artin/OBP-API
1
0
Fork 0
mirror of https://github.com/OpenBankProject/OBP-API.git synced 2026-02-06 12:56:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

docfix/Add logs at Berlin Group signing process

Browse Source
This commit is contained in:
Marko Milić 2025-04-30 11:13:42 +02:00
parent 1a0a4a9d21
commit ff0a4129d5
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
obp-api/src/main/scala/code/api/util/BerlinGroupSigning.scala
View File

@ -160,14 +160,15 @@ object BerlinGroupSigning extends MdcLoggable {
val certificate = getCertificateFromTppSignatureCertificate(requestHeaders)
X509.validateCertificate(certificate) match {
case Full(true) => // PEM certificate is ok
val digest = generateDigest(body.getOrElse(""))
if(digest == getHeaderValue(RequestHeader.Digest, requestHeaders)) { // Verifying the Hash in the Digest Field
val generatedDigest = generateDigest(body.getOrElse(""))
val requestHeaderDigest = getHeaderValue(RequestHeader.Digest, requestHeaders)
if(generatedDigest == requestHeaderDigest) { // Verifying the Hash in the Digest Field
val signatureHeaderValue = getHeaderValue(RequestHeader.Signature, requestHeaders)
val signature = parseSignatureHeader(signatureHeaderValue).getOrElse("signature", "NONE")
val headersToSign = parseSignatureHeader(signatureHeaderValue).getOrElse("headers", "").split(" ").toList
val headers = headersToSign.map(h =>
if (h.toLowerCase() == RequestHeader.Digest.toLowerCase()) {
s"$h: $digest"
s"$h: $generatedDigest"
} else {
s"$h: ${getHeaderValue(h, requestHeaders)}"
}
@ -183,6 +184,8 @@ object BerlinGroupSigning extends MdcLoggable {
case (false, _) => (Failure(ErrorMessages.X509PublicKeyCannotVerify), forwardResult._2)
}
} else { // The two DIGEST hashes do NOT match, the integrity of the request body is NOT confirmed.
logger.debug(s"Generated digest: $generatedDigest")
logger.debug(s"Request header digest: $requestHeaderDigest")
(Failure(ErrorMessages.X509PublicKeyCannotVerify), forwardResult._2)
}
case Failure(msg, t, c) => (Failure(msg, t, c), forwardResult._2) // PEM certificate is not valid