chore: Add log message about processing certificate from AT-TLS (#3852)

* add log message Signed-off-by: Pavel Jareš <[email protected]> * update jib Signed-off-by: ac892247 <[email protected]> --------- Signed-off-by: Pavel Jareš <[email protected]> Signed-off-by: ac892247 <[email protected]> Co-authored-by: achmelo <[email protected]> Co-authored-by: ac892247 <[email protected]>
zowe · Oct 29, 2024 · 2c3c408 · 2c3c408
1 parent 8917d1f
commit 2c3c408
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 10 deletions.
diff --git a/apiml-tomcat-common/src/main/java/org/zowe/apiml/filter/AttlsFilter.java b/apiml-tomcat-common/src/main/java/org/zowe/apiml/filter/AttlsFilter.java
@@ -10,6 +10,7 @@
 
 package org.zowe.apiml.filter;
 
+import lombok.extern.slf4j.Slf4j;
 import org.apache.tomcat.util.codec.binary.Base64;
 import org.springframework.web.filter.OncePerRequestFilter;
 import org.zowe.commons.attls.InboundAttls;
@@ -28,30 +29,45 @@
 /**
  * This filter will add X509 certificate from InboundAttls
  */
+@Slf4j
 public class AttlsFilter extends OncePerRequestFilter {
 
     @Override
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+        byte[] rawCertificate = null;
+
         try {
-            byte[] certificate = InboundAttls.getCertificate();
-            if (certificate != null && certificate.length > 0) {
-                populateRequestWithCertificate(request, certificate);
-            }
+            rawCertificate = InboundAttls.getCertificate();
         } catch (Exception e) {
-            logger.error("Not possible to get certificate from AT-TLS context", e);
-            AttlsErrorHandler.handleError(response, "Exception reading certificate");
+            log.error("Not possible to get rawCertificate from AT-TLS context", e);
+            AttlsErrorHandler.handleError(response, "Exception reading rawCertificate");
+        }
+
+        if (rawCertificate != null && rawCertificate.length > 0) {
+            log.debug("Certificate length: {}", rawCertificate.length);
+            try {
+                populateRequestWithCertificate(request, rawCertificate);
+            } catch (CertificateException ce) {
+                log.error("Cannot process rawCertificate: {}\n{}", ce.getMessage(), convert(rawCertificate));
+                AttlsErrorHandler.handleError(response, "Exception reading rawCertificate");
+            }
         }
+
         filterChain.doFilter(request, response);
     }
 
-    public void populateRequestWithCertificate(HttpServletRequest request, byte[] rawCertificate) throws CertificateException {
+    private String convert(byte[] rawCertificate) {
         StringBuilder sb = new StringBuilder();
         sb.append("-----BEGIN CERTIFICATE-----\n");
         sb.append(Base64.encodeBase64String(rawCertificate));
         sb.append("\n-----END CERTIFICATE-----");
+        return sb.toString();
+    }
+
+    public void populateRequestWithCertificate(HttpServletRequest request, byte[] rawCertificate) throws CertificateException {
         X509Certificate certificate = (X509Certificate) CertificateFactory
             .getInstance("X509")
-            .generateCertificate(new ByteArrayInputStream(sb.toString().getBytes(StandardCharsets.UTF_8)));
+            .generateCertificate(new ByteArrayInputStream(convert(rawCertificate).getBytes(StandardCharsets.UTF_8)));
         X509Certificate[] certificates = new X509Certificate[1];
         certificates[0] = certificate;
         request.setAttribute("javax.servlet.request.X509Certificate", certificates);

diff --git a/gradle/versions.gradle b/gradle/versions.gradle
@@ -151,7 +151,7 @@ dependencyResolutionManagement {
             // version 3.x contains breaking changes
             version('gradleRelease', '2.8.1')
             version('gradleLicencer', '0.6.1')
-            version('gradleJibPlugin', '3.2.1')
+            version('gradleJibPlugin', '3.4.4')
             version('taskTree', '2.1.1')
             version('reactorBom', '2023.0')
             version('gradleTestLogger', '4.0.0')
@@ -389,7 +389,7 @@ dependencyResolutionManagement {
             library('gradle_sonar_plugin', 'org.sonarsource.scanner.gradle', 'sonarqube-gradle-plugin').versionRef('sonarGradlePlugin')
             library('gradle_release', 'net.researchgate', 'gradle-release').versionRef('gradleRelease')
             library('gradle_licencer', 'gradle.plugin.org.cadixdev.gradle', 'licenser').versionRef('gradleLicencer')
-            library('gradle_jib_plugin', 'gradle.plugin.com.google.cloud.tools', 'jib-gradle-plugin').versionRef('gradleJibPlugin')
+            library('gradle_jib_plugin', 'com.google.cloud.tools', 'jib-gradle-plugin').versionRef('gradleJibPlugin')
             library('gradle_test_logger', 'com.adarshr', 'gradle-test-logger-plugin').versionRef('gradleTestLogger')
             library('gradle_tomcat_plugin', 'com.bmuschko', 'gradle-tomcat-plugin').versionRef('gradleTomcatPlugin')
             library('micronaut_http_client', 'io.micronaut', 'micronaut-http-client').versionRef('micronaut')