From 199608ad0f9b2c109fc87f36fbcf482afaa0e1f6 Mon Sep 17 00:00:00 2001 From: ThatSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Fri, 21 Mar 2025 13:51:55 -0400 Subject: [PATCH] v3_issue_821: fixed the NPE issue we were getting during provisioning for missing component info. --- .../userdefined/info/ComponentInfo.java | 19 +++++++----- .../SupplyChainCredentialValidator.java | 31 ++++++++++++------- 2 files changed, 31 insertions(+), 19 deletions(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/info/ComponentInfo.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/info/ComponentInfo.java index 7ab18111..5456e320 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/info/ComponentInfo.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/info/ComponentInfo.java @@ -92,18 +92,21 @@ public class ComponentInfo extends ArchivableEntity { final String componentSerial, final String componentRevision) { - if ((StringUtils.isEmpty(componentManufacturer) - || StringUtils.isEmpty(componentModel))) { + if (componentManufacturer == null) { + log.error("Component Info's manufacturer cannot be null."); + this.componentManufacturer = ""; + } else { + this.componentManufacturer = componentModel.trim(); + } - log.error("Component Info's manufacturer and/or " - + "model can not be null"); - throw new NullPointerException("ComponentInfo: manufacturer and/or " - + "model can not be null"); + if (componentModel == null) { + log.error("Component Info's model cannot be null."); + this.componentModel = ""; + } else { + this.componentModel = componentModel.trim(); } this.deviceName = deviceName; - this.componentManufacturer = componentManufacturer.trim(); - this.componentModel = componentModel.trim(); if (componentSerial != null) { this.componentSerial = componentSerial.trim(); diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidator.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidator.java index 040c30d3..55328796 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidator.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidator.java @@ -93,7 +93,9 @@ public class SupplyChainCredentialValidator { throw new SupplyChainValidatorException("Truststore is empty"); } } catch (KeyStoreException ksEx) { - log.error("Error accessing trust store: " + ksEx.getMessage()); + log.error( + "Error accessing trust store while trying to verify the X509 Attribute" + + " Certificate Holder: {}", ksEx.getMessage()); } try { @@ -134,7 +136,8 @@ public class SupplyChainCredentialValidator { throw new SupplyChainValidatorException("Truststore is empty"); } } catch (KeyStoreException ksEx) { - log.error("Error accessing trust store: " + ksEx.getMessage()); + log.error("Error accessing trust store while trying to verify the X509 Certificate: {}", + ksEx.getMessage()); } try { @@ -147,8 +150,9 @@ public class SupplyChainCredentialValidator { return validateCertChain(cert, trustedCerts).isEmpty(); } catch (KeyStoreException ksEx) { - log.error("Error accessing keystore", ksEx); - throw new SupplyChainValidatorException("Error with the trust store", ksEx); + log.error("Error accessing keystore while trying to verify the X509 Certificate", ksEx); + throw new SupplyChainValidatorException( + "Error accessing keystore while trying to verify the X509 Certificate", ksEx); } } @@ -191,7 +195,7 @@ public class SupplyChainCredentialValidator { if (issuerMatchesSubject && signatureMatchesPublicKey) { if (isSelfSigned(trustedCert)) { - log.info("CA Root found."); + log.info("CA Root found while validating the X509 Attribute Certificate Holder."); return ""; } else { foundRootOfCertChain = intCAError; @@ -244,7 +248,7 @@ public class SupplyChainCredentialValidator { trustedCert); if (issuerMatchesSubject && signatureMatchesPublicKey) { if (isSelfSigned(trustedCert)) { - log.info("CA Root found."); + log.info("CA Root found while validating X509 Certificate."); return ""; } else { foundRootOfCertChain = intCAError; @@ -320,11 +324,18 @@ public class SupplyChainCredentialValidator { return componentInfoList; } + /** + * Helper method that attempts to retrieve the value as text from the provided Json Node. + * + * @param node json node + * @param fieldName field name + * @return string json node value + */ private static String getJSONNodeValueAsText(final JsonNode node, final String fieldName) { if (node.hasNonNull(fieldName)) { return node.findValue(fieldName).textValue(); } - return null; + return ""; } /** @@ -404,8 +415,7 @@ public class SupplyChainCredentialValidator { } catch (NoSuchProviderException e) { log.info("Incorrect provider for cert signature validation"); } catch (SignatureException e) { - log.info(String.format("%s.verify(%s)", cert.getSubjectX500Principal(), - signingCert.getSubjectX500Principal())); + log.info("{}.verify({})", cert.getSubjectX500Principal(), signingCert.getSubjectX500Principal()); } return false; @@ -450,8 +460,7 @@ public class SupplyChainCredentialValidator { return cert.isSignatureValid(contentVerifierProvider); } catch (OperatorCreationException | CertException e) { log.info("Exception thrown while verifying certificate", e); - log.info(String.format("%s.isSignatureValid(%s)", cert.getSerialNumber(), - signingKey.getFormat())); + log.info("{}.isSignatureValid({})", cert.getSerialNumber(), signingKey.getFormat()); return false; } }