From 1ec644eccc30e6cbbc74e46b00fc767666ccb684 Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Thu, 10 Jun 2021 11:19:38 -0400 Subject: [PATCH 1/2] Added an additional catch statement to the parsing of Certificates that are PEM in case of a DecoderException for Base64.decode method. Instead of going to a blank page with the error, the ACA catches the exception and states on the page in which the file was uploaded to. --- .../CertificateRequestPageController.java | 52 +++++++++++-------- 1 file changed, 30 insertions(+), 22 deletions(-) diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateRequestPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateRequestPageController.java index 80f428e8..1032d836 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateRequestPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateRequestPageController.java @@ -1,5 +1,6 @@ package hirs.attestationca.portal.page.controllers; +import hirs.FilteredRecordsList; import hirs.attestationca.portal.datatables.DataTableInput; import hirs.attestationca.portal.datatables.DataTableResponse; import hirs.attestationca.portal.datatables.OrderedListQueryDataTableAdapter; @@ -8,26 +9,6 @@ import hirs.attestationca.portal.page.PageController; import hirs.attestationca.portal.page.PageMessages; import hirs.attestationca.portal.page.params.NoPageParams; import hirs.attestationca.portal.util.CertificateStringMapBuilder; -import java.io.IOException; -import java.net.URISyntaxException; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate; -import java.util.HashMap; -import java.util.Map; -import java.util.UUID; -import javax.servlet.http.HttpServletResponse; -import org.apache.logging.log4j.Logger; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Controller; -import org.springframework.ui.Model; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.servlet.ModelAndView; - -import static org.apache.logging.log4j.LogManager.getLogger; -import org.hibernate.Criteria; -import org.hibernate.criterion.Restrictions; -import org.hibernate.sql.JoinType; -import hirs.FilteredRecordsList; import hirs.data.persist.certificate.Certificate; import hirs.data.persist.certificate.CertificateAuthorityCredential; import hirs.data.persist.certificate.EndorsementCredential; @@ -38,17 +19,38 @@ import hirs.persist.CriteriaModifier; import hirs.persist.CrudManager; import hirs.persist.DBManagerException; import hirs.persist.OrderedListQuerier; -import java.util.List; -import java.util.stream.Collectors; +import org.apache.logging.log4j.Logger; +import org.bouncycastle.util.encoders.DecoderException; +import org.hibernate.Criteria; +import org.hibernate.criterion.Restrictions; +import org.hibernate.sql.JoinType; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; +import org.springframework.stereotype.Controller; +import org.springframework.ui.Model; import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.multipart.MultipartFile; +import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.mvc.support.RedirectAttributes; import org.springframework.web.servlet.view.RedirectView; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.net.URISyntaxException; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.UUID; +import java.util.stream.Collectors; + +import static org.apache.logging.log4j.LogManager.getLogger; + /** * Controller for the Device page. */ @@ -627,6 +629,12 @@ public class CertificateRequestPageController extends PageController Date: Thu, 10 Jun 2021 12:34:38 -0400 Subject: [PATCH 2/2] Catch DecoderException in the tcg_rim_tool CredentialParser class. --- .../tcg_rim_tool/src/main/java/hirs/swid/CredentialParser.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/CredentialParser.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/CredentialParser.java index 0defcb80..9f24ace0 100644 --- a/tools/tcg_rim_tool/src/main/java/hirs/swid/CredentialParser.java +++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/CredentialParser.java @@ -10,6 +10,7 @@ import org.bouncycastle.openssl.PEMKeyPair; import org.bouncycastle.openssl.PEMParser; import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter; import org.bouncycastle.util.encoders.Base64; +import org.bouncycastle.util.encoders.DecoderException; import java.io.*; import java.security.*; @@ -154,6 +155,8 @@ public class CredentialParser { } } catch (FileNotFoundException e) { System.out.println("Unable to locate private key file: " + filename); + } catch (DecoderException e) { + System.out.println("Failed to parse uploaded pem file: " + e.getMessage()); } catch (NoSuchAlgorithmException e) { System.out.println("Unable to instantiate KeyFactory with algorithm: " + algorithm); } catch (IOException e) {