Merge branch 'hotfix' into 'main'

Hotfix See merge request simpl/simpl-open/development/iaa/tls-gateway!56

Merge branch 'hotfix' into 'main'
Hotfix See merge request simpl/simpl-open/development/iaa/tls-gateway!56
5def1c4f · Marco Amoia · b6dd7929 · 3d34e389 · 5def1c4f · 5def1c4f
Commit 5def1c4f authored 2 months ago by Marco Amoia
--- a/pipeline.variables.sh
+++ b/pipeline.variables.sh
-PROJECT_VERSION_NUMBER="0.8.1"
\ No newline at end of file
+PROJECT_VERSION_NUMBER="0.8.2"
\ No newline at end of file
--- a/src/main/java/com/aruba/simpl/tlsgateway/configurations/publickey/AbstractPublicKeyProducer.java
+++ b/src/main/java/com/aruba/simpl/tlsgateway/configurations/publickey/AbstractPublicKeyProducer.java
 package com.aruba.simpl.tlsgateway.configurations.publickey;

 import com.aruba.simpl.common.model.dto.CredentialDTO;
+import com.aruba.simpl.tlsgateway.configurations.microservices.UsersRolesProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.http.MediaType;
 import org.springframework.web.reactive.function.client.WebClient;

 public abstract class AbstractPublicKeyProducer {

+    protected final UsersRolesProperties usersRolesProperties;
+
+    protected AbstractPublicKeyProducer(UsersRolesProperties usersRolesProperties) {
+        this.usersRolesProperties = usersRolesProperties;
+    }
+
    protected abstract String getAuthorityPublicKeyBaseUrl();

+    protected String getMyPublicKeyBaseUrl() {
+        return usersRolesProperties.url();
+    }
+
    @Bean
-    public CredentialDTO authorityKey() {
+    public CredentialDTO authorityPublicKey() {
+        return getPublicKey(getAuthorityPublicKeyBaseUrl());
+    }
+
+    @Bean
+    public CredentialDTO myPublicKey() {
+        return getPublicKey(getMyPublicKeyBaseUrl());
+    }
+
+    private CredentialDTO getPublicKey(String url) {
        return WebClient.builder()
-                .baseUrl("%s/credential/public-key".formatted(getAuthorityPublicKeyBaseUrl()))
+                .baseUrl("%s/credential/public-key".formatted(url))
                .defaultHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE)
                .build()
                .get()

--- a/src/main/java/com/aruba/simpl/tlsgateway/configurations/publickey/AuthorityPublicKeyProducer.java
+++ b/src/main/java/com/aruba/simpl/tlsgateway/configurations/publickey/AuthorityPublicKeyProducer.java
@@ -8,14 +8,12 @@ import org.springframework.context.annotation.Profile;
 @Profile("authority")
 public class AuthorityPublicKeyProducer extends AbstractPublicKeyProducer {

-    private final UsersRolesProperties usersRolesProperties;
-
    protected AuthorityPublicKeyProducer(UsersRolesProperties usersRolesProperties) {
-        this.usersRolesProperties = usersRolesProperties;
+        super(usersRolesProperties);
    }

    @Override
    protected String getAuthorityPublicKeyBaseUrl() {
-        return usersRolesProperties.url();
+        return getMyPublicKeyBaseUrl();
    }
 }
--- a/src/main/java/com/aruba/simpl/tlsgateway/configurations/publickey/ParticipantPublicKeyProducer.java
+++ b/src/main/java/com/aruba/simpl/tlsgateway/configurations/publickey/ParticipantPublicKeyProducer.java
 package com.aruba.simpl.tlsgateway.configurations.publickey;

 import com.aruba.simpl.tlsgateway.configurations.ClientProperties;
+import com.aruba.simpl.tlsgateway.configurations.microservices.UsersRolesProperties;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;

@@ -10,7 +11,9 @@ public class ParticipantPublicKeyProducer extends AbstractPublicKeyProducer {

    private final ClientProperties clientProperties;

-    protected ParticipantPublicKeyProducer(ClientProperties clientProperties) {
+    protected ParticipantPublicKeyProducer(
+            UsersRolesProperties usersRolesProperties, ClientProperties clientProperties) {
+        super(usersRolesProperties);
        this.clientProperties = clientProperties;
    }


--- a/src/main/java/com/aruba/simpl/tlsgateway/filters/EphemeralProofFilter.java
+++ b/src/main/java/com/aruba/simpl/tlsgateway/filters/EphemeralProofFilter.java
@@ -26,6 +26,7 @@ import java.util.function.Function;
 import java.util.function.Predicate;
 import lombok.extern.log4j.Log4j2;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.cloud.gateway.filter.GatewayFilterChain;
 import org.springframework.cloud.gateway.filter.GlobalFilter;
 import org.springframework.core.Ordered;
@@ -52,7 +53,7 @@ public class EphemeralProofFilter implements GlobalFilter, Ordered {
            RouteConfig routeConfig,
            EphemeralProofRepository ephemeralProofRepository,
            @Autowired(required = false) Function<String, JwtEphemeralProofVerifier> ephemeralProofVerifierFactory,
-            CredentialDTO authorityKey) {
+            @Qualifier("authorityPublicKey") CredentialDTO authorityKey) {
        this.routeConfig = routeConfig;
        this.ephemeralProofRepository = ephemeralProofRepository;
        this.ephemeralProofValidatorFactory =

--- a/src/main/java/com/aruba/simpl/tlsgateway/filters/LoggingFilter.java
+++ b/src/main/java/com/aruba/simpl/tlsgateway/filters/LoggingFilter.java
 package com.aruba.simpl.tlsgateway.filters;

+import static eu.simpl.MessageBuilder.buildMessage;
+
+import com.aruba.simpl.common.logging.LoggingRule;
+import com.aruba.simpl.common.model.dto.CredentialDTO;
+import com.aruba.simpl.common.utils.JwtUtil;
+import com.aruba.simpl.tlsgateway.utils.ExchangeUtil;
+import eu.simpl.types.LogMessage;
+import eu.simpl.types.MessageType;
+import java.util.*;
+import java.util.function.Function;
+import lombok.extern.log4j.Log4j2;
+import org.apache.logging.log4j.Level;
+import org.apache.logging.log4j.core.lookup.StrSubstitutor;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.cloud.gateway.filter.GatewayFilterChain;
 import org.springframework.cloud.gateway.filter.GlobalFilter;
 import org.springframework.core.Ordered;
+import org.springframework.http.server.reactive.ServerHttpResponse;
 import org.springframework.stereotype.Component;
 import org.springframework.web.server.ServerWebExchange;
+import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;

+@Log4j2
 @Component
 public class LoggingFilter implements GlobalFilter, Ordered {

-    private final com.aruba.simpl.common.logging.LoggingFilter businessLoggingFilter;
+    private final CredentialDTO myPublicKey;
+    private final List<LoggingRule> loggingRules;

-    public LoggingFilter(com.aruba.simpl.common.logging.LoggingFilter businessLoggingFilter) {
-        this.businessLoggingFilter = businessLoggingFilter;
+    public LoggingFilter(@Qualifier("myPublicKey") CredentialDTO myPublicKey, List<LoggingRule> loggingRules) {
+        this.myPublicKey = myPublicKey;
+        this.loggingRules = loggingRules;
    }

    @Override
    public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
-        return chain.filter(exchange).then(businessLoggingFilter.filter(exchange));
+        return Flux.fromIterable(loggingRules)
+                .filterWhen(rule -> rule.matches(exchange))
+                .next()
+                .map(buildLogger(exchange, chain))
+                .flatMap(BusinessLogger::log)
+                .switchIfEmpty(chain.filter(exchange));
+    }
+
+    private Function<LoggingRule, BusinessLogger> buildLogger(ServerWebExchange exchange, GatewayFilterChain chain) {
+        return loggingRule -> new BusinessLogger(loggingRule.config(), exchange, chain);
+    }
+
+    private class BusinessLogger {
+
+        private final LoggingRule.Config config;
+        private final ServerWebExchange exchange;
+        private final GatewayFilterChain chain;
+        private final UUID correlationId;
+
+        private BusinessLogger(LoggingRule.Config config, ServerWebExchange exchange, GatewayFilterChain chain) {
+            this.config = config;
+            this.exchange = exchange;
+            this.chain = chain;
+            this.correlationId = UUID.randomUUID();
+        }
+
+        public Mono<Void> log() {
+            return log(MessageType.REQUEST)
+                    .then(chain.filter(exchange).doAfterTerminate(() -> log(MessageType.RESPONSE)));
+        }
+
+        private Mono<Void> log(MessageType messageType) {
+            var token = JwtUtil.getBearerToken(exchange.getRequest().getHeaders());
+
+            var user = token.map(getUser()).orElse("anonymous user");
+
+            Map<String, String> templateContext = getTemplateContext(messageType, user);
+
+            var messageTemplate = config.message();
+
+            log.log(
+                    Level.getLevel("BUSINESS"),
+                    buildMessage(LogMessage.builder()
+                            .businessOperations(config.operations())
+                            .messageType(messageType)
+                            .origin(getOrigin(messageType))
+                            .destination(getDestination(messageType))
+                            .correlationId(correlationId.toString())
+                            .msg(StrSubstitutor.replace(messageTemplate, templateContext))
+                            .build()));
+
+            return Mono.empty();
+        }
+
+        private String getOrigin(MessageType messageType) {
+            return switch (messageType) {
+                case REQUEST -> ExchangeUtil.getCredentialIdFromExchange(exchange);
+                case RESPONSE -> myPublicKey.getPublicKey();
+                default -> throw new IllegalArgumentException("Unsupported message type %s".formatted(messageType));
+            };
+        }
+
+        private String getDestination(MessageType messageType) {
+            return switch (messageType) {
+                case REQUEST -> myPublicKey.getPublicKey();
+                case RESPONSE -> ExchangeUtil.getCredentialIdFromExchange(exchange);
+                default -> throw new IllegalArgumentException("Unsupported message type %s".formatted(messageType));
+            };
+        }
+
+        private Function<String, String> getUser() {
+            return token -> JwtUtil.getClaim(JwtUtil.parseJwt(token), "email").toString();
+        }
+
+        private Map<String, String> getTemplateContext(MessageType messageType, String user) {
+            return Map.of(
+                    "method", exchange.getRequest().getMethod().toString(),
+                    "path", exchange.getRequest().getPath().value(),
+                    "user", user,
+                    "responseStatus", getResponseStatus(messageType));
+        }
+
+        private String getResponseStatus(MessageType messageType) {
+            if (messageType == MessageType.REQUEST) {
+                return "";
+            } else {
+                return Optional.of(exchange.getResponse())
+                        .map(ServerHttpResponse::getStatusCode)
+                        .map(Objects::toString)
+                        .orElse("");
+            }
+        }
    }

    @Override