From 9d565b08f9bc097048981a2ace5e05ad75dc0d6c Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Tue, 1 Oct 2024 02:15:26 -0400 Subject: [PATCH] convert attestation parsing error to GeneralSecurityException --- .../app/attestation/server/AttestationProtocol.java | 10 +++++++--- .../java/app/attestation/server/AttestationServer.java | 3 ++- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/main/java/app/attestation/server/AttestationProtocol.java b/src/main/java/app/attestation/server/AttestationProtocol.java index 5cc05cf0..7e3539a1 100644 --- a/src/main/java/app/attestation/server/AttestationProtocol.java +++ b/src/main/java/app/attestation/server/AttestationProtocol.java @@ -482,7 +482,7 @@ private static X509Certificate generateCertificate(final InputStream in) private static Verified verifyStateless(final Certificate[] certificates, final Cache pendingChallenges, final boolean hasPersistentKey, - final byte[][] validRoots) throws GeneralSecurityException, IOException { + final byte[][] validRoots) throws GeneralSecurityException { verifyCertificateSignatures(certificates, hasPersistentKey); @@ -496,7 +496,7 @@ private static Verified verifyStateless(final Certificate[] certificates, try { attestation = ParsedAttestationRecord.createParsedAttestationRecord( List.of((X509Certificate) certificates[0])); - } catch (final ParsedAttestationRecord.KeyDescriptionMissingException e) { + } catch (final IOException | ParsedAttestationRecord.KeyDescriptionMissingException e) { throw new GeneralSecurityException(e); } @@ -730,6 +730,8 @@ private static Verified verifyStateless(final Certificate[] certificates, } attestKey = true; + } catch (final IOException e) { + throw new GeneralSecurityException(e); } catch (final ParsedAttestationRecord.KeyDescriptionMissingException ignored) {} // enforce attest key for new pairings with devices supporting it @@ -740,7 +742,9 @@ private static Verified verifyStateless(final Certificate[] certificates, for (int i = 2; i < certificates.length; i++) { try { ParsedAttestationRecord.createParsedAttestationRecord(List.of((X509Certificate) certificates[i])); - } catch (final ParsedAttestationRecord.KeyDescriptionMissingException e) { + } catch (final IOException e) { + throw new GeneralSecurityException(e); + } catch (final ParsedAttestationRecord.KeyDescriptionMissingException e) { continue; } throw new GeneralSecurityException("only initial key and attest key should have attestation extension"); diff --git a/src/main/java/app/attestation/server/AttestationServer.java b/src/main/java/app/attestation/server/AttestationServer.java index 70e63586..ff8a3b9c 100644 --- a/src/main/java/app/attestation/server/AttestationServer.java +++ b/src/main/java/app/attestation/server/AttestationServer.java @@ -1536,7 +1536,8 @@ public void handlePost(final HttpExchange exchange) throws IOException, SQLiteEx try { AttestationProtocol.verifySerialized(attestationResult, pendingChallenges, userId, subscribeKey == null); - } catch (final BufferUnderflowException | NegativeArraySizeException | DataFormatException | GeneralSecurityException | IOException e) { + } catch (final BufferUnderflowException | NegativeArraySizeException | + DataFormatException | GeneralSecurityException e) { logger.log(Level.WARNING, "invalid request", e); final byte[] response = "Error\n".getBytes(); exchange.sendResponseHeaders(400, response.length);