Digital Iceland, stage two

[bsanchezb]

Dear all,

As part of the next stage, the following requests have been covered:

1. JSON logging has been added, appending the logs within a console (as opposite to the file appender, that was implemented before). This will produce the logs in the following format:

{
    "@timestamp":"2024-07-26T06:14:37.590056938Z",
    "message":"Online refresh is DONE.",
    "logger_name":"eu.europa.esig.dss.tsl.job.TLValidationJob",
    "thread_name":"pool-3-thread-1",
    "level":"INFO",
    "dd.trace_id":"7176170436610223501",
    "dd.service":"app",
    "dd.span_id":"6173274701114865502"
}

This should be sufficient to have a connection to the logs via DataDog. Please note, that I do not have a possibility to test DataDog locally, due to the latest being a pay-to-use tool. Therefore, please do a verification in a test environment and let me know if anything should be changed or adapted.

2. REST API to return an error response in a JSON format. According to the provided document, the REST API response body should be aligned with the Error Handling guideline. Therefore, instead of returning a plain text in case of an internal error, the response body has been changed to a JSON format, as below:

{
    "type": "http://localhost:8080/services/rest/validation/validateSignature",
    "title": "Document format not recognized/handled",
    "status": "500",
    "classInstance": "eu.europa.esig.dss.validation.SignedDocumentValidator"
}

where:

• "type" - a URL of the called REST API end-point;
• "title" - the text containing the main error message;
• "status" - the code of the occurred error;
• "detail" (optional) - the additional information message about the occurred error;
• "classInstance"* - the reference to the class produced the exception;
• "causeTitle" (optional) - the text containing error message of the cause exception;
• "causeClassInstance" (optional) - the reference to the class of the cause exception.

* Please note, that a header "classInstance" is used instead of "instance" header defined in the specification. According to the example, the instance header should contain a path to the concerned object, which is not supported by the current implementation. In order to avoid confusion, a new header "classInstance" is used.

3. Added a cache directory for offline TL refresh loading. In order to avoid errors during initialization of the container, please mount a volume containing cached instances of Trusted Lists to a directory "/app/dss-tsl-loader" of the container. In case the directory is not present, DSS will create the directory on its own during the online refresh and will place all downloaded documents inside (i.e. after the directory can be used as cache).

4. Added a custom LOG.ERROR alert in case of an issue on Icelandic Trusted List processing. Whether an issue occurred on download, parsing or validation of the XML Trusted List, a LOG.ERROR message will be produced, similarly to the one below:

{
    "@timestamp":"2024-07-26T09:23:45.1508168+02:00",
    "message":"An error occurred during Iceland Trusted List (IS TL) download : Unable to process GET call for url [https://www.fjarskiptastofa.is/library/skrar/tsl/tsl.xml]. Reason : [No such host is known (www.fjarskiptastofa.is)]",
    "logger_name":"eu.europa.esig.dss.web.config.DSSBeanConfig$IcelandFailureTLAlert",
    "thread_name":"pool-3-thread-1",
    "level":"ERROR"
}

Please feel free to test the changes and feel free to get back to me in case of any questions or concerns.

Best regards,
Aleksandr

[AndesKrrrrrrrrrrr]

Please update from main, it should fix your CI errors

[bsanchezb]

Hi,

I merged your branch, but still have an issue with credentials.

KR,
Aleksandr

[AndesKrrrrrrrrrrr]

@bsanchezb, the credentials issue is probably due to this PR coming from your fork (repository). You'll have to set up your own AWS credentials to test the workflow, or create the branch in our repository