From ff0a4129d5d980f23617830263cdd2bf90ffc8bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marko=20Mili=C4=87?= <marko@tesobe.com>
Date: Wed, 30 Apr 2025 11:13:42 +0200
Subject: [PATCH] docfix/Add logs at Berlin Group signing process

---
 .../main/scala/code/api/util/BerlinGroupSigning.scala    | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/obp-api/src/main/scala/code/api/util/BerlinGroupSigning.scala b/obp-api/src/main/scala/code/api/util/BerlinGroupSigning.scala
index ce97f3451..616310745 100644
--- a/obp-api/src/main/scala/code/api/util/BerlinGroupSigning.scala
+++ b/obp-api/src/main/scala/code/api/util/BerlinGroupSigning.scala
@@ -160,14 +160,15 @@ object BerlinGroupSigning extends MdcLoggable {
         val certificate = getCertificateFromTppSignatureCertificate(requestHeaders)
         X509.validateCertificate(certificate) match {
           case Full(true) => // PEM certificate is ok
-            val digest = generateDigest(body.getOrElse(""))
-            if(digest == getHeaderValue(RequestHeader.Digest, requestHeaders)) { // Verifying the Hash in the Digest Field
+            val generatedDigest = generateDigest(body.getOrElse(""))
+            val requestHeaderDigest = getHeaderValue(RequestHeader.Digest, requestHeaders)
+            if(generatedDigest == requestHeaderDigest) { // Verifying the Hash in the Digest Field
               val signatureHeaderValue = getHeaderValue(RequestHeader.Signature, requestHeaders)
               val signature = parseSignatureHeader(signatureHeaderValue).getOrElse("signature", "NONE")
               val headersToSign = parseSignatureHeader(signatureHeaderValue).getOrElse("headers", "").split(" ").toList
               val headers = headersToSign.map(h =>
                 if (h.toLowerCase() == RequestHeader.Digest.toLowerCase()) {
-                  s"$h: $digest"
+                  s"$h: $generatedDigest"
                 } else {
                   s"$h: ${getHeaderValue(h, requestHeaders)}"
                 }
@@ -183,6 +184,8 @@ object BerlinGroupSigning extends MdcLoggable {
                 case (false, _) => (Failure(ErrorMessages.X509PublicKeyCannotVerify), forwardResult._2)
               }
             } else { // The two DIGEST hashes do NOT match, the integrity of the request body is NOT confirmed.
+              logger.debug(s"Generated digest: $generatedDigest")
+              logger.debug(s"Request header digest: $requestHeaderDigest")
               (Failure(ErrorMessages.X509PublicKeyCannotVerify), forwardResult._2)
             }
           case Failure(msg, t, c) => (Failure(msg, t, c), forwardResult._2) // PEM certificate is not valid