Example 1 with VerifierList
use of com.sun.identity.log.secure.VerifierList in project OpenAM by OpenRock.
the class SecureFileHandler method initializeSecurity.
void initializeSecurity() {
String currentFileName = logName;
try {
String logPath = lmanager.getProperty(LogConstants.LOG_LOCATION);
if (!logPath.endsWith("/"))
logPath += "/";
String FileName = currentFileName;
String loggerFileName = logPath + PREFIX + "log." + FileName;
String verifierFileName = logPath + PREFIX + "ver." + FileName;
helper = (SecureLogHelper) getSecureLogHelper(logName);
if (helper == null) {
helper = getSecureLogHelperInst();
setSecureLogHelper(logName, helper);
}
helper.initializeSecureLogHelper(loggerFileName, logPassword, verifierFileName, logPassword);
if (verificationInitialized) {
helper.initializeVerifier(verifierFileName, logPassword, verPassword);
}
} catch (Exception e) {
Debug.error(logName + ":Logger: exception thrown while initializing secure logger", e);
//throw custom defined exception
}
Archiver archiver = null;
try {
if (getArchiver(logName) == null) {
archiver = (Archiver) Class.forName(archiverClass).newInstance();
setArchiver(logName, archiver);
}
} catch (Exception e) {
Debug.error(logName + ":SecureFileHandler: Could Not set Archiver", e);
}
String Interval = lmanager.getProperty(LogConstants.LOGSIGN_PERIODINSECONDS);
if ((Interval == null) || (Interval.length() == 0)) {
signInterval = LogConstants.LOGSIGN_PERIODINSECONDS_DEFAULT * 1000;
} else {
signInterval = Long.parseLong(Interval) * 1000;
}
startPeriodicLogSigner();
// Uncomment lines before deploying
if (verificationInitialized) {
startVerifierThread();
}
Debug.message(logName + ":Done initializeSecurity in Handler");
// add the non archived files in the current file list.
VerifierList vl = new VerifierList();
String path = location;
if (!path.endsWith("/")) {
path += "/";
}
TreeMap tm = vl.getKeysAndFiles(new File(path), logName);
Vector logFiles = (Vector) tm.get(PREFIX + "log." + logName);
for (int j = 1; j < logFiles.size(); j++) {
// fiels are sorted according to the timestamp so first add all the
// files ending with timestamp
String name = (String) logFiles.elementAt(j);
name = name.substring(PREFIX.length(), name.length());
addToCurrentFileList(name, name, logName);
if (archiver != null) {
// increment filesPerKeystoreCounter
archiver.incrementCount();
}
}
// now add the current file (without time stamp)
String name = (String) logFiles.elementAt(0);
name = name.substring(PREFIX.length(), name.length());
addToCurrentFileList(name, name, logName);
}
Also used :
VerifierList(com.sun.identity.log.secure.VerifierList)
TreeMap(java.util.TreeMap)
Archiver(com.sun.identity.log.spi.Archiver)
File(java.io.File)
Vector(java.util.Vector)
NullLocationException(com.iplanet.log.NullLocationException)
IOException(java.io.IOException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Example 2 with VerifierList
use of com.sun.identity.log.secure.VerifierList in project OpenAM by OpenRock.
the class ISArchiveVerify method verifyArchive.
/**
* Verifies the complete archive including the current set and all
* the previous sets for the specified log.
* @param logName the name of the log for which the complete Archive is
* to be verified.
* @param path Fully quallified path name for log file
* @param uname userv name for logger user
* @param passwd Password for logger user
* @return value of the status of verification.
* @throws Exception if it fails to verify the archive.
*/
public boolean verifyArchive(String logName, String path, String uname, String passwd) throws Exception {
String log = logName;
LogManager lm = (LogManager) LogManagerUtil.getLogManager();
lm.readConfiguration();
verPassword = new AMPassword(passwd.toCharArray());
SSOToken ssoToken = null;
SSOTokenManager ssoMngr = null;
try {
ssoMngr = SSOTokenManager.getInstance();
ssoToken = ssoMngr.createSSOToken(new AuthPrincipal(uname), passwd);
} catch (SSOException ssoe) {
System.out.println(bundle.getString("archiveVerification") + "SSOException: " + ssoe.getMessage());
return false;
} catch (UnsupportedOperationException uoe) {
System.out.println(bundle.getString("archiveVerification") + "UnsupportedOperationException: " + uoe.getMessage());
return false;
}
// This function will be used to verify all the files in the current and
// previous sets for the logname and types.
VerifierList vl = new VerifierList();
if (!path.endsWith("/")) {
path += "/";
}
TreeMap tm = vl.getKeysAndFiles(new File(path), logName);
if (tm.size() == 0) {
System.out.println(bundle.getString("archiveVerification") + bundle.getString("noFilesToVerify") + ", size == 0");
return true;
}
// To get the list of all keyfiles for that particular logname.type
Object[] keyFiles = (tm.keySet()).toArray();
String verFile = new String();
if (keyFiles.length == 1) {
System.out.println(bundle.getString("archiveVerification") + bundle.getString("noFilesToVerify") + ", keyFiles.length == 1");
}
for (int i = 1; i < keyFiles.length; i++) {
helper = SecureFileHandler.getSecureLogHelperInst();
// This is the set of files for that particular keystore.
Vector logFiles = (Vector) tm.get(keyFiles[i]);
// Iterate through the list and start verification from
// the first file.
String tmpName = ((String) keyFiles[i]).substring(((String) keyFiles[i]).indexOf(".") + 1);
verFile = tmpName.substring(tmpName.indexOf("."));
verFile = PREFIX + "ver" + verFile;
// Initialize the SecureLogHelper object for the current keystores.
helper.initializeVerifier(path + verFile, verPassword, verPassword);
helper.reinitializeVerifier(path + verFile, verPassword);
// Start verifying the Files associated with the current keystore
curMAC = null;
prevSignature = null;
for (int j = 0; j < logFiles.size(); j++) {
// flag to indicate that last record in the file is being
// verified. This record is the same for the first record
// of the next file.
System.out.println(bundle.getString("fileBeingVerified") + (String) logFiles.elementAt(j));
int lastRecInFile = 0;
// Read the logRecords in the File.
String[][] result = new String[1][1];
try {
result = LogReader.read((String) logFiles.elementAt(j), ssoToken);
} catch (Exception e) {
e.printStackTrace();
}
// empty string.
if (result != null || result.length != 0) {
Vector header = new Vector(result[0].length);
// Extracting the field names as header from the first
// line of the returned string array.
header.addAll(Arrays.asList(result[0]));
int signPos = -1, macPos = -1;
String signFldName, macFldName;
signFldName = LogConstants.SIGNATURE_FIELDNAME;
macFldName = LogConstants.MAC_FIELDNAME;
for (int l = 0; l < header.size(); l++) {
if ((((String) header.get(l))).equalsIgnoreCase(signFldName)) {
signPos = l;
break;
}
}
// end of loop l
for (int l = 0; l < header.size(); l++) {
if ((((String) header.get(l))).equalsIgnoreCase(macFldName)) {
macPos = l;
break;
}
}
// end of loop l
if ((signPos == -1) || (macPos == -1)) {
return VerifierAction.doVerifierAction(log, verified);
}
// or a log record.
for (int k = 1; k < result.length; k++) {
// add 2 for MAC and Signature fields
if (result[k].length < (LogConstants.MAX_FIELDS + 2)) {
System.err.println(bundle.getString("recordVerificationFailed") + (String) logFiles.elementAt(j) + "\n\t #fields in record #" + (k - 1) + " (" + result[k].length + ") < 14\n");
verified = false;
break;
}
if (result[k][signPos].equals("-")) {
verified = verifyLogRecord(result[k], macPos);
if (!verified) {
System.err.println(bundle.getString("recordVerificationFailed") + (String) logFiles.elementAt(j) + " " + bundle.getString("atRecordNumber") + k);
break;
}
System.out.println(bundle.getString("recordVerificationPassed") + (String) logFiles.elementAt(j) + " " + bundle.getString("atRecordNumber") + k);
} else {
// To check if this is the last signature in the
// file an additional parameter has to be passed
// to the verifySignature since the signature is
// the same as the first signature in the next file.
// This is to ensure that prevSignature is not
// updated with the last signature in the file.
// Bcos the checking of the last signature in the
// file will be the same for the first signature
// for the next file.
lastRecInFile = (result.length - 1) - k;
verified = verifySignature(result[k], signPos, lastRecInFile);
if (!verified) {
System.err.println(bundle.getString("signatureVerificationFailed") + (String) logFiles.elementAt(j) + bundle.getString("atRecordNumber") + k);
break;
}
System.out.println(bundle.getString("signatureVerificationPassed") + (String) logFiles.elementAt(j) + bundle.getString("atRecordNumber") + k);
}
}
// end of loop k i.e. end of records for this logFile.
} else {
System.err.println(bundle.getString("archiveVerification") + bundle.getString("emptyReturn") + (String) logFiles.elementAt(j));
}
if (!verified) {
return verified;
}
}
// end of loop j i.e. end of Files for the current keystore.
helper.reinitializeVerifier(path + verFile, verPassword);
}
// end of loop i
return verified;
}
Also used :
SSOTokenManager(com.iplanet.sso.SSOTokenManager)
SSOToken(com.iplanet.sso.SSOToken)
SSOException(com.iplanet.sso.SSOException)
VerifierList(com.sun.identity.log.secure.VerifierList)
TreeMap(java.util.TreeMap)
ConfiguratorException(com.sun.identity.setup.ConfiguratorException)
SSOException(com.iplanet.sso.SSOException)
AMPassword(com.sun.identity.security.keystore.AMPassword)
AuthPrincipal(com.sun.identity.authentication.internal.AuthPrincipal)
LogManager(com.sun.identity.log.LogManager)
File(java.io.File)
Vector(java.util.Vector)
Aggregations
VerifierList (com.sun.identity.log.secure.VerifierList)2
File (java.io.File)2
TreeMap (java.util.TreeMap)2
Vector (java.util.Vector)2
NullLocationException (com.iplanet.log.NullLocationException)1
SSOException (com.iplanet.sso.SSOException)1
SSOToken (com.iplanet.sso.SSOToken)1
SSOTokenManager (com.iplanet.sso.SSOTokenManager)1
AuthPrincipal (com.sun.identity.authentication.internal.AuthPrincipal)1
LogManager (com.sun.identity.log.LogManager)1
Archiver (com.sun.identity.log.spi.Archiver)1
AMPassword (com.sun.identity.security.keystore.AMPassword)1
ConfiguratorException (com.sun.identity.setup.ConfiguratorException)1
IOException (java.io.IOException)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
