ramon.ramirez/dom-service-order-payment-search
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor security trace

Browse Source
This commit is contained in:
Ramon Ramirez 2026-01-19 14:42:28 -04:00
parent 221720ecc6
commit 5c91ee50b6
11 changed files with 279 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
scripts/native/file/dom-service-order-payment-search-1.0-native-quarkus-jdk17-runner
View File

Binary file not shown.

27
src/main/java/com/banesco/common/application/helper/MessageHelper.java
View File

@ -40,6 +40,14 @@ public class MessageHelper {
this.errorMappings = initializeErrorMappings();
}
public Response handleSuccess(Object data, String statusCode) {
log.info(
"Respuesta exitosa controlada: {}",
statusCode
);
return buildResponse(data, statusCode);
}
public Response handleException(HttpStatusCodeException exception) {
log.error(
"Error interno controlado: {} -> {}",
@ -110,6 +118,25 @@ public class MessageHelper {
.build();
}
private Response buildResponse(Object data, String statusCode) {
ErrorMapping mapping = errorMappings.getOrDefault(
statusCode, errorMappings.getOrDefault(
statusCode, createDefaultMapping()
)
);
StatusResponse status = createError(mapping, null);
log.error(
"[Success] Message {} -> {}",
statusCode,
status.getMessage()
);
return Response.status(mapping.getHttpCode())
.entity(new ApiResponse<>(data, status))
.build();
}
private Map<String, ErrorMapping> initializeErrorMappings() {
try {
String json;

63
src/main/java/com/banesco/common/application/helper/SerializationHelper.java
View File

@ -3,12 +3,14 @@ package com.banesco.common.application.helper;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.netty.util.internal.StringUtil;
import io.quarkus.runtime.annotations.RegisterForReflection;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.codec.digest.DigestUtils;
import java.nio.charset.StandardCharsets;
import java.util.*;
@Slf4j
@ -36,6 +38,14 @@ public class SerializationHelper {
}
}
public String encodeStringToBase64(String text) {
if (StringUtil.isNullOrEmpty(text)) {
return null;
}
return Base64.getEncoder().encodeToString(text.getBytes(StandardCharsets.UTF_8));
}
public <T> T decodeBase64(String base64String, Class<T> clazz) {
try {
byte[] decodedBytes = Base64.getDecoder().decode(base64String);
@ -93,4 +103,57 @@ public class SerializationHelper {
return new HashMap<>();
}
}
public <T> Map<String, Object> toTreeMap(T element) {
return toTreeMap(element, null);
}
public <T> Map<String, Object> toTreeMap(
T element,
List<String> excludedFields
) {
if (element == null) {
return new TreeMap<>();
}
try {
Map<String, Object> tempMap = objectMapper.convertValue(
element, new TypeReference<>() {}
);
Map<String, Object> treeMap = new TreeMap<>(tempMap);
if (excludedFields != null && !excludedFields.isEmpty()) {
Set<String> excludedSet = new HashSet<>(excludedFields);
excludedSet.forEach(treeMap::remove);
}
return treeMap;
} catch (Exception e) {
log.error("Error al convertir objeto a TreeMap: {}", e.getMessage());
return new TreeMap<>();
}
}
public String generateSignature(
Object operation,
String channelOrigin
) {
Map<String, Object> operationSortedMap = toTreeMap(operation);
StringBuilder concatenatedValues = new StringBuilder();
String channelBase64 = encodeStringToBase64(channelOrigin);
for (Object value : operationSortedMap.values()) {
if(!Objects.isNull(value)) {
concatenatedValues.append(value);
}
}
String finalString = concatenatedValues + channelBase64;
log.info("1. Operation concatenando valores: {}", concatenatedValues);
log.info("2. Channel Origin codificado: {}", channelBase64);
return encodeSha256(finalString);
}
}

17
src/main/java/com/banesco/common/domain/model/Device.java Normal file
View File

@ -0,0 +1,17 @@
package com.banesco.common.domain.model;
import io.quarkus.runtime.annotations.RegisterForReflection;
import lombok.*;
@Getter
@ToString
@Builder
@NoArgsConstructor
@AllArgsConstructor
@RegisterForReflection
public class Device {
private String deviceType;
private String deviceDescription;
private String deviceIp;
private String deviceSessionReference;
}

4
src/main/java/com/banesco/common/infrastructure/context/RequestContext.java
View File

@ -6,7 +6,9 @@ public class RequestContext {
private RequestContext() {}
private static final String REQUEST_ID = "requestId";
public static final String REQUEST_ID = "requestId";
public static final String DEVICE = "device";
public static final String DEVICE_SESSION_REFERENCE = "deviceSessionReference";
public static String getRequestId() {
return MDC.get(REQUEST_ID);

83
src/main/java/com/banesco/common/infrastructure/filter/RequestIdFilter.java
View File

@ -6,15 +6,88 @@ import jakarta.ws.rs.container.ContainerRequestFilter;
import jakarta.ws.rs.container.ContainerResponseContext;
import jakarta.ws.rs.container.ContainerResponseFilter;
import jakarta.ws.rs.ext.Provider;
import lombok.extern.slf4j.Slf4j;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.nio.charset.StandardCharsets;
import java.util.UUID;
@Slf4j
@Provider
public class RequestIdFilter implements ContainerRequestFilter, ContainerResponseFilter {
@Override
public void filter(ContainerRequestContext requestContext) {
RequestContext.setRequestId(UUID.randomUUID().toString().substring(0, 13));
String requestId = requestContext.getHeaderString(RequestContext.DEVICE_SESSION_REFERENCE);
if (isEmpty(requestId)) {
requestId = requestContext.getUriInfo()
.getQueryParameters()
.getFirst(RequestContext.DEVICE_SESSION_REFERENCE);
}
if (isEmpty(requestId) && hasJsonBody(requestContext)) {
requestId = extractRequestIdFromBody(requestContext);
}
if (isEmpty(requestId)) {
requestId = UUID.randomUUID().toString().substring(0, 13);
}
RequestContext.setRequestId(requestId);
}
private boolean isEmpty(String value) {
return value == null || value.trim().isEmpty();
}
private boolean hasJsonBody(ContainerRequestContext context) {
try {
String method = context.getMethod();
String contentType = context.getHeaderString("Content-Type");
return ("POST".equals(method) || "PUT".equals(method))
&& contentType != null
&& contentType.contains("application/json");
} catch (Exception e) {
log.warn("La peticion no es un POST o PUT: {}", e.getMessage());
return false;
}
}
private String extractRequestIdFromBody(ContainerRequestContext context) {
try {
ByteArrayOutputStream buffer = new ByteArrayOutputStream();
context.getEntityStream().transferTo(buffer);
byte[] bodyBytes = buffer.toByteArray();
context.setEntityStream(new ByteArrayInputStream(bodyBytes));
String bodyString = new String(bodyBytes, StandardCharsets.UTF_8);
io.vertx.core.json.JsonObject jsonObject = new io.vertx.core.json.JsonObject(bodyString);
if (jsonObject.containsKey(RequestContext.DEVICE)) {
io.vertx.core.json.JsonObject device = jsonObject.getJsonObject(RequestContext.DEVICE);
if (device.containsKey(RequestContext.DEVICE_SESSION_REFERENCE)) {
return device.getString(RequestContext.DEVICE_SESSION_REFERENCE);
}
}
if (jsonObject.containsKey(RequestContext.REQUEST_ID)) {
return jsonObject.getString(RequestContext.REQUEST_ID);
}
if (jsonObject.containsKey(RequestContext.DEVICE_SESSION_REFERENCE)) {
return jsonObject.getString(RequestContext.DEVICE_SESSION_REFERENCE);
}
return null;
} catch (Exception e) {
log.error("Error extrayendo el requestId del cuerpo de la peticion: {}", e.getMessage());
return null;
}
}
@Override
@ -22,6 +95,10 @@ public class RequestIdFilter implements ContainerRequestFilter, ContainerRespons
ContainerRequestContext requestContext,
ContainerResponseContext responseContext
) {
RequestContext.clear();
try {
RequestContext.clear();
} catch (Exception e) {
log.error("Error limpiando el filtro: {}", e.getMessage());
}
}
}
}

15
src/main/java/com/banesco/module/payment_order/infrastructure/client/PaymentOrderClient.java
View File

@ -110,20 +110,21 @@ public class PaymentOrderClient implements PaymentOrderUseCase {
private String getSignatureIdentifier(PaymentOrderRequest params) {
Map<String, Object> paymentOrderRequest = serializationHelper.toMap(params);
String signature = serializationHelper.encodeSha256(
serializationHelper.toJsonString(paymentOrderRequest.get("operation")) +
serializationHelper.encodeBase64(params.getChannelId())
);
Map<String, Object> operation = serializationHelper.toMap(params.getOperation());
String signature = serializationHelper.generateSignature(
params.getOperation(), params.getChannelId()
) + "asgasg";
paymentOrderRequest.put("signature", signature);
paymentOrderRequest.put("operation", operation);
paymentOrderRequest.remove("fintechId");
String signatureIdentifier = serializationHelper.encodeBase64(paymentOrderRequest);
log.info("1. Firma generada: {}", signature);
log.info("2. Parametros de la solicitud: {}", paymentOrderRequest);
log.info("3. Solicitud codificada: {}", signatureIdentifier);
log.info("3. Firma generada: {}", signature);
log.info("4. Parametros de la solicitud: {}", paymentOrderRequest);
log.info("5. Solicitud final: {} -> {}", paymentOrderRequest, signatureIdentifier);
return signatureIdentifier;
}

18
src/main/java/com/banesco/module/service_order_payment_search/application/service/ServiceOrderPaymentSearchService.java
View File

@ -9,6 +9,7 @@ import com.banesco.module.service_order_payment_search.domain.dto.request.Servic
import com.banesco.module.service_order_payment_search.domain.dto.response.ServiceOrderPaymentSearchResponse;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import jakarta.ws.rs.core.Response;
import lombok.extern.slf4j.Slf4j;
@Slf4j
@ -28,13 +29,20 @@ public class ServiceOrderPaymentSearchService implements ServiceOrderPaymentSear
}
@Override
public ApiResponse<ServiceOrderPaymentSearchResponse> execute(
public Response execute(
ServiceOrderPaymentSearchRequest request
) {
log.info("Iniciando ejecucion para el id: {}", request.getPartyId());
Response response;
try {
return apiPrivate(request);
ApiResponse<ServiceOrderPaymentSearchResponse> apiResponse = apiPrivate(request);
response = messageHelper.handleSuccess(
apiResponse.getData(),
apiResponse.getStatusResponse().getStatusCode()
);
} catch (ApiPrivateException e) {
log.warn(
"Excepcion de la api privada: {} -> {}",
@ -44,11 +52,13 @@ public class ServiceOrderPaymentSearchService implements ServiceOrderPaymentSear
throw HttpStatusCodeException.badRequest("400");
} catch (HttpStatusCodeException e) {
log.error("Excepcion HTTP del api privada: {} - {}", e.getStatusCode(), e.getErrorCode());
throw e;
response = messageHelper.handleException(e);
} catch (Exception e) {
log.error("Excepcion generica del api privada: {}", e.getMessage());
throw e;
response = messageHelper.handleGenericException(e);
}
return response;
}
private ApiResponse<ServiceOrderPaymentSearchResponse> apiPrivate(

5
src/main/java/com/banesco/module/service_order_payment_search/application/usecase/ServiceOrderPaymentSearchUseCase.java
View File

@ -1,11 +1,10 @@
package com.banesco.module.service_order_payment_search.application.usecase;
import com.banesco.common.domain.model.ApiResponse;
import com.banesco.module.service_order_payment_search.domain.dto.request.ServiceOrderPaymentSearchRequest;
import com.banesco.module.service_order_payment_search.domain.dto.response.ServiceOrderPaymentSearchResponse;
import jakarta.ws.rs.core.Response;
public interface ServiceOrderPaymentSearchUseCase {
ApiResponse<ServiceOrderPaymentSearchResponse> execute(
Response execute(
ServiceOrderPaymentSearchRequest request
);
}

30
src/main/java/com/banesco/module/service_order_payment_search/domain/dto/request/ServiceOrderPaymentSearchRequest.java
View File

@ -1,7 +1,10 @@
package com.banesco.module.service_order_payment_search.domain.dto.request;
import com.banesco.common.domain.model.Device;
import com.banesco.common.infrastructure.context.RequestContext;
import com.banesco.module.instruction.domain.model.Instruction;
import com.banesco.module.instruction.domain.model.InstructionPurposeType;
import com.fasterxml.jackson.annotation.JsonIgnore;
import io.quarkus.runtime.annotations.RegisterForReflection;
import lombok.*;
@ -18,12 +21,17 @@ import static java.util.Map.entry;
@RegisterForReflection
public class ServiceOrderPaymentSearchRequest {
@NonNull
@JsonIgnore
private String customerReferenceFintechId;
@NonNull
@JsonIgnore
private String appId;
@NonNull
private Instruction procedureRequest;
@NonNull
private Device device;
@JsonIgnore
public String getPartyId() {
return getProcedureRequest()
.getInstructionInvolvement()
@ -34,6 +42,7 @@ public class ServiceOrderPaymentSearchRequest {
.getIdentifierValue();
}
@JsonIgnore
public String getInitiatedDate() {
return getProcedureRequest()
.getInstructionDate()
@ -41,6 +50,7 @@ public class ServiceOrderPaymentSearchRequest {
.getDate();
}
@JsonIgnore
public String getInstructionRequestId() {
return getProcedureRequest()
.getInstructionIdentifier()
@ -48,14 +58,20 @@ public class ServiceOrderPaymentSearchRequest {
.getIdentifierValue();
}
@JsonIgnore
public String getChannelCode() {
return getProcedureRequest().getInstructionPurposeType().name();
return getProcedureRequest()
.getInstructionPurposeType()
.name();
}
@JsonIgnore
public boolean isBole() {
return getProcedureRequest().getInstructionPurposeType() == InstructionPurposeType.BOLE;
return getProcedureRequest()
.getInstructionPurposeType() == InstructionPurposeType.BOLE;
}
@JsonIgnore
public Map<String, String> toParams() {
return Map.ofEntries(
entry("partyReferenceId", Objects.toString(getPartyId(), "")),
@ -63,12 +79,20 @@ public class ServiceOrderPaymentSearchRequest {
);
}
@JsonIgnore
public Map<String, String> toQueryString() {
return Map.ofEntries(
entry("appId", Objects.toString(getAppId(), "")),
entry("customerReferenceFintechId", Objects.toString(getCustomerReferenceFintechId(), "")),
entry("initiatedDate", Objects.toString(getInitiatedDate(), "")),
entry("instructionRequestId", Objects.toString(getInstructionRequestId(), ""))
entry("instructionRequestId", Objects.toString(getInstructionRequestId(), "")),
entry("deviceType", Objects.toString(getDevice().getDeviceType(), "")),
entry("deviceDescription", Objects.toString(getDevice().getDeviceDescription(), "")),
entry("deviceIp", Objects.toString(getDevice().getDeviceIp(), "")),
entry("deviceSessionReference", Objects.toString(
getDevice().getDeviceSessionReference(),
RequestContext.getRequestId()
))
);
}
}

62
src/main/java/com/banesco/module/service_order_payment_search/infrastructure/resource/ServiceOrderPaymentSearchResource.java
View File

@ -1,8 +1,7 @@
package com.banesco.module.service_order_payment_search.infrastructure.resource;
import com.banesco.common.application.helper.MessageHelper;
import com.banesco.common.domain.exception.HttpStatusCodeException;
import com.banesco.common.domain.model.ApiResponse;
import com.banesco.common.domain.model.Device;
import com.banesco.common.domain.model.StatusResponse;
import com.banesco.module.instruction.domain.model.Instruction;
import com.banesco.module.service_order_payment_search.application.usecase.ServiceOrderPaymentSearchUseCase;
@ -31,14 +30,11 @@ import java.util.Objects;
public class ServiceOrderPaymentSearchResource {
private final ServiceOrderPaymentSearchUseCase useCase;
private final MessageHelper messageHelper;
@Inject
public ServiceOrderPaymentSearchResource(
MessageHelper messageHelper,
ServiceOrderPaymentSearchUseCase useCase
) {
this.messageHelper = messageHelper;
this.useCase = useCase;
}
@ -447,27 +443,45 @@ public class ServiceOrderPaymentSearchResource {
@QueryParam("instructionRequestId")
@Parameter(description = "ID de la peticion de pago", example = "1")
String instructionRequestId
String instructionRequestId,
@QueryParam("deviceType")
@Parameter(description = "Tipo de dispositivo", example = "Mobile")
String deviceType,
@QueryParam("deviceDescription")
@Parameter(description = "Descripcion del dispositivo", example = "Xiaomi Note 11 PRO")
String deviceDescription,
@QueryParam("deviceIp")
@Parameter(description = "Direccion IP del dispositivo", example = "127.0.0.1")
String deviceIp,
@QueryParam("deviceSessionReference")
@Parameter(description = "Referencia de la peticion del dispositivo", example = "12345678901304")
String deviceSessionReference
) {
log.info("Iniciando consulta para instruccion de archivo id: {}", partyReferenceId);
try {
return Response.ok(useCase.execute(
ServiceOrderPaymentSearchRequest.builder()
.customerReferenceFintechId(Objects.toString(customerReferenceFintechId, ""))
.appId(Objects.toString(appId, ""))
.procedureRequest(Instruction.fromResource(
partyReferenceId,
initiatedDate,
instructionRequestId,
channelCode
))
.build()
)).build();
} catch (HttpStatusCodeException e) {
return messageHelper.handleException(e);
} catch (Exception e) {
return messageHelper.handleGenericException(e);
}
return useCase.execute(
ServiceOrderPaymentSearchRequest.builder()
.customerReferenceFintechId(Objects.toString(customerReferenceFintechId, ""))
.appId(Objects.toString(appId, ""))
.procedureRequest(Instruction.fromResource(
partyReferenceId,
initiatedDate,
instructionRequestId,
channelCode
))
.device(
Device.builder()
.deviceType(deviceType)
.deviceDescription(deviceDescription)
.deviceIp(deviceIp)
.deviceSessionReference(deviceSessionReference)
.build()
)
.build()
);
}
}