ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-03-27 22:28:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Modify log messages so that validation failures from certs in the keystore that are not actually in the chain do not raise undue attention

Browse Source
This commit is contained in:
chubtub 2021-11-17 10:15:31 -05:00
parent 23a086c925
commit 8b5027de4c
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java
View File

@ -1630,15 +1630,15 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
cert.verify(signingCert.getPublicKey(), BouncyCastleProvider.PROVIDER_NAME); cert.verify(signingCert.getPublicKey(), BouncyCastleProvider.PROVIDER_NAME);
return true; return true;
} catch (InvalidKeyException e) { } catch (InvalidKeyException e) {
LOGGER.warn("Incorrect key given to validate this cert's signature"); LOGGER.info("Incorrect key given to validate this cert's signature");
} catch (CertificateException e) { } catch (CertificateException e) {
LOGGER.warn("Encoding error while validating this cert's signature"); LOGGER.info("Encoding error while validating this cert's signature");
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException e) {
LOGGER.warn("Unsupported signature algorithm found during validation"); LOGGER.info("Unsupported signature algorithm found during validation");
} catch (NoSuchProviderException e) { } catch (NoSuchProviderException e) {
LOGGER.warn("Incorrect provider for cert signature validation"); LOGGER.info("Incorrect provider for cert signature validation");
} catch (SignatureException e) { } catch (SignatureException e) {
LOGGER.warn(String.format("%s.verify(%s)", cert.getSubjectDN(), LOGGER.info(String.format("%s.verify(%s)", cert.getSubjectDN(),
signingCert.getSubjectDN())); signingCert.getSubjectDN()));
} }
return false; return false;
@ -1685,8 +1685,8 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
new JcaContentVerifierProviderBuilder().setProvider("BC").build(signingKey); new JcaContentVerifierProviderBuilder().setProvider("BC").build(signingKey);
return cert.isSignatureValid(contentVerifierProvider); return cert.isSignatureValid(contentVerifierProvider);
} catch (OperatorCreationException | CertException e) { } catch (OperatorCreationException | CertException e) {
LOGGER.error("Exception thrown while verifying certificate", e); LOGGER.info("Exception thrown while verifying certificate", e);
LOGGER.error(String.format("%s.isSignatureValid(%s)", cert.getSerialNumber(), LOGGER.info(String.format("%s.isSignatureValid(%s)", cert.getSerialNumber(),
signingKey.getFormat())); signingKey.getFormat()));
return false; return false;
} }