diff --git a/sts-keymanagement/sts-keymanagement-impl/src/main/java/de/adorsys/sts/keymanagement/persistence/CachedKeyStoreRepository.java b/sts-keymanagement/sts-keymanagement-impl/src/main/java/de/adorsys/sts/keymanagement/persistence/CachedKeyStoreRepository.java index e87637c1..4fbc0b7d 100644 --- a/sts-keymanagement/sts-keymanagement-impl/src/main/java/de/adorsys/sts/keymanagement/persistence/CachedKeyStoreRepository.java +++ b/sts-keymanagement/sts-keymanagement-impl/src/main/java/de/adorsys/sts/keymanagement/persistence/CachedKeyStoreRepository.java @@ -1,9 +1,11 @@ package de.adorsys.sts.keymanagement.persistence; import de.adorsys.sts.keymanagement.model.StsKeyStore; +import lombok.extern.slf4j.Slf4j; import java.time.ZonedDateTime; +@Slf4j public class CachedKeyStoreRepository implements KeyStoreRepository { private final KeyStoreRepository keyStoreRepository; @@ -15,33 +17,49 @@ public CachedKeyStoreRepository(KeyStoreRepository keyStoreRepository) { @Override public StsKeyStore load() { - if(cachedKeyStore == null) { + log.debug("Calling load(). Cached key store last update: {}", cachedKeyStore != null ? cachedKeyStore.getLastUpdate() : null); + + if (cachedKeyStore == null) { + log.debug("Cache is null, loading from repository"); cachedKeyStore = keyStoreRepository.load(); } else { ZonedDateTime lastUpdate = keyStoreRepository.lastUpdate(); ZonedDateTime cachedLastUpdate = cachedKeyStore.getLastUpdate(); - if(lastUpdate.isAfter(cachedLastUpdate)) { + if (lastUpdate.isAfter(cachedLastUpdate)) { + log.debug("Repository was updated more recently than cache. Refreshing cache."); cachedKeyStore = keyStoreRepository.load(); } } + log.debug("Returning cached key store with last update: {}", cachedKeyStore != null ? cachedKeyStore.getLastUpdate() : null); return cachedKeyStore; } @Override public boolean exists() { - return cachedKeyStore != null || keyStoreRepository.exists(); + boolean exists = cachedKeyStore != null || keyStoreRepository.exists(); + + log.debug("Checking if KeyStore exists. Result: {}", exists); + + return exists; } @Override public void save(StsKeyStore keyStore) { + log.debug("Saving keyStore to repository..."); keyStoreRepository.save(keyStore); + + log.debug("Updating cache with newly saved keyStore"); cachedKeyStore = keyStore; } @Override public ZonedDateTime lastUpdate() { - return keyStoreRepository.lastUpdate(); + ZonedDateTime lastUpdate = keyStoreRepository.lastUpdate(); + + log.debug("LastUpdate: {}", lastUpdate); + + return lastUpdate; } } diff --git a/sts-spring/src/main/java/de/adorsys/sts/keymanagement/KeyManagementConfiguration.java b/sts-spring/src/main/java/de/adorsys/sts/keymanagement/KeyManagementConfiguration.java index e0cf6a9e..59d2f9a1 100644 --- a/sts-spring/src/main/java/de/adorsys/sts/keymanagement/KeyManagementConfiguration.java +++ b/sts-spring/src/main/java/de/adorsys/sts/keymanagement/KeyManagementConfiguration.java @@ -10,6 +10,7 @@ import de.adorsys.sts.keymanagement.persistence.CachedKeyStoreRepository; import de.adorsys.sts.keymanagement.persistence.KeyStoreRepository; import de.adorsys.sts.keymanagement.service.*; +import lombok.extern.slf4j.Slf4j; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.annotation.Bean; @@ -29,6 +30,7 @@ type = FilterType.REGEX ) ) +@Slf4j public class KeyManagementConfiguration { @Bean @@ -41,6 +43,7 @@ KeyConversionService keyConversionService( @Bean(name = "cached") KeyStoreRepository cachedKeyStoreRepository(KeyStoreRepository keyStoreRepository) { + log.debug("Creating 'cached' KeyStoreRepository bean..."); return new CachedKeyStoreRepository(keyStoreRepository); } diff --git a/sts-token-auth/src/main/java/de/adorsys/sts/tokenauth/AuthServer.java b/sts-token-auth/src/main/java/de/adorsys/sts/tokenauth/AuthServer.java index 95edd501..d1dab3b0 100644 --- a/sts-token-auth/src/main/java/de/adorsys/sts/tokenauth/AuthServer.java +++ b/sts-token-auth/src/main/java/de/adorsys/sts/tokenauth/AuthServer.java @@ -48,6 +48,8 @@ public AuthServer(String name, String issUrl, String jwksUrl, int refreshInterva } private void updateJwkCache() throws JsonWebKeyRetrievalException { + log.debug("Thread entering updateJwkCache: " + Thread.currentThread().getId()); + try { List jwks = jwkSource.get(new JWKSelector(new JWKMatcher.Builder().build()), null); @@ -62,31 +64,44 @@ private void updateJwkCache() throws JsonWebKeyRetrievalException { } catch (Exception e) { throw new JsonWebKeyRetrievalException(e); } + + log.debug("Thread leaving updateJwkCache: " + Thread.currentThread().getId()); } public Key getJWK(String keyID) throws JsonWebKeyRetrievalException { + log.debug("Thread entering getJWK: {}", Thread.currentThread().getId()); + Date now = new Date(); long currentTime = now.getTime(); // Check if the cache is still valid if (currentTime - lastCacheUpdate > refreshIntervalSeconds * 1000L || jwkCache.isEmpty()) { + log.debug("Cache is invalid or empty, updating the cache..."); updateJwkCache(); + log.debug("Cache updated successfully"); } JWK jwk = jwkCache.get(keyID); if (jwk == null) { + log.error("Key with ID {} not found in cache", keyID); throw new JsonWebKeyRetrievalException("Key with ID " + keyID + " not found in cache"); } + log.debug("JWK for key ID {} found in cache", keyID); + if (jwk instanceof RSAKey) { try { + log.debug("JWK is instance of RSAKey"); return ((RSAKey) jwk).toPublicKey(); } catch (JOSEException e) { + log.error("Error while converting RSAKey to public key", e); throw new JsonWebKeyRetrievalException(e); } } else if (jwk instanceof SecretJWK) { + log.debug("JWK is instance of SecretJWK"); return ((SecretJWK) jwk).toSecretKey(); } else { + log.error("Unknown key type {}", jwk.getClass()); throw new JsonWebKeyRetrievalException("unknown key type " + jwk.getClass()); } }