Log an error instead of throwing an exception when the truststore is omitted

2025-02-20 17:52:47 +00:00 · 2024-02-05 14:33:31 -05:00 · 2024-02-05 14:33:31 -05:00 · adb1da93b4
commit adb1da93b4
parent 6b44c550dc
1 changed files with 19 additions and 9 deletions
--- a/HIRS_Utils/src/main/java/hirs/utils/rim/ReferenceManifestValidator.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/rim/ReferenceManifestValidator.java
@ -253,25 +253,26 @@ public class ReferenceManifestValidator {
        Element fileElement = (Element) rim.getElementsByTagName("File").item(0);
        if (trustStoreFile != null && !trustStoreFile.isEmpty()) {
            trustStore = parseCertificatesFromPem(trustStoreFile);
+        } else {
+            return failWithError("File <" + trustStoreFile + "> is empty; " +
+                    "a valid, non-empty truststore file is required for validation.");
        }
        X509Certificate signingCert = null;
        try {
            signingCert = getCertFromTruststore();
            if (signingCert == null) {
-                log.error("Unable to locate the signing cert in the provided truststore "
-                        + trustStoreFile);
-                return false;
+                return failWithError("Unable to locate the signing cert in the provided " +
+                        "truststore " + trustStoreFile);
            }
        } catch (IOException e) {
-            log.warn("Error while parsing signing cert from truststore: " + e.getMessage());
-            return false;
+            return failWithError("Error while parsing signing cert from truststore: " +
+                    e.getMessage());
        }
        String subjectKeyIdentifier = "";
        try {
            subjectKeyIdentifier = getCertificateSubjectKeyIdentifier(signingCert);
        } catch (IOException e) {
-            log.warn("Error while parsing certificate data: " + e.getMessage());
-            return false;
+            return failWithError("Error while parsing certificate data: " + e.getMessage());
        }
        return validateXmlSignature(signingCert.getPublicKey(),
                                    subjectKeyIdentifier,
@ -312,8 +313,7 @@ public class ReferenceManifestValidator {
            System.out.println("Support RIM hash verified!" + System.lineSeparator());
            return true;
        } else {
-            System.out.println("Support RIM hash does not match Base RIM!" + System.lineSeparator());
-            return false;
+            return failWithError("Support RIM hash does not match Base RIM!");
        }
    }

@ -776,4 +776,14 @@ public class ReferenceManifestValidator {

        return doc;
    }
+
+    /**
+     * This method logs an error message and returns a false to signal failed validation.
+     * @param errorMessage String description of what went wrong
+     * @return false to represent failed validation
+     */
+    private boolean failWithError(String errorMessage) {
+        log.error(errorMessage);
+        return false;
+    }
 }