From c02bd7c0a8b47fefa09e1eb73291f5ea14082a3a Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Thu, 27 Feb 2020 11:01:17 +0100
Subject: add new transactionId for PII related data only

---
 .../impl/idp/controller/protocols/RequestImpl.java | 65 ++++++++++++++++++++--
 .../core/impl/idp/module/test/TestRequestImpl.java | 16 +++++-
 .../java/at/gv/egiz/eaaf/core/api/IRequest.java    | 10 ++++
 .../eaaf/core/impl/utils/TransactionIdUtils.java   | 53 +++++++++++++++++-
 4 files changed, 133 insertions(+), 11 deletions(-)

diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java
index 5110d2bf..adc8774a 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java
@@ -42,7 +42,6 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
 import at.gv.egiz.eaaf.core.impl.utils.HttpUtils;
-import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils;
 
 import org.apache.commons.lang3.StringUtils;
@@ -71,6 +70,7 @@ public abstract class RequestImpl implements IRequest, Serializable {
 
   private String uniqueTransactionIdentifer;
   private String uniqueSessionIdentifer;
+  private String uniquePiiTransactionIdentifier;
 
   private String requestedServiceProviderIdentifer;
   private String idpAuthUrl = null;
@@ -104,7 +104,22 @@ public abstract class RequestImpl implements IRequest, Serializable {
    */
   public final void initialize(final HttpServletRequest req, final IConfigurationWithSP authConfig)
       throws EaafException {
-    initialize(req, authConfig, null);
+    initialize(req, authConfig, null, null);
+
+  }
+
+  /**
+   * Initialize this pendingRequest object.
+   *
+   * @param req        {@link HttpServletRequest}
+   * @param authConfig {@link IConfiguration}
+   * @param transactionId Unique ID for technical log correlation that should be used in this pendingRequest
+   * @throws EaafException
+   *
+   */
+  public final void initialize(final HttpServletRequest req, final IConfigurationWithSP authConfig,
+      @Nullable final String transactionId) throws EaafException {
+    initialize(req, authConfig, transactionId, null);
 
   }
 
@@ -113,25 +128,35 @@ public abstract class RequestImpl implements IRequest, Serializable {
    *
    * @param req           {@link HttpServletRequest}
    * @param authConfig    {@link IConfiguration}
-   * @param transactionId transactionId that should be used in this pendingRequest
+   * @param transactionId Unique ID for technical log correlation that should be used in this pendingRequest
+   * @param piiTransactionId Unique ID for PII data correlation that should be used in this pendingRequest
    *                      for logging. If 'null' a new one will be generated
    *
    * @throws EaafException
    *
    */
   public final void initialize(@NonNull final HttpServletRequest req,
-      @NonNull final IConfigurationWithSP authConfig, @Nullable final String transactionId)
+      @NonNull final IConfigurationWithSP authConfig, @Nullable final String transactionId,
+      @Nullable final String piiTransactionId)
       throws EaafException {
     // use external transactionId or create new one if empty or null
     if (StringUtils.isNotEmpty(transactionId)) {
       uniqueTransactionIdentifer = transactionId;
     } else {
-      uniqueTransactionIdentifer = Random.nextLongRandom();
+      uniqueTransactionIdentifer = UUID.randomUUID().toString();
     }
 
     // set unique transaction identifier for logging
     TransactionIdUtils.setTransactionId(uniqueTransactionIdentifer);
 
+    // use external piiTransactionId or create new one if empty or null
+    if (StringUtils.isNotEmpty(piiTransactionId)) {
+      uniquePiiTransactionIdentifier = piiTransactionId;
+    } else {
+      uniquePiiTransactionIdentifier = UUID.randomUUID().toString();
+    }
+
+
     // initialize session object
     genericDataStorage.put(EaafConstants.AUTH_DATA_CREATED, new Date());
     // genericDataStorage.put(EAAFConstants.VALUE_SESSIONID,
@@ -312,22 +337,52 @@ public abstract class RequestImpl implements IRequest, Serializable {
 
   }
 
+  @Override
+  public final String getUniquePiiTransactionIdentifier() {
+    return uniquePiiTransactionIdentifier;
+  }
+
   @Override
   public final String getProcessInstanceId() {
     return this.processInstanceId;
 
   }
 
+  /**
+   * Set an unique transaction identifier to correlate technical logging
+   *     in one single transaction.
+   *
+   * @param id Unique identifier
+   */
   public final void setUniqueTransactionIdentifier(final String id) {
     this.uniqueTransactionIdentifer = id;
 
   }
 
+  /**
+   * Set an unique session identifier to correlate technical logging over a set of transactions,
+   *   like SSO as one example.
+   *
+   * @param id Unique identifier
+   */
   public final void setUniqueSessionIdentifier(final String id) {
     this.uniqueSessionIdentifer = id;
 
   }
 
+  /**
+   * Set an unique transaction identifier to correlate PII related data.
+   *
+   * <p>This identifier will be not used for technical logging.</p>
+   *
+   * @param id Unique identifier
+   */
+  public void setUniquePiiTransactionIdentifier(String id) {
+    this.uniquePiiTransactionIdentifier = id;
+
+  }
+
+
   public void setProcessInstanceId(final String id) {
     this.processInstanceId = id;
 
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/TestRequestImpl.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/TestRequestImpl.java
index 656e8d29..8f8f8114 100644
--- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/TestRequestImpl.java
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/TestRequestImpl.java
@@ -24,13 +24,13 @@ import java.lang.reflect.InvocationTargetException;
 import java.util.HashMap;
 import java.util.Map;
 
-import org.apache.commons.lang3.StringUtils;
-
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
 
+import org.apache.commons.lang3.StringUtils;
+
 /**
  * Test pending-request for jUnit tests.
  *
@@ -49,6 +49,7 @@ public class TestRequestImpl implements IRequest {
   private boolean authenticated;
   private boolean needAuthentication = false;
   private boolean stoppedByUser;
+  private String piiTransactionId;
 
   /*
    * (non-Javadoc)
@@ -139,6 +140,11 @@ public class TestRequestImpl implements IRequest {
     return null;
   }
 
+  @Override
+  public String getUniquePiiTransactionIdentifier() {
+    return this.piiTransactionId;
+  }
+
   /*
    * (non-Javadoc)
    *
@@ -247,7 +253,7 @@ public class TestRequestImpl implements IRequest {
   @Override
   public boolean isAbortedByUser() {
     return this.stoppedByUser;
-    
+
   }
 
   /*
@@ -370,6 +376,10 @@ public class TestRequestImpl implements IRequest {
     this.pendingReqId = pendingReqId;
   }
 
+  public void setPiiTransactionId(String piiTransactionId) {
+    this.piiTransactionId = piiTransactionId;
+  }
+
   public void setAuthUrl(final String authUrl) {
     this.authUrl = authUrl;
   }
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java
index dd18d04f..99541cd6 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java
@@ -159,6 +159,16 @@ public interface IRequest extends Serializable {
    */
   String getUniqueSessionIdentifier();
 
+
+  /**
+   * Holds a unique transaction identifier for PII related information,
+   *     like DSGVO data.
+   * <br>
+   * <p><b>This transaction identifier SHALL NOT be used for technical log-correlation</b></p>
+   * @return
+   */
+  String getUniquePiiTransactionIdentifier();
+
   /**
    * Hold the identifier if the process instance, which is associated with this
    * request.
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java
index d8976548..4cbcfa70 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java
@@ -30,8 +30,19 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 public class TransactionIdUtils {
 
   // MDC variables for logging
+  /**
+   * To correlate technical logs over one single transactions.
+   */
   public static final String MDC_TRANSACTION_ID = "transactionId";
+
+  /**
+   * To correlate technical logs over a set of transactions, like SSO.
+   */
   public static final String MDC_SESSION_ID = "sessionId";
+
+  /**
+   * Unique application identifier that is processed in this transaction.
+   */
   public static final String MDC_SERVICEPROVIDER_ID = "oaId";
 
   /**
@@ -59,34 +70,70 @@ public class TransactionIdUtils {
 
   }
 
+  /**
+   * Set unique service-provider identifier for Logging purposes.
+   *
+   * @param oaUniqueId Unique application Id
+   */
   public static void setServiceProviderId(final String oaUniqueId) {
     org.slf4j.MDC.put(MDC_SERVICEPROVIDER_ID, oaUniqueId);
 
   }
 
+  /**
+   * Remove service-provider identifier for Logging.
+   */
   public static void removeServiceProviderId() {
     org.slf4j.MDC.remove(MDC_SERVICEPROVIDER_ID);
 
   }
 
-  public static void setTransactionId(final String pendingRequestID) {
-    org.slf4j.MDC.put(MDC_TRANSACTION_ID, "TID-" + pendingRequestID);
+  /**
+   * Get Id to correlate technical logs over one single transactions.
+   *
+   * @return Unique transaction Id
+   */
+  public static String getTransactionId() {
+    return org.slf4j.MDC.get(MDC_TRANSACTION_ID);
 
   }
 
+  /**
+   * Set Id to correlate technical logs over one single transactions.
+   *
+   * @param transactionId Unique transaction Id
+   */
+  public static void setTransactionId(final String transactionId) {
+    org.slf4j.MDC.put(MDC_TRANSACTION_ID, transactionId);
+
+  }
+
+  /**
+   * Remove transactionId for Logging.
+   */
   public static void removeTransactionId() {
     org.slf4j.MDC.remove(MDC_TRANSACTION_ID);
 
   }
 
+  /**
+   * Set Id to correlate technical logs over a set of transactions, like SSO.
+   *
+   * @param uniqueSessionId Unique Id
+   */
   public static void setSessionId(final String uniqueSessionId) {
-    org.slf4j.MDC.put(MDC_SESSION_ID, "SID-" + uniqueSessionId);
+    org.slf4j.MDC.put(MDC_SESSION_ID, uniqueSessionId);
 
   }
 
+  /**
+   * Remove sessionId for Logging.
+   *
+   */
   public static void removeSessionId() {
     org.slf4j.MDC.remove(MDC_SESSION_ID);
 
   }
 
+
 }
-- 
cgit v1.2.3