From 44a005e0e68e882a50d9bc061ca8daef4d84efa0 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 25 Mar 2021 15:24:48 +0100 Subject: add masking pattern to clear personal information from certificate logging --- .../moa/spss/server/logging/IaikLog.java | 56 ++++++++++++++++++++-- 1 file changed, 52 insertions(+), 4 deletions(-) (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java index f477588..e4a3921 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java @@ -23,6 +23,13 @@ package at.gv.egovernment.moa.spss.server.logging; +import java.util.ArrayList; +import java.util.List; +import java.util.regex.Matcher; +import java.util.regex.Pattern; +import java.util.stream.Collectors; +import java.util.stream.IntStream; + import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -43,6 +50,24 @@ public class IaikLog implements iaik.logging.Log { /** The node ID to use. */ private String nodeId; + public static final String X509_INFO_CLEARING_PATTERN = "(?!serialNumber)(=)(.*?)(,|\"|$)"; + + private static Pattern multilinePattern; + private static List maskPatterns = new ArrayList<>(); + + /** + * Add masking pattern into logger. + * + * @param maskPattern + */ + public static void addMaskPattern(String maskPattern) { + maskPatterns.add(maskPattern); + multilinePattern = Pattern.compile( + maskPatterns.stream() + .collect(Collectors.joining("|")), Pattern.MULTILINE + ); +} + /** * Create a new IaikLog. * @@ -83,7 +108,7 @@ public class IaikLog implements iaik.logging.Log { */ @Override public void info(TransactionId transactionId, Object message, Throwable t) { - final IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message); + final IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, maskMessage(message)); log.info(msg.toString(), t); } @@ -101,7 +126,7 @@ public class IaikLog implements iaik.logging.Log { */ @Override public void warn(TransactionId transactionId, Object message, Throwable t) { - final IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message); + final IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, maskMessage(message)); log.warn(msg.toString(), t); } @@ -119,7 +144,7 @@ public class IaikLog implements iaik.logging.Log { */ @Override public void error(TransactionId transactionId, Object message, Throwable t) { - final IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message); + final IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, maskMessage(message)); log.error(msg.toString(), t); } @@ -137,7 +162,7 @@ public class IaikLog implements iaik.logging.Log { */ @Override public void fatal(TransactionId transactionId, Object message, Throwable t) { - final IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message); + final IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, maskMessage(message)); log.error(msg.toString(), t); } @@ -158,4 +183,27 @@ public class IaikLog implements iaik.logging.Log { return nodeId; } + + private String maskMessage(Object message) { + String msg = message != null ? message.toString() : ""; + + if (multilinePattern == null) { + return msg; + + } + + StringBuilder sb = new StringBuilder(msg); + Matcher matcher = multilinePattern.matcher(sb); + while (matcher.find()) { + IntStream.rangeClosed(1, matcher.groupCount()).forEach( + group -> { + if (matcher.group(group) != null) { + IntStream.range(matcher.start(group), + matcher.end(group)).forEach(i -> sb.setCharAt(i, '*')); // replace each character with asterisk + } + }); + } + return sb.toString(); +} + } -- cgit v1.2.3