use of com.sun.identity.log.Logger in project OpenAM by OpenRock.
the class SecureFileHandler method initializeVerifier.
/**
* Initialize SecureLog verifier
* @param verPass verifier password
* @param token AM token
*/
public static void initializeVerifier(AMPassword verPass, Object token) {
/* Remove the relevant verifier initialization code when deploying
* it finally. For the timebeing it will be done in the old way
* of doing it in the constructor thru initializeSecurity();
*/
try {
setVerPassword(verPass, token);
LogManager lmanager = LogManagerUtil.getLogManager();
String logPath = lmanager.getProperty(LogConstants.LOG_LOCATION);
if (!logPath.endsWith("/"))
logPath += "/";
LogManager manager = LogManagerUtil.getLogManager();
Enumeration e = manager.getLoggerNames();
while (e.hasMoreElements()) {
String FileName = (String) e.nextElement();
String verifierFileName = logPath + PREFIX + "ver." + FileName;
SecureLogHelper helper = getSecureLogHelper(FileName);
AMPassword logPassword = getLogPassword();
// explicit auditor role in DSAME to initialize ver.
if (helper != null) {
helper.initializeVerifier(verifierFileName, logPassword, verPassword);
try {
Debug.message(FileName + ":Trying to start the Verifier Thread");
Logger logger = (com.sun.identity.log.Logger) Logger.getLogger(FileName);
Handler[] handlers = logger.getHandlers();
((com.sun.identity.log.handlers.SecureFileHandler) handlers[0]).startVerifierThread();
Debug.message(FileName + ":Started Log Verifier thread");
} catch (Exception ex) {
Debug.error(FileName + ":Unable to start Verifier Thread", ex);
// throw custom exception
}
}
verificationInitialized = true;
}
} catch (Exception e) {
Debug.error("Error initializing Verification", e);
}
}
use of com.sun.identity.log.Logger in project OpenAM by OpenRock.
the class SecureFileHandler method initializeKeyStore.
/**
* Initialize logger key store
*/
public void initializeKeyStore() {
try {
Logger logger = (com.sun.identity.log.Logger) Logger.getLogger(logName);
resetCurrentFileList(logName);
addToCurrentFileList(logName, logName, logName);
String logPath = lmanager.getProperty(LogConstants.LOG_LOCATION);
if (!logPath.endsWith("/"))
logPath += "/";
String fileName = logName;
String loggerFileName = logPath + PREFIX + "log." + fileName;
String verifierFileName = logPath + PREFIX + "ver." + fileName;
Debug.message(logName + ":Logger Keystore name = " + loggerFileName);
Debug.message(logName + ":Verifier Keystore name= " + verifierFileName);
helper.initializeSecureLogHelper(loggerFileName, logPassword, verifierFileName, logPassword);
Debug.message(logName + ":Initialized SecureLogHelper");
helper.initializeVerifier(verifierFileName, logPassword, verPassword);
Debug.message(logName + ":Done init of SecureLogHelper and Verifier");
} catch (Exception e) {
Debug.error(logName + ":Logger: exception thrown while initializing secure logger", e);
}
}
use of com.sun.identity.log.Logger in project OpenAM by OpenRock.
the class LogVerifier method verify.
/**
* Checks each record in the list of log files for tampering.
* @return a boolean value as a result of the verification
* @throws Exception if it fails to verify any mac value in the log entry.
*/
public boolean verify() throws Exception {
Logger logger = (com.sun.identity.log.Logger) Logger.getLogger(name);
ArrayList fileList = new ArrayList();
String[][] tmpResult = new String[1][1];
Object token = new Object();
synchronized (logger) {
verificationOn = true;
long start = System.currentTimeMillis();
helper = SecureFileHandler.getSecureLogHelper(name);
fileList = SecureFileHandler.getCurrentFileList(name);
if (fileList == null) {
Debug.error("No fileList found in handler.");
return VerifierAction.doVerifierAction(name, verified);
}
token = Token.createToken("AUDITOR", new String(verPassword.getChars()));
tmpResult = LogReader.read((String) fileList.get(fileList.size() - 1), token);
}
for (int i = 0; i < fileList.size() - 1; i++) {
String[][] result = new String[1][1];
try {
result = LogReader.read((String) fileList.get(i), token);
} catch (Exception e) {
Debug.error("Error in reading File : " + fileList.get(i));
}
// Check if the result of read is null or empty string array.
if (result != null && result.length != 0) {
Vector header = new Vector(result[0].length);
// Extracting the field names as header from the first line
// of the returned string array.
header.addAll(Arrays.asList(result[0]));
int signPos = -1, macPos = -1;
String signFldName, macFldName;
signFldName = LogConstants.SIGNATURE_FIELDNAME;
macFldName = LogConstants.MAC_FIELDNAME;
for (int l = 0; l < header.size(); l++) {
if ((((String) header.get(l))).equalsIgnoreCase(signFldName)) {
signPos = l;
break;
}
}
for (int l = 0; l < header.size(); l++) {
if ((((String) header.get(l))).equalsIgnoreCase(macFldName)) {
macPos = l;
break;
}
}
if ((signPos == -1) || (macPos == -1)) {
Debug.error("Could not locate mac and sign header");
return VerifierAction.doVerifierAction(name, verified);
}
// a log record.
for (int k = 1; k < result.length; k++) {
if (Debug.messageEnabled()) {
Debug.message(name + ":Start checking records " + result.length + ":" + fileList.get(i));
}
if (result[k][signPos].equals("-")) {
verified = verifyLogRecord(result[k], macPos);
if (!verified) {
Debug.error("Log Record Verification " + "Failed in file:" + (String) fileList.get(i) + " at record no. " + k);
break;
}
if (Debug.messageEnabled()) {
Debug.message(name + ":Log Record Verification Succeeded in file:" + (String) fileList.get(i) + "at record no." + k);
}
} else {
/*
* To check if this is the last signature in the file
* an additional parameter has to be passed to the
* verifySignature since the signature is the same
* as the first signature in the next file. This is
* to ensure that prevSignature is not updated with
* the last signature in the file.
* Bcos the checking of the last signature in the file
* will be the same for the first signature for the
* next file.
*/
int lastRecInFile = 0;
lastRecInFile = (result.length - 1) - k;
verified = verifySignature(result[k], signPos, lastRecInFile);
if (!verified) {
Debug.error("Log Signature Verification " + "Failed in file:" + (String) fileList.get(i) + " at record no. " + k);
break;
}
if (Debug.messageEnabled()) {
Debug.message("Log Signature Verification " + "Succeeded in file:" + (String) fileList.get(i) + "at record no." + k);
}
}
}
// end of loop k . i.e. verification check for current file
// is over
} else {
if (Debug.messageEnabled()) {
Debug.message("LogVerifier::verify::Empty return " + "from read of " + (String) fileList.get(i) + ":" + fileList.get(i));
}
verified = false;
break;
}
if (!verified) {
break;
}
}
if (tmpResult != null && tmpResult.length != 0) {
Vector header = new Vector(tmpResult[0].length);
// Extracting the field names as header from the first line of the
// returned string array.
header.addAll(Arrays.asList(tmpResult[0]));
int signPos = -1, macPos = -1;
String signFldName, macFldName;
signFldName = LogConstants.SIGNATURE_FIELDNAME;
macFldName = LogConstants.MAC_FIELDNAME;
for (int l = 0; l < header.size(); l++) {
if ((((String) header.get(l))).equalsIgnoreCase(signFldName)) {
signPos = l;
break;
}
}
for (int l = 0; l < header.size(); l++) {
if ((((String) header.get(l))).equalsIgnoreCase(macFldName)) {
macPos = l;
break;
}
}
if ((signPos == -1) || (macPos == -1)) {
Debug.error("Could not locate mac and sign header");
return VerifierAction.doVerifierAction(name, verified);
}
// or a log record.
for (int k = 1; k < tmpResult.length; k++) {
if (Debug.messageEnabled()) {
Debug.message(name + ":Start checking records " + tmpResult.length + ":" + fileList.get(fileList.size() - 1));
}
if (tmpResult[k][signPos].equals("-")) {
verified = verifyLogRecord(tmpResult[k], macPos);
if (!verified) {
Debug.error("Log Record Verification Failed in file:" + (String) fileList.get(fileList.size() - 1) + " at record no. " + k);
break;
}
if (Debug.messageEnabled()) {
Debug.message(name + ":Log Record Verification " + "Succeeded in file:" + (String) fileList.get(fileList.size() - 1) + "at record no." + k);
}
} else {
// To check if this is the last signature in the file an
// additional parameter has to be passed to the
// verifySignature since the signature is the same
// as the first signature in the next file.
// This is to ensure that prevSignature is not updated
// with the last signature in the file.
// Bcos the checking of the last signature in the file
// will be the same for the first signature for the
// next file.
int lastRecInFile = 0;
lastRecInFile = (tmpResult.length - 1) - k;
verified = verifySignature(tmpResult[k], signPos, lastRecInFile);
if (!verified) {
Debug.error("Log Signature Verification Failed " + "in file:" + (String) fileList.get(fileList.size() - 1) + " at record no. " + k);
break;
}
if (Debug.messageEnabled()) {
Debug.message("Log Signature Verification Succeeded" + " in file:" + (String) fileList.get(fileList.size() - 1) + "at record no." + k);
}
}
}
// end of loop k. i.e. verification check for current file is over
} else {
if (Debug.messageEnabled()) {
Debug.message("LogVerifier::verify::Empty return from read of " + (String) fileList.get(fileList.size() - 1) + ":" + fileList.get(fileList.size() - 1));
}
verified = false;
}
prevSignature = null;
curMAC = null;
String path = manager.getProperty(LogConstants.LOG_LOCATION);
if (!path.endsWith("/"))
path += "/";
String verKeyStoreName = path + PREFIX + "ver." + name;
helper.setLastLineforVerifier(true);
boolean intrusion = helper.isIntrusionTrue();
if (intrusion) {
Debug.error(name + " Last Line check in Verifier failed." + " Possible intrusion detected");
verified = false;
}
helper.setLastLineforVerifier(false);
helper.reinitializeVerifier(verKeyStoreName, verPassword);
if (Debug.messageEnabled()) {
Debug.message(name + ":Done Verifying");
}
return VerifierAction.doVerifierAction(name, verified);
}
use of com.sun.identity.log.Logger in project OpenAM by OpenRock.
the class LogSample method logWriteProcessing.
private void logWriteProcessing() {
/*
* get:
* 1. subject userid (subject of the LogRecord)
* 2. subject userid's password
* 3. Log filename to log to
* 4. LogRecord's "data"
* 5. LoggedBy userid (who's doing the logging)
* 6. LoggedBy userid's password
* 7. Realm (for both subject userid and LoggedBy userid
* in this sample)
*/
String userSID = sampleUtils.getLine("Subject Userid", DEF_USERNAME);
String userPWD = sampleUtils.getLine("Subject Userid " + userSID + "'s password", DEF_USERPSWD);
String logName = sampleUtils.getLine("Log file", DEF_LOGNAME);
String message = sampleUtils.getLine("Log message", DEF_LOGMSG);
;
String loggedBySID = sampleUtils.getLine("LoggedBy Userid", DEF_LOGGEDBY);
String loggedByPWD = sampleUtils.getLine("LoggedBy Userid's password", DEF_LOGGEDBYPSWD);
String realmName = sampleUtils.getLine("Realm", DEF_REALM);
// get AuthContexts for subject userid and loggedby userid
try {
userAC = new AuthContext(realmName);
loggerAC = new AuthContext(realmName);
} catch (AuthLoginException le) {
System.err.println("LogSampleUtils: could not get AuthContext for realm " + realmName);
System.exit(2);
}
// do user and loggedby login and get the SSOToken
try {
userSSOToken = sampleUtils.realmLogin(userSID, userPWD, userAC);
loggerSSOToken = sampleUtils.realmLogin(loggedBySID, loggedByPWD, loggerAC);
} catch (SSOException ssoe) {
System.err.println("logWriteProcessing: could not get SSOToken: " + ssoe.getMessage());
System.exit(3);
} catch (AuthLoginException ale) {
System.err.println("logWriteProcessing: could not authenticate: " + ale.getMessage());
System.exit(4);
} catch (Exception e) {
System.err.println("logWriteProcessing: exception getting SSOToken: " + e.getMessage());
System.exit(5);
}
try {
LogRecord logRecord = new LogRecord(java.util.logging.Level.INFO, message, userSSOToken);
logRecord.addLogInfo("ModuleName", DEF_MODULENAME);
java.net.InetAddress ipAddr = java.net.InetAddress.getLocalHost();
logRecord.addLogInfo("IPAddr", ipAddr.getHostAddress());
Logger logger = (Logger) Logger.getLogger(logName);
logger.log(logRecord, loggerSSOToken);
System.out.println("LogSample: Logging Successful !!!");
userAC.logout();
loggerAC.logout();
} catch (AMLogException amex) {
System.err.println("LogSample: AMLogException: " + amex.getMessage());
System.err.println("LogSample: Logging Failed; " + "Is user '" + loggedBySID + "' a member of a Role or Group with log writing privileges?");
} catch (Exception ssoe) {
System.err.println("LogSample: Exception: " + ssoe.getMessage());
System.err.println("LogSample: Logging Failed !!!");
}
}
use of com.sun.identity.log.Logger in project OpenAM by OpenRock.
the class Archiver method archiveKeyStore.
/**
* Archives the keystore after the specified number of files have been
* used with this keystore.
* Archives according to the name of the last archives file in the
* list of files used with this keystore.
*
* @param logName Name of the log which is to be archived.
* @param location The location of the keystores.
*/
public void archiveKeyStore(String logName, String location) {
Logger logger = (com.sun.identity.log.Logger) Logger.getLogger(logName);
ArrayList al = SecureFileHandler.getCurrentFileList(logName);
/*
* The -2 is to get the size and then pick the second last
* element in the list.
*/
String ts = ((String) al.get(al.size() - 2)).substring(((String) al.get(al.size() - 2)).lastIndexOf("."));
if (Debug.messageEnabled()) {
Debug.message("Archive:archiveKeyStore:Keystore timestamp = " + ts);
}
String LogKeyStoreArchiveName = location + PREFIX + "log." + logName + ts;
String VerKeyStoreArchiveName = location + PREFIX + "ver." + logName + ts;
String logKeyStoreOldName = location + PREFIX + "log." + logName;
String verKeyStoreOldName = location + PREFIX + "ver." + logName;
File logKeystore = new File(logKeyStoreOldName);
logKeystore.renameTo(new File(LogKeyStoreArchiveName));
File verKeystore = new File(verKeyStoreOldName);
verKeystore.renameTo(new File(VerKeyStoreArchiveName));
filesPerKeystoreCounter = 0;
}
Aggregations