// --- BEGIN COPYRIGHT BLOCK ---
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; version 2 of the License.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// (C) 2007 Red Hat, Inc.
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.logging;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.ByteArrayOutputStream;
import java.io.CharArrayReader;
import java.io.CharArrayWriter;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.FilterOutputStream;
import java.io.IOException;
import java.io.LineNumberReader;
import java.io.PrintStream;
import java.io.PrintWriter;
import java.io.RandomAccessFile;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.RSAPrivateKey;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Hashtable;
import java.util.Locale;
import java.util.Properties;
import java.util.StringTokenizer;
import java.util.Vector;
import javax.servlet.ServletException;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.crypto.CryptoToken;
import org.mozilla.jss.crypto.ObjectNotFoundException;
import org.mozilla.jss.crypto.TokenException;
import org.mozilla.jss.crypto.X509Certificate;
import org.mozilla.jss.util.Base64OutputStream;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.base.IExtendedPluginInfo;
import com.netscape.certsrv.base.ISubsystem;
import com.netscape.certsrv.common.Constants;
import com.netscape.certsrv.common.NameValuePairs;
import com.netscape.certsrv.logging.AuditEvent;
import com.netscape.certsrv.logging.ConsoleError;
import com.netscape.certsrv.logging.ELogException;
import com.netscape.certsrv.logging.ILogEvent;
import com.netscape.certsrv.logging.ILogEventListener;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.logging.SignedAuditEvent;
import com.netscape.certsrv.logging.SystemEvent;
import com.netscape.cmsutil.util.Utils;
/**
* A log event listener which write logs to log files
*
* @version $Revision$, $Date$
**/
public class LogFile implements ILogEventListener, IExtendedPluginInfo {
public static final String PROP_TYPE = "type";
public static final String PROP_REGISTER = "register";
public static final String PROP_ON = "enable";
public static final String PROP_TRACE = "trace";
public static final String PROP_SIGNED_AUDIT_LOG_SIGNING = "logSigning";
public static final String PROP_SIGNED_AUDIT_CERT_NICKNAME = "signedAuditCertNickname";
public static final String PROP_SIGNED_AUDIT_EVENTS = "events";
public static final String PROP_LEVEL = "level";
static final String PROP_FILE_NAME = "fileName";
static final String PROP_LAST_HASH_FILE_NAME = "lastHashFileName";
static final String PROP_BUFFER_SIZE = "bufferSize";
static final String PROP_FLUSH_INTERVAL = "flushInterval";
private final static String LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP = "LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP_2";
private final static String LOGGING_SIGNED_AUDIT_SIGNING = "LOGGING_SIGNED_AUDIT_SIGNING_3";
private final static String LOGGING_SIGNED_AUDIT_AUDIT_LOG_SHUTDOWN = "LOGGING_SIGNED_AUDIT_AUDIT_LOG_SHUTDOWN_2";
private final static String LOG_SIGNED_AUDIT_EXCEPTION = "LOG_SIGNED_AUDIT_EXCEPTION_1";
protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
protected IConfigStore mConfig = null;
/**
* The date string used in the log file name
*/
static final String DATE_PATTERN = "yyyyMMddHHmmss";
// It may be interesting to make this flexable someday....
protected SimpleDateFormat mLogFileDateFormat = new SimpleDateFormat(
DATE_PATTERN);
/**
* The default output stream buffer size in bytes
*/
static final int BUFFER_SIZE = 512;
/**
* The default output flush interval in seconds
*/
static final int FLUSH_INTERVAL = 5;
/**
* The log file
*/
protected File mFile = null;
/**
* The log file name
*/
protected String mFileName = null;
/**
* The log file output stream
*/
protected BufferedWriter mLogWriter = null;
/**
* The log date entry format pattern
*/
protected String mDatePattern = "dd/MMM/yyyy:HH:mm:ss z";
/**
* The log date entry format
*/
protected SimpleDateFormat mLogDateFormat = new SimpleDateFormat(
mDatePattern);
/**
* The date object used for log entries
*/
protected Date mDate = new Date();
/**
* The number of bytes written to the current log file
*/
protected int mBytesWritten = 0;
/**
* The output buffer size in bytes
*/
protected int mBufferSize = BUFFER_SIZE;
/**
* The output buffer flush interval
*/
protected int mFlushInterval = FLUSH_INTERVAL;
/**
* The number of unflushed bytes
*/
protected int mBytesUnflushed = 0;
/**
* The output buffer flush interval thread
*/
private Thread mFlushThread = null;
/**
* The current pid for the log entries
*/
protected int mPid = CMS.getpid();
/**
* The selected log event types
*/
protected String mSelectedEventsList = null;
protected Vector mSelectedEvents = null;
/**
* The eventType that this log is triggered
*/
protected String mType = null;
/**
* The log is turned on/off
*/
protected boolean mOn = false;
/**
* Should this log listener self-register or not
*/
protected boolean mRegister = false;
protected boolean mTrace = false;
/**
* Log signing is on/off
*/
protected boolean mLogSigning = false;
/**
* Nickname of certificate to use to sign log.
*/
private String mSAuditCertNickName = "";
/**
* The provider used by the KeyGenerator and Mac
*/
static final String CRYPTO_PROVIDER = "Mozilla-JSS";
/**
* The log level threshold Only logs with level greater or equal than this
* value will be written
*/
protected long mLevel = 1;
/**
* Constructor for a LogFile.
*
*/
public LogFile() {
}
public void init(ISubsystem owner, IConfigStore config)
throws EBaseException {
mConfig = config;
try {
mOn = config.getBoolean(PROP_ON, true);
} catch (EBaseException e) {
throw new ELogException(CMS.getUserMessage(
"CMS_BASE_GET_PROPERTY_FAILED", config.getName() + "."
+ PROP_ON));
}
try {
mLogSigning = config.getBoolean(PROP_SIGNED_AUDIT_LOG_SIGNING,
false);
} catch (EBaseException e) {
throw new ELogException(CMS.getUserMessage(
"CMS_BASE_GET_PROPERTY_FAILED", config.getName() + "."
+ PROP_SIGNED_AUDIT_LOG_SIGNING));
}
if (mOn && mLogSigning) {
try {
mSAuditCertNickName = config
.getString(PROP_SIGNED_AUDIT_CERT_NICKNAME);
CMS.debug("LogFile: init(): audit log signing enabled. signedAuditCertNickname="
+ mSAuditCertNickName);
} catch (EBaseException e) {
throw new ELogException(CMS.getUserMessage(
"CMS_BASE_GET_PROPERTY_FAILED", config.getName() + "."
+ PROP_SIGNED_AUDIT_CERT_NICKNAME));
}
if (mSAuditCertNickName == null
|| mSAuditCertNickName.trim().equals("")) {
throw new ELogException(CMS.getUserMessage(
"CMS_BASE_GET_PROPERTY_FAILED", config.getName() + "."
+ PROP_SIGNED_AUDIT_CERT_NICKNAME));
}
}
// selective logging
mSelectedEventsList = null;
try {
mSelectedEventsList = config.getString(PROP_SIGNED_AUDIT_EVENTS);
} catch (EBaseException e) {
// when not specified, ALL are selected by default
}
mSelectedEvents = string2Vector(mSelectedEventsList);
try {
init(config);
} catch (IOException e) {
throw new ELogException(CMS.getUserMessage(
"CMS_LOG_UNEXPECTED_EXCEPTION", e.toString()));
}
}
/**
* turns a comma-separated String into a Vector
*/
protected Vector string2Vector(String theString) {
Vector theVector = new Vector();
if (theString == null) {
return theVector;
}
StringTokenizer tokens = new StringTokenizer(theString, ",");
while (tokens.hasMoreTokens()) {
String eventId = tokens.nextToken().trim();
theVector.addElement(eventId);
CMS.debug("LogFile: log event type selected: " + eventId);
}
return theVector;
}
/**
* add the event to the selected events list
*
* @param event to be selected
*/
public void selectEvent(String event) {
if (!mSelectedEvents.contains(event))
mSelectedEvents.addElement(event);
}
/**
* remove the event from the selected events list
*
* @param event to be de-selected
*/
public void deselectEvent(String event) {
if (mSelectedEvents.contains(event))
mSelectedEvents.removeElement(event);
}
/**
* replace the selected events list
*
* @param events comma-separated event list
*/
public void replaceEvents(String events) {
Vector v = string2Vector(events);
mSelectedEvents.removeAllElements();
mSelectedEvents = v;
}
public static String base64Encode(byte[] bytes) throws IOException {
// All this streaming is lame, but Base64OutputStream needs a
// PrintStream
ByteArrayOutputStream output = new ByteArrayOutputStream();
Base64OutputStream b64 = new Base64OutputStream(new PrintStream(
new FilterOutputStream(output)));
b64.write(bytes);
b64.flush();
// This is internationally safe because Base64 chars are
// contained within 8859_1
return output.toString("8859_1");
}
private static boolean mInSignedAuditLogFailureMode = false;
private static synchronized void shutdownCMS() {
if (mInSignedAuditLogFailureMode == false) {
// Set signed audit log failure mode true
// No, this isn't a race condition, because the method is
// synchronized. We just want to avoid an infinite loop.
mInSignedAuditLogFailureMode = true;
// Block all new incoming requests
if (CMS.areRequestsDisabled() == false) {
// XXX is this a race condition?
CMS.disableRequests();
}
// Terminate all requests in process
CMS.terminateRequests();
// Call graceful shutdown of the CMS server
// Call force shutdown to get added functionality of
// making sure to kill the web server.
CMS.forceShutdown();
}
}
/**
* Initialize and open the log using the parameters from a config store
*
* @param config The property config store to find values in
*/
public void init(IConfigStore config) throws IOException, EBaseException {
String fileName = null;
String defaultFileName = null;
String signedAuditDefaultFileName = "";
mConfig = config;
try {
mTrace = config.getBoolean(PROP_TRACE, false);
} catch (EBaseException e) {
throw new ELogException(CMS.getUserMessage(
"CMS_BASE_GET_PROPERTY_FAILED", config.getName() + "."
+ PROP_TRACE));
}
try {
mType = config.getString(PROP_TYPE, "system");
} catch (EBaseException e) {
throw new ELogException(CMS.getUserMessage(
"CMS_BASE_GET_PROPERTY_FAILED", config.getName() + "."
+ PROP_TYPE));
}
try {
mRegister = config.getBoolean(PROP_REGISTER, true);
} catch (EBaseException e) {
throw new ELogException(CMS.getUserMessage(
"CMS_BASE_GET_PROPERTY_FAILED", config.getName() + "."
+ PROP_REGISTER));
}
if (mOn) {
if (mRegister) {
CMS.getLogger().getLogQueue().addLogEventListener(this);
}
} else {
// shutdown the listener, remove the listener
if (mRegister) {
CMS.getLogger().getLogQueue().removeLogEventListener(this);
shutdown();
}
}
try {
mLevel = config.getInteger(PROP_LEVEL, 3);
} catch (EBaseException e) {
e.printStackTrace();
throw new ELogException(CMS.getUserMessage(
"CMS_BASE_GET_PROPERTY_FAILED", config.getName() + "."
+ PROP_LEVEL));
}
try {
// retrieve the subsystem
String subsystem = "";
ISubsystem caSubsystem = CMS.getSubsystem("ca");
if (caSubsystem != null) {
subsystem = "ca";
}
ISubsystem raSubsystem = CMS.getSubsystem("ra");
if (raSubsystem != null) {
subsystem = "ra";
}
ISubsystem kraSubsystem = CMS.getSubsystem("kra");
if (kraSubsystem != null) {
subsystem = "kra";
}
ISubsystem ocspSubsystem = CMS.getSubsystem("ocsp");
if (ocspSubsystem != null) {
subsystem = "ocsp";
}
// retrieve the instance name
String instIDPath = CMS.getInstanceDir();
int index = instIDPath.lastIndexOf("/");
String instID = instIDPath.substring(index + 1);
// build the default signedAudit file name
signedAuditDefaultFileName = subsystem + "_" + instID + "_"
+ "audit";
} catch (Exception e2) {
throw new ELogException(CMS.getUserMessage(
"CMS_BASE_GET_PROPERTY_FAILED", config.getName() + "."
+ PROP_FILE_NAME));
}
// the default value is determined by the eventType.
if (mType.equals(ILogger.PROP_SIGNED_AUDIT)) {
defaultFileName = "logs/signedAudit/" + signedAuditDefaultFileName;
} else if (mType.equals(ILogger.PROP_SYSTEM)) {
defaultFileName = "logs/system";
} else if (mType.equals(ILogger.PROP_AUDIT)) {
defaultFileName = "logs/transactions";
} else {
// wont get here
throw new ELogException(CMS.getUserMessage(
"CMS_LOG_INVALID_LOG_TYPE", config.getName()));
}
try {
fileName = config.getString(PROP_FILE_NAME, defaultFileName);
} catch (EBaseException e) {
throw new ELogException(CMS.getUserMessage(
"CMS_BASE_GET_PROPERTY_FAILED", config.getName() + "."
+ PROP_FILE_NAME));
}
if (mOn) {
init(fileName, config.getInteger(PROP_BUFFER_SIZE, BUFFER_SIZE),
config.getInteger(PROP_FLUSH_INTERVAL, FLUSH_INTERVAL));
}
}
/**
* Initialize and open the log
*
* @param bufferSize The buffer size for the output stream in bytes
* @param flushInterval The interval in seconds to flush the log
*/
public void init(String fileName, int bufferSize, int flushInterval)
throws IOException, ELogException {
if (fileName == null)
throw new ELogException(CMS.getUserMessage(
"CMS_LOG_INVALID_FILE_NAME", "null"));
// If we want to reuse the old log files
// mFileName = fileName + "." + mLogFileDateFormat.format(mDate);
mFileName = fileName;
if (!Utils.isNT()) {
// Always insure that a physical file exists!
Utils.exec("touch " + mFileName);
Utils.exec("chmod 00640 " + mFileName);
}
mFile = new File(mFileName);
mBufferSize = bufferSize;
setFlushInterval(flushInterval);
open();
}
private PrivateKey mSigningKey = null;
private Signature mSignature = null;
private void setupSigning() throws EBaseException {
try {
Provider[] providers = java.security.Security.getProviders();
int ps = providers.length;
for (int i = 0; i < ps; i++) {
CMS.debug("LogFile: provider " + i + "= "
+ providers[i].getName());
}
CryptoManager cm = CryptoManager.getInstance();
// find CertServer's private key
X509Certificate cert = cm.findCertByNickname(mSAuditCertNickName);
if (cert != null) {
CMS.debug("LogFile: setupSignig(): found cert:"
+ mSAuditCertNickName);
} else {
CMS.debug("LogFile: setupSignig(): cert not found:"
+ mSAuditCertNickName);
}
mSigningKey = cm.findPrivKeyByCert(cert);
String sigAlgorithm;
if (mSigningKey instanceof RSAPrivateKey) {
sigAlgorithm = "SHA-256/RSA";
} else if (mSigningKey instanceof DSAPrivateKey) {
sigAlgorithm = "SHA-256/DSA";
} else {
throw new NoSuchAlgorithmException("Unknown private key type");
}
CryptoToken savedToken = cm.getThreadToken();
try {
CryptoToken keyToken = ((org.mozilla.jss.pkcs11.PK11PrivKey) mSigningKey)
.getOwningToken();
cm.setThreadToken(keyToken);
mSignature = java.security.Signature.getInstance(sigAlgorithm,
CRYPTO_PROVIDER);
} finally {
cm.setThreadToken(savedToken);
}
mSignature.initSign(mSigningKey);
// get the last signature from the currently-opened file
String entry = getLastSignature(mFile);
if (entry != null) {
mSignature.update(entry.getBytes("UTF-8"));
mSignature.update(LINE_SEP_BYTE);
}
// Always start off with a signature. That way, even if there
// were problems with the log file we inherited, we will
// get a fresh start with this instance.
pushSignature();
} catch (CryptoManager.NotInitializedException nie) {
setupSigningFailure("BASE_CRYPTOMANAGER_UNINITIALIZED", nie);
} catch (ObjectNotFoundException onfe) {
setupSigningFailure("LOG_SIGNING_CERT_NOT_FOUND", onfe);
} catch (TokenException te) {
setupSigningFailure("BASE_TOKEN_ERROR_0", te);
} catch (NoSuchAlgorithmException nsae) {
setupSigningFailure("LOG_NO_SUCH_ALGORITHM_0", nsae);
} catch (NoSuchProviderException nspe) {
setupSigningFailure("BASE_PROVIDER_NOT_SUPPORTED", nspe);
} catch (InvalidKeyException ike) {
setupSigningFailure("BASE_INVALID_KEY", ike);
} catch (SignatureException se) {
setupSigningFailure("LOG_SIGNING_OP_FAILED", se);
} catch (UnsupportedEncodingException uee) {
setupSigningFailure("LOG_UNEXPECTED_EXCEPTION", uee);
} catch (IOException ioe) {
setupSigningFailure("LOG_UNEXPECTED_EXCEPTION", ioe);
} catch (Exception e) {
setupSigningFailure("LOG_UNEXPECTED_EXCEPTION", e);
}
}
private static void setupSigningFailure(String logMessageCode, Exception e)
throws EBaseException {
try {
ConsoleError
.send(new SystemEvent(CMS.getLogMessage(logMessageCode)));
} catch (Exception e2) {
// don't allow an exception while printing to the console
// prevent us from running the rest of this function.
e2.printStackTrace();
}
e.printStackTrace();
shutdownCMS();
throw new EBaseException(e.toString());
}
/**
* Startup the instance
*
*
*
* - signed.audit LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP used at audit
* function startup
*
*
* @exception EBaseException if an internal error occurred
*/
public void startup() throws EBaseException {
// ensure that any low-level exceptions are reported
// to the signed audit log and stored as failures
CMS.debug("LogFile: entering LogFile.startup()");
if (mOn && mLogSigning) {
try {
setupSigning();
audit(CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP,
ILogger.SYSTEM_UID, ILogger.SUCCESS));
} catch (EBaseException e) {
audit(CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP,
ILogger.SYSTEM_UID, ILogger.FAILURE));
throw e;
}
}
}
/**
* Retrieves the eventType this log is triggered.
*/
public String getType() {
return mType;
}
/**
* Retrieves the log on/off.
*/
public String getOn() {
return String.valueOf(mOn);
}
/**
* Retrieves the log level threshold.
*/
public long getLevel() {
return mLevel;
}
/**
* Retrieves the base log file name.
*/
public String getName() {
return mFileName;
}
private boolean firstOpen = true;
/**
* Record that the signed audit log has been signed
*
*
*
* - signed.audit LOGGING_SIGNED_AUDIT_SIGNING used when a signature on
* the audit log is generated (same as "flush" time)
*
*
* @exception IOException for input/output problems
* @exception ELogException when plugin implementation fails
* @exception SignatureException when signing fails
* @exception InvalidKeyException when an invalid key is utilized
*/
private void pushSignature() throws IOException, ELogException,
SignatureException, InvalidKeyException {
byte[] sigBytes = null;
if (mSignature == null) {
return;
}
sigBytes = mSignature.sign();
mSignature.initSign(mSigningKey);
Object o[] = new Object[1];
o[0] = null;
// cook up a signed audit log message to record mac
// so as to avoid infinite recursiveness of calling
// the log() method
String auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_SIGNING,
ILogger.SYSTEM_UID, ILogger.SUCCESS, base64Encode(sigBytes));
if (mSignedAuditLogger == null) {
return;
}
ILogEvent ev = mSignedAuditLogger.create(ILogger.EV_SIGNED_AUDIT,
(Properties) null, ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY,
auditMessage, o, ILogger.L_SINGLELINE);
String logMesg = logEvt2String(ev);
doLog(logMesg, true);
}
private static String getLastSignature(File f) throws IOException {
BufferedReader r = new BufferedReader(new FileReader(f));
String lastSig = null;
String curLine = null;
while ((curLine = r.readLine()) != null) {
if (curLine.indexOf("AUDIT_LOG_SIGNING") != -1) {
lastSig = curLine;
}
}
r.close();
return lastSig;
}
/**
* Open the log file. This creates the buffered FileWriter
*
*/
protected synchronized void open() throws IOException {
RandomAccessFile out;
try {
out = new RandomAccessFile(mFile, "rw");
out.seek(out.length());
// XXX int or long?
mBytesWritten = (int) out.length();
if (!Utils.isNT()) {
try {
Utils.exec("chmod 00640 " + mFile.getCanonicalPath());
} catch (IOException e) {
CMS.debug("Unable to change file permissions on "
+ mFile.toString());
}
}
mLogWriter = new BufferedWriter(new FileWriter(out.getFD()),
mBufferSize);
// The first time we open, mSignature will not have been
// initialized yet. That's ok, we will push our first signature
// in setupSigning().
if (mLogSigning && (mSignature != null)) {
try {
pushSignature();
} catch (ELogException le) {
ConsoleError.send(new SystemEvent(CMS.getUserMessage(
"CMS_LOG_ILLEGALARGUMENT", mFileName)));
}
}
} catch (IllegalArgumentException iae) {
ConsoleError.send(new SystemEvent(CMS.getUserMessage(
"CMS_LOG_ILLEGALARGUMENT", mFileName)));
} catch (GeneralSecurityException gse) {
// error with signed audit log, shutdown CMS
gse.printStackTrace();
shutdownCMS();
}
mBytesUnflushed = 0;
}
/**
* Flush the log file. Also update the MAC for hash protected logs
*
*/
public synchronized void flush() {
try {
if (mLogSigning) {
try {
pushSignature();
} catch (ELogException le) {
ConsoleError.send(new SystemEvent(CMS.getUserMessage(
"CMS_LOG_FLUSH_LOG_FAILED", mFileName,
le.toString())));
}
}
if (mLogWriter != null) {
mLogWriter.flush();
}
} catch (IOException e) {
ConsoleError.send(new SystemEvent(CMS.getUserMessage(
"CMS_LOG_FLUSH_LOG_FAILED", mFileName, e.toString())));
if (mLogSigning) {
// error in writing to signed audit log, shut down CMS
e.printStackTrace();
shutdownCMS();
}
} catch (GeneralSecurityException gse) {
// error with signed audit log, shutdown CMS
gse.printStackTrace();
shutdownCMS();
}
mBytesUnflushed = 0;
}
/**
* Close the log file
*
*/
protected synchronized void close() {
try {
flush();
if (mLogWriter != null) {
mLogWriter.close();
}
} catch (IOException e) {
ConsoleError.send(new SystemEvent(CMS.getUserMessage(
"CMS_LOG_CLOSE_FAILED", mFileName, e.toString())));
}
mLogWriter = null;
}
/**
* Shutdown this log file.
*
*
*
* - signed.audit LOGGING_SIGNED_AUDIT_AUDIT_LOG_SHUTDOWN used at audit
* function shutdown
*
*/
public synchronized void shutdown() {
String auditMessage = null;
CMS.debug("LogFile:In log shutdown");
setFlushInterval(0);
// log signed audit shutdown success
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_AUDIT_LOG_SHUTDOWN, ILogger.SYSTEM_UID,
ILogger.SUCCESS);
audit(auditMessage);
close();
}
/**
* Set the flush interval
*
*
* @param flushInterval The amount of time in seconds until the log is
* flush. A value of 0 will disable autoflush. This will also set
* the update period for hash protected logs.
**/
public synchronized void setFlushInterval(int flushInterval) {
mFlushInterval = flushInterval * 1000;
if ((mFlushThread == null) && (mFlushInterval > 0)) {
mFlushThread = new FlushThread();
mFlushThread.setDaemon(true);
mFlushThread.start();
}
this.notify();
}
/**
* Log flush thread. Sleep for the flush interval and flush the log.
* Changing flush interval to 0 will cause this thread to exit.
*/
final class FlushThread extends Thread {
/**
* Flush thread constructor including thread name
*/
public FlushThread() {
super();
super.setName(mFileName + ".flush-" + (Thread.activeCount() + 1));
}
public void run() {
while (mFlushInterval > 0) {
// Sleep for the interval and then flush the log
synchronized (LogFile.this) {
try {
LogFile.this.wait(mFlushInterval);
} catch (InterruptedException e) {
// This shouldn't happen very often
ConsoleError.send(new SystemEvent(CMS.getUserMessage(
"CMS_LOG_THREAD_INTERRUPT", "flush")));
}
}
if (mFlushInterval == 0) {
break;
}
if (mBytesUnflushed > 0) {
flush();
}
}
mFlushThread = null;
}
}
/**
* Synchronized method to write a string to the log file. All I18N should
* take place before this call.
*
* @param entry The log entry string
*/
protected synchronized void log(String entry) throws ELogException {
doLog(entry, false);
}
// Standard line separator byte. We always sign this line separator,
// regardless of what we actually write to the file, so that signature
// verification is platform-independent.
private static final byte LINE_SEP_BYTE = 0x0a;
/**
* This method actually does the logging, and is not overridden by
* subclasses, so you can call it and know that it will do exactly what you
* see below.
*/
private synchronized void doLog(String entry, boolean noFlush)
throws ELogException {
if (mLogWriter == null) {
String[] params = { mFileName, entry };
throw new ELogException(CMS.getUserMessage(
"CMS_LOG_LOGFILE_CLOSED", params));
} else {
try {
mLogWriter.write(entry, 0/* offset */, entry.length());
if (mLogSigning == true) {
if (mSignature != null) {
// include newline for calculating MAC
mSignature.update(entry.getBytes("UTF-8"));
} else {
CMS.debug("LogFile: mSignature is not yet ready... null in log()");
}
}
if (mTrace) {
CharArrayWriter cw = new CharArrayWriter(200);
PrintWriter pw = new PrintWriter(cw);
Exception e = new Exception();
e.printStackTrace(pw);
char[] c = cw.toCharArray();
cw.close();
pw.close();
CharArrayReader cr = new CharArrayReader(c);
LineNumberReader lr = new LineNumberReader(cr);
String text = null;
String method = null;
String fileAndLine = null;
if (lr.ready()) {
text = lr.readLine();
do {
text = lr.readLine();
} while (text.indexOf("logging") != -1);
int p = text.indexOf("(");
fileAndLine = text.substring(p);
String classandmethod = text.substring(0, p);
int q = classandmethod.lastIndexOf(".");
method = classandmethod.substring(q + 1);
mLogWriter.write(fileAndLine, 0/* offset */,
fileAndLine.length());
mLogWriter.write(" ", 0/* offset */, " ".length());
mLogWriter
.write(method, 0/* offset */, method.length());
}
}
mLogWriter.newLine();
if (mLogSigning == true) {
if (mSignature != null) {
mSignature.update(LINE_SEP_BYTE);
} else {
CMS.debug("LogFile: mSignature is null in log() 2");
}
}
} catch (IOException e) {
ConsoleError
.send(new SystemEvent(CMS.getUserMessage(
"CMS_LOG_WRITE_FAILED", mFileName, entry,
e.toString())));
if (mLogSigning) {
// Failed to write to audit log, shut down CMS
e.printStackTrace();
shutdownCMS();
}
} catch (IllegalStateException e) {
CMS.debug("LogFile: exception thrown in log(): " + e.toString());
ConsoleError.send(new SignedAuditEvent(CMS.getLogMessage(
LOG_SIGNED_AUDIT_EXCEPTION, e.toString())));
} catch (GeneralSecurityException gse) {
// DJN: handle error
CMS.debug("LogFile: exception thrown in log(): "
+ gse.toString());
gse.printStackTrace();
ConsoleError.send(new SignedAuditEvent(CMS.getLogMessage(
LOG_SIGNED_AUDIT_EXCEPTION, gse.toString())));
}
// XXX
// Although length will be in Unicode dual-bytes, the PrintWriter
// will only print out 1 byte per character. I suppose this could
// be dependent on the encoding of your log file, but it ain't that
// smart yet. Also, add one for the newline. (hmm, on NT, CR+LF)
int nBytes = entry.length() + 1;
mBytesWritten += nBytes;
mBytesUnflushed += nBytes;
if (mBufferSize > 0 && mBytesUnflushed > mBufferSize && !noFlush) {
flush();
}
}
}
/**
* Write an event to the log file
*
* @param ev The event to be logged.
*/
public void log(ILogEvent ev) throws ELogException {
if (ev instanceof AuditEvent) {
if (!mType.equals("transaction") || (!mOn)
|| mLevel > ev.getLevel()) {
return;
}
} else if (ev instanceof SystemEvent) {
if (!mType.equals("system") || (!mOn) || mLevel > ev.getLevel()) {
return;
}
} else if (ev instanceof SignedAuditEvent) {
if (!mType.equals("signedAudit") || (!mOn)
|| mLevel > ev.getLevel()) {
return;
}
}
// Is the event type selected?
// If no selection specified in configuration, then all are selected
// If no type specified in propertity file, then treated as selected
if (mSelectedEvents.size() > 0) {
String type = ev.getEventType();
if (type != null) {
if (!mSelectedEvents.contains(type)) {
CMS.debug("LogFile: event type not selected: " + type);
return;
}
}
}
String entry = logEvt2String(ev);
log(entry);
}
public String logEvt2String(ILogEvent ev) {
String entry = null;
// Hmm.. multiple threads could hit this and reset the time.
// Do we care?
mDate.setTime(ev.getTimeStamp());
// XXX
// This should follow the Common Log Format which still needs
// some work.
if (ev.getMultiline() == ILogger.L_MULTILINE) {
entry = mPid + "." + Thread.currentThread().getName() + " - ["
+ mLogDateFormat.format(mDate) + "] ["
+ Integer.toString(ev.getSource()) + "] ["
+ Integer.toString(ev.getLevel()) + "] "
+ prepareMultiline(ev.toString());
} else {
entry = mPid + "." + Thread.currentThread().getName() + " - ["
+ mLogDateFormat.format(mDate) + "] ["
+ Integer.toString(ev.getSource()) + "] ["
+ Integer.toString(ev.getLevel()) + "] " + ev.toString();
}
return entry;
}
/**
* change multi-line log entry by replace "\n" with "\n "
*
* @param original The original multi-line log entry.
*/
private String prepareMultiline(String original) {
int i, last = 0;
// NT: \r\n, unix: \n
while ((i = original.indexOf("\n", last)) != -1) {
last = i + 1;
original = original.substring(0, i + 1) + " "
+ original.substring(i + 1);
}
return original;
}
/**
* Read all entries whose logLevel>=lowLevel && log source = source to at
* most maxLine entries(from end) If the parameter is -1, it's ignored and
* return all entries
*
* @param maxLine The maximum lines to be returned
* @param lowLevel The lowest log level to be returned
* @param source The particular log source to be returned
* @param fName The log file name to be read. If it's null, read the current
* log file
*/
public Vector readEntry(int maxLine, int lowLevel, int source, String fName) {
Vector mEntries = new Vector();
String fileName = mFileName;
BufferedReader fBuffer;
int lineNo = 0; // lineNo of the current entry in the log file
int line = 0; // line of readed valid entries
String firstLine = null; // line buffer
String nextLine = null;
String entry = null;
LogEntry logEntry = null;
/*
* this variable is added to accormodate misplaced multiline entries
* write out buffered log entry when next entry is parsed successfully
* this implementation is assuming parsing is more time consuming than
* condition check
*/
LogEntry preLogEntry = null;
if (fName != null) {
fileName = fName;
}
try {
// XXX think about this
fBuffer = new BufferedReader(new FileReader(fileName));
do {
try {
nextLine = fBuffer.readLine();
if (nextLine != null) {
if ((nextLine.length() == 0)
|| (nextLine.charAt(0) == ' ')) {
// It's a continuous line
entry = null;
if (nextLine.length() > 1)
firstLine = firstLine + "\n"
+ nextLine.substring(1);
else
firstLine = firstLine + "\n";
} else {
// It's a new entry
entry = firstLine;
firstLine = nextLine;
}
// parse the previous entry, the current one is buffered
if (entry != null) {
try {
logEntry = new LogEntry(entry);
// if parse succeed, write out previous entry
if (preLogEntry != null) {
if ((Integer.parseInt(preLogEntry
.getLevel()) >= lowLevel)
&& ((Integer.parseInt(preLogEntry
.getSource()) == source) || (source == ILogger.S_ALL))) {
mEntries.addElement(preLogEntry);
if (maxLine == -1) {
line++;
} else if (line < maxLine) {
line++;
} else {
mEntries.removeElementAt(0);
}
}
}
preLogEntry = logEntry;
} catch (ParseException e) {
if (preLogEntry != null) {
preLogEntry.appendDetail(entry);
} else {
firstLine = firstLine + "\n" + nextLine;
}
entry = null;
logEntry = null;
}
}
}
lineNo++;
} catch (IOException e) {
CMS.getLogger().log(
ILogger.EV_SYSTEM,
ILogger.S_OTHER,
ILogger.LL_FAILURE,
CMS.getLogMessage("LOGGING_READ_ERROR", fileName,
Integer.toString(lineNo)));
}
} while (nextLine != null);
// need to process the last 2 entries of the file
if (firstLine != null) {
if (logEntry != null) {
preLogEntry = logEntry;
}
entry = firstLine;
try {
logEntry = new LogEntry(entry);
/*
* System.out.println(
* Integer.toString(Integer.parseInt(logEntry.getLevel()))
* +","+Integer.toString(lowLevel)+","+
* Integer.toString(Integer.parseInt(logEntry.getSource()))
* +","+Integer.toString(source) );
*/
if (preLogEntry != null) {
if ((Integer.parseInt(preLogEntry.getLevel()) >= lowLevel)
&& ((Integer.parseInt(preLogEntry.getSource()) == source) || (source == ILogger.S_ALL))) {
mEntries.addElement(preLogEntry);
if (maxLine == -1) {
line++;
} else if (line < maxLine) {
line++;
} else {
mEntries.removeElementAt(0);
}
}
}
preLogEntry = logEntry;
} catch (ParseException e) {
preLogEntry.appendDetail(entry);
}
if (preLogEntry != null) {
if ((Integer.parseInt(preLogEntry.getLevel()) >= lowLevel)
&& ((Integer.parseInt(preLogEntry.getSource()) == source) || (source == ILogger.S_ALL))) {
// parse the entry, pass to UI
mEntries.addElement(preLogEntry);
if (maxLine == -1) {
line++;
} else if (line < maxLine) {
line++;
} else {
mEntries.removeElementAt(0);
}
}
}
}// end: last entry
try {
fBuffer.close();
} catch (IOException e) {
CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
ILogger.LL_FAILURE,
"logging:" + fileName + " failed to close for reading");
}
} catch (FileNotFoundException e) {
CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
ILogger.LL_FAILURE,
CMS.getLogMessage("LOGGING_FILE_NOT_FOUND", fileName));
}
return mEntries;
}
/**
* Retrieves the configuration store of this subsystem.
*
*
* @return configuration store
*/
public IConfigStore getConfigStore() {
return mConfig;
}
/**
* Retrieve last "maxLine" number of system log with log lever >"level" and
* from source "source". If the parameter is omitted. All entries are sent
* back.
*/
public synchronized NameValuePairs retrieveLogContent(Hashtable req)
throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
String tmp, fName = null;
int maxLine = -1, level = -1, source = -1;
Vector entries = null;
if ((tmp = (String) req.get(Constants.PR_LOG_ENTRY)) != null) {
maxLine = Integer.parseInt(tmp);
}
if ((tmp = (String) req.get(Constants.PR_LOG_LEVEL)) != null) {
level = Integer.parseInt(tmp);
}
if ((tmp = (String) req.get(Constants.PR_LOG_SOURCE)) != null) {
source = Integer.parseInt(tmp);
}
tmp = (String) req.get(Constants.PR_LOG_NAME);
if (!(tmp.equals(Constants.PR_CURRENT_LOG))) {
fName = tmp;
} else {
flush();
}
try {
entries = readEntry(maxLine, level, source, fName);
for (int i = 0; i < entries.size(); i++) {
params.add(
Integer.toString(i)
+ ((LogEntry) entries.elementAt(i)).getEntry(),
"");
}
} catch (Exception e) {
CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
ILogger.LL_WARN, "System log parse error");
}
return params;
}
/**
* Retrieve log file list.
*/
public synchronized NameValuePairs retrieveLogList(Hashtable req)
throws ServletException, IOException, EBaseException {
return null;
}
public String getImplName() {
return "LogFile";
}
public String getDescription() {
return "LogFile";
}
public Vector getDefaultParams() {
Vector v = new Vector();
v.addElement(PROP_TYPE + "=");
v.addElement(PROP_ON + "=");
v.addElement(PROP_LEVEL + "=");
v.addElement(PROP_FILE_NAME + "=");
v.addElement(PROP_BUFFER_SIZE + "=");
v.addElement(PROP_FLUSH_INTERVAL + "=");
// needs to find a way to determine what type you want. if this
// is not for the signed audit type, then we should not show the
// following parameters.
// if( mType.equals( ILogger.PROP_SIGNED_AUDIT ) ) {
v.addElement(PROP_SIGNED_AUDIT_LOG_SIGNING + "=");
v.addElement(PROP_SIGNED_AUDIT_CERT_NICKNAME + "=");
v.addElement(PROP_SIGNED_AUDIT_EVENTS + "=");
// }
return v;
}
public Vector getInstanceParams() {
Vector v = new Vector();
try {
if (mType == null) {
v.addElement(PROP_TYPE + "=");
} else {
v.addElement(PROP_TYPE + "=" + mConfig.getString(PROP_TYPE));
}
v.addElement(PROP_ON + "=" + String.valueOf(mOn));
if (mLevel == 0)
v.addElement(PROP_LEVEL + "=" + ILogger.LL_DEBUG_STRING);
else if (mLevel == 1)
v.addElement(PROP_LEVEL + "=" + ILogger.LL_INFO_STRING);
else if (mLevel == 2)
v.addElement(PROP_LEVEL + "=" + ILogger.LL_WARN_STRING);
else if (mLevel == 3)
v.addElement(PROP_LEVEL + "=" + ILogger.LL_FAILURE_STRING);
else if (mLevel == 4)
v.addElement(PROP_LEVEL + "=" + ILogger.LL_MISCONF_STRING);
else if (mLevel == 5)
v.addElement(PROP_LEVEL + "=" + ILogger.LL_CATASTRPHE_STRING);
else if (mLevel == 6)
v.addElement(PROP_LEVEL + "=" + ILogger.LL_SECURITY_STRING);
if (mFileName == null) {
v.addElement(PROP_FILE_NAME + "=");
} else {
v.addElement(PROP_FILE_NAME + "=" + mFileName);
}
v.addElement(PROP_BUFFER_SIZE + "=" + mBufferSize);
v.addElement(PROP_FLUSH_INTERVAL + "=" + mFlushInterval / 1000);
if ((mType != null) && mType.equals(ILogger.PROP_SIGNED_AUDIT)) {
v.addElement(PROP_SIGNED_AUDIT_LOG_SIGNING + "="
+ String.valueOf(mLogSigning));
if (mSAuditCertNickName == null) {
v.addElement(PROP_SIGNED_AUDIT_CERT_NICKNAME + "=");
} else {
v.addElement(PROP_SIGNED_AUDIT_CERT_NICKNAME + "="
+ mSAuditCertNickName);
}
if (mSelectedEventsList == null) {
v.addElement(PROP_SIGNED_AUDIT_EVENTS + "=");
} else {
v.addElement(PROP_SIGNED_AUDIT_EVENTS + "="
+ mSelectedEventsList);
}
}
} catch (Exception e) {
}
return v;
}
public String[] getExtendedPluginInfo(Locale locale) {
if (mType.equals(ILogger.PROP_SIGNED_AUDIT)) {
String[] params = {
PROP_TYPE
+ ";choice(transaction,signedAudit,system);The log event type this instance is listening to",
PROP_ON + ";boolean;Turn on the listener",
PROP_LEVEL
+ ";choice("
+ ILogger.LL_DEBUG_STRING
+ ","
+ ILogger.LL_INFO_STRING
+ ","
+ ILogger.LL_WARN_STRING
+ ","
+ ILogger.LL_FAILURE_STRING
+ ","
+ ILogger.LL_MISCONF_STRING
+ ","
+ ILogger.LL_CATASTRPHE_STRING
+ ","
+ ILogger.LL_SECURITY_STRING
+ ");Only log message with level higher than this filter will be written by this listener",
PROP_FILE_NAME
+ ";string;The name of the file the log is written to",
PROP_BUFFER_SIZE
+ ";integer;The size of the buffer to receive log messages in kilobytes(KB)",
PROP_FLUSH_INTERVAL
+ ";integer;The maximum time in seconds before the buffer is flushed to the file",
IExtendedPluginInfo.HELP_TOKEN
+ ";configuration-logrules-logfile",
IExtendedPluginInfo.HELP_TEXT
+ ";Write the log messages to a file",
PROP_SIGNED_AUDIT_LOG_SIGNING
+ ";boolean;Enable audit logs to be signed",
PROP_SIGNED_AUDIT_CERT_NICKNAME
+ ";string;The nickname of the certificate to be used to sign audit logs",
PROP_SIGNED_AUDIT_EVENTS
+ ";string;A comma-separated list of strings used to specify particular signed audit log events", };
return params;
} else {
// mType.equals( ILogger.PROP_AUDIT ) ||
// mType.equals( ILogger.PROP_SYSTEM )
String[] params = {
PROP_TYPE
+ ";choice(transaction,signedAudit,system);The log event type this instance is listening to",
PROP_ON + ";boolean;Turn on the listener",
PROP_LEVEL
+ ";choice("
+ ILogger.LL_DEBUG_STRING
+ ","
+ ILogger.LL_INFO_STRING
+ ","
+ ILogger.LL_WARN_STRING
+ ","
+ ILogger.LL_FAILURE_STRING
+ ","
+ ILogger.LL_MISCONF_STRING
+ ","
+ ILogger.LL_CATASTRPHE_STRING
+ ","
+ ILogger.LL_SECURITY_STRING
+ ");Only log message with level higher than this filter will be written by this listener",
PROP_FILE_NAME
+ ";string;The name of the file the log is written to",
PROP_BUFFER_SIZE
+ ";integer;The size of the buffer to receive log messages in kilobytes(KB)",
PROP_FLUSH_INTERVAL
+ ";integer;The maximum time in seconds before the buffer is flushed to the file",
IExtendedPluginInfo.HELP_TOKEN
+ ";configuration-logrules-logfile",
IExtendedPluginInfo.HELP_TEXT
+ ";Write the log messages to a file" };
return params;
}
}
/**
* Signed Audit Log
*
* This method is inherited by all classes that extend this "LogFile" class,
* and is called to store messages to the signed audit log.
*
*
* @param msg signed audit log message
*/
protected void audit(String msg) {
// in this case, do NOT strip preceding/trailing whitespace
// from passed-in String parameters
if (mSignedAuditLogger == null) {
return;
}
mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null,
ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg);
}
}