add masking pattern to clear personal information from certificate logging

2 files changed, 238 insertions, 0 deletions

diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java
new file mode 100644
index 0000000..b3bf0e8
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/IaikLoggerMaskingTest.java
@@ -0,0 +1,182 @@
+package test.at.gv.egovernment.moa.spss.logger;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import java.util.Arrays;
+import java.util.List;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egovernment.moa.spss.server.logging.IaikLog;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import ch.qos.logback.classic.Level;
+import ch.qos.logback.classic.Logger;
+import ch.qos.logback.classic.LoggerContext;
+
+@RunWith(BlockJUnit4ClassRunner.class)
+public class IaikLoggerMaskingTest {
+
+  private IaikLog log;
+  private TransactionId transId;
+  
+  private MemoryLoggingAppender memoryAppender = null;
+    
+  private static final String LOGMSG_1 = 
+      "Signature OK from signer: serialNumber=882486130371,givenName=XXXĤáčęk,SN=XXXMûstérfřău,CN=XXXĤáčęk XXXMûstérfřău,C=AT";
+  
+  private static final String LOGMSG_2 = 
+      "storing cert \"serialNumber=882486130371,givenName=XXXĤáčęk,SN=XXXMûstérfřău,CN=XXXĤáčęk XXXMûstérfřău,C=AT\" to: /data/eID/springboot-authhandler/config/moa-spss/certstore/subjectdn/518D25DA7380CF1967B5014DDB74E862E5E52827/9E1D7A221A7D1A522A9E169FA6F9A2E81EEAB643";
+  
+  @Before
+  public void initialize() {
+    log = new IaikLog(RandomStringUtils.randomAlphabetic(5));
+    transId = new TransactionId(RandomStringUtils.randomAlphanumeric(5));
+  
+    // setup log appender
+    if (memoryAppender == null) {
+      final Logger logger = (Logger) LoggerFactory.getLogger("iaik.server");
+      memoryAppender = new MemoryLoggingAppender();
+      memoryAppender.setContext((LoggerContext) LoggerFactory.getILoggerFactory());
+      logger.setLevel(Level.DEBUG);
+      logger.addAppender(memoryAppender);
+      memoryAppender.start();
+
+    } else {
+      memoryAppender.reset();
+
+    }
+    
+  }
+  
+  @Test
+  public void certificateMaskingInfoLevelMorePatterns() {            
+    // patterns    
+    IaikLog.addMaskPattern("(C=)(.*?)(,|$)");
+    IaikLog.addMaskPattern("(CN=)(.*?)(,|$)");
+    IaikLog.addMaskPattern("(SN=)(.*?)(,|$)");
+    IaikLog.addMaskPattern("(serialNumber=)(.*?)(,|$)");
+    IaikLog.addMaskPattern("(givenName=)(.*?)(,|$)");
+        
+    //test
+    log.info(transId, LOGMSG_1, null);
+        
+    //verify log
+    verifyLogMessge(Arrays.asList("882486130371", "ûsté", "XĤáčę", "AT"));
+    
+  }
+  
+  @Test
+  public void certificateMaskingInfoLevelOnePattern() {            
+    // Patterns        
+    IaikLog.addMaskPattern(IaikLog.X509_INFO_CLEARING_PATTERN);
+    
+    //test
+    log.info(transId, LOGMSG_1, null);
+        
+    //verify log
+    verifyLogMessge(Arrays.asList("882486130371", "ûsté", "XĤáčę", "AT"));
+    
+  }
+  
+  @Test
+  public void certificateMaskingSecondMessage() {            
+    // Patterns        
+    IaikLog.addMaskPattern(IaikLog.X509_INFO_CLEARING_PATTERN);
+    
+    //test
+    log.info(transId, LOGMSG_2, null);
+        
+    //verify log
+    verifyLogMessge(Arrays.asList("882486130371", "ûsté", "XĤáčę", "AT"));
+    
+  }
+  
+  @Test
+  public void certificateMaskingWarnLevelMorePatterns() {            
+    // patterns    
+    IaikLog.addMaskPattern("(C=)(.*?)(,|$)");
+    IaikLog.addMaskPattern("(CN=)(.*?)(,|$)");
+    IaikLog.addMaskPattern("(SN=)(.*?)(,|$)");
+    IaikLog.addMaskPattern("(serialNumber=)(.*?)(,|$)");
+    IaikLog.addMaskPattern("(givenName=)(.*?)(,|$)");
+        
+    //test
+    log.warn(transId, LOGMSG_1, null);
+        
+    //verify log
+    verifyLogMessge(Arrays.asList("882486130371", "ûsté", "XĤáčę", "AT"));
+    
+  }
+  
+  @Test
+  public void certificateMaskingWarnLevelOnePattern() {            
+    // Patterns        
+    IaikLog.addMaskPattern(IaikLog.X509_INFO_CLEARING_PATTERN);
+    
+    //test
+    log.warn(transId, LOGMSG_1, null);
+        
+    //verify log
+    verifyLogMessge(Arrays.asList("882486130371", "ûsté", "XĤáčę", "AT"));
+    
+  }
+  
+  
+  @Test
+  public void certificateMaskingErrorLevelOnePattern() {            
+    // Patterns        
+    IaikLog.addMaskPattern(IaikLog.X509_INFO_CLEARING_PATTERN);
+    
+    //test
+    log.error(transId, LOGMSG_1, null);
+        
+    //verify log
+    verifyLogMessge(Arrays.asList("882486130371", "ûsté", "XĤáčę", "AT"));
+    
+  }
+  
+  @Test
+  public void certificateMaskingFatalLevelOnePattern() {            
+    // Patterns        
+    IaikLog.addMaskPattern(IaikLog.X509_INFO_CLEARING_PATTERN);
+    
+    //test
+    log.fatal(transId, LOGMSG_1, null);
+        
+    //verify log
+    verifyLogMessge(Arrays.asList("882486130371", "ûsté", "XĤáčę", "AT"));
+    
+  }
+  
+  @Test
+  public void randomMessage() {            
+    // Patterns        
+    IaikLog.addMaskPattern(IaikLog.X509_INFO_CLEARING_PATTERN);
+    String msg = RandomStringUtils.randomAlphanumeric(25);
+    
+    //test
+    log.info(transId, msg, null);
+        
+    //verify log    
+    Arrays.asList(msg)
+      .stream().forEach(
+          el -> assertTrue("find wrong element", memoryAppender.getLoggedEvents().get(0).getMessage().contains(el)));
+    
+  }
+  
+  
+  private void verifyLogMessge(List<String> checks) {
+    assertEquals("no log", 1, memoryAppender.getSize());
+    checks.stream().forEach(
+        el -> assertFalse("find wrong element", memoryAppender.getLoggedEvents().get(0).getMessage().contains(el)));    
+    
+  }
+  
+}
diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/MemoryLoggingAppender.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/MemoryLoggingAppender.java
new file mode 100644
index 0000000..e1c6fce
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/logger/MemoryLoggingAppender.java
@@ -0,0 +1,56 @@
+package test.at.gv.egovernment.moa.spss.logger;
+
+import java.util.Collections;
+import java.util.List;
+import java.util.stream.Collectors;
+
+import ch.qos.logback.classic.Level;
+import ch.qos.logback.classic.spi.ILoggingEvent;
+import ch.qos.logback.core.read.ListAppender;
+
+/**
+ * In-Memory Logging-Appender to check log messages.
+ * 
+ * @author tlenz
+ *
+ */
+public class MemoryLoggingAppender extends ListAppender<ILoggingEvent> {
+
+  public void reset() {
+    this.list.clear();
+  }
+
+  public boolean contains(String string, Level level) {
+    return this.list.stream()
+        .anyMatch(event -> event.getMessage().toString().contains(string)
+            && event.getLevel().equals(level));
+  }
+
+  public int countEventsForLogger(String loggerName) {
+    return (int) this.list.stream()
+        .filter(event -> event.getLoggerName().contains(loggerName))
+        .count();
+  }
+
+  public List<ILoggingEvent> search(String string) {
+    return this.list.stream()
+        .filter(event -> event.getMessage().toString().contains(string))
+        .collect(Collectors.toList());
+  }
+
+  public List<ILoggingEvent> search(String string, Level level) {
+    return this.list.stream()
+        .filter(event -> event.getMessage().toString().contains(string)
+            && event.getLevel().equals(level))
+        .collect(Collectors.toList());
+  }
+
+  public int getSize() {
+    return this.list.size();
+  }
+
+  public List<ILoggingEvent> getLoggedEvents() {
+    return Collections.unmodifiableList(this.list);
+  }
+
+}