Refactor security trace

2026-01-19 14:42:28 -04:00 · 2026-01-19 14:42:28 -04:00 · 5c91ee50b6
commit 5c91ee50b6
parent 221720ecc6
11 changed files with 279 additions and 45 deletions
--- a/scripts/native/file/dom-service-order-payment-search-1.0-native-quarkus-jdk17-runner
+++ b/scripts/native/file/dom-service-order-payment-search-1.0-native-quarkus-jdk17-runner
--- a/src/main/java/com/banesco/common/application/helper/MessageHelper.java
+++ b/src/main/java/com/banesco/common/application/helper/MessageHelper.java
@ -40,6 +40,14 @@ public class MessageHelper {
        this.errorMappings = initializeErrorMappings();
    }
    public Response handleSuccess(Object data, String statusCode) {
        log.info(
            "Respuesta exitosa controlada: {}",
            statusCode
        );
        return buildResponse(data, statusCode);
    }
    public Response handleException(HttpStatusCodeException exception) {
        log.error(
            "Error interno controlado: {} -> {}",
@ -110,6 +118,25 @@ public class MessageHelper {
            .build();
    }
    private Response buildResponse(Object data, String statusCode) {
        ErrorMapping mapping = errorMappings.getOrDefault(
            statusCode, errorMappings.getOrDefault(
                statusCode, createDefaultMapping()
            )
        );
        StatusResponse status = createError(mapping, null);
        log.error(
            "[Success] Message {} -> {}",
            statusCode,
            status.getMessage()
        );
        return Response.status(mapping.getHttpCode())
            .entity(new ApiResponse<>(data, status))
            .build();
    }
    private Map<String, ErrorMapping> initializeErrorMappings() {
        try {
            String json;
--- a/src/main/java/com/banesco/common/application/helper/SerializationHelper.java
+++ b/src/main/java/com/banesco/common/application/helper/SerializationHelper.java
@ -3,12 +3,14 @@ package com.banesco.common.application.helper;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import io.netty.util.internal.StringUtil;
 import io.quarkus.runtime.annotations.RegisterForReflection;
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.inject.Inject;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.codec.digest.DigestUtils;
 import java.nio.charset.StandardCharsets;
 import java.util.*;
@Slf4j
@ -36,6 +38,14 @@ public class SerializationHelper {
        }
    }
    public String encodeStringToBase64(String text) {
        if (StringUtil.isNullOrEmpty(text)) {
            return null;
        }
        return Base64.getEncoder().encodeToString(text.getBytes(StandardCharsets.UTF_8));
    }
    public <T> T decodeBase64(String base64String, Class<T> clazz) {
        try {
            byte[] decodedBytes = Base64.getDecoder().decode(base64String);
@ -93,4 +103,57 @@ public class SerializationHelper {
            return new HashMap<>();
        }
    }
    public <T> Map<String, Object> toTreeMap(T element) {
        return toTreeMap(element, null);
    }
    public <T> Map<String, Object> toTreeMap(
        T element,
        List<String> excludedFields
    ) {
        if (element == null) {
            return new TreeMap<>();
        }
        try {
            Map<String, Object> tempMap = objectMapper.convertValue(
                element, new TypeReference<>() {}
            );
            Map<String, Object> treeMap = new TreeMap<>(tempMap);
            if (excludedFields != null && !excludedFields.isEmpty()) {
                Set<String> excludedSet = new HashSet<>(excludedFields);
                excludedSet.forEach(treeMap::remove);
            }
            return treeMap;
        } catch (Exception e) {
            log.error("Error al convertir objeto a TreeMap: {}", e.getMessage());
            return new TreeMap<>();
        }
    }
    public String generateSignature(
        Object operation,
        String channelOrigin
    ) {
        Map<String, Object> operationSortedMap = toTreeMap(operation);
        StringBuilder concatenatedValues = new StringBuilder();
        String channelBase64 = encodeStringToBase64(channelOrigin);
        for (Object value : operationSortedMap.values()) {
            if(!Objects.isNull(value)) {
                concatenatedValues.append(value);
            }
        }
        String finalString = concatenatedValues + channelBase64;
        log.info("1. Operation concatenando valores: {}", concatenatedValues);
        log.info("2. Channel Origin codificado: {}", channelBase64);
        return encodeSha256(finalString);
    }
 }
--- a/src/main/java/com/banesco/common/domain/model/Device.java
+++ b/src/main/java/com/banesco/common/domain/model/Device.java
@ -0,0 +1,17 @@
 package com.banesco.common.domain.model;
 import io.quarkus.runtime.annotations.RegisterForReflection;
 import lombok.*;
@Getter
@ToString
@Builder
@NoArgsConstructor
@AllArgsConstructor
@RegisterForReflection
 public class Device {
    private String deviceType;
    private String deviceDescription;
    private String deviceIp;
    private String deviceSessionReference;
 }
--- a/src/main/java/com/banesco/common/infrastructure/context/RequestContext.java
+++ b/src/main/java/com/banesco/common/infrastructure/context/RequestContext.java
@ -6,7 +6,9 @@ public class RequestContext {
    private RequestContext() {}
-    private static final String REQUEST_ID = "requestId";
+    public static final String REQUEST_ID = "requestId";
    public static final String DEVICE = "device";
    public static final String DEVICE_SESSION_REFERENCE = "deviceSessionReference";
    public static String getRequestId() {
        return MDC.get(REQUEST_ID);
--- a/src/main/java/com/banesco/common/infrastructure/filter/RequestIdFilter.java
+++ b/src/main/java/com/banesco/common/infrastructure/filter/RequestIdFilter.java
@ -6,15 +6,88 @@ import jakarta.ws.rs.container.ContainerRequestFilter;
 import jakarta.ws.rs.container.ContainerResponseContext;
 import jakarta.ws.rs.container.ContainerResponseFilter;
 import jakarta.ws.rs.ext.Provider;
 import lombok.extern.slf4j.Slf4j;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.nio.charset.StandardCharsets;
 import java.util.UUID;
@Slf4j
@Provider
 public class RequestIdFilter implements ContainerRequestFilter, ContainerResponseFilter {
    @Override
    public void filter(ContainerRequestContext requestContext) {
-        RequestContext.setRequestId(UUID.randomUUID().toString().substring(0, 13));
+        String requestId = requestContext.getHeaderString(RequestContext.DEVICE_SESSION_REFERENCE);
        if (isEmpty(requestId)) {
            requestId = requestContext.getUriInfo()
                .getQueryParameters()
                .getFirst(RequestContext.DEVICE_SESSION_REFERENCE);
        }
        if (isEmpty(requestId) && hasJsonBody(requestContext)) {
            requestId = extractRequestIdFromBody(requestContext);
        }
        if (isEmpty(requestId)) {
            requestId = UUID.randomUUID().toString().substring(0, 13);
        }
        RequestContext.setRequestId(requestId);
    }
    private boolean isEmpty(String value) {
        return value == null || value.trim().isEmpty();
    }
    private boolean hasJsonBody(ContainerRequestContext context) {
        try {
            String method = context.getMethod();
            String contentType = context.getHeaderString("Content-Type");
            return ("POST".equals(method) || "PUT".equals(method))
                && contentType != null
                && contentType.contains("application/json");
        } catch (Exception e) {
            log.warn("La peticion no es un POST o PUT: {}", e.getMessage());
            return false;
        }
    }
    private String extractRequestIdFromBody(ContainerRequestContext context) {
        try {
            ByteArrayOutputStream buffer = new ByteArrayOutputStream();
            context.getEntityStream().transferTo(buffer);
            byte[] bodyBytes = buffer.toByteArray();
            context.setEntityStream(new ByteArrayInputStream(bodyBytes));
            String bodyString = new String(bodyBytes, StandardCharsets.UTF_8);
            io.vertx.core.json.JsonObject jsonObject = new io.vertx.core.json.JsonObject(bodyString);
            if (jsonObject.containsKey(RequestContext.DEVICE)) {
                io.vertx.core.json.JsonObject device = jsonObject.getJsonObject(RequestContext.DEVICE);
                if (device.containsKey(RequestContext.DEVICE_SESSION_REFERENCE)) {
                    return device.getString(RequestContext.DEVICE_SESSION_REFERENCE);
                }
            }
            if (jsonObject.containsKey(RequestContext.REQUEST_ID)) {
                return jsonObject.getString(RequestContext.REQUEST_ID);
            }
            if (jsonObject.containsKey(RequestContext.DEVICE_SESSION_REFERENCE)) {
                return jsonObject.getString(RequestContext.DEVICE_SESSION_REFERENCE);
            }
            return null;
        } catch (Exception e) {
            log.error("Error extrayendo el requestId del cuerpo de la peticion: {}", e.getMessage());
            return null;
        }
    }
    @Override
@ -22,6 +95,10 @@ public class RequestIdFilter implements ContainerRequestFilter, ContainerRespons
        ContainerRequestContext requestContext,
        ContainerResponseContext responseContext
    ) {
-        RequestContext.clear();
+        try {
            RequestContext.clear();
        } catch (Exception e) {
            log.error("Error limpiando el filtro: {}", e.getMessage());
        }
    }
-}
+}
--- a/src/main/java/com/banesco/module/payment_order/infrastructure/client/PaymentOrderClient.java
+++ b/src/main/java/com/banesco/module/payment_order/infrastructure/client/PaymentOrderClient.java
@ -110,20 +110,21 @@ public class PaymentOrderClient implements PaymentOrderUseCase {
    private String getSignatureIdentifier(PaymentOrderRequest params) {
        Map<String, Object> paymentOrderRequest = serializationHelper.toMap(params);
-        String signature = serializationHelper.encodeSha256(
+        Map<String, Object> operation = serializationHelper.toMap(params.getOperation());
-            serializationHelper.toJsonString(paymentOrderRequest.get("operation")) +
+        String signature = serializationHelper.generateSignature(
-            serializationHelper.encodeBase64(params.getChannelId())
+            params.getOperation(), params.getChannelId()
-        );
+        ) + "asgasg";
        paymentOrderRequest.put("signature", signature);
        paymentOrderRequest.put("operation", operation);
        paymentOrderRequest.remove("fintechId");
        String signatureIdentifier = serializationHelper.encodeBase64(paymentOrderRequest);
-        log.info("1. Firma generada: {}", signature);
+        log.info("3. Firma generada: {}", signature);
-        log.info("2. Parametros de la solicitud: {}", paymentOrderRequest);
+        log.info("4. Parametros de la solicitud: {}", paymentOrderRequest);
-        log.info("3. Solicitud codificada: {}", signatureIdentifier);
+        log.info("5. Solicitud final: {} -> {}", paymentOrderRequest, signatureIdentifier);
        return signatureIdentifier;
    }
--- a/src/main/java/com/banesco/module/service_order_payment_search/application/service/ServiceOrderPaymentSearchService.java
+++ b/src/main/java/com/banesco/module/service_order_payment_search/application/service/ServiceOrderPaymentSearchService.java
@ -9,6 +9,7 @@ import com.banesco.module.service_order_payment_search.domain.dto.request.Servic
 import com.banesco.module.service_order_payment_search.domain.dto.response.ServiceOrderPaymentSearchResponse;
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.inject.Inject;
 import jakarta.ws.rs.core.Response;
 import lombok.extern.slf4j.Slf4j;
@Slf4j
@ -28,13 +29,20 @@ public class ServiceOrderPaymentSearchService implements ServiceOrderPaymentSear
    }
    @Override
-    public ApiResponse<ServiceOrderPaymentSearchResponse> execute(
+    public Response execute(
        ServiceOrderPaymentSearchRequest request
    ) {
        log.info("Iniciando ejecucion para el id: {}", request.getPartyId());
        Response response;
        try {
-            return apiPrivate(request);
+            ApiResponse<ServiceOrderPaymentSearchResponse> apiResponse = apiPrivate(request);
            response = messageHelper.handleSuccess(
                apiResponse.getData(),
                apiResponse.getStatusResponse().getStatusCode()
            );
        } catch (ApiPrivateException e) {
            log.warn(
                "Excepcion de la api privada: {} -> {}",
@ -44,11 +52,13 @@ public class ServiceOrderPaymentSearchService implements ServiceOrderPaymentSear
            throw HttpStatusCodeException.badRequest("400");
        } catch (HttpStatusCodeException e) {
            log.error("Excepcion HTTP del api privada: {} - {}", e.getStatusCode(), e.getErrorCode());
-            throw e;
+            response = messageHelper.handleException(e);
        } catch (Exception e) {
            log.error("Excepcion generica del api privada: {}", e.getMessage());
-            throw e;
+            response = messageHelper.handleGenericException(e);
        }
        return response;
    }
    private ApiResponse<ServiceOrderPaymentSearchResponse> apiPrivate(
--- a/src/main/java/com/banesco/module/service_order_payment_search/application/usecase/ServiceOrderPaymentSearchUseCase.java
+++ b/src/main/java/com/banesco/module/service_order_payment_search/application/usecase/ServiceOrderPaymentSearchUseCase.java
@ -1,11 +1,10 @@
 package com.banesco.module.service_order_payment_search.application.usecase;
 import com.banesco.common.domain.model.ApiResponse;
 import com.banesco.module.service_order_payment_search.domain.dto.request.ServiceOrderPaymentSearchRequest;
-import com.banesco.module.service_order_payment_search.domain.dto.response.ServiceOrderPaymentSearchResponse;
+import jakarta.ws.rs.core.Response;
 public interface ServiceOrderPaymentSearchUseCase {
-    ApiResponse<ServiceOrderPaymentSearchResponse> execute(
+    Response execute(
        ServiceOrderPaymentSearchRequest request
    );
 }
--- a/src/main/java/com/banesco/module/service_order_payment_search/domain/dto/request/ServiceOrderPaymentSearchRequest.java
+++ b/src/main/java/com/banesco/module/service_order_payment_search/domain/dto/request/ServiceOrderPaymentSearchRequest.java
@ -1,7 +1,10 @@
 package com.banesco.module.service_order_payment_search.domain.dto.request;
 import com.banesco.common.domain.model.Device;
 import com.banesco.common.infrastructure.context.RequestContext;
 import com.banesco.module.instruction.domain.model.Instruction;
 import com.banesco.module.instruction.domain.model.InstructionPurposeType;
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import io.quarkus.runtime.annotations.RegisterForReflection;
 import lombok.*;
@ -18,12 +21,17 @@ import static java.util.Map.entry;
@RegisterForReflection
 public class ServiceOrderPaymentSearchRequest {
    @NonNull
    @JsonIgnore
    private String customerReferenceFintechId;
    @NonNull
    @JsonIgnore
    private String appId;
    @NonNull
    private Instruction procedureRequest;
    @NonNull
    private Device device;
    @JsonIgnore
    public String getPartyId() {
        return getProcedureRequest()
            .getInstructionInvolvement()
@ -34,6 +42,7 @@ public class ServiceOrderPaymentSearchRequest {
            .getIdentifierValue();
    }
    @JsonIgnore
    public String getInitiatedDate() {
        return getProcedureRequest()
            .getInstructionDate()
@ -41,6 +50,7 @@ public class ServiceOrderPaymentSearchRequest {
            .getDate();
    }
    @JsonIgnore
    public String getInstructionRequestId() {
        return getProcedureRequest()
            .getInstructionIdentifier()
@ -48,14 +58,20 @@ public class ServiceOrderPaymentSearchRequest {
            .getIdentifierValue();
    }
    @JsonIgnore
    public String getChannelCode() {
-        return getProcedureRequest().getInstructionPurposeType().name();
+        return getProcedureRequest()
            .getInstructionPurposeType()
            .name();
    }
    @JsonIgnore
    public boolean isBole() {
-        return getProcedureRequest().getInstructionPurposeType() == InstructionPurposeType.BOLE;
+        return getProcedureRequest()
            .getInstructionPurposeType() == InstructionPurposeType.BOLE;
    }
    @JsonIgnore
    public Map<String, String> toParams() {
        return Map.ofEntries(
            entry("partyReferenceId", Objects.toString(getPartyId(), "")),
@ -63,12 +79,20 @@ public class ServiceOrderPaymentSearchRequest {
        );
    }
    @JsonIgnore
    public Map<String, String> toQueryString() {
        return Map.ofEntries(
            entry("appId", Objects.toString(getAppId(), "")),
            entry("customerReferenceFintechId", Objects.toString(getCustomerReferenceFintechId(), "")),
            entry("initiatedDate", Objects.toString(getInitiatedDate(), "")),
-            entry("instructionRequestId", Objects.toString(getInstructionRequestId(), ""))
+            entry("instructionRequestId", Objects.toString(getInstructionRequestId(), "")),
            entry("deviceType", Objects.toString(getDevice().getDeviceType(), "")),
            entry("deviceDescription", Objects.toString(getDevice().getDeviceDescription(), "")),
            entry("deviceIp", Objects.toString(getDevice().getDeviceIp(), "")),
            entry("deviceSessionReference", Objects.toString(
                getDevice().getDeviceSessionReference(),
                RequestContext.getRequestId()
            ))
        );
    }
 }
--- a/src/main/java/com/banesco/module/service_order_payment_search/infrastructure/resource/ServiceOrderPaymentSearchResource.java
+++ b/src/main/java/com/banesco/module/service_order_payment_search/infrastructure/resource/ServiceOrderPaymentSearchResource.java
@ -1,8 +1,7 @@
 package com.banesco.module.service_order_payment_search.infrastructure.resource;
 import com.banesco.common.application.helper.MessageHelper;
 import com.banesco.common.domain.exception.HttpStatusCodeException;
 import com.banesco.common.domain.model.ApiResponse;
 import com.banesco.common.domain.model.Device;
 import com.banesco.common.domain.model.StatusResponse;
 import com.banesco.module.instruction.domain.model.Instruction;
 import com.banesco.module.service_order_payment_search.application.usecase.ServiceOrderPaymentSearchUseCase;
@ -31,14 +30,11 @@ import java.util.Objects;
 public class ServiceOrderPaymentSearchResource {
    private final ServiceOrderPaymentSearchUseCase useCase;
    private final MessageHelper messageHelper;
    @Inject
    public ServiceOrderPaymentSearchResource(
        MessageHelper messageHelper,
        ServiceOrderPaymentSearchUseCase useCase
    ) {
        this.messageHelper = messageHelper;
        this.useCase = useCase;
    }
@ -447,27 +443,45 @@ public class ServiceOrderPaymentSearchResource {
        @QueryParam("instructionRequestId")
        @Parameter(description = "ID de la peticion de pago", example = "1")
-        String instructionRequestId
+        String instructionRequestId,
        @QueryParam("deviceType")
        @Parameter(description = "Tipo de dispositivo", example = "Mobile")
        String deviceType,
        @QueryParam("deviceDescription")
        @Parameter(description = "Descripcion del dispositivo", example = "Xiaomi Note 11 PRO")
        String deviceDescription,
        @QueryParam("deviceIp")
        @Parameter(description = "Direccion IP del dispositivo", example = "127.0.0.1")
        String deviceIp,
        @QueryParam("deviceSessionReference")
        @Parameter(description = "Referencia de la peticion del dispositivo", example = "12345678901304")
        String deviceSessionReference
    ) {
        log.info("Iniciando consulta para instruccion de archivo id: {}", partyReferenceId);
-        try {
+        return useCase.execute(
-            return Response.ok(useCase.execute(
+            ServiceOrderPaymentSearchRequest.builder()
-                ServiceOrderPaymentSearchRequest.builder()
+                .customerReferenceFintechId(Objects.toString(customerReferenceFintechId, ""))
-                    .customerReferenceFintechId(Objects.toString(customerReferenceFintechId, ""))
+                .appId(Objects.toString(appId, ""))
-                    .appId(Objects.toString(appId, ""))
+                .procedureRequest(Instruction.fromResource(
-                    .procedureRequest(Instruction.fromResource(
+                    partyReferenceId,
-                        partyReferenceId,
+                    initiatedDate,
-                        initiatedDate,
+                    instructionRequestId,
-                        instructionRequestId,
+                    channelCode
-                        channelCode
+                ))
-                    ))
+                .device(
-                    .build()
+                    Device.builder()
-            )).build();
+                        .deviceType(deviceType)
-        } catch (HttpStatusCodeException e) {
+                        .deviceDescription(deviceDescription)
-            return messageHelper.handleException(e);
+                        .deviceIp(deviceIp)
-        } catch (Exception e) {
+                        .deviceSessionReference(deviceSessionReference)
-            return messageHelper.handleGenericException(e);
+                        .build()
-        }
+                )
                .build()
        );
    }
 }