feat: log additional error data

thorgate · Dec 16, 2024 · 2ebeabc · 2ebeabc
1 parent f15baf1
commit 2ebeabc
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 0 deletions.
diff --git a/esteid/idcard/signer.py b/esteid/idcard/signer.py
@@ -12,6 +12,8 @@
 from esteid.signing import DataFile, Signer
 from esteid.types import CertificateHolderInfo
 
+from .. import settings
+
 
 logger = logging.getLogger(__name__)
 
@@ -26,6 +28,8 @@ def id_code(self) -> str:
         try:
             certificate_handle = self._certificate_handle
         except AttributeError as e:
+            if settings.ESTEID_ID_CARD_VERBOSE_ERRORS:
+                logger.exception("Attribute id_code not available: certificate not provided")
             raise AttributeError("Attribute id_code not available: certificate not provided") from e
 
         cert_holder_info = CertificateHolderInfo.from_certificate(certificate_handle)
@@ -38,18 +42,35 @@ def setup(self, initial_data: dict = None):
         try:
             certificate_hex = initial_data["certificate"]
         except (TypeError, KeyError) as e:
+            if settings.ESTEID_ID_CARD_VERBOSE_ERRORS:
+                logger.exception(
+                    "Missing required parameter 'certificate'. Data: %r",
+                    initial_data
+                )
             raise InvalidParameter("Missing required parameter 'certificate'", param="certificate") from e
 
         try:
             certificate = base64.b64decode(certificate_hex)
         except binascii.Error as e:
+            if settings.ESTEID_ID_CARD_VERBOSE_ERRORS:
+                logger.exception(
+                    "Failed to decode parameter `certificate` from DER encoding. "
+                    "Certificate HEX representation: %r",
+                    certificate_hex,
+                )
             raise InvalidParameter(
                 "Failed to decode parameter `certificate` from DER encoding", param="certificate"
             ) from e
 
         try:
             self._certificate_handle = load_certificate(certificate)
         except ValueError as e:
+            if settings.ESTEID_ID_CARD_VERBOSE_ERRORS:
+                logger.exception(
+                    "Failed to recognize `certificate` as a supported certificate format. "
+                    "Certificate HEX representation: %r",
+                    certificate_hex,
+                )
             raise InvalidParameter(
                 "Failed to recognize `certificate` as a supported certificate format", param="certificate"
             ) from e
@@ -74,11 +95,23 @@ def finalize(self, data: dict = None) -> pyasice.Container:
         try:
             signature_value = data["signature_value"]
         except (TypeError, KeyError) as e:
+            if settings.ESTEID_ID_CARD_VERBOSE_ERRORS:
+                logger.exception(
+                    "Missing required parameter 'signature_value'. "
+                    "Data: %r",
+                    data,
+                )
             raise InvalidParameter("Missing required parameter 'signature_value'", param="signature_value") from e
 
         try:
             signature_value = base64.b64decode(signature_value)
         except binascii.Error as e:
+            if settings.ESTEID_ID_CARD_VERBOSE_ERRORS:
+                logger.exception(
+                    "Failed to decode parameter `signature_value` from DER encoding. "
+                    "Signature value: %r",
+                    signature_value,
+                )
             raise InvalidParameter(
                 "Failed to decode parameter `signature_value` from DER encoding", param="signature_value"
             ) from e
@@ -93,6 +126,10 @@ def finalize(self, data: dict = None) -> pyasice.Container:
         try:
             pyasice.verify(xml_sig.get_certificate_value(), signature_value, digest, prehashed=True)
         except pyasice.SignatureVerificationError as e:
+            if settings.ESTEID_ID_CARD_VERBOSE_ERRORS:
+                logger.exception(
+                    "Signature verification error."
+                )
             raise SignatureVerificationError from e
 
         container = pyasice.Container.open(temp_container_file)

diff --git a/esteid/settings.py b/esteid/settings.py
@@ -110,3 +110,5 @@
 ESTEID_ALLOW_ONE_PARTY_SIGN_TWICE = getattr(settings, "ESTEID_ALLOW_ONE_PARTY_SIGN_TWICE", ESTEID_DEMO)
 
 ESTEID_GET_REQUEST_SESSION = getattr(settings, "ESTEID_GET_REQUEST_SESSION", "esteid.util.default_get_request_session")
+
+ESTEID_ID_CARD_VERBOSE_ERRORS = getattr(settings, "ESTEID_ID_CARD_VERBOSE_ERRORS", False)
Original file line number	Diff line number	Diff line change
Expand Up		@@ -110,3 +110,5 @@
		ESTEID_ALLOW_ONE_PARTY_SIGN_TWICE = getattr(settings, "ESTEID_ALLOW_ONE_PARTY_SIGN_TWICE", ESTEID_DEMO)

		ESTEID_GET_REQUEST_SESSION = getattr(settings, "ESTEID_GET_REQUEST_SESSION", "esteid.util.default_get_request_session")

		ESTEID_ID_CARD_VERBOSE_ERRORS = getattr(settings, "ESTEID_ID_CARD_VERBOSE_ERRORS", False)