use of com.sun.identity.log.LogManager in project OpenAM by OpenRock.
the class ISArchiveVerify method verifyArchive.
/**
* Verifies the complete archive including the current set and all
* the previous sets for the specified log.
* @param logName the name of the log for which the complete Archive is
* to be verified.
* @param path Fully quallified path name for log file
* @param uname userv name for logger user
* @param passwd Password for logger user
* @return value of the status of verification.
* @throws Exception if it fails to verify the archive.
*/
public boolean verifyArchive(String logName, String path, String uname, String passwd) throws Exception {
String log = logName;
LogManager lm = (LogManager) LogManagerUtil.getLogManager();
lm.readConfiguration();
verPassword = new AMPassword(passwd.toCharArray());
SSOToken ssoToken = null;
SSOTokenManager ssoMngr = null;
try {
ssoMngr = SSOTokenManager.getInstance();
ssoToken = ssoMngr.createSSOToken(new AuthPrincipal(uname), passwd);
} catch (SSOException ssoe) {
System.out.println(bundle.getString("archiveVerification") + "SSOException: " + ssoe.getMessage());
return false;
} catch (UnsupportedOperationException uoe) {
System.out.println(bundle.getString("archiveVerification") + "UnsupportedOperationException: " + uoe.getMessage());
return false;
}
// This function will be used to verify all the files in the current and
// previous sets for the logname and types.
VerifierList vl = new VerifierList();
if (!path.endsWith("/")) {
path += "/";
}
TreeMap tm = vl.getKeysAndFiles(new File(path), logName);
if (tm.size() == 0) {
System.out.println(bundle.getString("archiveVerification") + bundle.getString("noFilesToVerify") + ", size == 0");
return true;
}
// To get the list of all keyfiles for that particular logname.type
Object[] keyFiles = (tm.keySet()).toArray();
String verFile = new String();
if (keyFiles.length == 1) {
System.out.println(bundle.getString("archiveVerification") + bundle.getString("noFilesToVerify") + ", keyFiles.length == 1");
}
for (int i = 1; i < keyFiles.length; i++) {
helper = SecureFileHandler.getSecureLogHelperInst();
// This is the set of files for that particular keystore.
Vector logFiles = (Vector) tm.get(keyFiles[i]);
// Iterate through the list and start verification from
// the first file.
String tmpName = ((String) keyFiles[i]).substring(((String) keyFiles[i]).indexOf(".") + 1);
verFile = tmpName.substring(tmpName.indexOf("."));
verFile = PREFIX + "ver" + verFile;
// Initialize the SecureLogHelper object for the current keystores.
helper.initializeVerifier(path + verFile, verPassword, verPassword);
helper.reinitializeVerifier(path + verFile, verPassword);
// Start verifying the Files associated with the current keystore
curMAC = null;
prevSignature = null;
for (int j = 0; j < logFiles.size(); j++) {
// flag to indicate that last record in the file is being
// verified. This record is the same for the first record
// of the next file.
System.out.println(bundle.getString("fileBeingVerified") + (String) logFiles.elementAt(j));
int lastRecInFile = 0;
// Read the logRecords in the File.
String[][] result = new String[1][1];
try {
result = LogReader.read((String) logFiles.elementAt(j), ssoToken);
} catch (Exception e) {
e.printStackTrace();
}
// empty string.
if (result != null || result.length != 0) {
Vector header = new Vector(result[0].length);
// Extracting the field names as header from the first
// line of the returned string array.
header.addAll(Arrays.asList(result[0]));
int signPos = -1, macPos = -1;
String signFldName, macFldName;
signFldName = LogConstants.SIGNATURE_FIELDNAME;
macFldName = LogConstants.MAC_FIELDNAME;
for (int l = 0; l < header.size(); l++) {
if ((((String) header.get(l))).equalsIgnoreCase(signFldName)) {
signPos = l;
break;
}
}
// end of loop l
for (int l = 0; l < header.size(); l++) {
if ((((String) header.get(l))).equalsIgnoreCase(macFldName)) {
macPos = l;
break;
}
}
// end of loop l
if ((signPos == -1) || (macPos == -1)) {
return VerifierAction.doVerifierAction(log, verified);
}
// or a log record.
for (int k = 1; k < result.length; k++) {
// add 2 for MAC and Signature fields
if (result[k].length < (LogConstants.MAX_FIELDS + 2)) {
System.err.println(bundle.getString("recordVerificationFailed") + (String) logFiles.elementAt(j) + "\n\t #fields in record #" + (k - 1) + " (" + result[k].length + ") < 14\n");
verified = false;
break;
}
if (result[k][signPos].equals("-")) {
verified = verifyLogRecord(result[k], macPos);
if (!verified) {
System.err.println(bundle.getString("recordVerificationFailed") + (String) logFiles.elementAt(j) + " " + bundle.getString("atRecordNumber") + k);
break;
}
System.out.println(bundle.getString("recordVerificationPassed") + (String) logFiles.elementAt(j) + " " + bundle.getString("atRecordNumber") + k);
} else {
// To check if this is the last signature in the
// file an additional parameter has to be passed
// to the verifySignature since the signature is
// the same as the first signature in the next file.
// This is to ensure that prevSignature is not
// updated with the last signature in the file.
// Bcos the checking of the last signature in the
// file will be the same for the first signature
// for the next file.
lastRecInFile = (result.length - 1) - k;
verified = verifySignature(result[k], signPos, lastRecInFile);
if (!verified) {
System.err.println(bundle.getString("signatureVerificationFailed") + (String) logFiles.elementAt(j) + bundle.getString("atRecordNumber") + k);
break;
}
System.out.println(bundle.getString("signatureVerificationPassed") + (String) logFiles.elementAt(j) + bundle.getString("atRecordNumber") + k);
}
}
// end of loop k i.e. end of records for this logFile.
} else {
System.err.println(bundle.getString("archiveVerification") + bundle.getString("emptyReturn") + (String) logFiles.elementAt(j));
}
if (!verified) {
return verified;
}
}
// end of loop j i.e. end of Files for the current keystore.
helper.reinitializeVerifier(path + verFile, verPassword);
}
// end of loop i
return verified;
}
Aggregations