summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoanna Jeremicz <joanna.jeremicz@nokia.com>2021-07-13 14:04:13 +0200
committerJoanna Jeremicz <joanna.jeremicz@nokia.com>2021-07-15 10:52:23 +0200
commitc37307cdda12ccf3abe3699879cc6edf3b40d398 (patch)
tree90ff2dc312cc5eaa93a3a15bb6d494bfcf974a43
parentf9f3ca33aaec818d658136d7f0e5acc6fd51aa0b (diff)
[OOM-CERT-SERVICE] Improve logging
Issue-ID: OOM-2753 Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com> Change-Id: If61f56cf0a54cc0084481613ff984ae01655c942
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/api/CertificationController.java8
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/certification/CertificationResponseModelFactory.java6
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java4
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpResponseHelper.java16
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpUtil.java8
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpCertificationValidator.java8
6 files changed, 27 insertions, 23 deletions
diff --git a/certService/src/main/java/org/onap/oom/certservice/api/CertificationController.java b/certService/src/main/java/org/onap/oom/certservice/api/CertificationController.java
index a4389ec2..987d56ea 100644
--- a/certService/src/main/java/org/onap/oom/certservice/api/CertificationController.java
+++ b/certService/src/main/java/org/onap/oom/certservice/api/CertificationController.java
@@ -76,19 +76,19 @@ public class CertificationController {
content = @Content(schema = @Schema(implementation = ErrorResponseModel.class)))
})
@Operation(
- summary = "sign certificate",
- description = "Web endpoint for requesting certificate signing. Used by system components to gain certificate signed by CA.",
+ summary = "initialize certificate",
+ description = "Web endpoint for requesting certificate initialization. Used by system components to gain certificate signed by CA.",
tags = {"CertificationService"})
public ResponseEntity<CertificationResponseModel> signCertificate(
@Parameter(description = "Name of certification authority that will sign CSR.")
@PathVariable String caName,
- @Parameter(description = "Certificate signing request in form of PEM object encoded in Base64 (with header and footer).")
+ @Parameter(description = "Certificate initialization request in form of PEM object encoded in Base64 (with header and footer).")
@RequestHeader("CSR") String encodedCsr,
@Parameter(description = "Private key in form of PEM object encoded in Base64 (with header and footer).")
@RequestHeader("PK") String encodedPrivateKey
) throws DecryptionException, CmpClientException {
caName = replaceWhiteSpaceChars(caName);
- LOGGER.info("Received certificate signing request for CA named: {}", caName);
+ LOGGER.info("Received certificate initialization request for CA named: {}", caName);
CertificationResponseModel certificationResponseModel = certificationResponseModelFactory
.provideCertificationModelFromInitialRequest(encodedCsr, encodedPrivateKey, caName);
return new ResponseEntity<>(certificationResponseModel, HttpStatus.OK);
diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationResponseModelFactory.java b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationResponseModelFactory.java
index af90bf7e..4c50f6fe 100644
--- a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationResponseModelFactory.java
+++ b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationResponseModelFactory.java
@@ -2,7 +2,7 @@
* ============LICENSE_START=======================================================
* Cert Service
* ================================================================================
- * Copyright (C) 2020 Nokia. All rights reserved.
+ * Copyright (C) 2020-2021 Nokia. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -72,14 +72,14 @@ public class CertificationResponseModelFactory {
Cmpv2Server cmpv2Server = cmpv2ServerProvider.getCmpv2Server(caName);
LOGGER.debug("Found server for given CA name: \n{}", cmpv2Server);
- LOGGER.info("Sending sign request for certification model for CA named: {}, and certificate signing request:\n{}",
+ LOGGER.info("Sending initialization request for certification model for CA named: {}, and certificate signing request:\n{}",
caName, csrModel);
return certificationProvider.executeInitializationRequest(csrModel, cmpv2Server);
}
public CertificationResponseModel provideCertificationModelFromUpdateRequest(CertificateUpdateModel certificateUpdateModel)
throws DecryptionException, CmpClientException {
- LOGGER.info("CSR: {}, old cert: {}, CA: {}", certificateUpdateModel.getEncodedCsr(),
+ LOGGER.debug("CSR: {}, old cert: {}, CA: {}", certificateUpdateModel.getEncodedCsr(),
certificateUpdateModel.getEncodedOldCert(), certificateUpdateModel.getCaName());
final CsrModel csrModel = csrModelFactory.createCsrModel(
new StringBase64(certificateUpdateModel.getEncodedCsr()),
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
index c4be54ce..463451bd 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
@@ -75,7 +75,7 @@ public final class CmpMessageHelper {
*/
public static OptionalValidity generateOptionalValidity(
final Date notBefore, final Date notAfter) {
- LOG.info("Generating Optional Validity from Date objects");
+ LOG.debug("Generating Optional Validity from Date objects");
ASN1EncodableVector optionalValidityV = new ASN1EncodableVector();
if (notBefore != null) {
Time nb = new Time(notBefore);
@@ -95,7 +95,7 @@ public final class CmpMessageHelper {
*/
public static Extensions generateExtension(final GeneralName[] sansArray)
throws CmpClientException {
- LOG.info("Generating Extensions from Subject Alternative Names");
+ LOG.debug("Generating Extensions from Subject Alternative Names");
final ExtensionsGenerator extGenerator = new ExtensionsGenerator();
try {
extGenerator.addExtension(Extension.keyUsage, CRITICAL_FALSE, getKeyUsage());
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpResponseHelper.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpResponseHelper.java
index 1b900987..87dfc507 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpResponseHelper.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpResponseHelper.java
@@ -1,8 +1,7 @@
/*-
* ============LICENSE_START=======================================================
- * Copyright (C) 2020 Nordix Foundation.
- * ================================================================================
- * Modification copyright 2021 Nokia
+ * Copyright (C) 2020 Nordix Foundation.
+ * Copyright (C) 2021 Nokia.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -63,13 +62,20 @@ import org.slf4j.LoggerFactory;
public final class CmpResponseHelper {
private static final Logger LOG = LoggerFactory.getLogger(CmpResponseHelper.class);
+ private static final Map<Integer, String> RESPONSE_TYPE_TO_STRING = Map.of(
+ PKIBody.TYPE_INIT_REP, "INIT_REP",
+ PKIBody.TYPE_CERT_REP, "CERT_REP",
+ PKIBody.TYPE_KEY_UPDATE_REP, "KEY_UPDATE_REP");
private CmpResponseHelper() {
}
static void checkIfCmpResponseContainsError(PKIMessage respPkiMessage) {
- LOG.info("Response type: {} ", respPkiMessage.getBody().getType());
- if (respPkiMessage.getBody().getType() == PKIBody.TYPE_ERROR) {
+ final int responseType = respPkiMessage.getBody().getType();
+ final String responseTypeName = RESPONSE_TYPE_TO_STRING.getOrDefault(responseType, Integer.toString(responseType));
+ LOG.info("Response type is: {} ", responseTypeName);
+
+ if (responseType == PKIBody.TYPE_ERROR) {
final ErrorMsgContent errorMsgContent =
(ErrorMsgContent) respPkiMessage.getBody().getContent();
String text = errorMsgContent.getPKIStatusInfo().getStatusString().getStringAt(0).getString();
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpUtil.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpUtil.java
index a05a5b7a..0d0d7f34 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpUtil.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpUtil.java
@@ -84,7 +84,7 @@ public final class CmpUtil {
* @return bytes containing a random number string representing a nonce
*/
public static byte[] createRandomBytes() {
- LOGGER.info("Generating random array of bytes");
+ LOGGER.debug("Generating random array of bytes");
byte[] randomBytes = new byte[RANDOM_BYTE_LENGTH];
SECURE_RANDOM.nextBytes(randomBytes);
return randomBytes;
@@ -97,7 +97,7 @@ public final class CmpUtil {
* @return bytes containing a random number string representing a nonce
*/
public static int createRandomInt(int range) {
- LOGGER.info("Generating random integer");
+ LOGGER.debug("Generating random integer");
return SECURE_RANDOM.nextInt(range) + RANDOM_SEED;
}
@@ -109,7 +109,7 @@ public final class CmpUtil {
* @return bytes representing the PKIHeader and PKIBody thats to be protected
*/
public static byte[] generateProtectedBytes(PKIHeader header, PKIBody body) throws CmpClientException {
- LOGGER.info("Generating array of bytes representing PkiHeader and PkiBody");
+ LOGGER.debug("Generating array of bytes representing PkiHeader and PkiBody");
byte[] res;
ASN1EncodableVector vector = new ASN1EncodableVector();
vector.add(header);
@@ -139,7 +139,7 @@ public final class CmpUtil {
*/
static PKIHeader generatePkiHeader(
X500Name subjectDn, X500Name issuerDn, AlgorithmIdentifier protectionAlg, String senderKid) {
- LOGGER.info("Generating a Pki Header Builder");
+ LOGGER.debug("Generating a Pki Header Builder");
PKIHeaderBuilder pkiHeaderBuilder =
new PKIHeaderBuilder(
PKIHeader.CMP_2000, new GeneralName(subjectDn), new GeneralName(issuerDn));
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpCertificationValidator.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpCertificationValidator.java
index c5d6f3e8..e73f57dc 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpCertificationValidator.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpCertificationValidator.java
@@ -1,8 +1,7 @@
/*-
* ============LICENSE_START=======================================================
* Copyright (C) 2020 Nordix Foundation.
- * ================================================================================
- * Modification copyright 2021 Nokia
+ * Copyright (C) 2021 Nokia.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -75,6 +74,7 @@ public class CmpCertificationValidator {
if (notBefore != null && notAfter != null && notBefore.compareTo(notAfter) > 0) {
throw new IllegalArgumentException("Before Date is set after the After Date");
}
+ LOG.info("Validation completed successfully.");
}
public void checkCmpResponse(final PKIMessage respPkiMessage, final PublicKey publicKey, final String initAuthPassword)
@@ -127,9 +127,7 @@ public class CmpCertificationValidator {
}
private void logServerResponse(CertResponse certResponse) {
- if (LOG.isInfoEnabled()) {
- LOG.info("Response status code: {}", certResponse.getStatus().getStatus());
- }
+ LOG.info("Response status code: {}", certResponse.getStatus().getStatus());
if (certResponse.getStatus().getStatusString() != null) {
String serverMessage = certResponse.getStatus().getStatusString().getStringAt(0).getString();
LOG.warn("Response status text: {}", serverMessage);