From f0c585e63057dd9ba1980d939901c023bfa1167d Mon Sep 17 00:00:00 2001
From: Georgii Borovinskikh <georgii.borovinskikh@sonarsource.com>
Date: Mon, 2 Dec 2024 14:04:57 +0100
Subject: [PATCH] SLVS-1674 Improve CertificateChainValidator logging

---
 .../Http/ICertificateChainValidator.cs        | 11 ++++++-----
 src/SLCore/SLCoreStrings.Designer.cs          | 19 ++++++++++++++++++-
 src/SLCore/SLCoreStrings.resx                 |  6 ++++++
 3 files changed, 30 insertions(+), 6 deletions(-)

diff --git a/src/SLCore.Listeners/Implementation/Http/ICertificateChainValidator.cs b/src/SLCore.Listeners/Implementation/Http/ICertificateChainValidator.cs
index 585c425627..7664730f37 100644
--- a/src/SLCore.Listeners/Implementation/Http/ICertificateChainValidator.cs
+++ b/src/SLCore.Listeners/Implementation/Http/ICertificateChainValidator.cs
@@ -41,16 +41,16 @@ public CertificateChainValidator(ILogger logger)
     {
         this.logger = logger;
     }
-    
+
     [ExcludeFromCodeCoverage] // can't easily unit test X509Chain
     public bool ValidateChain(X509Certificate2 primaryCertificate, IEnumerable<X509Certificate2> additionalCertificates)
     {
-        logger.LogVerbose($"[{nameof(CertificateChainValidator)}] Validating certificate: " + primaryCertificate);
+        logger.LogVerbose("[CertificateChainValidator] Validating certificate: " + primaryCertificate);
         using var x509Chain = new X509Chain();
 
         foreach (var additionalCertificate in additionalCertificates)
         {
-            logger.LogVerbose($"[{nameof(CertificateChainValidator)}] Using chain certificate: " + primaryCertificate);
+            logger.LogVerbose("[CertificateChainValidator] Using chain certificate: " + primaryCertificate);
 
             x509Chain.ChainPolicy.ExtraStore.Add(additionalCertificate);
         }
@@ -59,12 +59,13 @@ public bool ValidateChain(X509Certificate2 primaryCertificate, IEnumerable<X509C
 
         if (!validationResult)
         {
+            logger.WriteLine(SLCoreStrings.CertificateValidator_Failed);
             foreach (var x509ChainChainStatus in x509Chain.ChainStatus)
             {
-                logger.LogVerbose($"{x509ChainChainStatus.Status}: {x509ChainChainStatus.StatusInformation}");
+                logger.WriteLine(SLCoreStrings.CertificateValidator_FailureReasonTemplate, x509ChainChainStatus.Status, x509ChainChainStatus.StatusInformation);
             }
         }
-        
+
         return validationResult;
     }
 }
diff --git a/src/SLCore/SLCoreStrings.Designer.cs b/src/SLCore/SLCoreStrings.Designer.cs
index a8f772b270..940e845c08 100644
--- a/src/SLCore/SLCoreStrings.Designer.cs
+++ b/src/SLCore/SLCoreStrings.Designer.cs
@@ -1,7 +1,6 @@
 //------------------------------------------------------------------------------
 // <auto-generated>
 //     This code was generated by a tool.
-//     Runtime Version:4.0.30319.42000
 //
 //     Changes to this file may cause incorrect behavior and will be lost if
 //     the code is regenerated.
@@ -78,6 +77,24 @@ public static string AnalysisReadinessUpdate {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to [CertificateChainValidator] Certificate validation failed for the following reason(s):.
+        /// </summary>
+        public static string CertificateValidator_Failed {
+            get {
+                return ResourceManager.GetString("CertificateValidator_Failed", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to [CertificateChainValidator] {0}: {1}.
+        /// </summary>
+        public static string CertificateValidator_FailureReasonTemplate {
+            get {
+                return ResourceManager.GetString("CertificateValidator_FailureReasonTemplate", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Configuration scope conflict.
         /// </summary>
diff --git a/src/SLCore/SLCoreStrings.resx b/src/SLCore/SLCoreStrings.resx
index 68a4c04346..d31c4ad3e9 100644
--- a/src/SLCore/SLCoreStrings.resx
+++ b/src/SLCore/SLCoreStrings.resx
@@ -171,4 +171,10 @@
   <data name="UnexpectedServerConnectionType" xml:space="preserve">
     <value>Unexpected server connection type</value>
   </data>
+  <data name="CertificateValidator_Failed" xml:space="preserve">
+    <value>[CertificateChainValidator] Certificate validation failed for the following reason(s):</value>
+  </data>
+  <data name="CertificateValidator_FailureReasonTemplate" xml:space="preserve">
+    <value>[CertificateChainValidator] {0}: {1}</value>
+  </data>
 </root>
\ No newline at end of file