diff --git a/obp-api/src/main/scala/code/api/util/CertificateUtil.scala b/obp-api/src/main/scala/code/api/util/CertificateUtil.scala index 1baea2feea..9b170461da 100644 --- a/obp-api/src/main/scala/code/api/util/CertificateUtil.scala +++ b/obp-api/src/main/scala/code/api/util/CertificateUtil.scala @@ -66,13 +66,20 @@ object CertificateUtil extends MdcLoggable { @throws[CertificateException] @throws[RuntimeException] def getKeyStoreCertificate() = { + // TODO SENSITIVE DATA LOGGING + logger.debug("getKeyStoreCertificate says hello.") val jkspath = APIUtil.getPropsValue("keystore.path").getOrElse("") + logger.debug("getKeyStoreCertificate says jkspath is: " + jkspath) val jkspasswd = APIUtil.getPropsValue("keystore.password").getOrElse(APIUtil.initPasswd) + logger.debug("getKeyStoreCertificate says jkspasswd is: " + jkspasswd) val keypasswd = APIUtil.getPropsValue("keystore.passphrase").getOrElse(APIUtil.initPasswd) + logger.debug("getKeyStoreCertificate says keypasswd is: " + keypasswd) // This is used for QWAC certificate. Alias needs to be of that certificate. val alias = APIUtil.getPropsValue("keystore.alias").getOrElse("") + logger.debug("getKeyStoreCertificate says alias is: " + alias) val keyStore = KeyStore.getInstance(KeyStore.getDefaultType) val inputStream = new FileInputStream(jkspath) + logger.debug("getKeyStoreCertificate says before keyStore.load inputStream") keyStore.load(inputStream, jkspasswd.toArray) inputStream.close() val privateKey: Key = keyStore.getKey(alias, keypasswd.toCharArray()) diff --git a/obp-api/src/main/scala/code/api/util/JwsUtil.scala b/obp-api/src/main/scala/code/api/util/JwsUtil.scala index b6324357f7..e07fefe5a3 100644 --- a/obp-api/src/main/scala/code/api/util/JwsUtil.scala +++ b/obp-api/src/main/scala/code/api/util/JwsUtil.scala @@ -191,7 +191,7 @@ object JwsUtil extends MdcLoggable { |psu-geo-location: ${psuGeoLocation.getOrElse("None")} |digest: $digest |""".stripMargin) - logger.debug("Detached Payload of Signing: " + detachedPayload) + logger.debug("signRequestResponseCommon says Detached Payload of Signing: " + detachedPayload) val sigD = s"""{ @@ -206,15 +206,24 @@ object JwsUtil extends MdcLoggable { | "mId": "http://uri.etsi.org/19182/HttpHeaders" | } | """.stripMargin - // We create the time in next format: '2011-12-03T10:15:30Z' + // We create the time in the following format: '2011-12-03T10:15:30Z' + + logger.debug("signRequestResponseCommon says sigD is: " + sigD) + val sigT: String = signingTime match { case None => ZonedDateTime.now(ZoneOffset.UTC).format(DateTimeFormatter.ISO_ZONED_DATE_TIME) case Some(time) => time.format(DateTimeFormatter.ISO_ZONED_DATE_TIME) } + logger.debug("signRequestResponseCommon says sigT is: " + sigT) + val criticalParams: util.Set[String] = new util.HashSet[String]() + logger.debug("signRequestResponseCommon says criticalParams is: " + criticalParams) + criticalParams.add("b64") criticalParams.addAll(getDeferredCriticalHeaders) // Create and sign JWS + + logger.debug("signRequestResponseCommon says before Create and sign JWS") val jwsProtectedHeader: JWSHeader = new JWSHeader.Builder(JWSAlgorithm.RS256) .base64URLEncodePayload(false) .x509CertChain(List(new com.nimbusds.jose.util.Base64(CertificateUtil.x5c)).asJava) @@ -226,11 +235,13 @@ object JwsUtil extends MdcLoggable { // Compute the RSA signature + logger.debug("signRequestResponseCommon says before Compute the RSA signature") jwsObject.sign(CertificateUtil.rsaSigner) val isDetached = true val jws: String = jwsObject.serialize(isDetached) + logger.debug("signRequestResponseCommon says returning..") List(HTTPParam("x-jws-signature", List(jws)), HTTPParam("digest", List(digest))) ::: List( HTTPParam("host", List(host)),