com.sun.identity.log.secure

Class SecureLogHelper

java.lang.Object

com.sun.identity.log.secure.SecureLogHelper

Direct Known Subclasses:

SecureLogHelperJCEImpl

public abstract class SecureLogHelper
extends Object

A helper class for logging that generates the MAC and maintaining the key state

Constructor Summary

Constructors

Constructor and Description
SecureLogHelper()

Method Summary

Modifier and Type	Method and Description
void	bytetohex(byte b, StringBuffer buf) Converts a given byte to hexChar
boolean	equalByteArrays(byte[] buf1, byte[] buf2) Finds out whether the bytes[] are equal
byte[]	generateLogEntryMAC(String LogEntry) Returns the current key from secure storage, generates the MAC and also generates a new key and stores it back in the secure storage.
byte[]	getDigest(String LogEntry, byte[] keyMaterial) Returns a digest based on the given LogEntry and the given KeyMaterial
byte[]	getLastMAC() Returns the last generated MAC for the logger
byte[]	getLastSignatureBytes() Returns the bytes from the last generated signature for the logger
String	getLoggerFileName() Returns the Logger File Name.
static String	getLoggerKeyName() Returns Name of Logger's Key name
String	getVerifierFileName() Returns the Verifier File Name.
void	initializeSecureLogHelper(String loggerFileName, AMPassword LoggerPassword, String verFileName, AMPassword verifierPassword) Initialize logger by generating a new MACing key and storing it in the secure storage Also creates a file for the verifier with the same password.
void	initializeVerifier(String verFileName, AMPassword oldPassword, AMPassword newPassword) Initialize the verifier by using the logger generated PKCS12 file and looking for the appropriate content in that and overwriting with the new password
boolean	isIntrusionTrue() Compare the logger and the verifier keys
void	reinitializeVerifier(String verFileName, AMPassword password) ReInitialize the verifier
void	setLastLineforLogger(boolean islastLine) Set the Logger's last line
void	setLastLineforVerifier(boolean islastLine) Set the Verfier's last line
static void	setLoggerKeyName(String name) Sets Name of Logger's Key name
abstract byte[]	signMAC(byte[] mac) Signs the given MAC and returns the signature
static byte[]	toByteArray(String str) Converts a given hex String separated by colons to a byte array.
String	toHexString(byte[] block) Converts a given byte block to comprehensible hexadecimal String
boolean	verifyMAC(String LogEntry, byte[] mac) Verifies the current MAC by taking the currentVerifierKey and update the currentVerifierKey
abstract boolean	verifySignature(byte[] signedObject, byte[] mac) Verifies the given MAC

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SecureLogHelper

public SecureLogHelper()

Method Detail

signMAC

public abstract byte[] signMAC(byte[] mac)
                        throws Exception

Signs the given MAC and returns the signature

Parameters:

mac - the mac to be signed

Returns:

the signature of given MAC

Throws:

Exception - if it fails to sign the MAC

verifySignature

public abstract boolean verifySignature(byte[] signedObject,
                                        byte[] mac)
                                 throws Exception

Verifies the given MAC

Parameters:

signedObject - : the signedObject to be verified

mac - : signed mac

Returns:

true if signedObject is verified without any problem

Throws:

Exception - if signedObject can not be verified

initializeSecureLogHelper

public void initializeSecureLogHelper(String loggerFileName,
                                      AMPassword LoggerPassword,
                                      String verFileName,
                                      AMPassword verifierPassword)
                               throws Exception

Initialize logger by generating a new MACing key and storing it in the secure storage Also creates a file for the verifier with the same password. This file is overwritten with a new verifier(Auditor) supplied password when the Auditor logs into the system for the first time This method should be called only once for a given initial key

Parameters:

loggerFileName - Logger related JCEKS file

LoggerPassword - The password for the logging JCEKS file

verFileName - : Verifier related JCEKS file

verifierPassword - : The password for the verifier JCEKS file

Throws:

Exception - if it fails to initialize SecureLogHelper

initializeVerifier

public void initializeVerifier(String verFileName,
                               AMPassword oldPassword,
                               AMPassword newPassword)
                        throws Exception

Initialize the verifier by using the logger generated PKCS12 file and looking for the appropriate content in that and overwriting with the new password

Parameters:

oldPassword - This was set by the administrator and the Auditor wants to overwrite this password.

newPassword - The administrator / auditor's new password

Throws:

Exception - if it fails to replace the password

reinitializeVerifier

public void reinitializeVerifier(String verFileName,
                                 AMPassword password)
                          throws Exception

ReInitialize the verifier

Parameters:

verFileName - Filename of the verifier

password - administrator / auditor password

Throws:

Exception - if it fails to reinitialize verifier

getLastMAC

public byte[] getLastMAC()

Returns the last generated MAC for the logger

Returns:

the last generated MAC for the logger

getLastSignatureBytes

public byte[] getLastSignatureBytes()
                             throws Exception

Returns the bytes from the last generated signature for the logger

Returns:

the bytes from the last generated signature for the logger

Throws:

Exception - if it fails to read the last signature

getLoggerFileName

public String getLoggerFileName()

Returns the Logger File Name.

Returns:

the name of Logger's file name

getVerifierFileName

public String getVerifierFileName()

Returns the Verifier File Name.

Returns:

the name of Verifier's file name

generateLogEntryMAC

public byte[] generateLogEntryMAC(String LogEntry)
                           throws Exception

Returns the current key from secure storage, generates the MAC and also generates a new key and stores it back in the secure storage. Does not store the initialKey into the log file but replaces it with the currentKey

Parameters:

LogEntry - The actual log entry

Returns:

MAC for given log entry

Throws:

Exception - if it fails to generate the MAC

verifyMAC

public boolean verifyMAC(String LogEntry,
                         byte[] mac)
                  throws Exception

Verifies the current MAC by taking the currentVerifierKey and update the currentVerifierKey

Parameters:

LogEntry - log entry whose mac has to be verified

mac - mac with which to be verified

Returns:

true if mac for log entry is valid

Throws:

Exception - if it fails to verify mac value for log entry

setLastLineforLogger

public void setLastLineforLogger(boolean islastLine)

Set the Logger's last line

Parameters:

islastLine - true if current is last line of logger

setLastLineforVerifier

public void setLastLineforVerifier(boolean islastLine)

Set the Verfier's last line

Parameters:

islastLine - true if current is last line of logger

isIntrusionTrue

public boolean isIntrusionTrue()

Compare the logger and the verifier keys

Returns:

false if LoggerLastLine and VerifierLastLine are equal

toHexString

public String toHexString(byte[] block)

Converts a given byte block to comprehensible hexadecimal String

Parameters:

block - The data to be converted

Returns:

hex string of given byte block

bytetohex

public void bytetohex(byte b,
                      StringBuffer buf)

Converts a given byte to hexChar

Parameters:

b - : The byte to be converted

buf - : Converted data gets added here

toByteArray

public static byte[] toByteArray(String str)

Converts a given hex String separated by colons to a byte array.

Parameters:

str - string to be converted.

Returns:

byte array of given string

equalByteArrays

public boolean equalByteArrays(byte[] buf1,
                               byte[] buf2)
                        throws IOException

Finds out whether the bytes[] are equal

Parameters:

buf1 - : First byte[] to be checked

buf2 - : Second byte[] to be checked

Returns:

true if they are same

Throws:

IOException - if they can not be comapred

getDigest

public byte[] getDigest(String LogEntry,
                        byte[] keyMaterial)
                 throws Exception

Returns a digest based on the given LogEntry and the given KeyMaterial

Parameters:

LogEntry - : The data whose digest is to be generated

keyMaterial - : The key related data

Returns:

generated digest value

Throws:

Exception - if it fails to generate digest value for given LogEntry and the given KeyMaterial

setLoggerKeyName

public static void setLoggerKeyName(String name)

Sets Name of Logger's Key name

Parameters:

name - Name for Logger's Key name

getLoggerKeyName

public static String getLoggerKeyName()

Returns Name of Logger's Key name

Returns:

name Name for Logger's Key name