diff --git a/.github/workflows/ECC.yml b/.github/workflows/ECC.yml index 6d1ac000..221e6b39 100644 --- a/.github/workflows/ECC.yml +++ b/.github/workflows/ECC.yml @@ -24,9 +24,6 @@ jobs: java-version: '11' cache: maven - - name: Install maven dependencies - run: ./ci/mavenDependency.sh - - name: Build with Maven run: mvn clean package diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index de9cd970..7d4ecac4 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -21,8 +21,7 @@ jobs: with: java-version: '11' distribution: 'temurin' - - name: Install maven dependencies - run: ./ci/mavenDependency.sh + - name: Build with Maven env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/maven_release.yml b/.github/workflows/maven_release.yml index 5cf85002..99f8799e 100644 --- a/.github/workflows/maven_release.yml +++ b/.github/workflows/maven_release.yml @@ -30,9 +30,6 @@ jobs: uses: webfactory/ssh-agent@v0.7.0 with: ssh-private-key: ${{ secrets.SSH_KEY }} - - - name: Install maven dependencies - run: ./ci/mavenDependency.sh - name: Release with Maven env: diff --git a/CHANGELOG.md b/CHANGELOG.md index 31a7f19e..4418b5bd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,23 @@ # Changelog All notable changes to this project will be documented in this file. +## [1.14.8] - 2024-02-14 + +### Added + + - Audit logs stored in database + - Column encrypted using AES/GCM/NoPadding + - New endpoint for fetching audit events + - requires to set environment variable with AES256-SECRET-KEY used in encryption algorithm + +### Changed + + - Using JFrog for IDS dependency management + +### Removed + + - Audit events are not stored into file with this change but in DB (H2 as default) + ## [1.14.7] - 2024-01-19 ### Added diff --git a/README.md b/README.md index f3a6856c..cde20b9f 100644 --- a/README.md +++ b/README.md @@ -462,6 +462,7 @@ application.connectorUUID= application.dapsJWKSUrl= ``` * Choose one of 2 profiles: SENDER or RECEIVER. + * Set environment variable with following name: *AES256-SECRET-KEY* with any value (MyPassword for example). This will be used for encrypting AuditLog column in DB. * Start application ### Creating docker image diff --git a/ci/.m2/de/fhg/aisec/ids/ids-api/2.1.0/ids-api-2.1.0.jar b/ci/.m2/de/fhg/aisec/ids/ids-api/2.1.0/ids-api-2.1.0.jar deleted file mode 100644 index d3fb5781..00000000 Binary files a/ci/.m2/de/fhg/aisec/ids/ids-api/2.1.0/ids-api-2.1.0.jar and /dev/null differ diff --git a/ci/.m2/de/fhg/aisec/ids/ids-api/2.1.0/ids-api-2.1.0.jar.sha1 b/ci/.m2/de/fhg/aisec/ids/ids-api/2.1.0/ids-api-2.1.0.jar.sha1 deleted file mode 100644 index 5ccb1e7a..00000000 --- a/ci/.m2/de/fhg/aisec/ids/ids-api/2.1.0/ids-api-2.1.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -a1e55da7993f3094898283d37f650358ce4d92ac \ No newline at end of file diff --git a/ci/.m2/de/fhg/aisec/ids/ids-api/2.1.0/ids-api-2.1.0.pom b/ci/.m2/de/fhg/aisec/ids/ids-api/2.1.0/ids-api-2.1.0.pom deleted file mode 100644 index 193f74d7..00000000 --- a/ci/.m2/de/fhg/aisec/ids/ids-api/2.1.0/ids-api-2.1.0.pom +++ /dev/null @@ -1,67 +0,0 @@ - - - 4.0.0 - de.fhg.aisec.ids - ids-api - 2.1.0 - IDSCP Protocol Library - Contains the WebSocket-based Industrial Data Space Communication Protocol (IDSCP) - https://github.com/industrial-data-space/trusted-connector - - - The Apache License, Version 2.0 - http://www.apache.org/licenses/LICENSE-2.0.txt - - - - - Michael Lux - michael.lux@aisec.fraunhofer.de - Fraunhofer AISEC - aisec.fraunhofer.de - - - - scm:git:git://github.com:industrial-data-space/trusted-connector.git - scm:git:ssh://github.com:industrial-data-space/trusted-connector.git - https://github.com/industrial-data-space/trusted-connector - - - - org.apache.logging.log4j - log4j-core - 2.6.2 - compile - - - org.apache.logging.log4j - log4j-slf4j-impl - 2.6.2 - compile - - - com.google.protobuf - protobuf-java - 3.10.0 - compile - - - com.fasterxml.jackson.core - jackson-annotations - 2.10.2 - compile - - - org.checkerframework - checker-qual - 2.5.2 - compile - - - de.fraunhofer.iais.eis.ids.infomodel - java - 3.0.0 - compile - - - diff --git a/ci/.m2/de/fhg/aisec/ids/ids-api/2.1.0/ids-api-2.1.0.pom.sha1 b/ci/.m2/de/fhg/aisec/ids/ids-api/2.1.0/ids-api-2.1.0.pom.sha1 deleted file mode 100644 index fd120c0d..00000000 --- a/ci/.m2/de/fhg/aisec/ids/ids-api/2.1.0/ids-api-2.1.0.pom.sha1 +++ /dev/null @@ -1 +0,0 @@ -5b27077c3a993cc1b21eaf9f18df859eaccd1556 \ No newline at end of file diff --git a/ci/.m2/de/fhg/aisec/ids/ids-comm/1.1.0/ids-comm-1.1.0.jar b/ci/.m2/de/fhg/aisec/ids/ids-comm/1.1.0/ids-comm-1.1.0.jar deleted file mode 100644 index b63aa540..00000000 Binary files a/ci/.m2/de/fhg/aisec/ids/ids-comm/1.1.0/ids-comm-1.1.0.jar and /dev/null differ diff --git a/ci/.m2/de/fhg/aisec/ids/ids-comm/1.1.0/ids-comm-1.1.0.jar.sha1 b/ci/.m2/de/fhg/aisec/ids/ids-comm/1.1.0/ids-comm-1.1.0.jar.sha1 deleted file mode 100644 index 49d98265..00000000 --- a/ci/.m2/de/fhg/aisec/ids/ids-comm/1.1.0/ids-comm-1.1.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -e3701d2f0354e95e4c0ff6bcd3b41261d7cecc14 \ No newline at end of file diff --git a/ci/.m2/de/fhg/aisec/ids/ids-comm/1.1.0/ids-comm-1.1.0.pom b/ci/.m2/de/fhg/aisec/ids/ids-comm/1.1.0/ids-comm-1.1.0.pom deleted file mode 100644 index 4b984aec..00000000 --- a/ci/.m2/de/fhg/aisec/ids/ids-comm/1.1.0/ids-comm-1.1.0.pom +++ /dev/null @@ -1,97 +0,0 @@ - - - 4.0.0 - de.fhg.aisec.ids - ids-comm - 1.1.0 - IDSCP Protocol Library - Contains the WebSocket-based Industrial Data Space Communication Protocol (IDSCP) - https://github.com/industrial-data-space/trusted-connector - - - The Apache License, Version 2.0 - http://www.apache.org/licenses/LICENSE-2.0.txt - - - - - Michael Lux - michael.lux@aisec.fraunhofer.de - Fraunhofer AISEC - aisec.fraunhofer.de - - - - scm:git:git://github.com:industrial-data-space/trusted-connector.git - scm:git:ssh://github.com:industrial-data-space/trusted-connector.git - https://github.com/industrial-data-space/trusted-connector - - - - org.eclipse.jetty.websocket - websocket-server - 9.4.20.v20190813 - compile - - - org.eclipse.jetty.websocket - websocket-client - 9.4.20.v20190813 - compile - - - de.fhg.aisec.ids - ids-api - 2.1.0 - compile - - - * - * - - - - - com.github.microsoft - TSS.Java - 0.3.0 - compile - - - jna - net.java.dev.jna - - - - - org.apache.logging.log4j - log4j-core - 2.6.2 - compile - - - org.apache.logging.log4j - log4j-slf4j-impl - 2.6.2 - compile - - - com.google.protobuf - protobuf-java - 3.10.0 - compile - - - org.asynchttpclient - async-http-client - 2.4.9 - compile - - - org.checkerframework - checker-qual - 2.5.2 - compile - - - diff --git a/ci/.m2/de/fhg/aisec/ids/ids-comm/1.1.0/ids-comm-1.1.0.pom.sha1 b/ci/.m2/de/fhg/aisec/ids/ids-comm/1.1.0/ids-comm-1.1.0.pom.sha1 deleted file mode 100644 index 36b00c59..00000000 --- a/ci/.m2/de/fhg/aisec/ids/ids-comm/1.1.0/ids-comm-1.1.0.pom.sha1 +++ /dev/null @@ -1 +0,0 @@ -3922c9b02c9fa19b43ddbf99a490387ba50b0d67 \ No newline at end of file diff --git a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel-serializer/4.2.7/infomodel-serializer-4.2.7-sources.jar b/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel-serializer/4.2.7/infomodel-serializer-4.2.7-sources.jar deleted file mode 100644 index 3c52ba73..00000000 Binary files a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel-serializer/4.2.7/infomodel-serializer-4.2.7-sources.jar and /dev/null differ diff --git a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel-serializer/4.2.7/infomodel-serializer-4.2.7-sources.jar.sha1 b/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel-serializer/4.2.7/infomodel-serializer-4.2.7-sources.jar.sha1 deleted file mode 100644 index 55a2de93..00000000 --- a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel-serializer/4.2.7/infomodel-serializer-4.2.7-sources.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -50e58322380e420b82083653f88c604992d681f2 \ No newline at end of file diff --git a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel-serializer/4.2.7/infomodel-serializer-4.2.7.jar b/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel-serializer/4.2.7/infomodel-serializer-4.2.7.jar deleted file mode 100644 index 5757e2fc..00000000 Binary files a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel-serializer/4.2.7/infomodel-serializer-4.2.7.jar and /dev/null differ diff --git a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel-serializer/4.2.7/infomodel-serializer-4.2.7.jar.sha1 b/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel-serializer/4.2.7/infomodel-serializer-4.2.7.jar.sha1 deleted file mode 100644 index 18cdbeab..00000000 --- a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel-serializer/4.2.7/infomodel-serializer-4.2.7.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -0ec037a1d2f53f7f385d72514e58f780420be83a \ No newline at end of file diff --git a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel-serializer/4.2.7/infomodel-serializer-4.2.7.pom b/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel-serializer/4.2.7/infomodel-serializer-4.2.7.pom deleted file mode 100644 index 194e081a..00000000 --- a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel-serializer/4.2.7/infomodel-serializer-4.2.7.pom +++ /dev/null @@ -1,60 +0,0 @@ - - - 4.0.0 - de.fraunhofer.iais.eis.ids - infomodel-serializer - 4.2.7 - - - Apache License, Version 2.0 - http://www.apache.org/licenses/LICENSE-2.0.txt - repo - - - - - de.fraunhofer.iais.eis.infomodel - util - 4.2.7-SNAPSHOT - compile - - - javax.validation - validation-api - 2.0.1.Final - compile - - - com.fasterxml.jackson.core - jackson-databind - 2.11.2 - compile - - - commons-codec - commons-codec - 1.15 - compile - - - org.apache.jena - jena-arq - 4.1.0 - compile - - - org.topbraid - shacl - 1.3.2 - compile - - - - - eis-public-repo - maven-public - http://maven.iais.fraunhofer.de/artifactory/eis-ids-public - - - diff --git a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel-serializer/4.2.7/infomodel-serializer-4.2.7.pom.sha1 b/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel-serializer/4.2.7/infomodel-serializer-4.2.7.pom.sha1 deleted file mode 100644 index 7dbf1987..00000000 --- a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel-serializer/4.2.7/infomodel-serializer-4.2.7.pom.sha1 +++ /dev/null @@ -1 +0,0 @@ -2afd17e34bb11b93726823ba01f218f9dd220b88 \ No newline at end of file diff --git a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/java/4.2.7/java-4.2.7-sources.jar b/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/java/4.2.7/java-4.2.7-sources.jar deleted file mode 100644 index 5b81de91..00000000 Binary files a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/java/4.2.7/java-4.2.7-sources.jar and /dev/null differ diff --git a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/java/4.2.7/java-4.2.7-sources.jar.sha1 b/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/java/4.2.7/java-4.2.7-sources.jar.sha1 deleted file mode 100644 index 2e1e7740..00000000 --- a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/java/4.2.7/java-4.2.7-sources.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -8b2beef21bace399f357f28b8996e071ded8c39c \ No newline at end of file diff --git a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/java/4.2.7/java-4.2.7.jar b/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/java/4.2.7/java-4.2.7.jar deleted file mode 100644 index 4df107ac..00000000 Binary files a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/java/4.2.7/java-4.2.7.jar and /dev/null differ diff --git a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/java/4.2.7/java-4.2.7.jar.sha1 b/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/java/4.2.7/java-4.2.7.jar.sha1 deleted file mode 100644 index 1c04bbf9..00000000 --- a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/java/4.2.7/java-4.2.7.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -a577dfe35cf5a5c4e465dcb445f54cf9f0d1cee5 \ No newline at end of file diff --git a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/java/4.2.7/java-4.2.7.pom b/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/java/4.2.7/java-4.2.7.pom deleted file mode 100644 index 4fee3366..00000000 --- a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/java/4.2.7/java-4.2.7.pom +++ /dev/null @@ -1,49 +0,0 @@ - - - 4.0.0 - de.fraunhofer.iais.eis.ids.infomodel - java - 4.2.7 - - - Apache License, Version 2.0 - http://www.apache.org/licenses/LICENSE-2.0.txt - repo - - - - - de.fraunhofer.iais.eis.infomodel - util - 4.2.7 - compile - - - javax.validation - validation-api - 2.0.1.Final - compile - - - com.fasterxml.jackson.core - jackson-annotations - 2.11.2 - compile - - - de.fraunhofer.iais.eis.infomodel - generator - 4.2.7 - compile - true - - - - - eis-snapshot-repo - maven-snapshots - http://maven.iais.fraunhofer.de/artifactory/eis-ids-snapshot - - - diff --git a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/java/4.2.7/java-4.2.7.pom.sha1 b/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/java/4.2.7/java-4.2.7.pom.sha1 deleted file mode 100644 index f9ddc2b9..00000000 --- a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/java/4.2.7/java-4.2.7.pom.sha1 +++ /dev/null @@ -1 +0,0 @@ -8c13dc06e4e08a5dd0776fdc1f07021c7703f007 \ No newline at end of file diff --git a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/validation-serialization-provider/4.2.7/validation-serialization-provider-4.2.7.jar b/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/validation-serialization-provider/4.2.7/validation-serialization-provider-4.2.7.jar deleted file mode 100644 index 22e4a99e..00000000 Binary files a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/validation-serialization-provider/4.2.7/validation-serialization-provider-4.2.7.jar and /dev/null differ diff --git a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/validation-serialization-provider/4.2.7/validation-serialization-provider-4.2.7.jar.sha1 b/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/validation-serialization-provider/4.2.7/validation-serialization-provider-4.2.7.jar.sha1 deleted file mode 100644 index 9391668a..00000000 --- a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/validation-serialization-provider/4.2.7/validation-serialization-provider-4.2.7.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -69ed5d32abdcd51185fa7be3c05f3a820ef8805a \ No newline at end of file diff --git a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/validation-serialization-provider/4.2.7/validation-serialization-provider-4.2.7.pom b/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/validation-serialization-provider/4.2.7/validation-serialization-provider-4.2.7.pom deleted file mode 100644 index 8003e721..00000000 --- a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/validation-serialization-provider/4.2.7/validation-serialization-provider-4.2.7.pom +++ /dev/null @@ -1,48 +0,0 @@ - - - 4.0.0 - de.fraunhofer.iais.eis.ids.infomodel - validation-serialization-provider - 4.2.7 - - - Apache License, Version 2.0 - http://www.apache.org/licenses/LICENSE-2.0.txt - repo - - - - - de.fraunhofer.iais.eis.ids - infomodel-serializer - 4.2.7 - compile - - - org.hibernate.validator - hibernate-validator - 6.0.13.Final - compile - - - javax.el - javax.el-api - 3.0.0 - compile - - - org.glassfish.web - javax.el - 2.2.6 - compile - - - - - eis-public-repo - maven-releases - http://maven.iais.fraunhofer.de/artifactory/eis-ids-public - - - diff --git a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/validation-serialization-provider/4.2.7/validation-serialization-provider-4.2.7.pom.sha1 b/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/validation-serialization-provider/4.2.7/validation-serialization-provider-4.2.7.pom.sha1 deleted file mode 100644 index 5eeece8c..00000000 --- a/ci/.m2/de/fraunhofer/iais/eis/ids/infomodel/validation-serialization-provider/4.2.7/validation-serialization-provider-4.2.7.pom.sha1 +++ /dev/null @@ -1 +0,0 @@ -b577f61574f7c84edb2ae64725996f135d4823a5 \ No newline at end of file diff --git a/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7-SNAPSHOT/maven-metadata-eis-ids-public.xml b/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7-SNAPSHOT/maven-metadata-eis-ids-public.xml deleted file mode 100644 index aaa74685..00000000 --- a/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7-SNAPSHOT/maven-metadata-eis-ids-public.xml +++ /dev/null @@ -1,31 +0,0 @@ - - - de.fraunhofer.iais.eis.infomodel - util - 4.2.7-SNAPSHOT - - - 20211028.150938 - 6 - - 20211028150938 - - - javadoc - jar - 4.2.7-20211028.150938-6 - 20211028150938 - - - jar - 4.2.7-20211028.150938-6 - 20211028150938 - - - pom - 4.2.7-20211028.150938-6 - 20211028150938 - - - - diff --git a/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7-SNAPSHOT/maven-metadata-eis-ids-public.xml.sha1 b/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7-SNAPSHOT/maven-metadata-eis-ids-public.xml.sha1 deleted file mode 100644 index 6f6cff90..00000000 --- a/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7-SNAPSHOT/maven-metadata-eis-ids-public.xml.sha1 +++ /dev/null @@ -1 +0,0 @@ -14566935dfb1cc6ff550190ed3b58a2aeb25a09c \ No newline at end of file diff --git a/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7-SNAPSHOT/maven-metadata-snapshots.xml b/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7-SNAPSHOT/maven-metadata-snapshots.xml deleted file mode 100644 index aaa74685..00000000 --- a/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7-SNAPSHOT/maven-metadata-snapshots.xml +++ /dev/null @@ -1,31 +0,0 @@ - - - de.fraunhofer.iais.eis.infomodel - util - 4.2.7-SNAPSHOT - - - 20211028.150938 - 6 - - 20211028150938 - - - javadoc - jar - 4.2.7-20211028.150938-6 - 20211028150938 - - - jar - 4.2.7-20211028.150938-6 - 20211028150938 - - - pom - 4.2.7-20211028.150938-6 - 20211028150938 - - - - diff --git a/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7-SNAPSHOT/maven-metadata-snapshots.xml.sha1 b/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7-SNAPSHOT/maven-metadata-snapshots.xml.sha1 deleted file mode 100644 index 6f6cff90..00000000 --- a/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7-SNAPSHOT/maven-metadata-snapshots.xml.sha1 +++ /dev/null @@ -1 +0,0 @@ -14566935dfb1cc6ff550190ed3b58a2aeb25a09c \ No newline at end of file diff --git a/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7-SNAPSHOT/util-4.2.7-20211028.150938-6.pom b/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7-SNAPSHOT/util-4.2.7-20211028.150938-6.pom deleted file mode 100644 index 8d27368b..00000000 --- a/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7-SNAPSHOT/util-4.2.7-20211028.150938-6.pom +++ /dev/null @@ -1,30 +0,0 @@ - - - 4.0.0 - de.fraunhofer.iais.eis.infomodel - util - 4.2.7-SNAPSHOT - - - Apache License, Version 2.0 - http://www.apache.org/licenses/LICENSE-2.0.txt - repo - - - - - com.fasterxml.jackson.core - jackson-annotations - 2.11.2 - compile - - - - - eis-snapshot-repo - maven-snapshots - http://maven.iais.fraunhofer.de/artifactory/eis-ids-snapshot - - - diff --git a/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7-SNAPSHOT/util-4.2.7-20211028.150938-6.pom.sha1 b/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7-SNAPSHOT/util-4.2.7-20211028.150938-6.pom.sha1 deleted file mode 100644 index 32767940..00000000 --- a/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7-SNAPSHOT/util-4.2.7-20211028.150938-6.pom.sha1 +++ /dev/null @@ -1 +0,0 @@ -d5e47ad7c76298f34e9938ce97cf917cb2a2c327 \ No newline at end of file diff --git a/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7-SNAPSHOT/util-4.2.7-SNAPSHOT.pom b/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7-SNAPSHOT/util-4.2.7-SNAPSHOT.pom deleted file mode 100644 index 8d27368b..00000000 --- a/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7-SNAPSHOT/util-4.2.7-SNAPSHOT.pom +++ /dev/null @@ -1,30 +0,0 @@ - - - 4.0.0 - de.fraunhofer.iais.eis.infomodel - util - 4.2.7-SNAPSHOT - - - Apache License, Version 2.0 - http://www.apache.org/licenses/LICENSE-2.0.txt - repo - - - - - com.fasterxml.jackson.core - jackson-annotations - 2.11.2 - compile - - - - - eis-snapshot-repo - maven-snapshots - http://maven.iais.fraunhofer.de/artifactory/eis-ids-snapshot - - - diff --git a/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7/util-4.2.7-javadoc.jar b/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7/util-4.2.7-javadoc.jar deleted file mode 100644 index e59337b5..00000000 Binary files a/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7/util-4.2.7-javadoc.jar and /dev/null differ diff --git a/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7/util-4.2.7-javadoc.jar.sha1 b/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7/util-4.2.7-javadoc.jar.sha1 deleted file mode 100644 index 17211e39..00000000 --- a/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7/util-4.2.7-javadoc.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -d2f31d022fbdc8f953ab2f9e087813790a71cd7d \ No newline at end of file diff --git a/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7/util-4.2.7.jar b/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7/util-4.2.7.jar deleted file mode 100644 index e9cef694..00000000 Binary files a/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7/util-4.2.7.jar and /dev/null differ diff --git a/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7/util-4.2.7.jar.sha1 b/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7/util-4.2.7.jar.sha1 deleted file mode 100644 index 47c744a1..00000000 --- a/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7/util-4.2.7.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -8078e1b1af7931e45dc64b94a318a6428baff864 \ No newline at end of file diff --git a/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7/util-4.2.7.pom b/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7/util-4.2.7.pom deleted file mode 100644 index 4f08cb39..00000000 --- a/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7/util-4.2.7.pom +++ /dev/null @@ -1,30 +0,0 @@ - - - 4.0.0 - de.fraunhofer.iais.eis.infomodel - util - 4.2.7 - - - Apache License, Version 2.0 - http://www.apache.org/licenses/LICENSE-2.0.txt - repo - - - - - com.fasterxml.jackson.core - jackson-annotations - 2.11.2 - compile - - - - - eis-snapshot-repo - maven-snapshots - http://maven.iais.fraunhofer.de/artifactory/eis-ids-snapshot - - - diff --git a/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7/util-4.2.7.pom.sha1 b/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7/util-4.2.7.pom.sha1 deleted file mode 100644 index 201308a9..00000000 --- a/ci/.m2/de/fraunhofer/iais/eis/infomodel/util/4.2.7/util-4.2.7.pom.sha1 +++ /dev/null @@ -1 +0,0 @@ -2f708ea51b6c8e688e215aaa66959c0a767f15df \ No newline at end of file diff --git a/ci/.m2/settings/settings.xml b/ci/.m2/settings/settings.xml deleted file mode 100644 index 733f1693..00000000 --- a/ci/.m2/settings/settings.xml +++ /dev/null @@ -1,26 +0,0 @@ - - - - - snapshots - - 5000 - - - - github - Engineering-Research-and-Development - ${env.GH_PACKAGE_REPO_PASSWORD} - - - diff --git a/ci/docker/ecc_resources_consumer/application-docker.properties b/ci/docker/ecc_resources_consumer/application-docker.properties index 910d90ee..6a4b3bcd 100644 --- a/ci/docker/ecc_resources_consumer/application-docker.properties +++ b/ci/docker/ecc_resources_consumer/application-docker.properties @@ -183,5 +183,18 @@ application.selfdescription.filelocation=/home/nobody/data/sd application.selfdescription.inboundModelVersion=4.0.0,4.1.0,4.1.2,4.2.0,4.2.1,4.2.2,4.2.3,4.2.4,4.2.5,4.2.6,4.2.7 application.selfdescription.defaultEndpoint= +#H2 properties +spring.datasource.url=jdbc:h2:file:./audit_logs_sender;CIPHER=AES +spring.jpa.database-platform=org.hibernate.dialect.H2Dialect +spring.datasource.driver-class-name=org.h2.Driver + +spring.jpa.show-sql=false +spring.jpa.generate-ddl=true +spring.jpa.hibernate.ddl-auto=update +spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true +spring.h2.console.enabled=true +spring.datasource.username=sa +spring.datasource.password=file_password password + #For logging the response over WSS set to DEBUG, else leave empty #logging.level.it.eng.idsa.businesslogic.processor.receiver= diff --git a/ci/docker/ecc_resources_provider/application-docker.properties b/ci/docker/ecc_resources_provider/application-docker.properties index a5232377..8fd190ba 100644 --- a/ci/docker/ecc_resources_provider/application-docker.properties +++ b/ci/docker/ecc_resources_provider/application-docker.properties @@ -186,5 +186,18 @@ application.selfdescription.filelocation=/home/nobody/data/sd application.selfdescription.inboundModelVersion=4.0.0,4.1.0,4.1.2,4.2.0,4.2.1,4.2.2,4.2.3,4.2.4,4.2.5,4.2.6,4.2.7 application.selfdescription.defaultEndpoint= +#H2 properties +spring.datasource.url=jdbc:h2:file:./audit_logs_receiver;CIPHER=AES +spring.jpa.database-platform=org.hibernate.dialect.H2Dialect +spring.datasource.driver-class-name=org.h2.Driver + +spring.jpa.show-sql=false +spring.jpa.generate-ddl=true +spring.jpa.hibernate.ddl-auto=update +spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true +spring.h2.console.enabled=true +spring.datasource.username=sa +spring.datasource.password=file_password password + #For logging the response over WSS set to DEBUG, else leave empty #logging.level.it.eng.idsa.businesslogic.processor.receiver= diff --git a/ci/docker/test-cases/https-https-form-contract-negotiation/.env b/ci/docker/test-cases/https-https-form-contract-negotiation/.env index 27eea64c..25064742 100644 --- a/ci/docker/test-cases/https-https-form-contract-negotiation/.env +++ b/ci/docker/test-cases/https-https-form-contract-negotiation/.env @@ -1,5 +1,7 @@ BROKER_URL=https://broker.ids.isst.fraunhofer.de/infrastructure +AES256-SECRET-KEY=TRUEConnectorAESSecretKey123 + #SSL settings KEYSTORE_NAME=ssl-server.jks KEY_PASSWORD=changeit diff --git a/ci/docker/test-cases/https-https-form/.env b/ci/docker/test-cases/https-https-form/.env index 72dbb345..ec476955 100644 --- a/ci/docker/test-cases/https-https-form/.env +++ b/ci/docker/test-cases/https-https-form/.env @@ -1,5 +1,7 @@ BROKER_URL=https://broker.ids.isst.fraunhofer.de/infrastructure +AES256-SECRET-KEY=TRUEConnectorAESSecretKey123 + #SSL settings KEYSTORE_NAME=ssl-server.jks KEY_PASSWORD=changeit diff --git a/ci/docker/test-cases/https-https-form/HTTPS-HTTPS-form-API.json b/ci/docker/test-cases/https-https-form/HTTPS-HTTPS-form-API.json index 174c932a..612eed3a 100644 --- a/ci/docker/test-cases/https-https-form/HTTPS-HTTPS-form-API.json +++ b/ci/docker/test-cases/https-https-form/HTTPS-HTTPS-form-API.json @@ -1,6 +1,6 @@ { "info": { - "_postman_id": "6ef42754-a67c-4321-b679-ca0dc818c213", + "_postman_id": "dcc7e70f-8709-4412-898a-be604e89c13d", "name": "GHA API Tests", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", "_exporter_id": "12578087" @@ -504,6 +504,169 @@ } }, "response": [] + }, + { + "name": "HTTPS-HTTPS-form-Audit_logs", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "var jsonData = pm.response.json();\r", + "pm.response.to.be.ok;\r", + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "auth": { + "type": "basic", + "basic": [ + { + "key": "username", + "value": "apiUser", + "type": "string" + }, + { + "key": "password", + "value": "password", + "type": "string" + } + ] + }, + "method": "GET", + "header": [], + "url": { + "raw": "https://localhost:8090/api/audit/", + "protocol": "https", + "host": [ + "localhost" + ], + "port": "8090", + "path": [ + "api", + "audit", + "" + ] + } + }, + "response": [] + }, + { + "name": "HTTPS-HTTPS-form-Audit_logs_date_invalid", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Invalid date param for audit logs\", function () {\r", + " pm.response.to.have.status(400);\r", + "});" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "var moment = require('moment');\r", + "pm.environment.set('currentdate', moment().format((\"YYYY-MM-DD\")));" + ], + "type": "text/javascript" + } + } + ], + "request": { + "auth": { + "type": "basic", + "basic": [ + { + "key": "username", + "value": "apiUser", + "type": "string" + }, + { + "key": "password", + "value": "password", + "type": "string" + } + ] + }, + "method": "GET", + "header": [], + "url": { + "raw": "https://localhost:8090/api/audit/?date=invalid_date", + "protocol": "https", + "host": [ + "localhost" + ], + "port": "8090", + "path": [ + "api", + "audit", + "" + ], + "query": [ + { + "key": "date", + "value": "invalid_date" + } + ] + } + }, + "response": [] + }, + { + "name": "HTTPS-HTTPS-form-Audit_logs_unauthorized", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Unauthorized user for audit logs\", function () {\r", + " pm.response.to.have.status(401);\r", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "auth": { + "type": "basic", + "basic": [ + { + "key": "username", + "value": "unauth", + "type": "string" + }, + { + "key": "password", + "value": "password", + "type": "string" + } + ] + }, + "method": "GET", + "header": [], + "url": { + "raw": "https://localhost:8090/api/audit/", + "protocol": "https", + "host": [ + "localhost" + ], + "port": "8090", + "path": [ + "api", + "audit", + "" + ] + } + }, + "response": [] } ], "variable": [ diff --git a/ci/docker/test-cases/https-https-header-contract-negotiation/.env b/ci/docker/test-cases/https-https-header-contract-negotiation/.env index cdd2a0d3..37d03485 100644 --- a/ci/docker/test-cases/https-https-header-contract-negotiation/.env +++ b/ci/docker/test-cases/https-https-header-contract-negotiation/.env @@ -1,5 +1,7 @@ BROKER_URL=https://broker.ids.isst.fraunhofer.de/infrastructure +AES256-SECRET-KEY=TRUEConnectorAESSecretKey123 + #SSL settings KEYSTORE_NAME=ssl-server.jks KEY_PASSWORD=changeit diff --git a/ci/docker/test-cases/https-https-header/.env b/ci/docker/test-cases/https-https-header/.env index bc34eb7e..f585ed46 100644 --- a/ci/docker/test-cases/https-https-header/.env +++ b/ci/docker/test-cases/https-https-header/.env @@ -1,5 +1,7 @@ BROKER_URL=https://broker.ids.isst.fraunhofer.de/infrastructure +AES256-SECRET-KEY=TRUEConnectorAESSecretKey123 + #SSL settings KEYSTORE_NAME=ssl-server.jks KEY_PASSWORD=changeit diff --git a/ci/docker/test-cases/https-https-mixed-contract-negotiation/.env b/ci/docker/test-cases/https-https-mixed-contract-negotiation/.env index c4f0d229..4006a7dc 100644 --- a/ci/docker/test-cases/https-https-mixed-contract-negotiation/.env +++ b/ci/docker/test-cases/https-https-mixed-contract-negotiation/.env @@ -1,5 +1,7 @@ BROKER_URL=https://broker.ids.isst.fraunhofer.de/infrastructure +AES256-SECRET-KEY=TRUEConnectorAESSecretKey123 + #SSL settings KEYSTORE_NAME=ssl-server.jks KEY_PASSWORD=changeit diff --git a/ci/docker/test-cases/https-https-mixed/.env b/ci/docker/test-cases/https-https-mixed/.env index 03c5c353..6cc01ad7 100644 --- a/ci/docker/test-cases/https-https-mixed/.env +++ b/ci/docker/test-cases/https-https-mixed/.env @@ -1,5 +1,7 @@ BROKER_URL=https://broker.ids.isst.fraunhofer.de/infrastructure +AES256-SECRET-KEY=TRUEConnectorAESSecretKey123 + #SSL settings KEYSTORE_NAME=ssl-server.jks KEY_PASSWORD=changeit diff --git a/ci/docker/test-cases/https-idscp2-form/.env b/ci/docker/test-cases/https-idscp2-form/.env index ecaf6e49..aab61bd3 100644 --- a/ci/docker/test-cases/https-idscp2-form/.env +++ b/ci/docker/test-cases/https-idscp2-form/.env @@ -1,5 +1,7 @@ BROKER_URL=https://broker.ids.isst.fraunhofer.de/infrastructure +AES256-SECRET-KEY=TRUEConnectorAESSecretKey123 + #SSL settings KEYSTORE_NAME=ssl-server.jks KEY_PASSWORD=changeit diff --git a/ci/docker/test-cases/https-idscp2-header/.env b/ci/docker/test-cases/https-idscp2-header/.env index 730893db..2b5faeaf 100644 --- a/ci/docker/test-cases/https-idscp2-header/.env +++ b/ci/docker/test-cases/https-idscp2-header/.env @@ -1,5 +1,7 @@ BROKER_URL=https://broker.ids.isst.fraunhofer.de/infrastructure +AES256-SECRET-KEY=TRUEConnectorAESSecretKey123 + #SSL settings KEYSTORE_NAME=ssl-server.jks KEY_PASSWORD=changeit diff --git a/ci/docker/test-cases/https-idscp2-mixed/.env b/ci/docker/test-cases/https-idscp2-mixed/.env index 84ff37a6..81beeb60 100644 --- a/ci/docker/test-cases/https-idscp2-mixed/.env +++ b/ci/docker/test-cases/https-idscp2-mixed/.env @@ -1,5 +1,7 @@ BROKER_URL=https://broker.ids.isst.fraunhofer.de/infrastructure +AES256-SECRET-KEY=TRUEConnectorAESSecretKey123 + #SSL settings KEYSTORE_NAME=ssl-server.jks KEY_PASSWORD=changeit diff --git a/ci/docker/test-cases/ws-idscp2/.env b/ci/docker/test-cases/ws-idscp2/.env index cb2dcf4d..43bbf7a8 100644 --- a/ci/docker/test-cases/ws-idscp2/.env +++ b/ci/docker/test-cases/ws-idscp2/.env @@ -1,5 +1,7 @@ BROKER_URL=https://broker.ids.isst.fraunhofer.de/infrastructure +AES256-SECRET-KEY=TRUEConnectorAESSecretKey123 + #SSL settings KEYSTORE_NAME=ssl-server.jks KEY_PASSWORD=changeit diff --git a/ci/docker/test-cases/ws-ws/.env b/ci/docker/test-cases/ws-ws/.env index 1bef8a91..0308b7f6 100644 --- a/ci/docker/test-cases/ws-ws/.env +++ b/ci/docker/test-cases/ws-ws/.env @@ -1,5 +1,7 @@ BROKER_URL=https://broker.ids.isst.fraunhofer.de/infrastructure +AES256-SECRET-KEY=TRUEConnectorAESSecretKey123 + #SSL settings KEYSTORE_NAME=ssl-server.jks KEY_PASSWORD=changeit diff --git a/ci/mavenDependency.sh b/ci/mavenDependency.sh deleted file mode 100755 index 334110f3..00000000 --- a/ci/mavenDependency.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -echo "Installing maven dependencies..." - -mkdir -p $HOME/.m2/repository/de - -cp -f ./ci/.m2/settings/settings.xml $HOME/.m2 -cp -rf ./ci/.m2/de/* $HOME/.m2/repository/de/ diff --git a/doc/AUDIT.md b/doc/AUDIT.md index 8e9a7f56..0a0e201a 100644 --- a/doc/AUDIT.md +++ b/doc/AUDIT.md @@ -1,5 +1,21 @@ # Audit events in TRUE Connector +Audit events are stored in database (H2 with default configuration, possible to replace with PostgreSQL), this way tampering of the logs is prohibited. Entries in database are done only by the Execution Core Container. Column for storing auditLog entry is encrypted using *AES/GCM/NoPadding* algorithm which requires user to set valid password. It must be done using environment variable with following name: *AES256-SECRET-KEY*.
+When ECC inserts audit entry into Database, AuditLog value will be encrypted using provided algorithm, and when data is requested, it will be decrypted.
+ECC exposes protected endpoint, for API user, to fetch all audit logs, or audit logs for specific date: + +``` +https://localhost:8090/api/audit/ +``` + +or for specific date + +``` +https://localhost:8090/api/audit/?date=2024-02-12 +``` + +NOTE: date format must be in YYYY-MM-DD format. Otherwise response will be https 400 - bad request. + ## Audit event types TRUE Connector has list of audit events which can be found in following table: @@ -89,79 +105,40 @@ Here is the binding of properties and which events are covered with it: With default configuration, events will be logged in log file, in JSON format, like following: ``` -{ - "@timestamp": "2023-07-14T14:57:03.288+02:00", - "@version": "1", - "message": "TrueConnector Audit Event was received", - "logger_name": "JSON", - "thread_name": "task-3", - "level": "INFO", - "level_value": 20000, - "connectorRole": "Sender", - "event.type": "HTTP_REQUEST_RECEIVED", - "event.principal": "apiUser", - "event": { - "timestamp": 1689339423.287265000, - "principal": "apiUser", - "type": "HTTP_REQUEST_RECEIVED", - "data": { - "http.headers": { - "authorization": "******", - "content-length": "2968", - "resource": "https://w3id.org/idsa/autogen/textResource/1c9c8f02-f6f9-4a6e-b31b-997bf555b66c", - "postman-token": "2c52150c-8476-43d4-a9a6-f07244ecde5b", - "host": "localhost:8444", - "content-type": "application/json", - "connection": "keep-alive", - "cache-control": "no-cache", - "accept-encoding": "gzip, deflate, br", - "user-agent": "PostmanRuntime/7.32.3", - "accept": "*/*" - }, - "payload": "omitted for brevity", - "http.path": "https://localhost:8444/api/contractOffer/", - "correlationId": "c4d2c0b2-97aa-42d5-966b-84c2a4634b1f", - "http.method": "POST" - } - } -}{ - "@timestamp": "2023-07-14T14:57:03.342+02:00", - "@version": "1", - "message": "TrueConnector Audit Event was received", - "logger_name": "JSON", - "thread_name": "task-4", - "level": "INFO", - "level_value": 20000, - "connectorRole": "Sender", - "event.type": "CONTRACT_OFFER_CREATED", - "event.principal": "apiUser", - "event": { - "timestamp": 1689339423.341133100, - "principal": "apiUser", - "type": "CONTRACT_OFFER_CREATED", - "data": { - "http.headers": { - "authorization": "******", - "content-length": "2968", - "resource": "https://w3id.org/idsa/autogen/textResource/1c9c8f02-f6f9-4a6e-b31b-997bf555b66c", - "postman-token": "2c52150c-8476-43d4-a9a6-f07244ecde5b", - "host": "localhost:8444", - "content-type": "application/json", - "connection": "keep-alive", - "cache-control": "no-cache", - "accept-encoding": "gzip, deflate, br", - "user-agent": "PostmanRuntime/7.32.3", - "accept": "*/*" - }, - "http.path": "https://localhost:8444/api/contractOffer/", - "correlationId": "c4d2c0b2-97aa-42d5-966b-84c2a4634b1f", - "http.method": "POST" - } +[ + { + "id": 1, + "timestamp": "2024-02-12T11:02:34.567174", + "event": "UsernamePasswordAuthenticationToken [Principal=User{id='7d330566-3c3b-4358-99aa-77fd09e6fec7', username='apiUser', password='[PROTECTED]', role='API_USER', accountNonExpired=true, accountNonLocked=true, credentialsNonExpired=true, enabled=true}, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_API_USER]]" + }, + { + "id": 2, + "timestamp": "2024-02-12T11:03:33.26411", + "event": "UsernamePasswordAuthenticationToken [Principal=User{id='7d330566-3c3b-4358-99aa-77fd09e6fec7', username='apiUser', password='[PROTECTED]', role='API_USER', accountNonExpired=true, accountNonLocked=true, credentialsNonExpired=true, enabled=true}, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_API_USER]]" + }, + { + "id": 3, + "timestamp": "2024-02-12T11:04:47.443094", + "event": "UsernamePasswordAuthenticationToken [Principal=User{id='7d330566-3c3b-4358-99aa-77fd09e6fec7', username='apiUser', password='[PROTECTED]', role='API_USER', accountNonExpired=true, accountNonLocked=true, credentialsNonExpired=true, enabled=true}, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_API_USER]]" + }, + { + "id": 4, + "timestamp": "2024-02-12T11:54:09.858569", + "event": "AuditEvent [timestamp=2024-02-12T10:54:09.857568300Z, principal=idsUser, type=CONNECTOR_REQUEST, data={http.message=de.fraunhofer.iais.eis.ArtifactRequestMessageImpl, correlationId=ba5228e6-648c-44ad-aa85-a1ce0d8af809, http.method=POST}]" + }, + { + "id": 5, + "timestamp": "2024-02-12T11:54:09.896071", + "event": "AuditEvent [timestamp=2024-02-12T10:54:09.895003300Z, principal=idsUser, type=CONNECTOR_SEND, data={http.message=de.fraunhofer.iais.eis.ArtifactRequestMessageImpl, correlationId=ba5228e6-648c-44ad-aa85-a1ce0d8af809, http.method=POST}]" + }, + { + "id": 90, + "timestamp": "2024-02-12T11:59:51.69915", + "event": "AuditEvent [timestamp=2024-02-12T10:59:51.698151Z, principal=apiUser, type=HTTP_REQUEST_RECEIVED, data={http.headers={authorization=******, content-length=2968, resource=https://w3id.org/idsa/autogen/textResource/67ce1330-41fb-421a-8166-268746be5f17, host=localhost:8443, content-type=application/json, connection=keep-alive, accept-encoding=gzip, deflate, br, user-agent=PostmanRuntime/7.36.1, accept=*/*}, payload={\r\n \"@context\": {\r\n \"ids\": \"https://w3id.org/idsa/core/\",\r\n \"idsc\": \"https://w3id.org/idsa/code/\"\r\n },\r\n \"@type\": \"ids:ContractOffer\",\r\n \"@id\": \"https://w3id.org/idsa/autogen/contractOffer/a6cc0285-c948-48f2-9fa9-59bad3dbd825\",\r\n \"ids:permission\": [\r\n {\r\n \"@type\": \"ids:Permission\",\r\n \"@id\": \"https://w3id.org/idsa/autogen/permission/48047208-39df-4efe-881b-a2c444cf139a\",\r\n \"ids:target\": {\r\n \"@id\": \"http://w3id.org/engrd/connector/artifact/test\"\r\n },\r\n \"ids:description\": [\r\n {\r\n \"@value\": \"provide-access\",\r\n \"@type\": \"http://www.w3.org/2001/XMLSchema#string\"\r\n }\r\n ],\r\n \"ids:action\": [\r\n {\r\n \"@id\": \"https://w3id.org/idsa/code/USE\"\r\n }\r\n ],\r\n \"ids:title\": [\r\n {\r\n \"@value\": \"Example Usage Policy\",\r\n \"@type\": \"http://www.w3.org/2001/XMLSchema#string\"\r\n }\r\n ],\r\n \"ids:preDuty\": [],\r\n \"ids:constraint\": [\r\n {\r\n \"@type\": \"ids:Constraint\",\r\n \"@id\": \"https://w3id.org/idsa/autogen/constraint/f2cdadc7-3ac9-4eda-a7cf-c60822d53311\",\r\n \"ids:rightOperand\": {\r\n \"@value\": \"2024-02-12T10:59:51.570Z\",\r\n \"@type\": \"http://www.w3.org/2001/XMLSchema#dateTimeStamp\"\r\n },\r\n \"ids:leftOperand\": {\r\n \"@id\": \"https://w3id.org/idsa/code/POLICY_EVALUATION_TIME\"\r\n },\r\n \"ids:operator\": {\r\n \"@id\": \"https://w3id.org/idsa/code/AFTER\"\r\n }\r\n },\r\n {\r\n \"@type\": \"ids:Constraint\",\r\n \"@id\": \"https://w3id.org/idsa/autogen/constraint/79309e91-54eb-4325-aff7-3909d71626b3\",\r\n \"ids:rightOperand\": {\r\n \"@value\": \"2024-04-12T09:59:51.557Z\",\r\n \"@type\": \"http://www.w3.org/2001/XMLSchema#dateTimeStamp\"\r\n },\r\n \"ids:leftOperand\": {\r\n \"@id\": \"https://w3id.org/idsa/code/POLICY_EVALUATION_TIME\"\r\n },\r\n \"ids:operator\": {\r\n \"@id\": \"https://w3id.org/idsa/code/BEFORE\"\r\n }\r\n }\r\n ]\r\n }\r\n ],\r\n \"ids:provider\": {\r\n \"@id\": \"https://w3id.org/engrd/connector/\"\r\n },\r\n \"ids:contractStart\": {\r\n \"@value\": \"2024-02-12T10:59:51.570Z\",\r\n \"@type\": \"http://www.w3.org/2001/XMLSchema#dateTimeStamp\"\r\n },\r\n \"ids:contractDate\": {\r\n \"@value\": \"2024-02-12T10:59:51.570Z\",\r\n \"@type\": \"http://www.w3.org/2001/XMLSchema#dateTimeStamp\"\r\n }\r\n}, http.path=https://localhost:8443/api/contractOffer/, correlationId=4cea31f9-e444-43f4-abc9-cb113a122b23, http.method=POST}]" + }, + { + "id": 91, + "timestamp": "2024-02-12T11:59:51.753177", + "event": "AuditEvent [timestamp=2024-02-12T10:59:51.751176500Z, principal=apiUser, type=CONTRACT_OFFER_CREATED, data={http.headers={authorization=******, content-length=2968, resource=https://w3id.org/idsa/autogen/textResource/67ce1330-41fb-421a-8166-268746be5f17, host=localhost:8443, content-type=application/json, connection=keep-alive, accept-encoding=gzip, deflate, br, user-agent=PostmanRuntime/7.36.1, accept=*/*}, http.path=https://localhost:8443/api/contractOffer/, correlationId=4cea31f9-e444-43f4-abc9-cb113a122b23, http.method=POST}]" } -} - ``` - -User can modify default logging configuration and change logger to output data to ELK stack (Elasticsearch, Logstash, and Kibana) - -// TODO - how to configure logback to log to ELK diff --git a/doc/GHA tests.md b/doc/GHA tests.md index fd11c57e..be8673c1 100644 --- a/doc/GHA tests.md +++ b/doc/GHA tests.md @@ -16,6 +16,10 @@ | Connector-Unauthorized API user | Sends request to connector with wrong credentials | \- checks is status is 401
 \- chescks if response body contains NOT\_AUTHORIZED | X | X | X | \- http/https | \- http/https | | Connector-Unauthorized any user | Sends request to connector with wrong credentials | \- checks is status is 401
 \- chescks if response body contains NOT\_AUTHORIZED | X | X | X | \- http/https | \- http/https | | Firewall - not allowed HTTP request | Sends request to connector with not allowed HTTP operation - OPTIONS | \- checks is status is 405 | X | X | X | \- http/https | \- http/https | +| Audit logs | Sends request to connector to fetch all audit logs | \- checks is status is 200 | X | X | X | \- http/https | \- http/https | +| Audit logs for date | Sends request to connector to fetch audit logs for specific date | \- checks is status is 200 | X | X | X | \- http/https | \- http/https | +| Audit logs - Unauthorized API user | Fetch audit logs with invalid user - unauthorized | \- checks is status is 401 | X | X | X | \- http/https | \- http/https | +| Audit logs - Invalid date parameter | Fetch audit logs with invalid date format | \- checks is status is 400 | X | X | X | \- http/https | \- http/https | | Description Request Message | Sends a Description Request Message | \- checks if response status is 200
 \- checks if response body contains specific offered resource | X | X | X | \- http/https | \- http/https | | Description Request Message with offered resource | Sends a Description Request Message requesting a specific offered resource | \- checks if response status is 200
 \- checks if contract artifact exists
 \- checks if contract id exists
 \- checks if contract permission exists
 \- checks if contract provider exists | X | X | X | \- http/https | \- http/https | | Contract Request Message | Sends a Contract Request Message | \- checks if response status is 200
 \- checks if contract agreement exists
 \- checks if transfer contract exists | X | X | X | \- http/https | \- http/https | diff --git a/pom.xml b/pom.xml index 62285900..ca705b60 100644 --- a/pom.xml +++ b/pom.xml @@ -23,112 +23,109 @@ 0.5.2 0.8.8 - - - - - - - + - github - + snapshots + maven-snapshots + https://jfrog.iais.fraunhofer.de/artifactory/public + + + github + https://${GH_PACKAGE_REPO_PASSWORD}:x-oauth-basic@maven.pkg.github.com/Engineering-Research-and-Development/true-connector-multipart_message_library - - true - - - true - - - - - - - github - GitHub Packages - https://maven.pkg.github.com/Engineering-Research-and-Development/true-connector-execution_core_container - - - - + + true + + + true + + + + + + github + GitHub Packages + https://maven.pkg.github.com/Engineering-Research-and-Development/true-connector-execution_core_container + + + scm:git:git://github.com/Engineering-Research-and-Development/true-connector-execution_core_container.git scm:git:git@github.com:Engineering-Research-and-Development/true-connector-execution_core_container.git https://github.com/Engineering-Research-and-Development/true-connector-execution_core_container.git HEAD - - - - org.apache.maven - maven-model - 3.6.3 - - - org.apache.maven - maven-project - 2.2.1 - - - - org.springframework.boot - spring-boot-starter-actuator - - - org.springframework.boot - spring-boot-starter - - - org.springframework.boot - spring-boot-starter-logging - - - - - org.springframework.boot - spring-boot-starter-web - - - org.springframework.boot - spring-boot-devtools - runtime - true - - - org.springframework.boot - spring-boot-starter-aop - - - org.springframework.boot - spring-boot-starter-test - test - - - - - org.springdoc - springdoc-openapi-ui - 1.6.7 - - - - - it.eng.idsa - multipart-message-processor - ${multipart.message.processor.version} - - - logback-classic - ch.qos.logback - - - slf4j-simple - org.slf4j - - - - + + + org.apache.maven + maven-model + 3.6.3 + + + org.apache.maven + maven-project + 2.2.1 + + + + org.springframework.boot + spring-boot-starter-actuator + + + org.springframework.boot + spring-boot-starter + + + org.springframework.boot + spring-boot-starter-logging + + + + + org.springframework.boot + spring-boot-starter-web + + + org.springframework.boot + spring-boot-devtools + runtime + true + + + org.springframework.boot + spring-boot-starter-aop + + + org.springframework.boot + spring-boot-starter-test + test + + + org.springframework.boot + spring-boot-starter-data-jpa + + + + org.springdoc + springdoc-openapi-ui + 1.6.7 + + + + it.eng.idsa + multipart-message-processor + ${multipart.message.processor.version} + + + logback-classic + ch.qos.logback + + + slf4j-simple + org.slf4j + + + org.apache.camel @@ -165,7 +162,6 @@ camel-jetty-starter ${camel.version} - org.apache.camel camel-util @@ -182,11 +178,10 @@ ${camel.version} - org.apache.camel.springboot - camel-spring-security-starter - ${camel.version} + org.apache.camel.springboot + camel-spring-security-starter + ${camel.version} - com.squareup.retrofit2 @@ -198,7 +193,6 @@ converter-gson 2.7.1 - de.fhg.aisec.ids @@ -218,319 +212,310 @@ javax.xml.bind jaxb-api - + - - - org.asynchttpclient - async-http-client - 2.12.3 - - - org.eclipse.jetty.websocket - websocket-server - - - org.eclipse.jetty.websocket - websocket-client - - - - com.fasterxml.jackson.core - jackson-core - - - com.fasterxml.jackson.core - jackson-databind - - - com.fasterxml.jackson.core - jackson-annotations - - - com.auth0 - java-jwt - 3.19.3 - - - com.auth0 - jwks-rsa - 0.22.1 - - - - javax.validation - validation-api - - - org.apache.httpcomponents - httpmime - - - com.googlecode.json-simple - json-simple - 1.1.1 - - - org.apache.commons - commons-text - 1.10.0 - - - org.springframework.boot - spring-boot-configuration-processor - true - - - org.springframework.security - spring-security-core - - - org.springframework.security - spring-security-config - - - org.springframework.security - spring-security-web - - - - - commons-io - commons-io - 2.7 - - - - org.bouncycastle - bcprov-jdk15on - 1.69 - - - - logback-classic - ch.qos.logback - 1.2.7 - - - net.logstash.logback - logstash-logback-encoder - 7.3 - - - org.mockito - mockito-core - test - - - org.mockito - mockito-junit-jupiter - test - - - org.junit.platform - junit-platform-launcher - test - - - - - org.jetbrains.kotlin - kotlin-stdlib - 1.6.0 - - - - de.fhg.aisec.ids - camel-idscp2 - ${idscp2.libraries.version} - + + org.asynchttpclient + async-http-client + 2.12.3 + + + org.eclipse.jetty.websocket + websocket-server + + + org.eclipse.jetty.websocket + websocket-client + + + + com.fasterxml.jackson.core + jackson-core + + + com.fasterxml.jackson.core + jackson-databind + + + com.fasterxml.jackson.core + jackson-annotations + + + com.auth0 + java-jwt + 3.19.3 + + + com.auth0 + jwks-rsa + 0.22.1 + + + javax.validation + validation-api + + + org.apache.httpcomponents + httpmime + + + com.googlecode.json-simple + json-simple + 1.1.1 + + + org.apache.commons + commons-text + 1.10.0 + + + org.springframework.boot + spring-boot-configuration-processor + true + + + org.springframework.security + spring-security-core + + + org.springframework.security + spring-security-config + + + org.springframework.security + spring-security-web + + + + commons-io + commons-io + 2.7 + + + org.bouncycastle + bcprov-jdk15on + 1.69 + + + logback-classic + ch.qos.logback + 1.2.7 + + + net.logstash.logback + logstash-logback-encoder + 7.3 + + + org.mockito + mockito-core + test + + + org.mockito + mockito-junit-jupiter + test + + + org.junit.platform + junit-platform-launcher + test + + + + org.jetbrains.kotlin + kotlin-stdlib + 1.6.0 + + + de.fhg.aisec.ids + camel-idscp2 + ${idscp2.libraries.version} + de.fraunhofer.iais.eis.ids infomodel-serializer - - - - de.fhg.aisec.ids - idscp2-app-layer - ${idscp2.libraries.version} - + + + de.fhg.aisec.ids + idscp2-app-layer + ${idscp2.libraries.version} + de.fraunhofer.iais.eis.ids infomodel-serializer - - - - de.fhg.aisec.ids - idscp2 - ${idscp2.libraries.version} - - - - io.jsonwebtoken - jjwt-api - 0.11.2 - - - - com.squareup.okhttp3 - okhttp - 4.10.0 - - - - org.json - json - 20230227 - - - - org.bitbucket.b_c - jose4j - 0.9.3 - - - - de.fhg.aisec.ids - idscp2-rat-tpm2d - 0.2.2 - - - - - org.jetbrains - annotations - 13.0 - - - - com.squareup.okio - okio - 3.0.0 - - - - it.eng.idsa - multipart-message-processor - tests - test-jar - ${multipart.message.processor.version} - test - - - - - org.passay - passay - 1.6.2 - - - - - - - - src/main/resources - true - - ssl-server.jks - *.properties - *.xml - - - - - - org.apache.maven.plugins - maven-compiler-plugin - - ${project.java.version} - ${project.build.sourceEncoding} - - - - org.apache.maven.plugins - maven-resources-plugin - - ${project.build.sourceEncoding} - - - - org.springframework.boot - spring-boot-maven-plugin - - - build-info - - build-info - - - - - - org.apache.maven.plugins - maven-jar-plugin - - application - - - true - it.eng.idsa.businesslogic.Application - dependency-jars/ - false - - - . /config/ /cert/ - - - - - - org.apache.maven.plugins - maven-dependency-plugin - - - copy-dependencies - package - - copy-dependencies - - - ${project.build.directory}/dependency-jars/ - - - - - - org.jacoco - jacoco-maven-plugin - ${jacoco.version} - - - it/eng/idsa/businesslogic/usagecontrol/model/** - - - - - prepare-agent - - prepare-agent - - - - generate-coverage-report - test - - report - - - - - - - + + + de.fhg.aisec.ids + idscp2 + ${idscp2.libraries.version} + + + io.jsonwebtoken + jjwt-api + 0.11.2 + + + com.squareup.okhttp3 + okhttp + 4.10.0 + + + org.json + json + 20230227 + + + org.bitbucket.b_c + jose4j + 0.9.3 + + + de.fhg.aisec.ids + idscp2-rat-tpm2d + 0.2.2 + + + + org.jetbrains + annotations + 13.0 + + + com.squareup.okio + okio + 3.0.0 + + + it.eng.idsa + multipart-message-processor + tests + test-jar + ${multipart.message.processor.version} + test + + + + org.passay + passay + 1.6.2 + + + com.h2database + h2 + 2.2.224 + runtime + + + + org.postgresql + postgresql + 42.7.1 + + + + + + src/main/resources + true + + ssl-server.jks + *.properties + *.xml + + + + + + org.apache.maven.plugins + maven-compiler-plugin + + ${project.java.version} + ${project.build.sourceEncoding} + + + + org.apache.maven.plugins + maven-resources-plugin + + ${project.build.sourceEncoding} + + + + org.springframework.boot + spring-boot-maven-plugin + + + build-info + + build-info + + + + + + org.apache.maven.plugins + maven-jar-plugin + + application + + + true + it.eng.idsa.businesslogic.Application + dependency-jars/ + false + + + . /config/ /cert/ + + + + + + org.apache.maven.plugins + maven-dependency-plugin + + + copy-dependencies + package + + copy-dependencies + + + ${project.build.directory}/dependency-jars/ + + + + + + org.jacoco + jacoco-maven-plugin + ${jacoco.version} + + + it/eng/idsa/businesslogic/usagecontrol/model/** + + + + + prepare-agent + + prepare-agent + + + + generate-coverage-report + test + + report + + + + + + diff --git a/src/main/java/it/eng/idsa/businesslogic/entity/AuditLog.java b/src/main/java/it/eng/idsa/businesslogic/entity/AuditLog.java new file mode 100644 index 00000000..f4427bca --- /dev/null +++ b/src/main/java/it/eng/idsa/businesslogic/entity/AuditLog.java @@ -0,0 +1,60 @@ +package it.eng.idsa.businesslogic.entity; + +import java.time.LocalDateTime; +import it.eng.idsa.businesslogic.util.AES256; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.Table; + +import com.fasterxml.jackson.annotation.JsonProperty; + +@Entity +@Table(name = "AuditLogs") +public class AuditLog { + @Id + @GeneratedValue(strategy = GenerationType.AUTO) + @JsonProperty("id") + private Long id; + @JsonProperty("timestamp") + private LocalDateTime timestamp; + @JsonProperty("event") + @Column(columnDefinition = "TEXT") + private String event; + + public AuditLog() { + } + + public AuditLog(String event) { + this.event = AES256.encrypt(event); + this.timestamp = LocalDateTime.now(); + } + + public Long getId() { + return id; + } + + public void setId(Long id) { + this.id = id; + } + + public LocalDateTime getTimestamp() { + return timestamp; + } + + public void setTimestamp(LocalDateTime timestamp) { + this.timestamp = timestamp; + } + + public String getEvent() { + return event; + } + + public void setEvent(String event) { + this.event = event; + } + +} diff --git a/src/main/java/it/eng/idsa/businesslogic/listener/LoggingAuditEventListener.java b/src/main/java/it/eng/idsa/businesslogic/listener/LoggingAuditEventListener.java index d46d6aa8..48d5f27d 100644 --- a/src/main/java/it/eng/idsa/businesslogic/listener/LoggingAuditEventListener.java +++ b/src/main/java/it/eng/idsa/businesslogic/listener/LoggingAuditEventListener.java @@ -1,10 +1,6 @@ package it.eng.idsa.businesslogic.listener; -import static net.logstash.logback.argument.StructuredArguments.keyValue; - import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.boot.actuate.audit.listener.AuditApplicationEvent; import org.springframework.context.event.EventListener; import org.springframework.scheduling.annotation.Async; @@ -20,15 +16,18 @@ import it.eng.idsa.businesslogic.audit.EventTypeHandler; import it.eng.idsa.businesslogic.audit.TrueConnectorEvent; import it.eng.idsa.businesslogic.audit.TrueConnectorEventType; +import it.eng.idsa.businesslogic.entity.AuditLog; +import it.eng.idsa.businesslogic.service.AuditEventService; @Component public class LoggingAuditEventListener { - private static final Logger LOGGER = LoggerFactory.getLogger("JSON"); private EventTypeHandler eventTypeHandler; + private AuditEventService auditEventService; - public LoggingAuditEventListener(EventTypeHandler eventTypeHandler) { + public LoggingAuditEventListener(EventTypeHandler eventTypeHandler, AuditEventService auditEventService) { this.eventTypeHandler = eventTypeHandler; + this.auditEventService = auditEventService; } // @EventListener @@ -39,8 +38,7 @@ public void on(AuditApplicationEvent event) { return; } - LOGGER.info("Audit Event: {}", keyValue("event", event.getAuditEvent())); - + auditEventService.saveAuditEvent(new AuditLog(event.getAuditEvent().toString())); } @EventListener @@ -51,8 +49,7 @@ public void on(TrueConnectorEvent event) { return; } - LOGGER.info("TrueConnector Audit Event: {}", keyValue("event", event.getAuditEvent())); - + auditEventService.saveAuditEvent(new AuditLog(event.getAuditEvent().toString())); } @EventListener @@ -64,18 +61,18 @@ public void on(AbstractAuthorizationEvent abstractEvent) { } if (abstractEvent instanceof AuthorizationFailureEvent) { AuthorizationFailureEvent event = (AuthorizationFailureEvent) abstractEvent; - LOGGER.error("Failure authorization event: {}", keyValue("event", event.getSource())); - + auditEventService.saveAuditEvent(new AuditLog(event.getSource().toString())); } if (abstractEvent instanceof AuthorizedEvent) { AuthorizedEvent event = (AuthorizedEvent) abstractEvent; - LOGGER.info("Succesfull autorization event: {}", keyValue("event", event.getSource())); + auditEventService.saveAuditEvent(new AuditLog(event.getSource().toString())); } if (abstractEvent.getSource() instanceof FilterInvocation) { FilterInvocation filterInvocation = (FilterInvocation) abstractEvent.getSource(); - LOGGER.info("Filter invocation event: Filter: {}, Event: {}", filterInvocation.getRequestUrl(), - keyValue("event", abstractEvent.getSource())); + String auditEventDetails = createAuditLogEntryWithFiler(abstractEvent.getSource(), filterInvocation); + + auditEventService.saveAuditEvent(new AuditLog(auditEventDetails)); } } @@ -88,18 +85,26 @@ public void on(AbstractAuthenticationEvent abstractEvent) { } if (abstractEvent instanceof AuthenticationFailureBadCredentialsEvent) { AuthenticationFailureBadCredentialsEvent event = (AuthenticationFailureBadCredentialsEvent) abstractEvent; - LOGGER.error("Failure login event: {}", keyValue("event", event.getSource())); + auditEventService.saveAuditEvent(new AuditLog(event.getSource().toString())); } if (abstractEvent instanceof AuthenticationSuccessEvent) { AuthenticationSuccessEvent event = (AuthenticationSuccessEvent) abstractEvent; - LOGGER.info("Succesful login event: {}", keyValue("event", event.getSource())); + auditEventService.saveAuditEvent(new AuditLog(event.getSource().toString())); } if (abstractEvent.getSource() instanceof FilterInvocation) { FilterInvocation filterInvocation = (FilterInvocation) abstractEvent.getSource(); - LOGGER.info("Filter invocation event: Filter: {}, Event: {}", filterInvocation.getRequestUrl(), - keyValue("event", abstractEvent.getSource())); + String auditEventDetails = createAuditLogEntryWithFiler(abstractEvent.getSource(), filterInvocation); + + auditEventService.saveAuditEvent(new AuditLog(auditEventDetails)); } } + + private String createAuditLogEntryWithFiler(Object eventSource, FilterInvocation filterInvocation) { + String eventDetails = eventSource.toString(); + String requestUrl = filterInvocation.getRequestUrl(); + + return "Event: " + eventDetails + ", Filter: Requested URL=[" + requestUrl + "]"; + } } diff --git a/src/main/java/it/eng/idsa/businesslogic/repository/AuditEventRepository.java b/src/main/java/it/eng/idsa/businesslogic/repository/AuditEventRepository.java new file mode 100644 index 00000000..45fea7f0 --- /dev/null +++ b/src/main/java/it/eng/idsa/businesslogic/repository/AuditEventRepository.java @@ -0,0 +1,12 @@ +package it.eng.idsa.businesslogic.repository; + +import java.time.LocalDateTime; +import java.util.List; + +import org.springframework.data.jpa.repository.JpaRepository; + +import it.eng.idsa.businesslogic.entity.AuditLog; + +public interface AuditEventRepository extends JpaRepository { + List findByTimestampBetween(LocalDateTime startOfDay, LocalDateTime endOfDay); +} diff --git a/src/main/java/it/eng/idsa/businesslogic/service/AuditEventService.java b/src/main/java/it/eng/idsa/businesslogic/service/AuditEventService.java new file mode 100644 index 00000000..6f867ba8 --- /dev/null +++ b/src/main/java/it/eng/idsa/businesslogic/service/AuditEventService.java @@ -0,0 +1,49 @@ +package it.eng.idsa.businesslogic.service; + +import java.time.LocalDate; +import java.time.LocalDateTime; +import java.time.LocalTime; +import java.util.List; +import java.util.stream.Collectors; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import it.eng.idsa.businesslogic.entity.AuditLog; +import it.eng.idsa.businesslogic.repository.AuditEventRepository; +import it.eng.idsa.businesslogic.util.AES256; + +@Service +public class AuditEventService { + @Autowired + private AuditEventRepository auditRepository; + + public AuditLog saveAuditEvent(AuditLog auditEvent) { + return auditRepository.save(auditEvent); + } + + public List getAllAuditEvents() { + return auditRepository.findAll() + .parallelStream() + .map(this::decryptAuditLog) + .collect(Collectors.toList()); + } + + public List getAuditEventsForDate(LocalDate date) { + LocalDateTime startOfDay = date.atStartOfDay(); // Start of the day + LocalDateTime endOfDay = date.atTime(LocalTime.MAX); // End of the day + + return auditRepository.findByTimestampBetween(startOfDay, endOfDay) + .parallelStream() + .map(this::decryptAuditLog) + .collect(Collectors.toList()); + } + + private AuditLog decryptAuditLog(AuditLog auditLog) { + AuditLog a = new AuditLog(); + a.setId(auditLog.getId()); + a.setEvent(AES256.decrypt(auditLog.getEvent())); + a.setTimestamp(auditLog.getTimestamp()); + return a; + } +} diff --git a/src/main/java/it/eng/idsa/businesslogic/service/user/User.java b/src/main/java/it/eng/idsa/businesslogic/service/user/User.java index d97abe75..9ed4e98f 100644 --- a/src/main/java/it/eng/idsa/businesslogic/service/user/User.java +++ b/src/main/java/it/eng/idsa/businesslogic/service/user/User.java @@ -26,14 +26,14 @@ public class User implements UserDetails { this.password = requireNonNull(password); this.role = role; } - + User(final String id, final String username, final String password) { super(); this.id = requireNonNull(id); this.username = requireNonNull(username); this.password = requireNonNull(password); } - + public String getId() { return id; } @@ -41,8 +41,8 @@ public String getId() { @Override public Collection getAuthorities() { Set authorities = new HashSet(); - authorities.add(new SimpleGrantedAuthority("ROLE_" + role)); - return authorities; + authorities.add(new SimpleGrantedAuthority("ROLE_" + role)); + return authorities; } @Override @@ -75,4 +75,12 @@ public boolean isEnabled() { return true; } + @Override + public String toString() { + return "User{" + "id='" + id + '\'' + ", username='" + username + '\'' + ", password='" + + (password != null && !password.isEmpty() ? "[PROTECTED]" : "[NOT SET]") + '\'' + ", role='" + role + + '\'' + ", accountNonExpired=" + isAccountNonExpired() + ", accountNonLocked=" + isAccountNonLocked() + + ", credentialsNonExpired=" + isCredentialsNonExpired() + ", enabled=" + isEnabled() + '}'; + } + } diff --git a/src/main/java/it/eng/idsa/businesslogic/util/AES256.java b/src/main/java/it/eng/idsa/businesslogic/util/AES256.java new file mode 100644 index 00000000..33f452d9 --- /dev/null +++ b/src/main/java/it/eng/idsa/businesslogic/util/AES256.java @@ -0,0 +1,85 @@ +package it.eng.idsa.businesslogic.util; + +import java.security.SecureRandom; +import java.security.spec.KeySpec; +import java.util.Base64; + +import javax.crypto.Cipher; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.SecretKeySpec; + +import org.apache.commons.lang3.ObjectUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class AES256 { + + private static final Logger logger = LoggerFactory.getLogger(AES256.class); + + private static final int KEY_LENGTH = 256; + private static final int ITERATION_COUNT = 65536; + private static String secretKey; + private static final String salt = "hd2y3vxlLv"; + private static String algorithm = "AES/GCM/NoPadding"; + + static { + secretKey = ObjectUtils.isNotEmpty(System.getenv("AES256-SECRET-KEY")) ? + System.getenv("AES256-SECRET-KEY") : "FPrnUtKJIGX1EMs"; + } + + public static String encrypt(String strToEncrypt) { + try { + SecureRandom secureRandom = new SecureRandom(); + byte[] ivBytes = new byte[16]; + secureRandom.nextBytes(ivBytes); + + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + KeySpec spec = new PBEKeySpec(secretKey.toCharArray(), salt.getBytes(), ITERATION_COUNT, KEY_LENGTH); + SecretKey tmp = factory.generateSecret(spec); + SecretKeySpec secretKeySpec = new SecretKeySpec(tmp.getEncoded(), "AES"); + GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(128, ivBytes); + + Cipher cipher = Cipher.getInstance(algorithm); + cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, gcmParameterSpec); + + byte[] cipherText = cipher.doFinal(strToEncrypt.getBytes("UTF-8")); + byte[] encryptedData = new byte[ivBytes.length + cipherText.length]; + System.arraycopy(ivBytes, 0, encryptedData, 0, ivBytes.length); + System.arraycopy(cipherText, 0, encryptedData, ivBytes.length, cipherText.length); + + return Base64.getEncoder().encodeToString(encryptedData); + } catch (Exception e) { + logger.error("Error while encrypting", e); + return null; + } + } + + public static String decrypt(String strToDecrypt) { + try { + byte[] encryptedData = Base64.getDecoder().decode(strToDecrypt); + byte[] ivBytes = new byte[16]; + System.arraycopy(encryptedData, 0, ivBytes, 0, ivBytes.length); + + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + KeySpec spec = new PBEKeySpec(secretKey.toCharArray(), salt.getBytes(), ITERATION_COUNT, KEY_LENGTH); + SecretKey tmp = factory.generateSecret(spec); + SecretKeySpec secretKeySpec = new SecretKeySpec(tmp.getEncoded(), "AES"); + GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(128, ivBytes); + + Cipher cipher = Cipher.getInstance(algorithm); + cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, gcmParameterSpec); + + byte[] cipherText = new byte[encryptedData.length - 16]; + System.arraycopy(encryptedData, 16, cipherText, 0, cipherText.length); + + byte[] decryptedText = cipher.doFinal(cipherText); + return new String(decryptedText, "UTF-8"); + } catch (Exception e) { + logger.error("Error while decrypting", e); + return null; + } + } +} diff --git a/src/main/java/it/eng/idsa/businesslogic/web/rest/resources/AuditController.java b/src/main/java/it/eng/idsa/businesslogic/web/rest/resources/AuditController.java new file mode 100644 index 00000000..408a268b --- /dev/null +++ b/src/main/java/it/eng/idsa/businesslogic/web/rest/resources/AuditController.java @@ -0,0 +1,64 @@ +package it.eng.idsa.businesslogic.web.rest.resources; + +import java.time.LocalDate; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.format.annotation.DateTimeFormat; +import org.springframework.http.MediaType; +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.ExceptionHandler; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; + +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.media.Content; +import io.swagger.v3.oas.annotations.media.Schema; +import io.swagger.v3.oas.annotations.responses.ApiResponse; +import io.swagger.v3.oas.annotations.responses.ApiResponses; +import io.swagger.v3.oas.annotations.tags.Tag; +import it.eng.idsa.businesslogic.entity.AuditLog; +import it.eng.idsa.businesslogic.service.AuditEventService; + +@Tag(name = "Audit controller", description = "Returns audit logs.") +@RestController +@RequestMapping("/api/audit/") +public class AuditController { + + private static final Logger logger = LoggerFactory.getLogger(AuditController.class); + + private AuditEventService auditService; + + public AuditController(AuditEventService auditService) { + this.auditService = auditService; + } + + @Operation(summary = "All audit logs", tags = "Audit controller - all audit logs") + @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "All audit logs", content = { + @Content(mediaType = "application/json", schema = @Schema(implementation = AuditLog.class)) }) }) + @GetMapping(produces = MediaType.APPLICATION_JSON_VALUE) + @ResponseBody + public ResponseEntity> getAuditLogs( + @RequestParam(value = "date", required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE) LocalDate date) { + if (date != null) { + logger.info("Fetching audit logs for date: {}", date); + return ResponseEntity.ok(auditService.getAuditEventsForDate(date)); + } else { + logger.info("Fetching all audit logs"); + return ResponseEntity.ok(auditService.getAllAuditEvents()); + } + } + + @ExceptionHandler(IllegalArgumentException.class) + public ResponseEntity handleError(HttpServletRequest req, Exception ex) { + logger.error("Request: " + req.getRequestURL() + " raised " + ex); + + return ResponseEntity.badRequest().body(null); + } +} diff --git a/src/main/resources/application-RECEIVER.properties b/src/main/resources/application-RECEIVER.properties index a36ba4c7..677cd9af 100644 --- a/src/main/resources/application-RECEIVER.properties +++ b/src/main/resources/application-RECEIVER.properties @@ -194,6 +194,19 @@ application.selfdescription.filelocation=. application.selfdescription.inboundModelVersion=4.0.0,4.1.0,4.1.2,4.2.0,4.2.1,4.2.2,4.2.3,4.2.4,4.2.5,4.2.6,4.2.7 application.selfdescription.defaultEndpoint= +#H2 properties +spring.datasource.url=jdbc:h2:file:./audit_logs_receiever;CIPHER=AES +spring.jpa.database-platform=org.hibernate.dialect.H2Dialect +spring.datasource.driver-class-name=org.h2.Driver + +spring.jpa.show-sql=false +spring.jpa.generate-ddl=true +spring.jpa.hibernate.ddl-auto=update +spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true +spring.h2.console.enabled=true +spring.datasource.username=sa +spring.datasource.password=file_password password + #Springdoc springdoc.packagesToScan=it.eng.idsa.businesslogic.web.rest springdoc.pathsToMatch=/** diff --git a/src/main/resources/application-SENDER.properties b/src/main/resources/application-SENDER.properties index c4381c04..c52254dd 100644 --- a/src/main/resources/application-SENDER.properties +++ b/src/main/resources/application-SENDER.properties @@ -196,6 +196,19 @@ application.selfdescription.filelocation=. application.selfdescription.inboundModelVersion=4.0.0,4.1.0,4.1.2,4.2.0,4.2.1,4.2.2,4.2.3,4.2.4,4.2.5,4.2.6,4.2.7 application.selfdescription.defaultEndpoint= +#H2 properties +spring.datasource.url=jdbc:h2:file:./audit_logs_sender;CIPHER=AES +spring.jpa.database-platform=org.hibernate.dialect.H2Dialect +spring.datasource.driver-class-name=org.h2.Driver + +spring.jpa.show-sql=false +spring.jpa.generate-ddl=true +spring.jpa.hibernate.ddl-auto=update +spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true +spring.h2.console.enabled=true +spring.datasource.username=sa +spring.datasource.password=file_password password + #Springdoc springdoc.packagesToScan=it.eng.idsa.businesslogic.web.rest springdoc.pathsToMatch=/** diff --git a/src/main/resources/logback-RECEIVER.xml b/src/main/resources/logback-RECEIVER.xml index 88a1907d..5c4bf168 100644 --- a/src/main/resources/logback-RECEIVER.xml +++ b/src/main/resources/logback-RECEIVER.xml @@ -9,17 +9,6 @@ - - true_connector_audit_RECEIVER.log - true - - - - - - - - diff --git a/src/main/resources/logback-SENDER.xml b/src/main/resources/logback-SENDER.xml index 79d72a02..24b379fd 100644 --- a/src/main/resources/logback-SENDER.xml +++ b/src/main/resources/logback-SENDER.xml @@ -8,17 +8,6 @@ %d{dd-MM-yyyy HH:mm:ss.SSS} [%thread] %-5level %logger{35} - %msg %n - - - true_connector_audit_SENDER.log - true - - - - - - - diff --git a/src/test/java/it/eng/idsa/businesslogic/listener/LoggingAuditEventListenerTest.java b/src/test/java/it/eng/idsa/businesslogic/listener/LoggingAuditEventListenerTest.java index 72bca992..0afc73ea 100644 --- a/src/test/java/it/eng/idsa/businesslogic/listener/LoggingAuditEventListenerTest.java +++ b/src/test/java/it/eng/idsa/businesslogic/listener/LoggingAuditEventListenerTest.java @@ -18,46 +18,51 @@ import it.eng.idsa.businesslogic.audit.EventTypeHandler; import it.eng.idsa.businesslogic.audit.TrueConnectorEvent; import it.eng.idsa.businesslogic.audit.TrueConnectorEventType; +import it.eng.idsa.businesslogic.service.AuditEventService; import it.eng.idsa.multipart.domain.MultipartMessage; import it.eng.idsa.multipart.util.UtilMessageService; public class LoggingAuditEventListenerTest { private LoggingAuditEventListener listener; - + private MultipartMessage multipartMessage; - + private Authentication authentication; - + private FilterInvocation filterInvocation; - + private EventTypeHandler eventTypeHandler; - + + private AuditEventService auditEventService; + @BeforeEach public void init() { eventTypeHandler = mock(EventTypeHandler.class); authentication = mock(Authentication.class); + auditEventService = mock(AuditEventService.class); filterInvocation = mock(FilterInvocation.class); - listener = new LoggingAuditEventListener(eventTypeHandler); + listener = new LoggingAuditEventListener(eventTypeHandler, auditEventService); when(eventTypeHandler.shouldAuditEvent(any())).thenReturn(true); } - + @Test public void onTrueConnectorEvent() { - multipartMessage = new MultipartMessage(null, null, UtilMessageService.getArtifactRequestMessage(), null, null, null, null, null); + multipartMessage = new MultipartMessage(null, null, UtilMessageService.getArtifactRequestMessage(), null, null, + null, null, null); TrueConnectorEvent tcEvent = new TrueConnectorEvent(TrueConnectorEventType.CONNECTOR, multipartMessage); listener.on(tcEvent); } - + @Test public void onAbstractAuthorizationEventEvent() { Collection attributes = new HashSet<>(); - + AuthorizationFailureEvent event = new AuthorizationFailureEvent(filterInvocation, attributes, authentication, new AccessDeniedException("Access denied")); when(authentication.getName()).thenReturn("user"); when(filterInvocation.getRequestUrl()).thenReturn("/some/url/test"); - + listener.on(event); } } diff --git a/src/test/java/it/eng/idsa/businesslogic/util/AES256Test.java b/src/test/java/it/eng/idsa/businesslogic/util/AES256Test.java new file mode 100644 index 00000000..b7cb24c5 --- /dev/null +++ b/src/test/java/it/eng/idsa/businesslogic/util/AES256Test.java @@ -0,0 +1,21 @@ +package it.eng.idsa.businesslogic.util; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; + +import org.junit.jupiter.api.Test; + +public class AES256Test { + + private String originalString = "String used to test AES256 encryption/decryption"; + + @Test + public void encryptDecrypt() { + String encrypted = AES256.encrypt(originalString); + assertNotNull(encrypted); + System.out.println(encrypted); + String decrypted = AES256.decrypt(encrypted); + assertEquals(originalString, decrypted); + System.out.println(decrypted); + } +}