package hr.com.port.ips.eracun.helper; import java.util.*; // Sanitizer za HTTP headere prije logiranja. // - Maskira tipične osjetljive headere (Authorization, X-API-Key, Cookie, …) // - Vraća nove, “safe” mape (original ne dira) // - Java 8 kompatibilno public final class HttpLogSanitizer { // PRIMJERI KORIŠTENJA // Jednostavna mapa //Map safe = HttpLogSanitizer.maskHeaders(headers); //logger.debug("HTTP headers (safe): " + safe); // Dodatni osjetljivi nazivi (npr. “CompanyId”) //java.util.Set extra = new java.util.HashSet<>(java.util.Arrays.asList("companyid")); //Map safe2 = HttpLogSanitizer.maskHeaders(headers, extra); // OkHttp //okhttp3.Headers okhttpHeaders = request.headers(); //logger.debug("HTTP headers (safe): " + HttpLogSanitizer.maskHeaders(okhttpHeaders)); private HttpLogSanitizer() {} private static final String MASK = "***"; // Tipični osjetljivi headeri (case-insensitive) private static final Set DEFAULT_SENSITIVE = new HashSet<>(Arrays.asList( "authorization", "proxy-authorization", "x-api-key", "api-key", "apikey", "x-auth-token", "auth", "token", "cookie", "set-cookie", "x-csrf-token", "x-xsrf-token", "session", "sessionid", "jsessionid" )); // Jednostavni slučaj: Map → zamaskirana kopija. public static Map maskHeaders(Map headers) { return maskHeaders(headers, Collections.emptySet()); } // Map uz dodatne osjetljive ključeve (lowercased). public static Map maskHeaders(Map headers, Set extraSensitiveNames) { if (headers == null) return Collections.emptyMap(); Map safe = new LinkedHashMap<>(); for (Map.Entry e : headers.entrySet()) { String name = e.getKey(); String value = e.getValue(); safe.put(name, isSensitive(name, extraSensitiveNames) ? MASK : value); } return safe; } // Multi-value varijanta: Map> → zamaskirana kopija. public static Map> maskHeadersMulti(Map> headers) { return maskHeadersMulti(headers, Collections.emptySet()); } // Multi-value varijanta uz dodatne osjetljive ključeve. public static Map> maskHeadersMulti(Map> headers, Set extraSensitiveNames) { if (headers == null) return Collections.emptyMap(); Map> safe = new LinkedHashMap<>(); for (Map.Entry> e : headers.entrySet()) { String name = e.getKey(); List vals = e.getValue(); if (isSensitive(name, extraSensitiveNames)) { safe.put(name, Collections.singletonList(MASK)); } else { safe.put(name, vals == null ? null : new ArrayList<>(vals)); } } return safe; } // Brza provjera naziva headera (case-insensitive). public static boolean isSensitiveHeaderName(String headerName) { return isSensitive(headerName, Collections.emptySet()); } // --- (opcionalno) OkHttp overload ako koristiš OkHttp u klijentu --- public static Map maskHeaders(okhttp3.Headers headers) { if (headers == null) return Collections.emptyMap(); Map safe = new LinkedHashMap<>(); for (String name : headers.names()) { String value = headers.get(name); safe.put(name, isSensitive(name, Collections.emptySet()) ? MASK : value); } return safe; } // --- internal --- private static boolean isSensitive(String key, Set extra) { if (key == null) return false; String k = key.toLowerCase(Locale.ROOT).trim(); if (DEFAULT_SENSITIVE.contains(k)) return true; if (extra != null && extra.contains(k)) return true; // Heuristike: pokrij i varijacije return k.endsWith("authorization") || k.contains("token") || k.contains("secret"); } }