Skip to content

Commit

Permalink
More logging related to JWS
Browse files Browse the repository at this point in the history
  • Loading branch information
@simonredfern
simonredfern committed Sep 26, 2023
1 parent 6341106 commit c4d7ad3
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 2 deletions.
7 changes: 7 additions & 0 deletions obp-api/src/main/scala/code/api/util/CertificateUtil.scala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,13 +66,20 @@ object CertificateUtil extends MdcLoggable {
@throws[CertificateException]
@throws[RuntimeException]
def getKeyStoreCertificate() = {
// TODO SENSITIVE DATA LOGGING
logger.debug("getKeyStoreCertificate says hello.")
val jkspath = APIUtil.getPropsValue("keystore.path").getOrElse("")
logger.debug("getKeyStoreCertificate says jkspath is: " + jkspath)
val jkspasswd = APIUtil.getPropsValue("keystore.password").getOrElse(APIUtil.initPasswd)
logger.debug("getKeyStoreCertificate says jkspasswd is: " + jkspasswd)
val keypasswd = APIUtil.getPropsValue("keystore.passphrase").getOrElse(APIUtil.initPasswd)
logger.debug("getKeyStoreCertificate says keypasswd is: " + keypasswd)
// This is used for QWAC certificate. Alias needs to be of that certificate.
val alias = APIUtil.getPropsValue("keystore.alias").getOrElse("")
logger.debug("getKeyStoreCertificate says alias is: " + alias)
val keyStore = KeyStore.getInstance(KeyStore.getDefaultType)
val inputStream = new FileInputStream(jkspath)
logger.debug("getKeyStoreCertificate says before keyStore.load inputStream")
keyStore.load(inputStream, jkspasswd.toArray)
inputStream.close()
val privateKey: Key = keyStore.getKey(alias, keypasswd.toCharArray())
Expand Down
15 changes: 13 additions & 2 deletions obp-api/src/main/scala/code/api/util/JwsUtil.scala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,7 @@ object JwsUtil extends MdcLoggable {
|psu-geo-location: ${psuGeoLocation.getOrElse("None")}
|digest: $digest
|""".stripMargin)
logger.debug("Detached Payload of Signing: " + detachedPayload)
logger.debug("signRequestResponseCommon says Detached Payload of Signing: " + detachedPayload)

val sigD =
s"""{
Expand All @@ -206,15 +206,24 @@ object JwsUtil extends MdcLoggable {
| "mId": "http://uri.etsi.org/19182/HttpHeaders"
| }
| """.stripMargin
// We create the time in next format: '2011-12-03T10:15:30Z'
// We create the time in the following format: '2011-12-03T10:15:30Z'

logger.debug("signRequestResponseCommon says sigD is: " + sigD)

val sigT: String = signingTime match {
case None => ZonedDateTime.now(ZoneOffset.UTC).format(DateTimeFormatter.ISO_ZONED_DATE_TIME)
case Some(time) => time.format(DateTimeFormatter.ISO_ZONED_DATE_TIME)
}
logger.debug("signRequestResponseCommon says sigT is: " + sigT)

val criticalParams: util.Set[String] = new util.HashSet[String]()
logger.debug("signRequestResponseCommon says criticalParams is: " + criticalParams)

criticalParams.add("b64")
criticalParams.addAll(getDeferredCriticalHeaders)
// Create and sign JWS

logger.debug("signRequestResponseCommon says before Create and sign JWS")
val jwsProtectedHeader: JWSHeader = new JWSHeader.Builder(JWSAlgorithm.RS256)
.base64URLEncodePayload(false)
.x509CertChain(List(new com.nimbusds.jose.util.Base64(CertificateUtil.x5c)).asJava)
Expand All @@ -226,11 +235,13 @@ object JwsUtil extends MdcLoggable {


// Compute the RSA signature
logger.debug("signRequestResponseCommon says before Compute the RSA signature")
jwsObject.sign(CertificateUtil.rsaSigner)

val isDetached = true
val jws: String = jwsObject.serialize(isDetached)

logger.debug("signRequestResponseCommon says returning..")
List(HTTPParam("x-jws-signature", List(jws)), HTTPParam("digest", List(digest))) :::
List(
HTTPParam("host", List(host)),
Expand Down

0 comments on commit c4d7ad3

Please sign in to comment.