Cherry pick branch 'genexuslabs:securityapicommons' into beta

Author: sgrampone

gxcryptography/pom.xml

@@ -23,6 +23,11 @@
             <artifactId>bcprov-jdk18on</artifactId>
             <version>${org.bouncycastle.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-core</artifactId>
+            <version>${log4j.version}</version>
+        </dependency>
         <dependency>
             <groupId>${project.groupId}</groupId>
             <artifactId>securityapicommons</artifactId>

gxcryptography/src/main/java/com/genexus/cryptography/asymmetric/AsymmetricCipher.java

@@ -1,13 +1,5 @@
 package com.genexus.cryptography.asymmetric;
 
-import java.io.ByteArrayInputStream;
-import java.io.InputStream;
-
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.Signer;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.util.encoders.Base64;
-
 import com.genexus.cryptography.asymmetric.utils.AsymmetricSigningAlgorithm;
 import com.genexus.cryptography.commons.AsymmetricSignerObject;
 import com.genexus.cryptography.hash.Hashing;
@@ -19,12 +11,20 @@
 import com.genexus.securityapicommons.keys.CertificateX509;
 import com.genexus.securityapicommons.keys.PrivateKeyManager;
 import com.genexus.securityapicommons.utils.SecurityUtils;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.Signer;
+import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
+import org.bouncycastle.util.encoders.Base64;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
 
 public class AsymmetricSigner extends AsymmetricSignerObject {
 
-	/**
-	 * AsymmetricSigner class constructor
-	 */
+	private static final Logger logger = LogManager.getLogger(AsymmetricSigner.class);
+
 	public AsymmetricSigner() {
 		super();
 	}
@@ -33,170 +33,175 @@ public AsymmetricSigner() {
 
 	@Override
 	public String doSign(PrivateKeyManager key, String hashAlgorithm, String plainText) {
+		logger.debug("doSign");
 		this.error.cleanError();
-
-		/******* INPUT VERIFICATION - BEGIN *******/
-		SecurityUtils.validateObjectInput("key", key, this.error);
-		SecurityUtils.validateStringInput("hashAlgorithm", hashAlgorithm, this.error);
-		SecurityUtils.validateStringInput("plainText", plainText, this.error);
+		// INPUT VERIFICATION - BEGIN
+		SecurityUtils.validateObjectInput(String.valueOf(AsymmetricSigner.class), "doSign", "key", key, this.error);
+		SecurityUtils.validateStringInput(String.valueOf(AsymmetricSigner.class), "doSign", "hashAlgorithm", hashAlgorithm, this.error);
+		SecurityUtils.validateStringInput(String.valueOf(AsymmetricSigner.class), "doSign", "plainText", plainText, this.error);
 		if (this.hasError()) {
 			return "";
 		}
 		;
-		/******* INPUT VERIFICATION - END *******/
+		// INPUT VERIFICATION - END
 
 		EncodingUtil eu = new EncodingUtil();
 		byte[] inputText = eu.getBytes(plainText);
 		if (eu.hasError()) {
 			this.error = eu.getError();
 			return "";
 		}
-		String result = "";
+
 		try (InputStream inputStream = new ByteArrayInputStream(inputText)) {
-			result = sign(key, hashAlgorithm, inputStream);
+			return sign(key, hashAlgorithm, inputStream);
 		} catch (Exception e) {
 			error.setError("AS001", e.getMessage());
+			logger.error("doSign", e);
+			return "";
 		}
-		return result;
 	}
 
 	@Override
 	public String doSignFile(PrivateKeyManager key, String hashAlgorithm, String path) {
+		logger.debug("doSignFile");
 		this.error.cleanError();
-
-		/******* INPUT VERIFICATION - BEGIN *******/
-		SecurityUtils.validateObjectInput("key", key, this.error);
-		SecurityUtils.validateStringInput("hashAlgorithm", hashAlgorithm, this.error);
-		SecurityUtils.validateStringInput("path", path, this.error);
+		// INPUT VERIFICATION - BEGIN
+		SecurityUtils.validateObjectInput(String.valueOf(AsymmetricSigner.class), "doSignFile", "key", key, this.error);
+		SecurityUtils.validateStringInput(String.valueOf(AsymmetricSigner.class), "doSignFile", "hashAlgorithm", hashAlgorithm, this.error);
+		SecurityUtils.validateStringInput(String.valueOf(AsymmetricSigner.class), "doSignFile", "path", path, this.error);
 		if (this.hasError()) {
 			return "";
 		}
-		/******* INPUT VERIFICATION - END *******/
+		// INPUT VERIFICATION - END
 
-		String result = "";
 		try (InputStream input = SecurityUtils.getFileStream(path, this.error)) {
 			if (this.hasError()) {
 				return "";
 			}
 
-			result = sign(key, hashAlgorithm, input);
+			return sign(key, hashAlgorithm, input);
 		} catch (Exception e) {
 			error.setError("AS002", e.getMessage());
+			logger.error("doSignFile", e);
+			return "";
 		}
-		return result;
 	}
 
 	@Override
 	public boolean doVerify(CertificateX509 cert, String plainText, String signature) {
+		logger.debug("doVerify");
 		this.error.cleanError();
-
-		/******* INPUT VERIFICATION - BEGIN *******/
-		SecurityUtils.validateObjectInput("cert", cert, this.error);
-		SecurityUtils.validateStringInput("plainText", plainText, this.error);
-		SecurityUtils.validateStringInput("signature", signature, this.error);
+		// INPUT VERIFICATION - BEGIN
+		SecurityUtils.validateObjectInput(String.valueOf(AsymmetricSigner.class), "doVerify", "cert", cert, this.error);
+		SecurityUtils.validateStringInput(String.valueOf(AsymmetricSigner.class), "doVerify", "plainText", plainText, this.error);
+		SecurityUtils.validateStringInput(String.valueOf(AsymmetricSigner.class), "doVerify", "signature", signature, this.error);
 		if (this.hasError()) {
 			return false;
 		}
-		/******* INPUT VERIFICATION - END *******/
+		// INPUT VERIFICATION - END
 
 		EncodingUtil eu = new EncodingUtil();
 		byte[] inputText = eu.getBytes(plainText);
 		if (eu.hasError()) {
 			this.error = eu.getError();
 			return false;
 		}
-		boolean result = false;
+
 		try (InputStream inputStream = new ByteArrayInputStream(inputText)) {
-			result = verify(cert, inputStream, signature, null);
+			return verify(cert, inputStream, signature, null);
 		} catch (Exception e) {
 			error.setError("AS003", e.getMessage());
+			logger.error("doVerify", e);
+			return false;
 		}
-		return result;
 	}
 
 	@Override
 	public boolean doVerifyWithPublicKey(PublicKey key, String plainText, String signature, String hash) {
+		logger.debug("doVerifyWithPublicKey");
 		this.error.cleanError();
-
-		/******* INPUT VERIFICATION - BEGIN *******/
-		SecurityUtils.validateObjectInput("key", key, this.error);
-		SecurityUtils.validateStringInput("plainText", plainText, this.error);
-		SecurityUtils.validateStringInput("signature", signature, this.error);
-		SecurityUtils.validateStringInput("hashAlgorithm", hash, this.error);
+		// INPUT VERIFICATION - BEGIN
+		SecurityUtils.validateObjectInput(String.valueOf(AsymmetricSigner.class), "doVerifyWithPublicKey", "key", key, this.error);
+		SecurityUtils.validateStringInput(String.valueOf(AsymmetricSigner.class), "doVerifyWithPublicKey", "plainText", plainText, this.error);
+		SecurityUtils.validateStringInput(String.valueOf(AsymmetricSigner.class), "doVerifyWithPublicKey", "signature", signature, this.error);
+		SecurityUtils.validateStringInput(String.valueOf(AsymmetricSigner.class), "doVerifyWithPublicKey", "hashAlgorithm", hash, this.error);
 		if (this.hasError()) {
 			return false;
 		}
-		/******* INPUT VERIFICATION - END *******/
+		// INPUT VERIFICATION - END
 
 		EncodingUtil eu = new EncodingUtil();
 		byte[] inputText = eu.getBytes(plainText);
 		if (eu.hasError()) {
 			this.error = eu.getError();
 			return false;
 		}
-		boolean result = false;
+
 		try (InputStream inputStream = new ByteArrayInputStream(inputText)) {
-			result = verify(key, inputStream, signature, hash);
+			return verify(key, inputStream, signature, hash);
 		} catch (Exception e) {
 			error.setError("AS003", e.getMessage());
+			logger.error("doVerifyWithPublicKey", e);
+			return false;
 		}
-		return result;
 	}
 
 	@Override
 	public boolean doVerifyFile(CertificateX509 cert, String path, String signature) {
+		logger.debug("doVerifyFile");
 		this.error.cleanError();
-
-		/******* INPUT VERIFICATION - BEGIN *******/
-		SecurityUtils.validateObjectInput("cert", cert, this.error);
-		SecurityUtils.validateStringInput("path", path, this.error);
-		SecurityUtils.validateStringInput("signature", signature, this.error);
+		// INPUT VERIFICATION - BEGIN
+		SecurityUtils.validateObjectInput(String.valueOf(AsymmetricSigner.class), "doVerifyFile", "cert", cert, this.error);
+		SecurityUtils.validateStringInput(String.valueOf(AsymmetricSigner.class), "doVerifyFile", "path", path, this.error);
+		SecurityUtils.validateStringInput(String.valueOf(AsymmetricSigner.class), "doVerifyFile", "signature", signature, this.error);
 		if (this.hasError()) {
 			return false;
 		}
-		/******* INPUT VERIFICATION - END *******/
+		// INPUT VERIFICATION - END
 
-		boolean result = false;
 		try (InputStream input = SecurityUtils.getFileStream(path, this.error)) {
 			if (this.hasError()) {
 				return false;
 			}
-			result = verify(cert, input, signature, null);
+			return verify(cert, input, signature, null);
 		} catch (Exception e) {
 			error.setError("AS004", e.getMessage());
+			logger.error("doVerifyFile", e);
+			return false;
 		}
-		return result;
 	}
 
 	@Override
 	public boolean doVerifyFileWithPublicKey(PublicKey key, String path, String signature, String hash) {
+		logger.debug("doVerifyFileWithPublicKey");
 		this.error.cleanError();
-
-		/******* INPUT VERIFICATION - BEGIN *******/
-		SecurityUtils.validateObjectInput("key", key, this.error);
-		SecurityUtils.validateStringInput("path", path, this.error);
-		SecurityUtils.validateStringInput("signature", signature, this.error);
-		SecurityUtils.validateStringInput("hashAlgorithm", hash, this.error);
+		// INPUT VERIFICATION - BEGIN
+		SecurityUtils.validateObjectInput(String.valueOf(AsymmetricSigner.class), "doVerifyFileWithPublicKey", "key", key, this.error);
+		SecurityUtils.validateStringInput(String.valueOf(AsymmetricSigner.class), "doVerifyFileWithPublicKey", "path", path, this.error);
+		SecurityUtils.validateStringInput(String.valueOf(AsymmetricSigner.class), "doVerifyFileWithPublicKey", "signature", signature, this.error);
+		SecurityUtils.validateStringInput(String.valueOf(AsymmetricSigner.class), "doVerifyFileWithPublicKey", "hashAlgorithm", hash, this.error);
 		if (this.hasError()) {
 			return false;
 		}
-		/******* INPUT VERIFICATION - END *******/
+		// INPUT VERIFICATION - END
+
 
-		boolean result = false;
 		try (InputStream input = SecurityUtils.getFileStream(path, this.error)) {
 			if (this.hasError()) {
 				return false;
 			}
-			result = verify(key, input, signature, hash);
+			return verify(key, input, signature, hash);
 		} catch (Exception e) {
 			error.setError("AS004", e.getMessage());
+			logger.error("doVerifyFileWithPublicKey", e);
+			return false;
 		}
-		return result;
 	}
 
 	/******** EXTERNAL OBJECT PUBLIC METHODS - END ********/
 
 	private String sign(PrivateKey key, String hashAlgorithm, InputStream input) {
+		logger.debug("sign");
 		PrivateKeyManager keyMan = (PrivateKeyManager) key;
 		if (keyMan.hasError()) {
 			this.error = keyMan.getError();
@@ -213,24 +218,19 @@ private String sign(PrivateKey key, String hashAlgorithm, InputStream input) {
 		setUpSigner(signer, input, keyMan.getAsymmetricKeyParameter(), true);
 		if (this.hasError())
 			return "";
-		byte[] outputBytes = null;
+
 		try {
-			outputBytes = signer.generateSignature();
+			byte[] outputBytes = signer.generateSignature();
+			return Base64.toBase64String(outputBytes);
 		} catch (Exception e) {
 			error.setError("AS005", e.getMessage());
+			logger.error("sign", e);
 			return "";
 		}
-		String result = "";
-		try {
-			result = Base64.toBase64String(outputBytes);
-		} catch (Exception e) {
-			error.setError("AS006", e.getMessage());
-			return "";
-		}
-		return result;
 	}
 
 	private boolean verify(Key key, InputStream input, String signature, String hash) {
+		logger.debug("verify");
 		PublicKey cert = null;
 		boolean isKey = false;
 		if (hash == null) {
@@ -264,40 +264,30 @@ private boolean verify(Key key, InputStream input, String signature, String hash
 		setUpSigner(signer, input, cert.getAsymmetricKeyParameter(), false);
 		if (this.hasError())
 			return false;
-		byte[] signatureBytes = null;
+
 		try {
-			signatureBytes = Base64.decode(signature);
+			byte[] signatureBytes = Base64.decode(signature);
+			return signer.verifySignature(signatureBytes);
 		} catch (Exception e) {
 			error.setError("AS007", e.getMessage());
+			logger.error("verify", e);
 			return false;
 		}
-		boolean result = false;
-		try {
-			result = signer.verifySignature(signatureBytes);
-		} catch (Exception e) {
-			error.setError("AS008", e.getMessage());
-			return false;
-		}
-		return result;
-
 	}
 
 	private void setUpSigner(Signer signer, InputStream input, AsymmetricKeyParameter asymmetricKeyParameter,
 							 boolean toSign) {
-		try {
-			signer.init(toSign, asymmetricKeyParameter);
-		} catch (Exception e) {
-			error.setError("AS009", e.getMessage());
-			return;
-		}
+		logger.debug("setUpSigner");
 		byte[] buffer = new byte[8192];
 		int n;
 		try {
+			signer.init(toSign, asymmetricKeyParameter);
 			while ((n = input.read(buffer)) > 0) {
 				signer.update(buffer, 0, n);
 			}
 		} catch (Exception e) {
-			error.setError("AS010", e.getMessage());
+			error.setError("AS009", e.getMessage());
+			logger.error("setUpSigner", e);
 			return;
 		}
 	}