Package com.sun.identity.log.secure

Class SecureLogHelper

  • Direct Known Subclasses:
    SecureLogHelperJCEImpl
    public abstract class SecureLogHelper
extends Object
    A helper class for logging that generates the MAC and maintaining the key state

    • Constructor Detail

      • SecureLogHelper

        public SecureLogHelper()

    • Method Detail

      • signMAC

        public abstract byte[] signMAC​(byte[] mac)
                        throws Exception
        Signs the given MAC and returns the signature
        Parameters:
        mac - the mac to be signed
        Returns:
        the signature of given MAC
        Throws:
        Exception - if it fails to sign the MAC

      • verifySignature

        public abstract boolean verifySignature​(byte[] signedObject,
                                        byte[] mac)
                                 throws Exception
        Verifies the given MAC
        Parameters:
        signedObject - : the signedObject to be verified
        mac - : signed mac
        Returns:
        true if signedObject is verified without any problem
        Throws:
        Exception - if signedObject can not be verified

      • initializeSecureLogHelper

        public void initializeSecureLogHelper​(String loggerFileName,
                                      AMPassword LoggerPassword,
                                      String verFileName,
                                      AMPassword verifierPassword)
                               throws Exception
        Initialize logger by generating a new MACing key and storing it in the secure storage Also creates a file for the verifier with the same password. This file is overwritten with a new verifier(Auditor) supplied password when the Auditor logs into the system for the first time This method should be called only once for a given initial key
        Parameters:
        loggerFileName - Logger related JCEKS file
        LoggerPassword - The password for the logging JCEKS file
        verFileName - : Verifier related JCEKS file
        verifierPassword - : The password for the verifier JCEKS file
        Throws:
        Exception - if it fails to initialize SecureLogHelper

      • initializeVerifier

        public void initializeVerifier​(String verFileName,
                               AMPassword oldPassword,
                               AMPassword newPassword)
                        throws Exception
        Initialize the verifier by using the logger generated PKCS12 file and looking for the appropriate content in that and overwriting with the new password
        Parameters:
        oldPassword - This was set by the administrator and the Auditor wants to overwrite this password.
        newPassword - The administrator / auditor's new password
        Throws:
        Exception - if it fails to replace the password

      • reinitializeVerifier

        public void reinitializeVerifier​(String verFileName,
                                 AMPassword password)
                          throws Exception
        ReInitialize the verifier
        Parameters:
        verFileName - Filename of the verifier
        password - administrator / auditor password
        Throws:
        Exception - if it fails to reinitialize verifier

      • getLastMAC

        public byte[] getLastMAC()
        Returns the last generated MAC for the logger
        Returns:
        the last generated MAC for the logger

      • getLastSignatureBytes

        public byte[] getLastSignatureBytes()
                             throws Exception
        Returns the bytes from the last generated signature for the logger
        Returns:
        the bytes from the last generated signature for the logger
        Throws:
        Exception - if it fails to read the last signature

      • getLoggerFileName

        public String getLoggerFileName()
        Returns the Logger File Name.
        Returns:
        the name of Logger's file name

      • getVerifierFileName

        public String getVerifierFileName()
        Returns the Verifier File Name.
        Returns:
        the name of Verifier's file name

      • generateLogEntryMAC

        public byte[] generateLogEntryMAC​(String LogEntry)
                           throws Exception
        Returns the current key from secure storage, generates the MAC and also generates a new key and stores it back in the secure storage. Does not store the initialKey into the log file but replaces it with the currentKey
        Parameters:
        LogEntry - The actual log entry
        Returns:
        MAC for given log entry
        Throws:
        Exception - if it fails to generate the MAC

      • verifyMAC

        public boolean verifyMAC​(String LogEntry,
                         byte[] mac)
                  throws Exception
        Verifies the current MAC by taking the currentVerifierKey and update the currentVerifierKey
        Parameters:
        LogEntry - log entry whose mac has to be verified
        mac - mac with which to be verified
        Returns:
        true if mac for log entry is valid
        Throws:
        Exception - if it fails to verify mac value for log entry

      • setLastLineforLogger

        public void setLastLineforLogger​(boolean islastLine)
        Set the Logger's last line
        Parameters:
        islastLine - true if current is last line of logger

      • setLastLineforVerifier

        public void setLastLineforVerifier​(boolean islastLine)
        Set the Verfier's last line
        Parameters:
        islastLine - true if current is last line of logger

      • isIntrusionTrue

        public boolean isIntrusionTrue()
        Compare the logger and the verifier keys
        Returns:
        false if LoggerLastLine and VerifierLastLine are equal

      • toHexString

        public String toHexString​(byte[] block)
        Converts a given byte block to comprehensible hexadecimal String
        Parameters:
        block - The data to be converted
        Returns:
        hex string of given byte block

      • bytetohex

        public void bytetohex​(byte b,
                      StringBuffer buf)
        Converts a given byte to hexChar
        Parameters:
        b - : The byte to be converted
        buf - : Converted data gets added here

      • toByteArray

        public static byte[] toByteArray​(String str)
        Converts a given hex String separated by colons to a byte array.
        Parameters:
        str - string to be converted.
        Returns:
        byte array of given string

      • equalByteArrays

        public boolean equalByteArrays​(byte[] buf1,
                               byte[] buf2)
                        throws IOException
        Finds out whether the bytes[] are equal
        Parameters:
        buf1 - : First byte[] to be checked
        buf2 - : Second byte[] to be checked
        Returns:
        true if they are same
        Throws:
        IOException - if they can not be comapred

      • getDigest

        public byte[] getDigest​(String LogEntry,
                        byte[] keyMaterial)
                 throws Exception
        Returns a digest based on the given LogEntry and the given KeyMaterial
        Parameters:
        LogEntry - : The data whose digest is to be generated
        keyMaterial - : The key related data
        Returns:
        generated digest value
        Throws:
        Exception - if it fails to generate digest value for given LogEntry and the given KeyMaterial

      • setLoggerKeyName

        public static void setLoggerKeyName​(String name)
        Sets Name of Logger's Key name
        Parameters:
        name - Name for Logger's Key name

      • getLoggerKeyName

        public static String getLoggerKeyName()
        Returns Name of Logger's Key name
        Returns:
        name Name for Logger's Key name