2.0.24' + api 'org.postgresql:postgresql:42.5.0' + api group: 'org.apache.pdfbox', name: 'pdfbox', version: '2.0.27' + api group: 'org.apache.pdfbox', name: 'pdfbox-tools', version: '2.0.27' + api group: 'org.apache.pdfbox', name: 'pdfbox-app', version: '2.0.27' + api group: 'org.apache.pdfbox', name: 'preflight', version: '2.0.27' + api group: 'org.apache.pdfbox', name: 'preflight-app', version: '2.0.27' api group: 'org.apache.commons', name: 'commons-lang3', version: '3.12.0' api group: 'org.apache.httpcomponents', name: 'httpclient-cache', version: '4.5.13' -- cgit v1.2.3