/** * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. * * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved * * The contents of this file are subject to the terms * of the Common Development and Distribution License * (the License). You may not use this file except in * compliance with the License. * * You can obtain a copy of the License at * https://opensso.dev.java.net/public/CDDLv1.0.html or * opensso/legal/CDDLv1.0.txt * See the License for the specific language governing * permission and limitations under the License. * * When distributing Covered Code, include this CDDL * Header Notice in each file and include the License file * at opensso/legal/CDDLv1.0.txt. * If applicable, add the following below the CDDL Header, * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: LogSign.java,v 1.4 2008/06/25 05:43:38 qcheng Exp $ * */ /* * Portions Copyrighted [2011] [ForgeRock AS] */ package com.sun.identity.log.secure; import java.util.Arrays; import java.util.Vector; import java.util.logging.Handler; import com.sun.identity.log.LogConstants; import com.sun.identity.log.Logger; import com.sun.identity.log.spi.Debug; /** * This class is logging signature that generates with the MAC value for each * log entry. */ public class LogSign { private String name; private Logger logger; /** * Constructor * @param log A string representing the name of the logger. */ public LogSign(String log) { name = log; } /** * Reads the header from the log file and interprets its contents. * It finds out the position of the Signature and MAC fields. * @param recordListHeader A string array that contains the header * entries as strings. */ public void readHeader(String[] recordListHeader){ Vector header = new Vector(recordListHeader.length); // Extracting the field names as header from the first line of the // returned string array. header.addAll(Arrays.asList(recordListHeader)); /* Getting the position of the Signature field in the array. * This is required to check if the record is a signature or a * normal logrecord. If it is a signature then the signature * has to be verified, else the MAC on that line has to be * verified. */ String signFieldName = LogConstants.SIGNATURE_FIELDNAME; for(int j = 0; j < header.size(); j++){ if((((String)header.get(j))).equalsIgnoreCase(signFieldName)) { break; } } } /** * The actual sign method that creates the signature by taking the last * generated MAC and the last Signature in the log file and then using that * to create the next signature that is to be written to the file. * @return A String repersentation of the actual byte array signature. * @throws Exception if it fails to sign the mac value */ public synchronized String sign() throws Exception { /* * Get instance of the Logger for which the signing operation is * to be done. */ logger = (com.sun.identity.log.Logger)Logger.getLogger(name); Handler[] handlers = logger.getHandlers(); SecureLogHelper helper = ((com.sun.identity.log.handlers.SecureFileHandler)handlers[0]). getSecureLogHelper(); // Get the lastMAC and the last Signature from the secure store. // There is a problem since the getLastMAC function returns the MAC // of the record prior to the last record. byte[] prevMAC = new byte[1]; prevMAC = helper.getLastMAC(); if(prevMAC == null){ if (Debug.warningEnabled()) { Debug.warning(name+"Prev MAC = null"); } return null; } if (Debug.messageEnabled()) { Debug.message(name+"prevMAC = " + helper.toHexString(prevMAC)); } byte[] newMAC; byte [] prevSign = helper.getLastSignatureBytes(); if((prevSign == null) || (prevSign.length == 0) ) { newMAC = new byte[prevMAC.length]; System.arraycopy(prevMAC, 0, newMAC, 0, prevMAC.length); } else { newMAC = new byte[prevMAC.length + prevSign.length]; System.arraycopy(prevMAC, 0, newMAC, 0, prevMAC.length); System.arraycopy(prevSign, 0, newMAC, prevMAC.length, prevSign.length); } // Sign the newly generated MAC byte[] curSign = helper.signMAC(newMAC); String sign = helper.toHexString(curSign); return sign; } }