From 292d77d77c0b92ac31de77110da4e34207b12718 Mon Sep 17 00:00:00 2001
From: chubtub <43381989+chubtub@users.noreply.github.com>
Date: Mon, 5 Feb 2024 14:33:31 -0500
Subject: [PATCH] Log an error instead of throwing an exception when the
 truststore is omitted

---
 .../utils/rim/ReferenceManifestValidator.java | 28 +++++++++++++------
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/HIRS_Utils/src/main/java/hirs/utils/rim/ReferenceManifestValidator.java b/HIRS_Utils/src/main/java/hirs/utils/rim/ReferenceManifestValidator.java
index cb3fdd48..9b72fb8c 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/rim/ReferenceManifestValidator.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/rim/ReferenceManifestValidator.java
@@ -253,25 +253,26 @@ public class ReferenceManifestValidator {
         Element fileElement = (Element) rim.getElementsByTagName("File").item(0);
         if (trustStoreFile != null && !trustStoreFile.isEmpty()) {
             trustStore = parseCertificatesFromPem(trustStoreFile);
+        } else {
+            return failWithError("File <" + trustStoreFile + "> is empty; " +
+                    "a valid, non-empty truststore file is required for validation.");
         }
         X509Certificate signingCert = null;
         try {
             signingCert = getCertFromTruststore();
             if (signingCert == null) {
-                log.error("Unable to locate the signing cert in the provided truststore "
-                        + trustStoreFile);
-                return false;
+                return failWithError("Unable to locate the signing cert in the provided " +
+                        "truststore " + trustStoreFile);
             }
         } catch (IOException e) {
-            log.warn("Error while parsing signing cert from truststore: " + e.getMessage());
-            return false;
+            return failWithError("Error while parsing signing cert from truststore: " +
+                    e.getMessage());
         }
         String subjectKeyIdentifier = "";
         try {
             subjectKeyIdentifier = getCertificateSubjectKeyIdentifier(signingCert);
         } catch (IOException e) {
-            log.warn("Error while parsing certificate data: " + e.getMessage());
-            return false;
+            return failWithError("Error while parsing certificate data: " + e.getMessage());
         }
         return validateXmlSignature(signingCert.getPublicKey(),
                                     subjectKeyIdentifier,
@@ -312,8 +313,7 @@ public class ReferenceManifestValidator {
             System.out.println("Support RIM hash verified!" + System.lineSeparator());
             return true;
         } else {
-            System.out.println("Support RIM hash does not match Base RIM!" + System.lineSeparator());
-            return false;
+            return failWithError("Support RIM hash does not match Base RIM!");
         }
     }
 
@@ -776,4 +776,14 @@ public class ReferenceManifestValidator {
 
         return doc;
     }
+
+    /**
+     * This method logs an error message and returns a false to signal failed validation.
+     * @param errorMessage String description of what went wrong
+     * @return false to represent failed validation
+     */
+    private boolean failWithError(String errorMessage) {
+        log.error(errorMessage);
+        return false;
+    }
 }