From f528f0d55a2e2c33f4b50bde797eaff42eb6dc66 Mon Sep 17 00:00:00 2001
From: garyschulte <garyschulte@gmail.com>
Date: Sun, 9 Apr 2023 09:17:41 -0700
Subject: [PATCH] rebase cred trunc behavior (#5308)

* rebase cred trunc behavior
* add jackson verification metadata for older versions required by tasks

Signed-off-by: garyschulte <garyschulte@gmail.com>
---
 .../api/jsonrpc/EngineJsonRpcService.java     |  6 +++-
 .../authentication/AuthenticationUtils.java   | 13 +++++++++
 .../jsonrpc/websocket/WebSocketService.java   |  6 +++-
 .../AuthenticationUtilsTest.java              | 21 ++++++++++++++
 gradle/verification-metadata.xml              | 28 +++++++++++++++++++
 5 files changed, 72 insertions(+), 2 deletions(-)

diff --git a/ethereum/api/src/main/java/org/hyperledger/besu/ethereum/api/jsonrpc/EngineJsonRpcService.java b/ethereum/api/src/main/java/org/hyperledger/besu/ethereum/api/jsonrpc/EngineJsonRpcService.java
index 26710ff53ee..42cd1d7c80a 100644
--- a/ethereum/api/src/main/java/org/hyperledger/besu/ethereum/api/jsonrpc/EngineJsonRpcService.java
+++ b/ethereum/api/src/main/java/org/hyperledger/besu/ethereum/api/jsonrpc/EngineJsonRpcService.java
@@ -17,6 +17,7 @@
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.collect.Streams.stream;
 import static org.apache.tuweni.net.tls.VertxTrustOptions.allowlistClients;
+import static org.hyperledger.besu.ethereum.api.jsonrpc.authentication.AuthenticationUtils.truncToken;
 
 import org.hyperledger.besu.ethereum.api.handlers.HandlerFactory;
 import org.hyperledger.besu.ethereum.api.handlers.TimeoutOptions;
@@ -327,7 +328,10 @@ private Handler<ServerWebSocket> webSocketHandler() {
           AuthenticationUtils.getJwtTokenFromAuthorizationHeaderValue(
               websocket.headers().get("Authorization"));
       if (token != null) {
-        LOG.trace("Websocket authentication token {}", token);
+        LOG.atTrace()
+            .setMessage("JWT authentication token {}")
+            .addArgument(() -> truncToken(token))
+            .log();
       }
 
       if (!hostIsInAllowlist(
diff --git a/ethereum/api/src/main/java/org/hyperledger/besu/ethereum/api/jsonrpc/authentication/AuthenticationUtils.java b/ethereum/api/src/main/java/org/hyperledger/besu/ethereum/api/jsonrpc/authentication/AuthenticationUtils.java
index bd63177a833..9a14b6bf2f1 100644
--- a/ethereum/api/src/main/java/org/hyperledger/besu/ethereum/api/jsonrpc/authentication/AuthenticationUtils.java
+++ b/ethereum/api/src/main/java/org/hyperledger/besu/ethereum/api/jsonrpc/authentication/AuthenticationUtils.java
@@ -14,6 +14,8 @@
  */
 package org.hyperledger.besu.ethereum.api.jsonrpc.authentication;
 
+import java.util.Optional;
+
 public class AuthenticationUtils {
 
   public static String getJwtTokenFromAuthorizationHeaderValue(final String value) {
@@ -25,4 +27,15 @@ public static String getJwtTokenFromAuthorizationHeaderValue(final String value)
     }
     return null;
   }
+
+  public static String truncToken(final String jwtToken) {
+    return Optional.ofNullable(jwtToken)
+        .map(
+            token ->
+                token
+                    .substring(0, 8)
+                    .concat("...")
+                    .concat(token.substring(token.length() - 8, token.length())))
+        .orElse("Invalid JWT");
+  }
 }
diff --git a/ethereum/api/src/main/java/org/hyperledger/besu/ethereum/api/jsonrpc/websocket/WebSocketService.java b/ethereum/api/src/main/java/org/hyperledger/besu/ethereum/api/jsonrpc/websocket/WebSocketService.java
index 4b4e0db92b3..007cc3b4cba 100644
--- a/ethereum/api/src/main/java/org/hyperledger/besu/ethereum/api/jsonrpc/websocket/WebSocketService.java
+++ b/ethereum/api/src/main/java/org/hyperledger/besu/ethereum/api/jsonrpc/websocket/WebSocketService.java
@@ -15,6 +15,7 @@
 package org.hyperledger.besu.ethereum.api.jsonrpc.websocket;
 
 import static com.google.common.collect.Streams.stream;
+import static org.hyperledger.besu.ethereum.api.jsonrpc.authentication.AuthenticationUtils.truncToken;
 
 import org.hyperledger.besu.ethereum.api.jsonrpc.authentication.AuthenticationService;
 import org.hyperledger.besu.ethereum.api.jsonrpc.authentication.AuthenticationUtils;
@@ -129,7 +130,10 @@ private Handler<ServerWebSocket> websocketHandler() {
       final String connectionId = websocket.textHandlerID();
       final String token = getAuthToken(websocket);
       if (token != null) {
-        LOG.trace("Websocket authentication token {}", token);
+        LOG.atTrace()
+            .setMessage("Websocket authentication token {}")
+            .addArgument(() -> truncToken(token))
+            .log();
       }
 
       if (!hasAllowedHostnameHeader(Optional.ofNullable(websocket.headers().get("Host")))) {
diff --git a/ethereum/api/src/test/java/org/hyperledger/besu/ethereum/api/jsonrpc/authentication/AuthenticationUtilsTest.java b/ethereum/api/src/test/java/org/hyperledger/besu/ethereum/api/jsonrpc/authentication/AuthenticationUtilsTest.java
index 74b387f8782..9c611136017 100644
--- a/ethereum/api/src/test/java/org/hyperledger/besu/ethereum/api/jsonrpc/authentication/AuthenticationUtilsTest.java
+++ b/ethereum/api/src/test/java/org/hyperledger/besu/ethereum/api/jsonrpc/authentication/AuthenticationUtilsTest.java
@@ -20,6 +20,27 @@
 
 public class AuthenticationUtilsTest {
 
+  @Test
+  public void obfuscateTokenShouldReturnExpected() {
+    String header = "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9";
+    String token = AuthenticationUtils.getJwtTokenFromAuthorizationHeaderValue(header);
+    assertThat(AuthenticationUtils.truncToken(token)).isNotEqualTo(token);
+    assertThat(AuthenticationUtils.truncToken(token)).isEqualTo("eyJ0eXAi...UzI1NiJ9");
+  }
+
+  @Test
+  public void obfuscateNullTokenShouldReturnInvalid() {
+    String token = AuthenticationUtils.getJwtTokenFromAuthorizationHeaderValue(null);
+    assertThat(AuthenticationUtils.truncToken(token)).isEqualTo("Invalid JWT");
+  }
+
+  @Test
+  public void obfuscateEmptyTokenShouldReturnInvalid() {
+    String header = "";
+    String token = AuthenticationUtils.getJwtTokenFromAuthorizationHeaderValue(header);
+    assertThat(AuthenticationUtils.truncToken(token)).isEqualTo("Invalid JWT");
+  }
+
   @Test
   public void getJwtTokenFromNullStringShouldReturnNull() {
     final String headerValue = null;
diff --git a/gradle/verification-metadata.xml b/gradle/verification-metadata.xml
index bd7c5075ea5..4aeb5826cbb 100644
--- a/gradle/verification-metadata.xml
+++ b/gradle/verification-metadata.xml
@@ -109,6 +109,26 @@
             <sha256 value="a4306f903647322bbba0054937b89a0c6424756a7fa029c85f2cbd756fde80ca" origin="Generated by Gradle"/>
          </artifact>
       </component>
+      <component group="com.fasterxml.jackson" name="jackson-base" version="2.12.6">
+         <artifact name="jackson-base-2.12.6.pom">
+            <sha256 value="71999f597522e5f50eb41474ee2cbe2b9991651922ee8a090e00b8742de8c9a6" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.fasterxml.jackson" name="jackson-base" version="2.13.1">
+         <artifact name="jackson-base-2.13.1.pom">
+            <sha256 value="1ef88d9f41d0cb8ea074fb2171939eb94db2ebe17f055bdd147f8ae051bb9c95" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.fasterxml.jackson" name="jackson-base" version="2.13.2">
+         <artifact name="jackson-base-2.13.2.pom">
+            <sha256 value="32cfe9eb0c630db42822e567d9a36463edae3a6a4950b95d33b0ed31a68f19a6" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="com.fasterxml.jackson" name="jackson-base" version="2.13.3">
+         <artifact name="jackson-base-2.13.3.pom">
+            <sha256 value="72d67291876c63e1896bc7d8ff799033d3a4b9029020110488af9c97315ed939" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
       <component group="com.fasterxml.jackson" name="jackson-base" version="2.14.0">
          <artifact name="jackson-base-2.14.0.pom">
             <sha256 value="b59af26e8868d4038e511614bd76bbb7403635739519602f10e7da0931582b0f" origin="Generated by Gradle"/>
@@ -129,6 +149,11 @@
             <sha256 value="1361078ed8ae83eaa7e860d164389249ff3742ccdfef25ca33248dfd62e55342" origin="Generated by Gradle"/>
          </artifact>
       </component>
+      <component group="com.fasterxml.jackson" name="jackson-bom" version="2.13.1">
+         <artifact name="jackson-bom-2.13.1.pom">
+            <sha256 value="5a539c2596d5b7fcf0aba0a08214ce0fa6937b3ed1534fc1a70a9487a394bcb5" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
       <component group="com.fasterxml.jackson" name="jackson-bom" version="2.13.2">
          <artifact name="jackson-bom-2.13.2.pom">
             <sha256 value="05e57b016bdc58d739b2536e23816800936947d5155c2d03fa8e43dfed63b6be" origin="Generated by Gradle"/>
@@ -4586,6 +4611,9 @@
          </artifact>
       </component>
       <component group="org.junit" name="junit-bom" version="5.9.0">
+         <artifact name="junit-bom-5.9.0.module">
+            <sha256 value="a054eaf5016b58bbcde86660444a7c0dd3e2caf84d2a1ad5fc4cb525979c19b9" origin="Generated by Gradle"/>
+         </artifact>
          <artifact name="junit-bom-5.9.0.pom">
             <sha256 value="d83e87f1676cde44191eec5cda690492392f26923b1e498148ca739dfed75295" origin="Generated by Gradle"/>
          </artifact>