ISArchiveVerify.java revision eaee930f8fb0c2d7d86d0ca299530cfff8b1feb8
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: ISArchiveVerify.java,v 1.11 2008/10/27 18:14:12 bigfatrat Exp $
*
*/
/*
* Portions Copyrighted [2011] [ForgeRock AS]
*/
/**
* This Archive verify class provides the way for verifying LogRecords that
* has logged with mac and signature. It will detect any intrusion made for
* secure log file.
*/
public class ISArchiveVerify{
private boolean verified = true;
private SecureLogHelper helper;
private AMPassword verPassword;
private static ResourceBundle bundle =
"amLogging");
static final int INVALID = 0;
static final int LOGNAME = 1;
static final int PATH = 2;
static final int USERNAME = 3;
static final int PASSWORD = 4;
static {
}
try {
} catch (Exception e) {
return 0;
}
}
/**
* Main method for the class. It drives verify procedure by invoking
* runCommand method.
* @param args
* @throws Exception if it fails to processing verification.
*/
}
}
try {
} catch (ConfiguratorException ex) {
} catch (Exception e) {
}
}
int ln = 0;
int path = 0;
int uname = 0;
int passwd= 0;
int i = 0;
try {
switch(opt) {
case LOGNAME:
i++;
ln = i;
break;
case PATH:
i++;
path = i;
break;
case USERNAME:
i++;
uname = i;
break;
case PASSWORD:
i++;
passwd = i;
break;
default:
throw new Exception();//bundle.getString("invalidOpt"));
}
i++;
}
} catch (Exception e) {
if (e.getMessage() != null) {
}
e.printStackTrace();
}
try {
if (verified) {
} else {
}
} catch(Exception e) {
if (e.getMessage() != null) {
}
e.printStackTrace();
}
}
/**
* Verifies the passed LogRecord to check for tampering.
*
* @param String array of the elements of the record.
* @param position of the mac header in the array.
* @return a boolean value of the result of the verification
* @throws Exception if it fails to verify the record.
*/
throws Exception {
// Creating the data part for verification
}
verified =
return verified;
}
/**
* Verifies the signature entry in the log file for tampering.
*
* @param String array of the elements of the record.
* @param position of the signature field value in the array
* @return a boolean value of the result of the verification
* @throws Exception if it fails to verify the signature.
*/
throws Exception {
//
// if curMAC is null, there's apparently a missing
// _secure.<file>.access.<date> (or .error.date)
//
return false;
}
// Regenerate the MAC that was signed.
byte[] newMAC ;
}else{
}
// If this is the last record in the file then dont update
// the prevSignature as the first record in the next file is also
// the same signature.
if(recPos != 0) {
}
return verified;
}
/**
* Verifies the complete archive including the current set and all
* the previous sets for the specified log.
* @param logName the name of the log for which the complete Archive is
* to be verified.
* @param path Fully quallified path name for log file
* @param uname userv name for logger user
* @param passwd Password for logger user
* @return value of the status of verification.
* @throws Exception if it fails to verify the archive.
*/
public boolean verifyArchive(
) throws Exception{
try {
ssoToken =
} catch (SSOException ssoe) {
return false;
} catch (UnsupportedOperationException uoe) {
return false;
}
// This function will be used to verify all the files in the current and
// previous sets for the logname and types.
path += "/";
}
return true;
}
// To get the list of all keyfiles for that particular logname.type
", keyFiles.length == 1");
}
// This is the set of files for that particular keystore.
// Iterate through the list and start verification from
// the first file.
// Initialize the SecureLogHelper object for the current keystores.
// Start verifying the Files associated with the current keystore
// flag to indicate that last record in the file is being
// verified. This record is the same for the first record
// of the next file.
int lastRecInFile = 0;
// Read the logRecords in the File.
try{
result =
}catch(Exception e){
e.printStackTrace();
}
// Check if the result of a read operation is a null or
// empty string.
// Extracting the field names as header from the first
// line of the returned string array.
signPos = l;
break;
}
} // end of loop l
macPos = l;
break;
}
}// end of loop l
}
// Now check each record to see if it is a signature record
// or a log record.
// add 2 for MAC and Signature fields
+ "\n\t #fields in record #" + (k-1) + " ("
verified = false;
break;
}
if(!verified){
break;
}
} else {
// To check if this is the last signature in the
// file an additional parameter has to be passed
// to the verifySignature since the signature is
// the same as the first signature in the next file.
// This is to ensure that prevSignature is not
// updated with the last signature in the file.
// Bcos the checking of the last signature in the
// file will be the same for the first signature
// for the next file.
verified =
if(!verified){
break;
}
}
}// end of loop k i.e. end of records for this logFile.
}else{
}
if(!verified){
return verified;
}
}// end of loop j i.e. end of Files for the current keystore.
}// end of loop i
return verified;
}// end of verifyArchive
}