eu-federation-gateway-service / efgs-federation-gateway Goto Github PK

Describe the bug

The datatype for days_since_onset_of_symptoms is uint32.

Expected behaviour

It should be a sint32 --> https://developers.google.com/android/exposure-notifications/exposure-key-file-format

Possible Fix

• Change it in proto-file and also in database entity.
• Update proto-file in simulator

• The “logging” best practices are documented by Splunk at this location: https://dev.splunk.com/enterprise/docs/developapps/logging/loggingbestpractices/#Event-best-practices. Very special attention should be made to “Use clear key-value pairs, use of timestamps for every events, log in text format” at least.

• Then we will need the corresponding documentation/specification for each log file to be collected, including (but not limited to):
  o The purpose of the log file: like operational or security monitoring/auditing of this particular “layer XYZ”
  o The exact format (should be straightforward if they respect the best practices mentioned here above)
  o The remarkable events (=log lines): which key/values shall we “filter on” to find such special events like: authentications to the application (successful and failed),
  audit events (like changes in the application configuration), …
  o The daily volume to expect in production for the log file (in MB or GB/Day)
  o If correlation are supposed to be done between this log and other ones? In that case, what could be the identifiers (log keys) to use to correlate (join) with each other respective logs

• Optional: some specifications (mock-up + “query” behind each panels) for any dashboards that may be built on this/these logs (alone or correlated with others),
  and access rules for these logs (access limited to EC networks).

• integrate batch process into call back use case

1. send notification to all registered callback URI with the newly created batch tag
2. implement retry mechanism (extensive logging)

Describe the bug

Swagger is not available on 8090 port. There is swagger on http://localhost:**8080**/swagger-ui/index.html but it is default tamplate - with pets endpoint :) I am on the master branch.

Expected behaviour

http://localhost:8090/swagger-ui/index.html will present api documentation

Steps to reproduce the issue

Go to http://localhost:8090/swagger-ui/index.html - doesn't work
go to http://localhost:8080/swagger-ui/index.html - default swagger template is showing

The Log messages from callback feature need to be added to the software architecture document. The CDC needs this information to properly monitor the application.

Current Implementation

In the current implementation the user must make sure that the upload batch tag name is globally unique. This is something the user can not implement

Suggested Enhancement

The system adds a user specific prefix for the upload tag name and so that for the user the tag name must be only unique for himself

Needs to be agreed with OPS Team

• make sure that within a batch the versions (FormatInformation, majorVersion) of the uploaded data are the same
  proposal: separate new versions in separate batches

• add to the questionaire
  -- more details on the delete job, how is it technically implemented

• as soon as the cert governance is ready and specified, inform privacy team and update questionaire

As preparation a REST controller was already created for callbacks. Now we need to implement the business logic.

A few of the following TODOs are already (or at least partly) implemented in the callback branch. Please consider the implementation details document for detailed information about each todo.

TODO:

• Data Model
• URL Check
• Callback Subscribing Workflow
• New Batch Created Workflow
• Task Executor
• Execution Lock Cleanup
• Callback Unsubscribing
• Add Log Messages to doc

• remove /script dpkg.java (for distroless containers to be scannable for que clair)
• move nbproject into .gitignore
• adjust links in badges on README.md
• remove draw-io originals in /docs

We should implement a validation of incomming diagnosis keys according to the GAEN specification. (https://developers.google.com/android/exposure-notifications/exposure-notifications-api)

Also we have to adapt the simulator to only generate valid test data.

Describe the bug

When batching process is in progress upload requests are blocked until database is available again. This can result in timeouts on client side.

Expected behaviour

Upload requests should be answered in a few seconds and not timeout.

Steps to reproduce the issue

1. Upload a big amount of keys (eg. 50 upload requests with 5000 keys each)
2. wait until batching starts
3. requests will timeout

Possible Fix

Implement Schedule-Lock to limit batch processing to one instance which results in the possibility to remove the transaction level isolation. (--> Keys can be uploaded during batching process)

• Prepare/answer Fragebogen
• Fragebogen needs to be gotten from @alstiefel

At the moment tests were only made with usage of RSA signed certificates. We also need to test whether EFGS accepts EC-signed certificates.

• create two different certificates (RSA, EC)
• test key-upload (mtls, batch)

It would be nice that docker images would be published on GitHub Packages, so backend developers wouldn't need to install Java, etc to be able to test integration with EFGS on local dev machine.

Currently to build docker images on a Mac you have to:

brew tap AdoptOpenJDK/openjdk
brew cask install adoptopenjdk11
export JAVA_HOME=$(/usr/libexec/java_home -v11)
mvn clean install -P docker
bash -c "cd target/docker && docker-compose up --build"

It would be much easier to just:

# docker pull docker.pkg.github.com/eu-federation-gateway-service/efgs-federation-gateway/backend:latest
docker-compose up --build

I could try to make a PR with GitHub Action workflow changes if this is something you are interested.

Also currently as I understand that without F5 LB there is no way to start EFGS with mTLS locally on developer machine. I have created some k8s configs with envoy proxy (the only one I could find that supports client cert sha256 fingerprints in headers) and it looks like it could be ok for dev/test environment for us - https://gist.github.com/ebeigarts/e129f7bd44ef06fbbb5ce028af8c9cdf

Despite the specification stating the mTLS for call back is implemented by the http proxy,
it needs to be implemented on the EFGS service level.

The implementation should

• use a JKS to store the client certificate (incl. the private key) -> 2 pw secured files
• implement certificate pinning for the server certificate based on the information stored in the trusted key list (aka white list)

At the moment we have to provide a absolute path in the logback config. (Relative paths are not working on dev environment)
We have to investigate how to use pathes relative to the tomcat installation/ project root.

As per contract
"
The development team will provide a software version for acceptance testing by end of 4th week after contract signing
"

Deliverables

• war file containing EFGS
• DB installation script will be done during startup using liqubase, a DB superuser will be required, to set isolation level and create DB structure

Bootstrapping DataDB

• Onboard TestCountry (incl. all certificates)
• will be done via SQL inserts
  --> Felix

Configure EFGS

• only DB connection params need to be set, via system variables
  `spring:
  datasource:
  url: jdbc:mysql://localhost:3306/fg
  username: sa
  password: sa
  driver-class-name: com.mysql.cj.jdbc.Driver
  jpa:
  database-platform: org.hibernate.dialect.MySQL5InnoDBDialect

efgs:
callback:
proxy-host: localhost
proxy-port: 1234

`

Deliverable DIGIT

• JDBC connection string
• db user/pw (must not be shared with us)
• TLS certificates for http connections *1
• domain name, DNS entry
• public IP, dedicated VIP

Installation Steps DIGIT

• Configuration Reverse Proxy Farm (Blue Coat)
• Upload *1 to load balancer F5
• import certificates from Bootstrapping into LoadBalancer

Open Issues:

• how do we configure environment specific settings
  -- db user/pwd, active profile, jdbc

Open Issues Dev Team

• support http proxy

Process

• next steps termin mit tobias
• next step schedule mit DIGIT

Provide Test Data

• test country
• certificates

to allow testing in a newly setup environment

We need to setup the dev envirnmont in the provided DEV/OTC infrastructure

• Tennant
• Managed Server Tomcat
• Managed Server MySQL 5.6
• Loadbalancer
• Server certificates
• DNS name
• Managed Server MySQL 5.7 (Upgrade)

Input from external
"The upload controller code has an explicit check that the uploader-chosen batchTag is not yet in the current key list, and there is a test case that effectively checks this.
However, in practice, old keys should get deleted, and batchDocuments overwrites the batchTags of the keys.
This means that if either a delete or batchDocuments happens between the two upload attempts, a duplicate upload will be allowed. "

The upload batch tag name must be preserved, otherwise it becomes useless. The batching should use a separate attribute for its name.

• needed infrastructure

• examples

• hashwert-calculation (Luis mit Bsp)

• welche Zertifikate brauchen wir, wo bekommen wir die?

• Wie funktioniert Datentopfbildung (nach Ländern werden die Töpfe gebaut...)

• Welches Datenformat? Version 1.0 hoch, dann 1.0 runter

Current Implementation

Logs are nearly the same for console and the log file.
Because on prod env both console and log file are monitored we have to remove all log messages from console.

Suggested Enhancement

Activate Console Appender only if application is in dev profile.

Please be aware of the TODO in the software-design-federation-gateway-service document!

Implement 5.6 Callback Interface from the technical specification

• special security requirements, need to be understood with the help of Steffen

Non-HTTPS connections are rejected. No FTP, gopher etc.

To avoid the execution of internal services, the given address must be checked for non-public addresses.

The resolution of the HTTPS addresses needs to be checked for non-public addresses.

Current Implementation

At the moment only some logging values are wrapped with ".

Suggested Enhancement

All loggin values should be wrapped with ".
Maybe this can be done by implementing a custom MDC class which automatically wraps values with "
Also the logback config should be changed.

Also put the MDC parameters at the end of the log message to avoid ", ,"-bug

Expected Benefits

For CDC it is simpler to parse log messages and also we can use special characters in our MDC values without breaking log format.

Describe the bug

When you expand the upload-endpoint on swagger the swagger-UI is loading and sometimes doesn't respond.
After approx. 10-20 sec. the endpoint had been expanded.

If you want to collapse the endpoint again or expand other endpoints (after expanding the upload-endpoint) it tooks again 10-20 sec.

Expected behaviour

The upload-swagger-endpoint should be expand- and collapsable in lower than a second. (like the other endpoints)

Steps to reproduce the issue

1. Start the application
2. Go to swagger-ui
3. Expand the endpoint ".../upload"

Possible Reason

UploadController -> Parameter -> @org.springframework.web.bind.annotation.RequestBody EfgsProto.DiagnosisKeyBatch body,

Possible Fix

UploadController -> Parameter ->
@org.springframework.web.bind.annotation.RequestBody @ Parameter(hidden = true) EfgsProto.DiagnosisKeyBatch body,

Hi,
Could you please argue a bit more the "docker build" part?
According to the documentation, we read "just enable the maven profile docker", what is meant? What do we have to change in the pom.xml?
Also with the command "mvn clean install" under the target folder no docker folder is created.
waiting for your kind reply!

Thank you

The batch service implement the API for scheduling the batch job.
The current implementation works until we deploy multiple instances of our gateway.
Spring, by default, cannot handle scheduler synchronization over multiple instances
– it executes the jobs simultaneously on every node instead.

Check and Implement ShedLock – a Java library (works only in environments with a shared database) that makes sure our scheduled tasks run only once at the same time.

see: https://github.com/lukas-krecan/ShedLock

Deliver the documents

It is expected that all uploaded data is deleted after 14 days (creation date), this is relevant the tables diagnosiskey, diagnosiskeybatch.

Bitte Prüfen und ggf. anpassen bzw. kommentieren. Anpassen bitte nur, wenn es nicht mit der Log best practice kollidiert, die wir seitens DIGIT genannt bekommen haben.

Here are some questions from my side:

• According to the document we received from you, log message “error verifying batch signature”, which is not in the sample logs, comes with “exception”. Can it be ensured that “exception” is one-line rather than multi-line? Meaning, we hope that ‘\n’ or any new line character can be replaced by other characters.
• The following lines (in line 195) seems to be one log which contains multiple lines:

timestamp=2020-08-14T09:17:08.577Z, level=ERROR, hostname=BE1DA651, pid=19900, trace=e1d9197707c04061, span=e1d9197707c04061, thread=http-nio-8090-exec-3, class=o.h.engine.jdbc.spi.SqlExceptionHelper, message="Eindeutiger Index oder Primärschlüssel verletzt: "PUBLIC.CONSTRAINT_INDEX_3 ON PUBLIC.DIAGNOSISKEY(PAYLOAD_HASH) VALUES 9"
Unique index or primary key violation: "PUBLIC.CONSTRAINT_INDEX_3 ON PUBLIC.DIAGNOSISKEY(PAYLOAD_HASH) VALUES 9"; SQL statement:
insert into diagnosiskey (id, batch_tag, created_at, format_major_version, format_minor_version, payload_days_since_onset_of_symptoms, payload_key_data, payload_origin, payload_report_type, payload_rolling_period, payload_rolling_start_interval_number, payload_transmission_risk_level, payload_visited_countries, payload_hash, uploader_information_batch_signature, uploader_information_batch_tag, uploader_information_country, uploader_information_thumbprint) values (null, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) [23505-200]"

Again, can ‘\n’ or any new line character be replaced by other characters? Moreover, there are “"”s inside “message”. Would it be possible to replace all the “"” inside with ‘'’ so that it won’t be ambiguous to see something like this: message="A says:"Hi. :)"".

Viele Grüße
Chun-Te Sung

• reflect the current implementation
• check possible improvements using more JPA (without reducing legibility)
• optimize the accesses and traffic
• check the use a transaction - high isolation (The initial assumption is to use TRANSACTION_SERIALIZABLE)

SERIALIZABLE is the highest level of isolation. It prevents all mentioned concurrency side effects but can lead to the lowest concurrent access rate because it executes concurrent calls sequentially. In other words, concurrent execution of a group of serializable transactions has the same result as executing them in serial.

The exported openapi.json file in docs directory is outdated. We need to regenerate this file and store it.

• NOTICE
• CODEOWNERS
• README
• THIRD-PARTY-NOTICES

Remove the need to have such a user.

Remove the transaction setting statement from the liquibase script.
Do testing whether the spring annotation based is effective

The architecture document which is linked in the docs:

https://ec.europa.eu/health/sites/health/files/ehealth/docs/mobileapps_interoperabilitydetailedelements_en.pdf

Contains out of date information. Specifically a whole discussion over databases with the result being to use MongoDb.

In this repository I see use of MySQL (which seems better, you at least avoid the well documented problems with the vendor behind MongoDB).

Is it possible to include that document here; and keep it up to date? Preferably in markdown.

Use Maven to generate a Zip File following the naming schema CORONA_TRACING_BACKEND001_TST-TEST-0.2.0
With fhe following folders

• classpathFILE
• classpathPOST
• classpathPRE
• webapps

Provide deliverable
"Provide technical requirements for the hosting of the EFGS"

• Source File: docs/software-design-federation-gateway-service.md
• Line(s): 585
• Question: Shouldn't instead of outkey argument to openssl should be keyout?

When trying to download an audit for a batch when using MySQL as DB an 500 Error is returned

Error message:

ERROR [cwa-federation-gateway,,,] 7672 --- [nio-8090-exec-2] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.springframework.dao.InvalidDataAccessResourceUsageException: could not extract ResultSet; SQL [n/a]; nested exception is org.hibernate.exception.SQLGrammarException: could not extract ResultSet] with root cause java.sql.SQLSyntaxErrorException: Expression #1 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'fg.diagnosisk0_.uploader_information_country' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:120) ~[mysql-connector-java-8.0.20.jar:8.0.20] at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:97) ~[mysql-connector-java-8.0.20.jar:8.0.20] at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:122) ~[mysql-connector-java-8.0.20.jar:8.0.20] at com.mysql.cj.jdbc.ClientPreparedStatement.executeInternal(ClientPreparedStatement.java:953) ~[mysql-connector-java-8.0.20.jar:8.0.20] at com.mysql.cj.jdbc.ClientPreparedStatement.executeQuery(ClientPreparedStatement.java:1003) ~[mysql-connector-java-8.0.20.jar:8.0.20] at com.zaxxer.hikari.pool.ProxyPreparedStatement.executeQuery(ProxyPreparedStatement.java:52) ~[HikariCP-3.4.5.jar:na] at com.zaxxer.hikari.pool.HikariProxyPreparedStatement.executeQuery(HikariProxyPreparedStatement.java) ~[HikariCP-3.4.5.jar:na] at org.hibernate.engine.jdbc.internal.ResultSetReturnImpl.extract(ResultSetReturnImpl.java:57) ~[hibernate-core-5.4.17.Final.jar:5.4.17.Final] at org.hibernate.loader.Loader.getResultSet(Loader.java:2285) ~[hibernate-core-5.4.17.Final.jar:5.4.17.Final] at org.hibernate.loader.Loader.executeQueryStatement(Loader.java:2038) ~[hibernate-core-5.4.17.Final.jar:5.4.17.Final] at org.hibernate.loader.Loader.executeQueryStatement(Loader.java:2000) ~[hibernate-core-5.4.17.Final.jar:5.4.17.Final] at org.hibernate.loader.Loader.doQuery(Loader.java:951) ~[hibernate-core-5.4.17.Final.jar:5.4.17.Final] at org.hibernate.loader.Loader.doQueryAndInitializeNonLazyCollections(Loader.java:352) ~[hibernate-core-5.4.17.Final.jar:5.4.17.Final] at org.hibernate.loader.Loader.doList(Loader.java:2831) ~[hibernate-core-5.4.17.Final.jar:5.4.17.Final] at org.hibernate.loader.Loader.doList(Loader.java:2813) ~[hibernate-core-5.4.17.Final.jar:5.4.17.Final] at org.hibernate.loader.Loader.listIgnoreQueryCache(Loader.java:2645) ~[hibernate-core-5.4.17.Final.jar:5.4.17.Final] at org.hibernate.loader.Loader.list(Loader.java:2640) ~[hibernate-core-5.4.17.Final.jar:5.4.17.Final] at org.hibernate.loader.hql.QueryLoader.list(QueryLoader.java:506) ~[hibernate-core-5.4.17.Final.jar:5.4.17.Final] at org.hibernate.hql.internal.ast.QueryTranslatorImpl.list(QueryTranslatorImpl.java:400) ~[hibernate-core-5.4.17.Final.jar:5.4.17.Final] at org.hibernate.engine.query.spi.HQLQueryPlan.performList(HQLQueryPlan.java:219) ~[hibernate-core-5.4.17.Final.jar:5.4.17.Final] at org.hibernate.internal.SessionImpl.list(SessionImpl.java:1412) ~[hibernate-core-5.4.17.Final.jar:5.4.17.Final] at org.hibernate.query.internal.AbstractProducedQuery.doList(AbstractProducedQuery.java:1565) ~[hibernate-core-5.4.17.Final.jar:5.4.17.Final] at org.hibernate.query.internal.AbstractProducedQuery.list(AbstractProducedQuery.java:1533) ~[hibernate-core-5.4.17.Final.jar:5.4.17.Final] at org.hibernate.query.Query.getResultList(Query.java:165) ~[hibernate-core-5.4.17.Final.jar:5.4.17.Final] at org.springframework.data.jpa.repository.query.JpaQueryExecution$CollectionExecution.doExecute(JpaQueryExecution.java:126) ~[spring-data-jpa-2.3.1.RELEASE.jar:2.3.1.RELEASE] at org.springframework.data.jpa.repository.query.JpaQueryExecution.execute(JpaQueryExecution.java:88) ~[spring-data-jpa-2.3.1.RELEASE.jar:2.3.1.RELEASE] at org.springframework.data.jpa.repository.query.AbstractJpaQuery.doExecute(AbstractJpaQuery.java:154) ~[spring-data-jpa-2.3.1.RELEASE.jar:2.3.1.RELEASE] at org.springframework.data.jpa.repository.query.AbstractJpaQuery.execute(AbstractJpaQuery.java:142) ~[spring-data-jpa-2.3.1.RELEASE.jar:2.3.1.RELEASE] at org.springframework.data.repository.core.support.QueryExecutorMethodInterceptor$QueryMethodInvoker.invoke(QueryExecutorMethodInterceptor.java:195) ~[spring-data-commons-2.3.1.RELEASE.jar:2.3.1.RELEASE] at org.springframework.data.repository.core.support.QueryExecutorMethodInterceptor.doInvoke(QueryExecutorMethodInterceptor.java:152) ~[spring-data-commons-2.3.1.RELEASE.jar:2.3.1.RELEASE] at org.springframework.data.repository.core.support.QueryExecutorMethodInterceptor.invoke(QueryExecutorMethodInterceptor.java:130) ~[spring-data-commons-2.3.1.RELEASE.jar:2.3.1.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.data.projection.DefaultMethodInvokingMethodInterceptor.invoke(DefaultMethodInvokingMethodInterceptor.java:80) ~[spring-data-commons-2.3.1.RELEASE.jar:2.3.1.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:367) ~[spring-tx-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:118) ~[spring-tx-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:139) ~[spring-tx-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.data.jpa.repository.support.CrudMethodMetadataPostProcessor$CrudMethodMetadataPopulatingMethodInterceptor.invoke(CrudMethodMetadataPostProcessor.java:149) ~[spring-data-jpa-2.3.1.RELEASE.jar:2.3.1.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:95) ~[spring-aop-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212) ~[spring-aop-5.2.7.RELEASE.jar:5.2.7.RELEASE] at com.sun.proxy.$Proxy178.findAllByUploader_BatchTag(Unknown Source) ~[na:na] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na] at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na] at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344) ~[spring-aop-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:205) ~[spring-aop-5.2.7.RELEASE.jar:5.2.7.RELEASE] at com.sun.proxy.$Proxy152.findAllByUploader_BatchTag(Unknown Source) ~[na:na] at app.coronawarn.interop.federationgateway.service.DiagnosisKeyEntityService.getAllDiagnosisKeyEntityByUploaderBatchTag(DiagnosisKeyEntityService.java:151) ~[classes/:na] at app.coronawarn.interop.federationgateway.service.DiagnosisKeyEntityService$$FastClassBySpringCGLIB$$ca5b1f8e.invoke(<generated>) ~[classes/:na] at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) ~[spring-core-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:687) ~[spring-aop-5.2.7.RELEASE.jar:5.2.7.RELEASE] at app.coronawarn.interop.federationgateway.service.DiagnosisKeyEntityService$$EnhancerBySpringCGLIB$$f27ad743.getAllDiagnosisKeyEntityByUploaderBatchTag(<generated>) ~[classes/:na] at app.coronawarn.interop.federationgateway.controller.AuditController.getAuditInformation(AuditController.java:86) ~[classes/:na] at app.coronawarn.interop.federationgateway.controller.AuditController$$FastClassBySpringCGLIB$$90d84562.invoke(<generated>) ~[classes/:na] at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) ~[spring-core-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:771) ~[spring-aop-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749) ~[spring-aop-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.validation.beanvalidation.MethodValidationInterceptor.invoke(MethodValidationInterceptor.java:119) ~[spring-context-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749) ~[spring-aop-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:691) ~[spring-aop-5.2.7.RELEASE.jar:5.2.7.RELEASE] at app.coronawarn.interop.federationgateway.controller.AuditController$$EnhancerBySpringCGLIB$$e56e3f23.getAuditInformation(<generated>) ~[classes/:na] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na] at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na] at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:190) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:105) ~[spring-webmvc-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:879) ~[spring-webmvc-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:793) ~[spring-webmvc-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) ~[spring-webmvc-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1040) ~[spring-webmvc-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:943) ~[spring-webmvc-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) ~[spring-webmvc-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898) ~[spring-webmvc-5.2.7.RELEASE.jar:5.2.7.RELEASE] at javax.servlet.http.HttpServlet.service(HttpServlet.java:634) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) ~[spring-webmvc-5.2.7.RELEASE.jar:5.2.7.RELEASE] at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) ~[tomcat-embed-websocket-9.0.36.jar:9.0.36] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at brave.servlet.TracingFilter.doFilter(TracingFilter.java:67) ~[brave-instrumentation-servlet-5.10.1.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at app.coronawarn.interop.federationgateway.filter.CertificateAuthentificationFilter.doFilterInternal(CertificateAuthentificationFilter.java:112) ~[classes/:na] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.springframework.cloud.sleuth.instrument.web.ExceptionLoggingFilter.doFilter(ExceptionLoggingFilter.java:50) ~[spring-cloud-sleuth-core-2.2.2.RELEASE.jar:2.2.2.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at brave.servlet.TracingFilter.doFilter(TracingFilter.java:84) ~[brave-instrumentation-servlet-5.10.1.jar:na] at org.springframework.cloud.sleuth.instrument.web.LazyTracingFilter.doFilter(TraceWebServletAutoConfiguration.java:138) ~[spring-cloud-sleuth-core-2.2.2.RELEASE.jar:2.2.2.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[na:na] at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[na:na] at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-9.0.36.jar:9.0.36] at java.base/java.lang.Thread.run(Thread.java:834) ~[na:na]

Current Implementation

Each log message contains the hostname of the worker node. Ops team also need the name of the environment (e.g. PROD, TEST, ...)

Suggested Enhancement

Add environments name to each log message

timestamp="2020...", host="hostabc", env="PROD"

At the moment we do not know the name of the environment variable, so this issue is on hold

Enhance the existing white list towards a trust list by signing each entries of it

Concept

• operator: operator of EFGS

• operator signature, signature created with the operators cryptographic private key

• enhance data structure to contain

certificate entity

• signature created by the operator for the entity (Sample: NB_{BS, NBTLS)}
• certificate information (whole certificate as PEM, as string), this certificate belongs to the country the entity is representing

audit entity

(NB_TLS) --> uploaderCertificate
(NB_TLS) signed --> uploaderOperatorSignature
Thumbprint (NB_TLS) --> uploaderThumbprint

Thumbprint (NB_BS) --> signingThumbprint
NB_BS --> signingCertificate
NB_BS signed --> siginingCertificateOperatorSignature

• add extra properties to audit entry

                          "uploaderCertificate":"-----BEGIN CERTIFICATE-------
                                                AJVNMDLSDKKSDJSDUWEIKFKFKF==
                                                ------END CERTIFICATE-------",
                          "uploaderOperatorSignature":"f815f55d-e204-4113-b824-58f25c234e9b",
                          "signingThumbprint":"348ec8f7f734934ccce1922828eeea",
                          "signingCertificate":"-----BEGIN CERTIFICATE-------
                                                MMMMDMDMMLLLLLLOEPFSJF2434J==
                                                ------END CERTIFICATE-------",
                          "siginingCertificateOperatorSignature":"e1c7f26f-f1ee-4f8a-aaa3-8111acbb5e7a",
                          "batchSignature":"HalloSteffen"

• whenever the certificate entity is read from the database its integrity must be validate by checking the validity of the operatorSignature

  • calculating the operatorSignature, string concat country + thumbprint + certificate information (dont forget seperator ("_")

• store operators public certificate (aka key) in the keystore

• verify upload, that the uploader certificate is used otherwise return forbidden (CertificateAuthentificationFilter)
  (?Steffen isn't it enough to verifiy fingerprint and DN?)

• verify batch signature, verify that the certificate entity for the signingCertificate has a valid operatorSignature (BatchSignatureVerifier)

The Options-Endpoints have the same behavior for Upload and Download, so we can sum up both into [OPTIONS] /diagnosiskeys.

• document details
• so smoke test

Describe the bug

When uploading keys with already existing hash a 500 http response will be thrown.

Expected behaviour

Normally a Map with status codes per key should be returned with status code 409

Steps to reproduce the issue

1. Upload a set of keys
2. Upload the same set of keys with a different batch tag
3. get the error

Possible Fix

I guess it has somthing to do with Error Handler wich was recently changed.

• find somebody which can verify our implementation with regards to the fairly unspecifc requirement

Execute PSA Process (english version!) by

• providing documents for SDKS
  -- system description
  -- role/right concept
• proving SoC Lists

Batch-Signature-Verification currently checks the integrity of the signing cert. This only works with self signed certificates because CA-signed certificates are signed by a public key which we do not have access to at validation time.

The check is currently done in BatchSignatureVerifier --> isCertValid --> lines 140 - 143

Removing of this check is not a security vulnerability because the cert will be checked at batch Signature verification and also we are checking the certs thumbprint against the whitelist.

Removing of this check allow the usage of CA-signed certificates for batch signing.

Implement Log Rotation for efgs.log
e.g. one logfile for each day with naming yyyy_mm_dd_efgs.log