Skip to content

Commit

Permalink
Merge pull request #2476 from nordic-institute/XRDDEV-2687
Browse files Browse the repository at this point in the history 
feat: support non-batch signatures in message log and ASIC-E containers

Refs: XRDDEV-2687
  • Loading branch information
@mloitm
mloitm authored Dec 13, 2024
2 parents 92c14a4 + f7d0bee commit d814383
Show file tree
Hide file tree
Showing 97 changed files with 1,593 additions and 827 deletions.
13 changes: 10 additions & 3 deletions Docker/xrd-dev-stack/tools/deploy.sh
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
#!/bin/bash

: ${XROAD_HOME:?"XROAD_HOME is not set"}

deploy_module() {
local module_name=$1
shift
Expand All @@ -15,6 +17,7 @@ deploy_module() {
;;
"messagelog-addon")
jar_path="$XROAD_HOME/src/addons/messagelog/messagelog-addon/build/libs/messagelog-addon.jar"
target_path="/usr/share/xroad/jlib/addon/proxy/"
service_name="xroad-proxy"
;;
"hwtoken-addon")
Expand Down Expand Up @@ -66,14 +69,18 @@ deploy_module() {
done
}

set -o xtrace
set -o xtrace -o errexit

case $1 in
"proxy" | "messagelog-addon" | "metaservice-addon" | "proxy-ui-api" | "configuration-client" | "op-monitor-daemon")
deploy_module "$1" "ss0" "ss1"
hosts=("ss0" "ss1")
if [[ $# > 1 ]]; then hosts=("${@:2}"); fi
deploy_module "$1" "${hosts[@]}"
;;
"signer" | "hwtoken-addon")
deploy_module "$1" "ss0" "ss1" "cs"
hosts=("ss0" "ss1" "cs")
if [[ $# > 1 ]]; then hosts=("${@:2}"); fi
deploy_module "$1" "${hosts[@]}"
;;
"cs-admin-service" | "cs-management-service" | "cs-registration-service")
deploy_module "$1" "cs"
Expand Down
32 changes: 30 additions & 2 deletions ...s/messagelog/messagelog-addon/src/main/java/ee/ria/xroad/proxy/messagelog/LogManager.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
import ee.ria.xroad.common.DiagnosticsUtils;
import ee.ria.xroad.common.conf.globalconf.GlobalConfProvider;
import ee.ria.xroad.common.conf.serverconf.ServerConfProvider;
import ee.ria.xroad.common.message.AttachmentStream;
import ee.ria.xroad.common.messagelog.AbstractLogManager;
import ee.ria.xroad.common.messagelog.LogMessage;
import ee.ria.xroad.common.messagelog.MessageLogProperties;
Expand All @@ -44,6 +45,7 @@
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.io.input.BoundedInputStream;

import java.io.InputStream;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
Expand Down Expand Up @@ -190,11 +192,11 @@ private TimestampRecord timestampImmediately(MessageRecord logRecord) throws Exc
private static MessageRecord createMessageRecord(SoapLogMessage message) throws Exception {
log.trace("createMessageRecord()");

String loggedMessage = new MessageBodyManipulator().getLoggableMessageText(message);
var manipulator = new MessageBodyManipulator();

MessageRecord messageRecord = new MessageRecord(
message.getQueryId(),
loggedMessage,
manipulator.getLoggableMessageText(message),
message.getSignature().getSignatureXml(),
message.isResponse(),
message.isClientSide() ? message.getClient() : message.getService().getClientId(),
Expand All @@ -205,12 +207,38 @@ private static MessageRecord createMessageRecord(SoapLogMessage message) throws
if (message.getSignature().isBatchSignature()) {
messageRecord.setHashChainResult(message.getSignature().getHashChainResult());
messageRecord.setHashChain(message.getSignature().getHashChain());
} else if (manipulator.isBodyLogged(message)) {
// log attachments for non-batch signatures
if (MAX_LOGGABLE_BODY_SIZE > 0) {
messageRecord.setAttachmentStreams(message.getAttachments()
.stream().map(LogManager::boundedAttachmentStream).toList());
}

}

messageRecord.setSignatureHash(signatureHash(message.getSignature().getSignatureXml()));
return messageRecord;
}

private static AttachmentStream boundedAttachmentStream(AttachmentStream attachment) {
return new AttachmentStream() {
@Override
public InputStream getStream() {
if (attachment.getSize() > MAX_LOGGABLE_BODY_SIZE && !TRUNCATED_BODY_ALLOWED) {
throw new CodedException(X_LOGGING_FAILED_X, "Message attachment size exceeds maximum loggable size");
}
final BoundedInputStream body = new BoundedInputStream(attachment.getStream(), MAX_LOGGABLE_BODY_SIZE);
body.setPropagateClose(false);
return body;
}

@Override
public long getSize() {
return attachment.getSize();
}
};
}

private static MessageRecord createMessageRecord(RestLogMessage message) throws Exception {
log.trace("createMessageRecord()");

Expand Down
47 changes: 10 additions & 37 deletions ...agelog/messagelog-addon/src/main/java/ee/ria/xroad/proxy/messagelog/LogRecordManager.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@

import ee.ria.xroad.common.db.HibernateUtil;
import ee.ria.xroad.common.identifier.ClientId;
import ee.ria.xroad.common.message.AttachmentStream;
import ee.ria.xroad.common.messagelog.AbstractLogRecord;
import ee.ria.xroad.common.messagelog.LogRecord;
import ee.ria.xroad.common.messagelog.MessageRecord;
Expand All @@ -39,14 +40,12 @@
import jakarta.persistence.criteria.Root;
import lombok.extern.slf4j.Slf4j;
import org.hibernate.Session;
import org.hibernate.query.Query;
import org.hibernate.query.MutationQuery;

import java.io.InputStream;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import java.util.function.Function;

Expand All @@ -73,20 +72,6 @@ public final class LogRecordManager {
private LogRecordManager() {
}

/**
* Returns a log record for a given message Query Id, start and end time.
* @param queryId the message query id.
* @param startTime the start time.
* @param endTime the end time.
* @return the log record or null, if log record is not found in database.
* @throws Exception if an error occurs while communicating with database.
*/
static LogRecord getByQueryId(String queryId, Date startTime, Date endTime) throws Exception {
log.trace(GET_BY_QUERY_ID_LOG_FORMAT, queryId, startTime, endTime);

return doInTransaction(session -> getMessageRecord(session, queryId, startTime, endTime));
}

/**
* Returns a log record for a given message Query Id and sender Client Id.
* @param queryId the message query id.
Expand Down Expand Up @@ -149,10 +134,11 @@ static void saveMessageRecord(MessageRecord messageRecord) throws Exception {
encryption.prepareEncryption(messageRecord);
}

InputStream is = messageRecord.getAttachmentStream();
if (is != null) {
messageRecord.setAttachment(
session.getLobHelper().createBlob(is, messageRecord.getAttachmentStreamSize()));
int attachmentNo = 0;
for (AttachmentStream attachmentStream : messageRecord.getAttachmentStreams()) {
attachmentNo++;
messageRecord.addAttachment(attachmentNo, // attachment numbering starts from one as in asic container
session.getLobHelper().createBlob(attachmentStream.getStream(), attachmentStream.getSize()));
}

save(session, messageRecord);
Expand All @@ -168,7 +154,7 @@ static void saveMessageRecord(MessageRecord messageRecord) throws Exception {
@SuppressWarnings("JpaQlInspection")
static void updateMessageRecordSignature(MessageRecord messageRecord, String oldHash) throws Exception {
doInTransaction(session -> {
final Query<?> query = session.createQuery("update MessageRecord m "
final MutationQuery query = session.createMutationQuery("update MessageRecord m "
+ "set m.signature = :signature, m.signatureHash = :hash "
+ "where m.id = :id and m.timestampRecord is null and m.signatureHash = :oldhash");

Expand Down Expand Up @@ -207,11 +193,11 @@ static void saveTimestampRecord(TimestampRecord timestampRecord, Long[]
*/
static void save(Session session, LogRecord logRecord) {
log.trace("save({})", logRecord.getClass());
session.save(logRecord);
session.persist(logRecord);
}

static long getNextRecordId(Session session) {
return ((Number) session.createNativeQuery("SELECT nextval('logrecord_sequence')").getSingleResult()).longValue();
return session.createNativeQuery("SELECT nextval('logrecord_sequence')", Long.class).getSingleResult();
}

/**
Expand Down Expand Up @@ -276,19 +262,6 @@ private static LogRecord getLogRecord(Session session, Long number) {
return session.get(AbstractLogRecord.class, number);
}

private static MessageRecord getMessageRecord(Session session, String queryId, Date startTime, Date endTime) {
final CriteriaBuilder cb = session.getCriteriaBuilder();
final CriteriaQuery<MessageRecord> query = cb.createQuery(MessageRecord.class);
final Root<MessageRecord> m = query.from(MessageRecord.class);

query.select(m)
.where(cb.and(
cb.equal(m.get("queryId"), queryId),
cb.between(m.get("time"), startTime.getTime(), endTime.getTime())
));
return session.createQuery(query).setMaxResults(1).uniqueResult();
}

private static MessageRecord getMessageRecord(Session session, String queryId, ClientId clientId,
Boolean isResponse) {
final CriteriaQuery<MessageRecord> query = createRecordCriteria(session, queryId, clientId, isResponse);
Expand Down
10 changes: 9 additions & 1 deletion .../messagelog-addon/src/test/java/ee/ria/xroad/proxy/messagelog/AbstractMessageLogTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
import ee.ria.xroad.common.cert.CertChainFactory;
import ee.ria.xroad.common.conf.globalconf.GlobalConfProvider;
import ee.ria.xroad.common.conf.serverconf.ServerConfProvider;
import ee.ria.xroad.common.message.AttachmentStream;
import ee.ria.xroad.common.message.RestRequest;
import ee.ria.xroad.common.message.SoapMessageImpl;
import ee.ria.xroad.common.messagelog.AbstractLogManager;
Expand All @@ -52,6 +53,7 @@
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.List;

import static ee.ria.xroad.proxy.messagelog.TestUtil.getGlobalConf;
import static ee.ria.xroad.proxy.messagelog.TestUtil.getServerConf;
Expand Down Expand Up @@ -129,7 +131,13 @@ private void signalTimestampingStatus(SetTimestampingStatusMessage.Status status
}

protected void log(SoapMessageImpl message, SignatureData signature) throws Exception {
logManager.log(new SoapLogMessage(message, signature, true));
log(message, signature, List.of());
}

protected void log(SoapMessageImpl message, SignatureData signature, List<byte[]> attachments) throws Exception {
var attachmentStreamList = attachments.stream()
.map(attachment -> AttachmentStream.fromInputStream(new ByteArrayInputStream(attachment), attachment.length)).toList();
logManager.log(new SoapLogMessage(message, signature, attachmentStreamList, true, message.getQueryId()));
}

protected void log(RestRequest message, SignatureData signatureData, byte[] body)
Expand Down
2 changes: 1 addition & 1 deletion ...sagelog-addon/src/test/java/ee/ria/xroad/proxy/messagelog/MessageBodyManipulatorTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,7 @@ private void assertNodeEmptinessAfterManipulation(SoapMessageImpl query,
String elementName,
boolean keepBody) throws Exception {
String loggableMessage = new TestableMessageBodyManipulator(keepBody)
.getLoggableMessageText(new SoapLogMessage(query, null, clientSide));
.getLoggableMessageText(new SoapLogMessage(query, null, List.of(), clientSide, null));
log.debug("loggable message with body"
+ (keepBody ? " intact: " : " removed: ")
+ loggableMessage);
Expand Down
Loading

0 comments on commit d814383

Please sign in to comment.