-
EventHelper
-
JUJA: JavaUtilJarAccess
-
loggingSecurity: boolean
-
securityLogger: Logger
-
LOGGER_HANDLE: VarHandle
-
static class initializer
-
LOG_LEVEL: Level
-
SECURITY_LOGGER_NAME: String
-
logTLSHandshakeEvent(Instant, String, int, String, String, long): void
-
logSecurityPropertyEvent(String, String): void
-
logX509ValidationEvent(int, int[]): void
-
logX509CertificateEvent(String, String, String, String, String, int, long, long, long): void
-
getDurationString(Instant): String
-
isLoggingSecurity(): boolean
-
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package jdk.internal.event;
import jdk.internal.misc.JavaUtilJarAccess;
import jdk.internal.misc.SharedSecrets;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.VarHandle;
import java.time.Duration;
import java.time.Instant;
import java.util.Date;
import java.util.stream.Collectors;
import java.util.stream.IntStream;
A helper class to have events logged to a JDK Event Logger.
/**
* A helper class to have events logged to a JDK Event Logger.
*/
public final class EventHelper {
private static final JavaUtilJarAccess JUJA = SharedSecrets.javaUtilJarAccess();
private static volatile boolean loggingSecurity;
private static volatile System.Logger securityLogger;
private static final VarHandle LOGGER_HANDLE;
static {
try {
LOGGER_HANDLE =
MethodHandles.lookup().findStaticVarHandle(
EventHelper.class, "securityLogger", System.Logger.class);
} catch (ReflectiveOperationException e) {
throw new Error(e);
}
}
private static final System.Logger.Level LOG_LEVEL = System.Logger.Level.DEBUG;
// helper class used for logging security related events for now
private static final String SECURITY_LOGGER_NAME = "jdk.event.security";
public static void logTLSHandshakeEvent(Instant start,
String peerHost,
int peerPort,
String cipherSuite,
String protocolVersion,
long peerCertId) {
assert securityLogger != null;
String prepend = getDurationString(start);
securityLogger.log(LOG_LEVEL, prepend +
" TLSHandshake: {0}:{1,number,#}, {2}, {3}, {4,number,#}",
peerHost, peerPort, protocolVersion, cipherSuite, peerCertId);
}
public static void logSecurityPropertyEvent(String key,
String value) {
assert securityLogger != null;
securityLogger.log(LOG_LEVEL,
"SecurityPropertyModification: key:{0}, value:{1}", key, value);
}
public static void logX509ValidationEvent(int anchorCertId,
int[] certIds) {
assert securityLogger != null;
String codes = IntStream.of(certIds)
.mapToObj(Integer::toString)
.collect(Collectors.joining(", "));
securityLogger.log(LOG_LEVEL,
"ValidationChain: {0,number,#}, {1}", anchorCertId, codes);
}
public static void logX509CertificateEvent(String algId,
String serialNum,
String subject,
String issuer,
String keyType,
int length,
long certId,
long beginDate,
long endDate) {
assert securityLogger != null;
securityLogger.log(LOG_LEVEL, "X509Certificate: Alg:{0}, Serial:{1}" +
", Subject:{2}, Issuer:{3}, Key type:{4}, Length:{5,number,#}" +
", Cert Id:{6,number,#}, Valid from:{7}, Valid until:{8}",
algId, serialNum, subject, issuer, keyType, length,
certId, new Date(beginDate), new Date(endDate));
}
Method to calculate a duration timestamp for events which measure
the start and end times of certain operations.
Params: - start – Instant indicating when event started recording
Returns: A string representing duraction from start time to
time of this method call. Empty string is start is null.
/**
* Method to calculate a duration timestamp for events which measure
* the start and end times of certain operations.
* @param start Instant indicating when event started recording
* @return A string representing duraction from start time to
* time of this method call. Empty string is start is null.
*/
private static String getDurationString(Instant start) {
if (start != null) {
Duration duration = Duration.between(start, Instant.now());
long micros = duration.toNanos() / 1_000;
if (micros < 1_000_000) {
return "duration = " + (micros / 1_000.0) + " ms:";
} else {
return "duration = " + ((micros / 1_000) / 1_000.0) + " s:";
}
} else {
return "";
}
}
Helper to determine if security events are being logged
at a preconfigured logging level. The configuration value
is read once at class initialization.
Returns: boolean indicating whether an event should be logged
/**
* Helper to determine if security events are being logged
* at a preconfigured logging level. The configuration value
* is read once at class initialization.
*
* @return boolean indicating whether an event should be logged
*/
public static boolean isLoggingSecurity() {
// Avoid a bootstrap issue where the commitEvent attempts to
// trigger early loading of System Logger but where
// the verification process still has JarFiles locked
if (securityLogger == null && !JUJA.isInitializing()) {
LOGGER_HANDLE.compareAndSet( null, System.getLogger(SECURITY_LOGGER_NAME));
loggingSecurity = securityLogger.isLoggable(LOG_LEVEL);
}
return loggingSecurity;
}
}