LogVerifier.java revision eaee930f8fb0c2d7d86d0ca299530cfff8b1feb8
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: LogVerifier.java,v 1.7 2008/06/25 05:43:38 qcheng Exp $
*
* Portions Copyrighted 2011-2016 ForgeRock AS.
*/
/**
* This class is verifying signature that is generated with the MAC value
* for each log entry.
*/
public class LogVerifier{
private VerifyTask verifier;
private boolean verified = true;
private SecureLogHelper helper;
private AMPassword verPassword;
private boolean verificationOn = false;
/**
* Constructs <code>LogVerifier</code> object
* @param log logger name associated with this verifier
* @param verPass the password for verifier secure store
*/
}
/**
* Return verification flag
* @return verification flag
*/
public boolean getVerificationFlag() {
return verificationOn;
}
/**
* Inner class which extends the abstract GeneralTaskRunnable class and
* impelements the run method which is run periodically which does the
* actual verification.
*/
class VerifyTask extends GeneralTaskRunnable {
private long runPeriod;
public VerifyTask(long runPeriod) {
}
/**
* Method that runs at an interval as specified in the timer object.
*/
public void run(){
try{
verify();
} catch(Exception e) {
}
verificationOn = false;
}
/**
* Methods that need to be implemented from GeneralTaskRunnable.
*/
public boolean isEmpty() {
return true;
}
return false;
}
return false;
}
public long getRunPeriod() {
return runPeriod;
}
}
/**
* Method that starts the log Verifier thread
*/
public void startLogVerifier(){
long interval;
} else {
}
interval *= 1000;
if (Debug.messageEnabled()) {
}
}
}
/**
* Method to stop the log verifier thread if it is running
*/
public void stopLogVerifier() {
}
}
/**
* Verifies the passed LogRecord to check for tampering.
*
* @param record String array of the elements of the record.
* @param macPos position of the mac header in the array.
* @return a boolean value of the result of the verification
*/
throws Exception {
// Creating the data part for verification
}
verified =
return verified;
}
/**
* Verifies the signature entry in the log file for tampering.
*
* @param String array of the elements of the record.
* @param position of the signature field value in the array
* @return a boolean value of the result of the verification
*/
throws Exception {
// Regenerate the MAC that was signed.
byte[] newMAC ;
}else{
}
// If this is the last record in the file then dont update the
// prevSignature as the first record in the next file is also
// the same signature.
if(recPos != 0) {
}
return verified;
}
/**
* Checks each record in the list of log files for tampering.
* @return a boolean value as a result of the verification
* @throws Exception if it fails to verify any mac value in the log entry.
*/
public boolean verify()
throws Exception{
synchronized(logger) {
verificationOn = true;
long start = currentTimeMillis();
}
token =
}
try{
}catch(Exception e){
}
// Check if the result of read is null or empty string array.
// Extracting the field names as header from the first line
// of the returned string array.
{
signPos = l;
break;
}
}
macPos = l;
break;
}
}
}
// Now check each record to see if it is a signature record or
// a log record.
if (Debug.messageEnabled()) {
}
if(!verified) {
"Failed in file:" +
break;
}
if (Debug.messageEnabled()) {
":Log Record Verification Succeeded in file:"+
}
} else {
/*
* To check if this is the last signature in the file
* an additional parameter has to be passed to the
* verifySignature since the signature is the same
* as the first signature in the next file. This is
* to ensure that prevSignature is not updated with
* the last signature in the file.
* Bcos the checking of the last signature in the file
* will be the same for the first signature for the
* next file.
*/
int lastRecInFile = 0;
verified =
if(!verified) {
"Failed in file:" +
break;
}
if (Debug.messageEnabled()) {
"Succeeded in file:" +
}
}
} // end of loop k . i.e. verification check for current file
// is over
} else {
if (Debug.messageEnabled()) {
}
verified = false;
break;
}
if (!verified) {
break;
}
} // end of loop i i.e. current filelist verification is over.
// This is for the current file that was read at the start.
// This is done bcos in the time that the verifier reaches a point
// where it starts verifying this file it might have already been
// timestamped, bcos of the logging that is going on in parallel.
// Extracting the field names as header from the first line of the
// returned string array.
signPos = l;
break;
}
}
macPos = l;
break;
}
}
}
// Now check each record to see if it is a signature record
// or a log record.
if (Debug.messageEnabled()) {
}
if(!verified) {
" at record no. "+ k);
break;
}
if (Debug.messageEnabled()) {
"Succeeded in file:" +
"at record no."+ k);
}
} else {
// To check if this is the last signature in the file an
// additional parameter has to be passed to the
// verifySignature since the signature is the same
// as the first signature in the next file.
// This is to ensure that prevSignature is not updated
// with the last signature in the file.
// Bcos the checking of the last signature in the file
// will be the same for the first signature for the
// next file.
int lastRecInFile = 0;
if(!verified) {
"in file:" +
" at record no. " + k);
break;
}
if (Debug.messageEnabled()) {
" in file:"+
"at record no."+ k);
}
}
} // end of loop k. i.e. verification check for current file is over
} else {
if (Debug.messageEnabled()) {
}
verified = false;
}
path += "/";
helper.setLastLineforVerifier(true);
if(intrusion) {
" Possible intrusion detected");
verified = false;
}
helper.setLastLineforVerifier(false);
if (Debug.messageEnabled()) {
}
}
}