external-software/github_OpenIdentityPlatform_OpenDJ.git

			@@ -22,25 +22,25 @@
			* CDDL HEADER END
			*
			*
			* Portions Copyright 2006 Sun Microsystems, Inc.
			* Portions Copyright 2006-2007 Sun Microsystems, Inc.
			*/
			package org.opends.server.loggers;

			import java.io.BufferedInputStream;
			//import java.io.BufferedInputStream;
			import java.io.File;
			import java.io.FileInputStream;
			import java.io.RandomAccessFile;
			import java.security.MessageDigest;
			import java.security.PrivateKey;
			import java.security.PublicKey;
			import java.security.Signature;
			import java.security.cert.X509Certificate;
			import javax.net.ssl.KeyManager;
			import javax.net.ssl.X509KeyManager;
			//import java.io.FileInputStream;
			//import java.io.RandomAccessFile;
			//import java.security.MessageDigest;
			//import java.security.PrivateKey;
			//import java.security.PublicKey;
			//import java.security.Signature;
			//import java.security.cert.X509Certificate;
			//import javax.net.ssl.KeyManager;
			//import javax.net.ssl.X509KeyManager;

			import org.opends.server.core.DirectoryServer;
			//import org.opends.server.core.DirectoryServer;

			import static org.opends.server.loggers.Debug.*;
			//import static org.opends.server.loggers.Debug.*;

			/**
			* This class implements a post rotation action that signs
			@@ -101,73 +101,80 @@
			*/
			public boolean execute()
			{
			FileInputStream fis = null;
			boolean inputStreamOpen = false;
			try
			{
			KeyManager[] keyMgrs =
			DirectoryServer.getKeyManagerProvider().getKeyManagers();
			if(keyMgrs.length == 0)
			{
			// No keys available.
			// FIXME - Log in error log.
			System.err.println("No private key available to sign with.");
			return false;
			}
			X509KeyManager mgr = (X509KeyManager) keyMgrs[0];
			PrivateKey priv = mgr.getPrivateKey(alias);

			Signature sig = Signature.getInstance(signatureAlgorithm);
			sig.initSign(priv);

			MessageDigest md = MessageDigest.getInstance(digestAlgorithm);
			md.reset();

			fis = new FileInputStream(originalFile);
			inputStreamOpen = true;
			BufferedInputStream bufin = new BufferedInputStream(fis);
			byte[] buffer = new byte[1024];
			int len;
			while (bufin.available() != 0)
			{
			len = bufin.read(buffer);
			md.update(buffer, 0, len);
			}
			bufin.close();

			// Create a hash of the log file contents.
			byte[] hash = md.digest();
			// printBytes(hash);
			sig.update(hash);

			// Sign the hash.
			byte[] realSig = sig.sign();
			// printBytes(realSig);

			// Append the signature to the end of the file.
			RandomAccessFile raf = new RandomAccessFile(originalFile, "rw");
			raf.seek(raf.length());
			raf.write(delimiter.getBytes());
			raf.write("\n".getBytes());
			raf.write(realSig);

			return true;
			} catch(Exception ioe)
			{
			assert debugException(CLASS_NAME, "execute", ioe);
			if(inputStreamOpen)
			{
			try
			{
			fis.close();
			} catch(Exception fe)
			{
			assert debugException(CLASS_NAME, "execute", fe);
			// Cannot do much. Ignore.
			}
			}
			return false;
			}
			// FIXME -- It is currently not possible to sign on rotate because of the
			// way that they key manager providers are defined. However, this function
			// wasn't implemented in an ideal fashion anyway, so the signing capability
			// should remain disabled until the rotation action mechanism is rewritten.
			// The original code has been preserved here for reference purposes.
			return false;
			//
			// FileInputStream fis = null;
			// boolean inputStreamOpen = false;
			// try
			// {
			// KeyManager[] keyMgrs =
			// DirectoryServer.getKeyManagerProvider().getKeyManagers();
			// if(keyMgrs.length == 0)
			// {
			// // No keys available.
			// // FIXME - Log in error log.
			// System.err.println("No private key available to sign with.");
			// return false;
			// }
			// X509KeyManager mgr = (X509KeyManager) keyMgrs[0];
			// PrivateKey priv = mgr.getPrivateKey(alias);
			//
			// Signature sig = Signature.getInstance(signatureAlgorithm);
			// sig.initSign(priv);
			//
			// MessageDigest md = MessageDigest.getInstance(digestAlgorithm);
			// md.reset();
			//
			// fis = new FileInputStream(originalFile);
			// inputStreamOpen = true;
			// BufferedInputStream bufin = new BufferedInputStream(fis);
			// byte[] buffer = new byte[1024];
			// int len;
			// while (bufin.available() != 0)
			// {
			// len = bufin.read(buffer);
			// md.update(buffer, 0, len);
			// }
			// bufin.close();
			//
			// // Create a hash of the log file contents.
			// byte[] hash = md.digest();
			// // printBytes(hash);
			// sig.update(hash);
			//
			// // Sign the hash.
			// byte[] realSig = sig.sign();
			// // printBytes(realSig);
			//
			// // Append the signature to the end of the file.
			// RandomAccessFile raf = new RandomAccessFile(originalFile, "rw");
			// raf.seek(raf.length());
			// raf.write(delimiter.getBytes());
			// raf.write("\n".getBytes());
			// raf.write(realSig);
			//
			// return true;
			// } catch(Exception ioe)
			// {
			// assert debugException(CLASS_NAME, "execute", ioe);
			// if(inputStreamOpen)
			// {
			// try
			// {
			// fis.close();
			// } catch(Exception fe)
			// {
			// assert debugException(CLASS_NAME, "execute", fe);
			// // Cannot do much. Ignore.
			// }
			// }
			// return false;
			// }
			}


			@@ -180,84 +187,90 @@
			*/
			public boolean verify()
			{
			RandomAccessFile inFile = null;
			boolean inputStreamOpen = false;
			try
			{
			KeyManager[] keyMgrs =
			DirectoryServer.getKeyManagerProvider().getKeyManagers();

			if(keyMgrs.length == 0)
			{
			// No keys available.
			// FIXME - Log in error log.
			System.err.println("No public key available to verify signature with.");
			return false;
			}

			X509KeyManager mgr = (X509KeyManager) keyMgrs[0];
			X509Certificate[] certChain = mgr.getCertificateChain(alias);

			if(certChain == null \|\| certChain.length == 0)
			{
			System.err.println("Cannot find the public key for the signature.");
			return false;
			}

			PublicKey pubKey = certChain[0].getPublicKey();

			Signature sig = Signature.getInstance(signatureAlgorithm);
			sig.initVerify(pubKey);

			MessageDigest md = MessageDigest.getInstance(digestAlgorithm);
			md.reset();

			inFile = new RandomAccessFile(originalFile, "r");
			inputStreamOpen = true;
			String line = null;
			while ((line = inFile.readLine()) != null)
			{
			if(line.equals(delimiter))
			{
			break;
			}
			// int len = line.length();
			// md.update(line.getBytes(), 0, len);
			byte[] b = (line + "\n").getBytes();
			md.update(b);
			}

			// Read signature
			byte[] sigToVerify = new byte[128];
			int val = inFile.read(sigToVerify, 0, 128);
			// printBytes(sigToVerify);

			// Create a hash of the log file contents.
			byte[] hash = md.digest();
			// printBytes(hash);
			sig.update(hash);


			// Verify the hash.
			boolean verifies = sig.verify(sigToVerify);

			return verifies;
			} catch(Exception ioe)
			{
			assert debugException(CLASS_NAME, "execute", ioe);
			if(inputStreamOpen)
			{
			try
			{
			inFile.close();
			} catch(Exception fe)
			{
			assert debugException(CLASS_NAME, "execute", fe);
			// Cannot do much. Ignore.
			}
			}
			return false;
			}
			// FIXME -- It is currently not possible to sign on rotate because of the
			// way that they key manager providers are defined. However, this function
			// wasn't implemented in an ideal fashion anyway, so the signing capability
			// should remain disabled until the rotation action mechanism is rewritten.
			// The original code has been preserved here for reference purposes.
			return false;
			// RandomAccessFile inFile = null;
			// boolean inputStreamOpen = false;
			// try
			// {
			// KeyManager[] keyMgrs =
			// DirectoryServer.getKeyManagerProvider().getKeyManagers();
			//
			// if(keyMgrs.length == 0)
			// {
			// // No keys available.
			// // FIXME - Log in error log.
			// System.err.println("No public key available to verify signature.");
			// return false;
			// }
			//
			// X509KeyManager mgr = (X509KeyManager) keyMgrs[0];
			// X509Certificate[] certChain = mgr.getCertificateChain(alias);
			//
			// if(certChain == null \|\| certChain.length == 0)
			// {
			// System.err.println("Cannot find the public key for the signature.");
			// return false;
			// }
			//
			// PublicKey pubKey = certChain[0].getPublicKey();
			//
			// Signature sig = Signature.getInstance(signatureAlgorithm);
			// sig.initVerify(pubKey);
			//
			// MessageDigest md = MessageDigest.getInstance(digestAlgorithm);
			// md.reset();
			//
			// inFile = new RandomAccessFile(originalFile, "r");
			// inputStreamOpen = true;
			// String line = null;
			// while ((line = inFile.readLine()) != null)
			// {
			// if(line.equals(delimiter))
			// {
			// break;
			// }
			// // int len = line.length();
			// // md.update(line.getBytes(), 0, len);
			// byte[] b = (line + "\n").getBytes();
			// md.update(b);
			// }
			//
			// // Read signature
			// byte[] sigToVerify = new byte[128];
			// int val = inFile.read(sigToVerify, 0, 128);
			// // printBytes(sigToVerify);
			//
			// // Create a hash of the log file contents.
			// byte[] hash = md.digest();
			// // printBytes(hash);
			// sig.update(hash);
			//
			//
			// // Verify the hash.
			// boolean verifies = sig.verify(sigToVerify);
			//
			// return verifies;
			// } catch(Exception ioe)
			// {
			// assert debugException(CLASS_NAME, "execute", ioe);
			// if(inputStreamOpen)
			// {
			// try
			// {
			// inFile.close();
			// } catch(Exception fe)
			// {
			// assert debugException(CLASS_NAME, "execute", fe);
			// // Cannot do much. Ignore.
			// }
			// }
			// return false;
			// }
			}