Add Cert Hashes to Logging (#68)

* Fix format of logback file

* Add Log Message Description

* Add Interceptor to cleanup MDC after each request

* Checkstyle

* Add Logging of Cert Hashes for Uploading

* Add Logging of Cert Hashes for Uploading

docs/software-design-dgc-gateway.md

@@ -187,6 +187,8 @@ These key-value-pairs can be followed by additional attributes. The additional a
 | Check of uploaded certificate has failed when uploading a certificate | ERROR | Verification certificate upload failed | reason, message |
 | Revoking Certificate | INFO | Revoking verification certificate | signerCertSubject, payloadCertSubject |
 | Uploading Certificate | INFO | Uploading new verification certificate | signerCertSubject, payloadCertSubject |
+| Saving Certificate into DB (All checks passed) | INFO | Saving new SignerInformation Entity | uploadCertThumbprint, cscaCertThumbprint |
+| Revoking Certificate from DB (All checks passed) | INFO | Revoking SignerInformation Entity | uploadCertThumbprint |
 | **Audit Service**
 | Created new AuditEvent (id = event type) | INFO | Created AuditEvent | auditId, country |
 | **General**

src/main/java/eu/europa/ec/dgc/gateway/service/SignerInformationService.java

@@ -54,6 +54,9 @@ public class SignerInformationService {
 
     private final SignerInformationRepository signerInformationRepository;
 
+    private static final String MDC_PROP_UPLOAD_CERT_THUMBPRINT = "uploadCertThumbprint";
+    private static final String MDC_PROP_CSCA_CERT_THUMBPRINT = "cscaCertThumbprint";
+
     /**
      * Method to query persistence layer for all stored SignerInformation.
      *
@@ -123,7 +126,14 @@ public SignerInformationEntity addSignerCertificate(
         newSignerInformation.setCertificateType(SignerInformationEntity.CertificateType.DSC);
         newSignerInformation.setSignature(signature);
 
-        return signerInformationRepository.save(newSignerInformation);
+        log.info("Saving new SignerInformation Entity");
+
+        newSignerInformation = signerInformationRepository.save(newSignerInformation);
+
+        DgcMdc.remove(MDC_PROP_UPLOAD_CERT_THUMBPRINT);
+        DgcMdc.remove(MDC_PROP_CSCA_CERT_THUMBPRINT);
+
+        return newSignerInformation;
     }
 
     /**
@@ -145,8 +155,12 @@ public void deleteSignerCertificate(
         contentCheckCountryOfOrigin(uploadedCertificate, authenticatedCountryCode);
         contentCheckExists(uploadedCertificate);
 
+        log.info("Revoking SignerInformation Entity");
+
         // All checks passed --> Delete from DB
         signerInformationRepository.deleteByThumbprint(certificateUtils.getCertThumbprint(uploadedCertificate));
+
+        DgcMdc.remove(MDC_PROP_UPLOAD_CERT_THUMBPRINT);
     }
 
     private void contentCheckUploaderCertificate(
@@ -165,6 +179,8 @@ private void contentCheckUploaderCertificate(
                 "Could not find upload certificate with hash %s and country %s",
                 signerCertThumbprint, authenticatedCountryCode);
         }
+
+        DgcMdc.put(MDC_PROP_UPLOAD_CERT_THUMBPRINT, signerCertThumbprint);
     }
 
     private void contentCheckCountryOfOrigin(X509CertificateHolder uploadedCertificate,
@@ -200,10 +216,15 @@ private void contentCheckCsca(X509CertificateHolder uploadedCertificate,
                 "CSCA list for country %s is empty", authenticatedCountryCode);
         }
 
-        boolean cscaCheckResult = trustedCas.stream().anyMatch(ca -> certificateSignedByCa(uploadedCertificate, ca));
-        if (!cscaCheckResult) {
+        Optional<TrustedPartyEntity> matchingCa = trustedCas.stream()
+            .dropWhile(ca -> !certificateSignedByCa(uploadedCertificate, ca))
+            .findFirst();
+
+        if (matchingCa.isEmpty()) {
             throw new SignerCertCheckException(SignerCertCheckException.Reason.CSCA_CHECK_FAILED,
                 "Could not verify uploaded certificate was signed by valid CSCA.");
+        } else {
+            DgcMdc.put(MDC_PROP_CSCA_CERT_THUMBPRINT, matchingCa.get().getThumbprint());
         }
     }