From c37307cdda12ccf3abe3699879cc6edf3b40d398 Mon Sep 17 00:00:00 2001 From: Joanna Jeremicz Date: Tue, 13 Jul 2021 14:04:13 +0200 Subject: [PATCH] [OOM-CERT-SERVICE] Improve logging Issue-ID: OOM-2753 Signed-off-by: Joanna Jeremicz Change-Id: If61f56cf0a54cc0084481613ff984ae01655c942 --- .../oom/certservice/api/CertificationController.java | 8 ++++---- .../certification/CertificationResponseModelFactory.java | 6 +++--- .../certservice/cmpv2client/impl/CmpMessageHelper.java | 4 ++-- .../certservice/cmpv2client/impl/CmpResponseHelper.java | 16 +++++++++++----- .../onap/oom/certservice/cmpv2client/impl/CmpUtil.java | 8 ++++---- .../validation/CmpCertificationValidator.java | 8 +++----- 6 files changed, 27 insertions(+), 23 deletions(-) diff --git a/certService/src/main/java/org/onap/oom/certservice/api/CertificationController.java b/certService/src/main/java/org/onap/oom/certservice/api/CertificationController.java index a4389ec2..987d56ea 100644 --- a/certService/src/main/java/org/onap/oom/certservice/api/CertificationController.java +++ b/certService/src/main/java/org/onap/oom/certservice/api/CertificationController.java @@ -76,19 +76,19 @@ public class CertificationController { content = @Content(schema = @Schema(implementation = ErrorResponseModel.class))) }) @Operation( - summary = "sign certificate", - description = "Web endpoint for requesting certificate signing. Used by system components to gain certificate signed by CA.", + summary = "initialize certificate", + description = "Web endpoint for requesting certificate initialization. Used by system components to gain certificate signed by CA.", tags = {"CertificationService"}) public ResponseEntity signCertificate( @Parameter(description = "Name of certification authority that will sign CSR.") @PathVariable String caName, - @Parameter(description = "Certificate signing request in form of PEM object encoded in Base64 (with header and footer).") + @Parameter(description = "Certificate initialization request in form of PEM object encoded in Base64 (with header and footer).") @RequestHeader("CSR") String encodedCsr, @Parameter(description = "Private key in form of PEM object encoded in Base64 (with header and footer).") @RequestHeader("PK") String encodedPrivateKey ) throws DecryptionException, CmpClientException { caName = replaceWhiteSpaceChars(caName); - LOGGER.info("Received certificate signing request for CA named: {}", caName); + LOGGER.info("Received certificate initialization request for CA named: {}", caName); CertificationResponseModel certificationResponseModel = certificationResponseModelFactory .provideCertificationModelFromInitialRequest(encodedCsr, encodedPrivateKey, caName); return new ResponseEntity<>(certificationResponseModel, HttpStatus.OK); diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationResponseModelFactory.java b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationResponseModelFactory.java index af90bf7e..4c50f6fe 100644 --- a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationResponseModelFactory.java +++ b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationResponseModelFactory.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * Cert Service * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. + * Copyright (C) 2020-2021 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -72,14 +72,14 @@ public class CertificationResponseModelFactory { Cmpv2Server cmpv2Server = cmpv2ServerProvider.getCmpv2Server(caName); LOGGER.debug("Found server for given CA name: \n{}", cmpv2Server); - LOGGER.info("Sending sign request for certification model for CA named: {}, and certificate signing request:\n{}", + LOGGER.info("Sending initialization request for certification model for CA named: {}, and certificate signing request:\n{}", caName, csrModel); return certificationProvider.executeInitializationRequest(csrModel, cmpv2Server); } public CertificationResponseModel provideCertificationModelFromUpdateRequest(CertificateUpdateModel certificateUpdateModel) throws DecryptionException, CmpClientException { - LOGGER.info("CSR: {}, old cert: {}, CA: {}", certificateUpdateModel.getEncodedCsr(), + LOGGER.debug("CSR: {}, old cert: {}, CA: {}", certificateUpdateModel.getEncodedCsr(), certificateUpdateModel.getEncodedOldCert(), certificateUpdateModel.getCaName()); final CsrModel csrModel = csrModelFactory.createCsrModel( new StringBase64(certificateUpdateModel.getEncodedCsr()), diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java index c4be54ce..463451bd 100644 --- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java @@ -75,7 +75,7 @@ public final class CmpMessageHelper { */ public static OptionalValidity generateOptionalValidity( final Date notBefore, final Date notAfter) { - LOG.info("Generating Optional Validity from Date objects"); + LOG.debug("Generating Optional Validity from Date objects"); ASN1EncodableVector optionalValidityV = new ASN1EncodableVector(); if (notBefore != null) { Time nb = new Time(notBefore); @@ -95,7 +95,7 @@ public final class CmpMessageHelper { */ public static Extensions generateExtension(final GeneralName[] sansArray) throws CmpClientException { - LOG.info("Generating Extensions from Subject Alternative Names"); + LOG.debug("Generating Extensions from Subject Alternative Names"); final ExtensionsGenerator extGenerator = new ExtensionsGenerator(); try { extGenerator.addExtension(Extension.keyUsage, CRITICAL_FALSE, getKeyUsage()); diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpResponseHelper.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpResponseHelper.java index 1b900987..87dfc507 100644 --- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpResponseHelper.java +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpResponseHelper.java @@ -1,8 +1,7 @@ /*- * ============LICENSE_START======================================================= - * Copyright (C) 2020 Nordix Foundation. - * ================================================================================ - * Modification copyright 2021 Nokia + * Copyright (C) 2020 Nordix Foundation. + * Copyright (C) 2021 Nokia. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -63,13 +62,20 @@ import org.slf4j.LoggerFactory; public final class CmpResponseHelper { private static final Logger LOG = LoggerFactory.getLogger(CmpResponseHelper.class); + private static final Map RESPONSE_TYPE_TO_STRING = Map.of( + PKIBody.TYPE_INIT_REP, "INIT_REP", + PKIBody.TYPE_CERT_REP, "CERT_REP", + PKIBody.TYPE_KEY_UPDATE_REP, "KEY_UPDATE_REP"); private CmpResponseHelper() { } static void checkIfCmpResponseContainsError(PKIMessage respPkiMessage) { - LOG.info("Response type: {} ", respPkiMessage.getBody().getType()); - if (respPkiMessage.getBody().getType() == PKIBody.TYPE_ERROR) { + final int responseType = respPkiMessage.getBody().getType(); + final String responseTypeName = RESPONSE_TYPE_TO_STRING.getOrDefault(responseType, Integer.toString(responseType)); + LOG.info("Response type is: {} ", responseTypeName); + + if (responseType == PKIBody.TYPE_ERROR) { final ErrorMsgContent errorMsgContent = (ErrorMsgContent) respPkiMessage.getBody().getContent(); String text = errorMsgContent.getPKIStatusInfo().getStatusString().getStringAt(0).getString(); diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpUtil.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpUtil.java index a05a5b7a..0d0d7f34 100644 --- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpUtil.java +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpUtil.java @@ -84,7 +84,7 @@ public final class CmpUtil { * @return bytes containing a random number string representing a nonce */ public static byte[] createRandomBytes() { - LOGGER.info("Generating random array of bytes"); + LOGGER.debug("Generating random array of bytes"); byte[] randomBytes = new byte[RANDOM_BYTE_LENGTH]; SECURE_RANDOM.nextBytes(randomBytes); return randomBytes; @@ -97,7 +97,7 @@ public final class CmpUtil { * @return bytes containing a random number string representing a nonce */ public static int createRandomInt(int range) { - LOGGER.info("Generating random integer"); + LOGGER.debug("Generating random integer"); return SECURE_RANDOM.nextInt(range) + RANDOM_SEED; } @@ -109,7 +109,7 @@ public final class CmpUtil { * @return bytes representing the PKIHeader and PKIBody thats to be protected */ public static byte[] generateProtectedBytes(PKIHeader header, PKIBody body) throws CmpClientException { - LOGGER.info("Generating array of bytes representing PkiHeader and PkiBody"); + LOGGER.debug("Generating array of bytes representing PkiHeader and PkiBody"); byte[] res; ASN1EncodableVector vector = new ASN1EncodableVector(); vector.add(header); @@ -139,7 +139,7 @@ public final class CmpUtil { */ static PKIHeader generatePkiHeader( X500Name subjectDn, X500Name issuerDn, AlgorithmIdentifier protectionAlg, String senderKid) { - LOGGER.info("Generating a Pki Header Builder"); + LOGGER.debug("Generating a Pki Header Builder"); PKIHeaderBuilder pkiHeaderBuilder = new PKIHeaderBuilder( PKIHeader.CMP_2000, new GeneralName(subjectDn), new GeneralName(issuerDn)); diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpCertificationValidator.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpCertificationValidator.java index c5d6f3e8..e73f57dc 100644 --- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpCertificationValidator.java +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpCertificationValidator.java @@ -1,8 +1,7 @@ /*- * ============LICENSE_START======================================================= * Copyright (C) 2020 Nordix Foundation. - * ================================================================================ - * Modification copyright 2021 Nokia + * Copyright (C) 2021 Nokia. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -75,6 +74,7 @@ public class CmpCertificationValidator { if (notBefore != null && notAfter != null && notBefore.compareTo(notAfter) > 0) { throw new IllegalArgumentException("Before Date is set after the After Date"); } + LOG.info("Validation completed successfully."); } public void checkCmpResponse(final PKIMessage respPkiMessage, final PublicKey publicKey, final String initAuthPassword) @@ -127,9 +127,7 @@ public class CmpCertificationValidator { } private void logServerResponse(CertResponse certResponse) { - if (LOG.isInfoEnabled()) { - LOG.info("Response status code: {}", certResponse.getStatus().getStatus()); - } + LOG.info("Response status code: {}", certResponse.getStatus().getStatus()); if (certResponse.getStatus().getStatusString() != null) { String serverMessage = certResponse.getStatus().getStatusString().getStringAt(0).getString(); LOG.warn("Response status text: {}", serverMessage); -- 2.16.6