From 3402dfd3b8545e8586047ef0ec34d65ce77c7faa Mon Sep 17 00:00:00 2001
From: nagendra0721 <nagendra0718@gmail.com>
Date: Fri, 6 Feb 2026 01:33:18 +0530
Subject: [PATCH] MOSIP-42630: logs

Signed-off-by: nagendra0721 <nagendra0718@gmail.com>
---
 .../service/KeymanagerService.java            |  6 ++---
 .../service/impl/KeymanagerServiceImpl.java   | 25 ++++++++++++++++---
 .../impl/CoseSignatureServiceImpl.java        | 12 +++++++++
 3 files changed, 36 insertions(+), 7 deletions(-)

diff --git a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanagerservice/service/KeymanagerService.java b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanagerservice/service/KeymanagerService.java
index aa6aca91c..2317d44e4 100644
--- a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanagerservice/service/KeymanagerService.java
+++ b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanagerservice/service/KeymanagerService.java
@@ -46,11 +46,9 @@ public interface KeymanagerService {
 	 */
 	//public PublicKeyResponse<String> getPublicKey(String applicationId, String timeStamp, Optional<String> referenceId);
 
-	public PublicKeyResponse<String> getSignPublicKey(String applicationId, String timeStamp,
-			Optional<String> referenceId);
+	public PublicKeyResponse<String> getSignPublicKey(String applicationId, String timeStamp, Optional<String> referenceId);
 
-	public SignatureCertificate getSignatureCertificate(String applicationId, Optional<String> referenceId,
-													String timestamp);
+	public SignatureCertificate getSignatureCertificate(String applicationId, Optional<String> referenceId,	String timestamp);
 
 	/**
 	 * Function to generate Master key pair in the HSM specified in config.
diff --git a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanagerservice/service/impl/KeymanagerServiceImpl.java b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanagerservice/service/impl/KeymanagerServiceImpl.java
index ae3000e76..02acc07e4 100644
--- a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanagerservice/service/impl/KeymanagerServiceImpl.java
+++ b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanagerservice/service/impl/KeymanagerServiceImpl.java
@@ -41,6 +41,7 @@
 import io.mosip.kernel.keymanagerservice.dto.CertificateChainResponseDto;
 import io.mosip.kernel.keymanagerservice.helper.SubjectAlternativeNamesHelper;
 import io.mosip.kernel.partnercertservice.util.PartnerCertificateManagerUtil;
+import io.mosip.kernel.signature.constant.SignatureConstant;
 import org.apache.commons.lang3.tuple.ImmutablePair;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
@@ -478,7 +479,9 @@ private SignatureCertificate getSigningCertificate(String applicationId, Optiona
 		}
 		List<KeyAlias> keyAlias = keyAliasMap.get(KeymanagerConstant.KEYALIAS);
 		currentKeyAlias = keyAliasMap.get(KeymanagerConstant.CURRENTKEYALIAS);
-		
+
+        LOGGER.info(KeymanagerConstant.SESSIONID, KeymanagerConstant.EMPTY, KeymanagerConstant.EMPTY,
+                "current Key Alias: " + currentKeyAlias.toString() + "applicatio Id: " + applicationId + "and reference Id:" + refId);
 		if (currentKeyAlias.size() > 1) {
 			LOGGER.info(KeymanagerConstant.SESSIONID, KeymanagerConstant.CURRENTKEYALIAS,
 					String.valueOf(currentKeyAlias.size()), "CurrentKeyAlias size more than one. Throwing exception");
@@ -493,10 +496,18 @@ private SignatureCertificate getSigningCertificate(String applicationId, Optiona
 			// @TODO Not Sure why always check the existing HSM only. We need to get more details from team. 
 			// Expecting the signature key to be always in HSM.
 			if (!refId.equals("ED25519_SIGN")){
+                LOGGER.info(KeymanagerConstant.SESSIONID, KeymanagerConstant.EMPTY, KeymanagerConstant.EMPTY,
+                        "Get the certificate Entry for alias: " + alias);
 				certificateEntry = getCertificateEntry(alias, isPrivateRequired);
+                LOGGER.info(KeymanagerConstant.SESSIONID, KeymanagerConstant.EMPTY, KeymanagerConstant.EMPTY,
+                        "Found Certificate Entry");
 			} else {
+                LOGGER.info(KeymanagerConstant.SESSIONID, KeymanagerConstant.EMPTY, KeymanagerConstant.EMPTY,
+                        "Getting Keystore from db store for alias: " + alias);
 				Optional<io.mosip.kernel.keymanagerservice.entity.KeyStore> keyFromDBStore = dbHelper.getKeyStoreFromDB(alias);
 				Object[] keyDetailsArr = getKeyDetails(keyFromDBStore, alias);
+                LOGGER.info(KeymanagerConstant.SESSIONID, KeymanagerConstant.EMPTY, KeymanagerConstant.EMPTY,
+                        "Found Certificate Entry");
 				certificateEntry = new CertificateEntry<X509Certificate, PrivateKey>(new X509Certificate[] 
 										{(X509Certificate) keyDetailsArr[1]}, (PrivateKey) keyDetailsArr[0]);
 			}
@@ -932,18 +943,26 @@ private Object[] getKeyDetails(Optional<io.mosip.kernel.keymanagerservice.entity
 			return new Object[] {signPrivateKey, x509Cert};
 		}
 		try {
+            LOGGER.info(KeymanagerConstant.SESSIONID, KeymanagerConstant.EMPTY, KeymanagerConstant.EMPTY,
+                    "Getting Master Key entry from keystore. for master key alias: " + keyFromDBStore.get().getMasterAlias());
             PrivateKeyEntry masterKeyEntry = keyStore.getAsymmetricKey(keyFromDBStore.get().getMasterAlias());
             LOGGER.info(KeymanagerConstant.SESSIONID, KeymanagerConstant.KEYFROMDB, keyFromDBStore.toString(),
-                    "Key in DBStore does not exist for this alias. So fetching the certificate from HSM." + masterKeyEntry);
+                    "master key entry found." + masterKeyEntry);
             PrivateKey masterPrivateKey = masterKeyEntry.getPrivateKey();
             PublicKey masterPublicKey = masterKeyEntry.getCertificate().getPublicKey();
+            LOGGER.info(KeymanagerConstant.SESSIONID, KeymanagerConstant.EMPTY, KeymanagerConstant.EMPTY,
+                    "Decrypt the encrypted private key using HSM master key");
 			byte[] decryptedPrivateKey = keymanagerUtil.decryptKey(CryptoUtil.decodeURLSafeBase64(keyFromDBStore.get().getPrivateKey()), 
 													masterPrivateKey, masterPublicKey, keyStore.getKeystoreProviderName());
             LOGGER.info(KeymanagerConstant.SESSIONID, KeymanagerConstant.KEYFROMDB, keyFromDBStore.toString(),
-                    "Key in DBStore does not exist for this alias. So fetching the certificate from HSM. Byte Length: " + decryptedPrivateKey.length);
+                    "Decrypted Private Key byte length: " + decryptedPrivateKey.length);
+            LOGGER.info(KeymanagerConstant.SESSIONID, KeymanagerConstant.EMPTY, KeymanagerConstant.EMPTY,
+                    "constructing the certificate from db certificate data.");
 			X509Certificate x509Cert = (X509Certificate) keymanagerUtil.convertToCertificate(keyFromDBStore.get().getCertificateData());
 			String keyAlgorithm = x509Cert.getPublicKey().getAlgorithm();
 			PrivateKey signPrivateKey = null;
+            LOGGER.info(KeymanagerConstant.SESSIONID, KeymanagerConstant.EMPTY, KeymanagerConstant.EMPTY,
+            "Building Private Key Using PKCS8EncodedKeySpec");
 			if (keyAlgorithm.equals(KeymanagerConstant.ED25519_KEY_TYPE) || 
 					keyAlgorithm.equals(KeymanagerConstant.ED25519_ALG_OID) || 
 					keyAlgorithm.equals(KeymanagerConstant.EDDSA_KEY_TYPE)) {
diff --git a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/service/impl/CoseSignatureServiceImpl.java b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/service/impl/CoseSignatureServiceImpl.java
index 80b8b5f50..767ad5c76 100644
--- a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/service/impl/CoseSignatureServiceImpl.java
+++ b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/service/impl/CoseSignatureServiceImpl.java
@@ -136,6 +136,8 @@ public CoseSignResponseDto coseSign1(CoseSignRequestDto coseSignRequestDto) {
 
     private String signCose1(byte[] cosePayload, SignatureCertificate certificateResponse, String referenceId, CoseSignRequestDto requestDto, boolean isCwt) {
         try {
+            LOGGER.info(SignatureConstant.SESSIONID, SignatureConstant.COSE_SIGN, SignatureConstant.BLANK,
+            "cose sign1 process initiated.");
             String algorithm = (requestDto.getAlgorithm() == null || requestDto.getAlgorithm().isEmpty()) ?
                     SignatureAlgorithmIdentifyEnum.getAlgorithmIdentifier(referenceId) : requestDto.getAlgorithm();
             COSEProtectedHeaderBuilder protectedHeaderBuilder = coseHeaderBuilder.buildProtectedHeader(certificateResponse, requestDto, getCoseAlgorithm(algorithm), signatureUtil);
@@ -170,6 +172,8 @@ private String signCose1(byte[] cosePayload, SignatureCertificate certificateRes
                     .build();
 
             boolean includeCoseTag = !Boolean.FALSE.equals(requestDto.getIncludeCOSETag());
+            LOGGER.info(SignatureConstant.SESSIONID, SignatureConstant.COSE_SIGN, SignatureConstant.BLANK,
+            "cose sign1 process completed.");
             return bytesToHex(encodeTaggedCoseSign1(coseSign1, isCwt, includeCoseTag));
         } catch (IOException e) {
             LOGGER.error(SignatureConstant.SESSIONID, SignatureConstant.COSE_SIGN, SignatureConstant.BLANK,
@@ -473,8 +477,16 @@ public CoseSignResponseDto cwtSign(CWTSignRequestDto requestDto) {
             referenceId = signRefid;
         }
 
+        LOGGER.info(SignatureConstant.SESSIONID, SignatureConstant.COSE_SIGN, SignatureConstant.BLANK,
+        "Getting Signature Certificate. for appId:" + applicationId + "and refId:" + referenceId);
         SignatureCertificate certificateResponse = keymanagerService.getSignatureCertificate(applicationId, Optional.of(referenceId), timestamp);
+        LOGGER.info(SignatureConstant.SESSIONID, SignatureConstant.COSE_SIGN, SignatureConstant.BLANK,
+                "Signature Certificate Obtained. for appId:" + applicationId + "and refId:" + referenceId);
+        LOGGER.info(SignatureConstant.SESSIONID, SignatureConstant.COSE_SIGN, SignatureConstant.BLANK,
+                "build cwt claim set");
         byte[] cborClaimsPayload = signatureUtil.buildCWTClaimSet(requestDto);
+        LOGGER.info(SignatureConstant.SESSIONID, SignatureConstant.COSE_SIGN, SignatureConstant.BLANK,
+                "cwt claim set built.");
         CoseSignRequestDto coseSignRequestDto = buildCoseSignRequestDto(requestDto);
         String signedData = signCose1(cborClaimsPayload, certificateResponse, referenceId, coseSignRequestDto, true);