Merge pull request #12 from ftn-projects/feature/sign-and-verify

Key Sign/Verify and logging system restructuring

Author: DimitrijeG

MiniKms/logs/controller.log

@@ -91,6 +91,12 @@
             <artifactId>mapstruct</artifactId>
             <version>1.6.0</version>
         </dependency>
+        <dependency>
+            <groupId>net.logstash.logback</groupId>
+            <artifactId>logstash-logback-encoder</artifactId>
+            <version>8.1</version>
+        </dependency>
+
     </dependencies>
 
     <build>

MiniKms/logs/entity.log

@@ -54,6 +54,8 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                         .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                         .requestMatchers("/api/v1/auth/**").permitAll()
                         .requestMatchers("/api/v1/test/**").permitAll()
+                        .requestMatchers("/api/v1/crypto/**").permitAll()
+                        .requestMatchers("/api/v1/signatures/**").permitAll()
                         .requestMatchers(HttpMethod.GET, "/api/v1/keys/**").authenticated() // Allow all roles to GET
                         .requestMatchers("/api/v1/keys/**").hasRole("MANAGER")
                         .anyRequest().authenticated()

MiniKms/pom.xml

@@ -0,0 +1,53 @@
+package ftn.security.minikms.controller;
+
+import ftn.security.minikms.dto.SignRequestDTO;
+import ftn.security.minikms.dto.VerifyRequestDTO;
+import ftn.security.minikms.service.SignatureService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.bind.annotation.*;
+
+import java.security.GeneralSecurityException;
+import java.security.Principal;
+import java.util.Base64;
+import java.util.UUID;
+
+@RestController
+@RequestMapping("/api/v1/signatures")
+public class SignatureController {
+
+    @Autowired
+    private SignatureService signatureService;
+
+    @PostMapping("/sign")
+    @Transactional(readOnly = true)
+    public ResponseEntity<String> sign(@RequestParam UUID keyId,
+                                       @RequestBody SignRequestDTO request) {
+        try {
+            byte[] signature = signatureService.sign(keyId, request.getMessage(), request.getVersion());
+            return ResponseEntity.ok(Base64.getEncoder().encodeToString(signature));
+        } catch (GeneralSecurityException | IllegalArgumentException e) {
+            return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(e.getMessage());
+        }
+    }
+
+    @PostMapping("/verify")
+    @Transactional(readOnly = true)
+    public ResponseEntity<String> verify(@RequestParam UUID keyId,
+                                         @RequestParam(required = false) Integer version,
+                                         @RequestBody VerifyRequestDTO req) {
+        try {
+            boolean valid = signatureService.verify(
+                    keyId,
+                    req.getMessage(),
+                    Base64.getDecoder().decode(req.getSignature()),
+                    version
+            );
+            return ResponseEntity.ok(valid ? "VALID" : "INVALID");
+        } catch (GeneralSecurityException | IllegalArgumentException e) {
+            return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(e.getMessage());
+        }
+    }
+}

MiniKms/src/main/java/ftn/security/minikms/config/SecurityConfig.java

@@ -0,0 +1,9 @@
+package ftn.security.minikms.dto;
+
+import lombok.Data;
+
+@Data
+public class SignRequestDTO {
+    private String message;
+    private Integer version;
+}

MiniKms/src/main/java/ftn/security/minikms/controller/SignatureController.java

@@ -0,0 +1,9 @@
+package ftn.security.minikms.dto;
+
+import lombok.Data;
+
+@Data
+public class VerifyRequestDTO {
+    private String message;
+    private String signature;
+}

MiniKms/src/main/java/ftn/security/minikms/dto/SignRequestDTO.java

@@ -2,37 +2,41 @@
 
 import jakarta.persistence.*;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
+
+import java.util.Map;
 
 @Slf4j
 public class EntityLogger {
 
-    @PrePersist
-    public void prePersist(Object entity) {
-        log.info("Creating: {}", entity);
+    @Value("${logging.entity.enabled:true}")
+    private boolean loggingEnabled;
+
+    private void logEntity(String action, String phase, Object entity) {
+        if (!loggingEnabled) return;
+
+        log.info("{}", Map.of(
+                "action", action,
+                "phase", phase,
+                "entity", entity.getClass().getSimpleName()
+        ));
     }
 
+    @PrePersist
+    public void prePersist(Object entity) { logEntity("create", "pre", entity); }
+
     @PostPersist
-    public void postPersist(Object entity) {
-        log.info("Created: {}", entity);
-    }
+    public void postPersist(Object entity) { logEntity("create", "post", entity); }
 
     @PreUpdate
-    public void preUpdate(Object entity) {
-        log.info("Updating: {}", entity);
-    }
+    public void preUpdate(Object entity) { logEntity("update", "pre", entity); }
 
     @PostUpdate
-    public void postUpdate(Object entity) {
-        log.info("Updated: {}", entity);
-    }
+    public void postUpdate(Object entity) { logEntity("update", "post", entity); }
 
     @PreRemove
-    public void preRemove(Object entity) {
-        log.info("Deleting: {}", entity);
-    }
+    public void preRemove(Object entity) { logEntity("delete", "pre", entity); }
 
     @PostRemove
-    public void postRemove(Object entity) {
-        log.info("Deleted: {}", entity);
-    }
+    public void postRemove(Object entity) { logEntity("delete", "post", entity); }
 }

MiniKms/src/main/java/ftn/security/minikms/dto/VerifyRequestDTO.java

@@ -5,57 +5,56 @@
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 import org.springframework.web.filter.OncePerRequestFilter;
-import org.springframework.web.util.ContentCachingRequestWrapper;
-import org.springframework.web.util.ContentCachingResponseWrapper;
 
 import java.io.IOException;
-import java.nio.charset.StandardCharsets;
+import java.util.Map;
 import java.util.UUID;
 
 @Slf4j
 @Component
 public class RequestResponseLoggingFilter extends OncePerRequestFilter {
 
+    @Value("${logging.controller.enabled:true}")
+    private boolean loggingEnabled;
+
     @Override
     protected void doFilterInternal(HttpServletRequest request,
                                     HttpServletResponse response,
                                     FilterChain filterChain) throws ServletException, IOException {
 
-        ContentCachingRequestWrapper requestWrapper = new ContentCachingRequestWrapper(request);
-        ContentCachingResponseWrapper responseWrapper = new ContentCachingResponseWrapper(response);
+        if (!loggingEnabled) {
+            filterChain.doFilter(request, response);
+            return;
+        }
 
         String requestId = request.getHeader("X-Request-ID");
         if (requestId == null || requestId.isBlank()) {
             requestId = UUID.randomUUID().toString();
         }
+        response.setHeader("X-Request-ID", requestId);
 
-        responseWrapper.setHeader("X-Request-ID", requestId);
+        String username = request.getUserPrincipal() != null
+                ? request.getUserPrincipal().getName()
+                : "anonymous";
 
         long start = System.currentTimeMillis();
         try {
-            filterChain.doFilter(requestWrapper, responseWrapper);
+            filterChain.doFilter(request, response);
         } finally {
             long duration = System.currentTimeMillis() - start;
 
-            String requestBody = new String(requestWrapper.getContentAsByteArray(), StandardCharsets.UTF_8);
-            log.info("[{}] REQUEST {} {} | Body={}",
-                    requestId,
-                    request.getMethod(),
-                    request.getRequestURI(),
-                    requestBody);
-
-            String responseBody = new String(responseWrapper.getContentAsByteArray(), StandardCharsets.UTF_8);
-            log.info("[{}] RESPONSE {} {} | Status={} | Duration={}ms | Body={}",
-                    requestId,
-                    request.getMethod(),
-                    request.getRequestURI(),
-                    responseWrapper.getStatus(),
-                    duration,
-                    responseBody);
-
-            responseWrapper.copyBodyToResponse();
+            log.info("{}", Map.of(
+                    "message", "HTTP request completed",
+                    "requestId", requestId,
+                    "username", username,
+                    "method", request.getMethod(),
+                    "uri", request.getRequestURI(),
+                    "status", response.getStatus(),
+                    "durationMs", duration
+            ));
         }
     }
 }

MiniKms/src/main/java/ftn/security/minikms/logging/EntityLogger.java

@@ -2,6 +2,8 @@
 
 import ftn.security.minikms.entity.KeyMetadata;
 import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.query.Param;
 
 import java.util.UUID;