From d12b697467fd7a256f1037d62550ad037af84bed Mon Sep 17 00:00:00 2001 From: vcolin7 Date: Mon, 13 Jan 2025 17:59:07 -0800 Subject: [PATCH] Fixed NPE issue in KeyVaultKeysModelsUtils (#43776) * Fixed possible NPE issues when calling toString() in Key Vault libraries. * Removed unused import. * Ran Spotless. --- .../models/CertificateItem.java | 20 +++++++------- .../models/DeletedCertificateItem.java | 19 ++++++++------ .../AesKeyCryptographyClient.java | 26 ++++++++++--------- .../implementation/CryptographyUtils.java | 4 ++- .../EcKeyCryptographyClient.java | 2 +- .../RsaKeyCryptographyClient.java | 2 +- .../models/KeyVaultKeysModelsUtils.java | 3 +-- .../models/SecretsModelsUtils.java | 7 +++-- 8 files changed, 46 insertions(+), 37 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/implementation/models/CertificateItem.java b/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/implementation/models/CertificateItem.java index 20682166ad748..c10dd8809e716 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/implementation/models/CertificateItem.java +++ b/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/implementation/models/CertificateItem.java @@ -48,7 +48,7 @@ public CertificateItem() { /** * Get the id property: Certificate identifier. - * + * * @return the id value. */ public String getId() { @@ -57,7 +57,7 @@ public String getId() { /** * Set the id property: Certificate identifier. - * + * * @param id the id value to set. * @return the CertificateItem object itself. */ @@ -68,7 +68,7 @@ public CertificateItem setId(String id) { /** * Get the attributes property: The certificate management attributes. - * + * * @return the attributes value. */ public CertificateAttributes getAttributes() { @@ -77,7 +77,7 @@ public CertificateAttributes getAttributes() { /** * Set the attributes property: The certificate management attributes. - * + * * @param attributes the attributes value to set. * @return the CertificateItem object itself. */ @@ -88,7 +88,7 @@ public CertificateItem setAttributes(CertificateAttributes attributes) { /** * Get the tags property: Application specific metadata in the form of key-value pairs. - * + * * @return the tags value. */ public Map getTags() { @@ -97,7 +97,7 @@ public Map getTags() { /** * Set the tags property: Application specific metadata in the form of key-value pairs. - * + * * @param tags the tags value to set. * @return the CertificateItem object itself. */ @@ -108,7 +108,7 @@ public CertificateItem setTags(Map tags) { /** * Get the x509Thumbprint property: Thumbprint of the certificate. - * + * * @return the x509Thumbprint value. */ public byte[] getX509Thumbprint() { @@ -120,7 +120,7 @@ public byte[] getX509Thumbprint() { /** * Set the x509Thumbprint property: Thumbprint of the certificate. - * + * * @param x509Thumbprint the x509Thumbprint value to set. * @return the CertificateItem object itself. */ @@ -141,14 +141,14 @@ public JsonWriter toJson(JsonWriter jsonWriter) throws IOException { jsonWriter.writeStartObject(); jsonWriter.writeStringField("id", this.id); jsonWriter.writeJsonField("attributes", this.attributes); - jsonWriter.writeMapField("tags", this.tags, (writer, element) -> writer.writeString(element)); + jsonWriter.writeMapField("tags", this.tags, JsonWriter::writeString); jsonWriter.writeStringField("x5t", Objects.toString(this.x509Thumbprint, null)); return jsonWriter.writeEndObject(); } /** * Reads an instance of CertificateItem from the JsonReader. - * + * * @param jsonReader The JsonReader being read. * @return An instance of CertificateItem if the JsonReader was pointing to an instance of it, or null if it was * pointing to JSON null. diff --git a/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/implementation/models/DeletedCertificateItem.java b/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/implementation/models/DeletedCertificateItem.java index e6621b5821d8e..6aa9797e66207 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/implementation/models/DeletedCertificateItem.java +++ b/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/implementation/models/DeletedCertificateItem.java @@ -9,12 +9,12 @@ import com.azure.json.JsonReader; import com.azure.json.JsonToken; import com.azure.json.JsonWriter; + import java.io.IOException; import java.time.Instant; import java.time.OffsetDateTime; import java.time.ZoneOffset; import java.util.Map; -import java.util.Objects; /** * The deleted certificate item containing metadata about the deleted certificate. @@ -45,7 +45,7 @@ public DeletedCertificateItem() { /** * Get the recoveryId property: The url of the recovery object, used to identify and recover the deleted * certificate. - * + * * @return the recoveryId value. */ public String getRecoveryId() { @@ -55,7 +55,7 @@ public String getRecoveryId() { /** * Set the recoveryId property: The url of the recovery object, used to identify and recover the deleted * certificate. - * + * * @param recoveryId the recoveryId value to set. * @return the DeletedCertificateItem object itself. */ @@ -66,7 +66,7 @@ public DeletedCertificateItem setRecoveryId(String recoveryId) { /** * Get the scheduledPurgeDate property: The time when the certificate is scheduled to be purged, in UTC. - * + * * @return the scheduledPurgeDate value. */ public OffsetDateTime getScheduledPurgeDate() { @@ -78,7 +78,7 @@ public OffsetDateTime getScheduledPurgeDate() { /** * Get the deletedDate property: The time when the certificate was deleted, in UTC. - * + * * @return the deletedDate value. */ public OffsetDateTime getDeletedDate() { @@ -132,17 +132,20 @@ public JsonWriter toJson(JsonWriter jsonWriter) throws IOException { jsonWriter.writeStartObject(); jsonWriter.writeStringField("id", getId()); jsonWriter.writeJsonField("attributes", getAttributes()); - jsonWriter.writeMapField("tags", getTags(), (writer, element) -> writer.writeString(element)); + jsonWriter.writeMapField("tags", getTags(), JsonWriter::writeString); + if (getX509Thumbprint() != null) { - jsonWriter.writeStringField("x5t", Objects.toString(Base64Url.encode(getX509Thumbprint()), null)); + jsonWriter.writeStringField("x5t", Base64Url.encode(getX509Thumbprint()).toString()); } + jsonWriter.writeStringField("recoveryId", this.recoveryId); + return jsonWriter.writeEndObject(); } /** * Reads an instance of DeletedCertificateItem from the JsonReader. - * + * * @param jsonReader The JsonReader being read. * @return An instance of DeletedCertificateItem if the JsonReader was pointing to an instance of it, or null if it * was pointing to JSON null. diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/implementation/AesKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/implementation/AesKeyCryptographyClient.java index 114a6df6d0393..a1f880b9e18b6 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/implementation/AesKeyCryptographyClient.java +++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/implementation/AesKeyCryptographyClient.java @@ -48,9 +48,6 @@ class AesKeyCryptographyClient extends LocalKeyCryptographyClient { @Override public Mono encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext, Context context) { - Objects.requireNonNull(algorithm, "Encryption algorithm cannot be null."); - Objects.requireNonNull(plaintext, "Plaintext cannot be null."); - try { return encryptInternalAsync(algorithm, plaintext, null, null, context); } catch (Exception e) { @@ -60,9 +57,6 @@ public Mono encryptAsync(EncryptionAlgorithm algorithm, byte[] pl @Override public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, Context context) { - Objects.requireNonNull(algorithm, "Encryption algorithm cannot be null."); - Objects.requireNonNull(plaintext, "Plaintext cannot be null."); - try { return encryptInternal(algorithm, plaintext, null, null, context); } catch (Exception e) { @@ -96,6 +90,10 @@ public EncryptResult encrypt(EncryptParameters encryptParameters, Context contex private Mono encryptInternalAsync(EncryptionAlgorithm algorithm, byte[] plaintext, byte[] iv, byte[] additionalAuthenticatedData, Context context) throws NoSuchAlgorithmException { + + Objects.requireNonNull(algorithm, "Encryption algorithm cannot be null."); + Objects.requireNonNull(plaintext, "Plaintext cannot be null."); + // Interpret the algorithm Algorithm baseAlgorithm = AlgorithmResolver.DEFAULT.get(algorithm.toString()); @@ -142,6 +140,9 @@ private EncryptResult encryptInternal(EncryptionAlgorithm algorithm, byte[] plai byte[] additionalAuthenticatedData, Context context) throws BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException { + Objects.requireNonNull(algorithm, "Encryption algorithm cannot be null."); + Objects.requireNonNull(plaintext, "Plaintext cannot be null."); + // Interpret the algorithm Algorithm baseAlgorithm = AlgorithmResolver.DEFAULT.get(algorithm.toString()); @@ -178,9 +179,6 @@ private EncryptResult encryptInternal(EncryptionAlgorithm algorithm, byte[] plai @Override public Mono decryptAsync(EncryptionAlgorithm algorithm, byte[] ciphertext, Context context) { - Objects.requireNonNull(algorithm, "Encryption algorithm cannot be null."); - Objects.requireNonNull(ciphertext, "Ciphertext cannot be null."); - try { return decryptInternalAsync(algorithm, ciphertext, null, null, null, context); } catch (Exception e) { @@ -190,9 +188,6 @@ public Mono decryptAsync(EncryptionAlgorithm algorithm, byte[] ci @Override public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] ciphertext, Context context) { - Objects.requireNonNull(algorithm, "Encryption algorithm cannot be null."); - Objects.requireNonNull(ciphertext, "Ciphertext cannot be null."); - try { return decryptInternal(algorithm, ciphertext, null, null, null, context); } catch (Exception e) { @@ -228,6 +223,10 @@ public DecryptResult decrypt(DecryptParameters decryptParameters, Context contex private Mono decryptInternalAsync(EncryptionAlgorithm algorithm, byte[] ciphertext, byte[] iv, byte[] additionalAuthenticatedData, byte[] authenticationTag, Context context) throws NoSuchAlgorithmException { + + Objects.requireNonNull(algorithm, "Encryption algorithm cannot be null."); + Objects.requireNonNull(ciphertext, "Ciphertext cannot be null."); + // Interpret the algorithm Algorithm baseAlgorithm = AlgorithmResolver.DEFAULT.get(algorithm.toString()); @@ -260,6 +259,9 @@ private DecryptResult decryptInternal(EncryptionAlgorithm algorithm, byte[] ciph throws BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException { + Objects.requireNonNull(algorithm, "Encryption algorithm cannot be null."); + Objects.requireNonNull(ciphertext, "Ciphertext cannot be null."); + // Interpret the algorithm Algorithm baseAlgorithm = AlgorithmResolver.DEFAULT.get(algorithm.toString()); diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/implementation/CryptographyUtils.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/implementation/CryptographyUtils.java index 8ae41879628db..47e9d69775d1f 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/implementation/CryptographyUtils.java +++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/implementation/CryptographyUtils.java @@ -143,8 +143,10 @@ public static LocalKeyCryptographyClient createLocalClient(JsonWebKey jsonWebKey public static void verifyKeyPermissions(JsonWebKey jsonWebKey, KeyOperation keyOperation) { if (!jsonWebKey.getKeyOps().contains(keyOperation)) { + String keyOperationName = keyOperation == null ? null : keyOperation.toString().toLowerCase(Locale.ROOT); + throw new UnsupportedOperationException(String.format("The %s operation is not allowed for key with id: %s", - keyOperation.toString().toLowerCase(Locale.ROOT), jsonWebKey.getId())); + keyOperationName, jsonWebKey.getId())); } } diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/implementation/EcKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/implementation/EcKeyCryptographyClient.java index 2e3cd96ec2036..c550884960e6f 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/implementation/EcKeyCryptographyClient.java +++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/implementation/EcKeyCryptographyClient.java @@ -326,7 +326,7 @@ public VerifyResult verifyData(SignatureAlgorithm algorithm, byte[] data, byte[] private static byte[] calculateDigest(SignatureAlgorithm algorithm, byte[] data) throws NoSuchAlgorithmException { HashAlgorithm hashAlgorithm = SignatureHashResolver.DEFAULT.get(algorithm); - MessageDigest md = MessageDigest.getInstance(hashAlgorithm.toString()); + MessageDigest md = MessageDigest.getInstance(Objects.toString(hashAlgorithm, null)); md.update(data); diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/implementation/RsaKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/implementation/RsaKeyCryptographyClient.java index f0cff7df4ab1a..26bc693a4065d 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/implementation/RsaKeyCryptographyClient.java +++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/implementation/RsaKeyCryptographyClient.java @@ -445,7 +445,7 @@ public VerifyResult verifyData(SignatureAlgorithm algorithm, byte[] data, byte[] private static byte[] calculateDigest(SignatureAlgorithm algorithm, byte[] data) throws NoSuchAlgorithmException { HashAlgorithm hashAlgorithm = SignatureHashResolver.DEFAULT.get(algorithm); - MessageDigest md = MessageDigest.getInstance(hashAlgorithm.toString()); + MessageDigest md = MessageDigest.getInstance(Objects.toString(hashAlgorithm, null)); md.update(data); diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/implementation/models/KeyVaultKeysModelsUtils.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/implementation/models/KeyVaultKeysModelsUtils.java index 45420fe409328..0320312924871 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/implementation/models/KeyVaultKeysModelsUtils.java +++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/implementation/models/KeyVaultKeysModelsUtils.java @@ -195,8 +195,7 @@ private static void populateKeyProperties(KeyBundle bundle, KeyProperties proper KeyPropertiesHelper.setCreatedOn(properties, attributes.getCreated()); KeyPropertiesHelper.setUpdatedOn(properties, attributes.getUpdated()); - KeyPropertiesHelper.setRecoveryLevel(properties, - Objects.toString(attributes.getRecoveryLevel().toString(), null)); + KeyPropertiesHelper.setRecoveryLevel(properties, Objects.toString(attributes.getRecoveryLevel(), null)); KeyPropertiesHelper.setRecoverableDays(properties, attributes.getRecoverableDays()); KeyPropertiesHelper.setHsmPlatform(properties, attributes.getHsmPlatform()); } diff --git a/sdk/keyvault/azure-security-keyvault-secrets/src/main/java/com/azure/security/keyvault/secrets/implementation/models/SecretsModelsUtils.java b/sdk/keyvault/azure-security-keyvault-secrets/src/main/java/com/azure/security/keyvault/secrets/implementation/models/SecretsModelsUtils.java index 0e7617a172696..daa9d2230aed8 100644 --- a/sdk/keyvault/azure-security-keyvault-secrets/src/main/java/com/azure/security/keyvault/secrets/implementation/models/SecretsModelsUtils.java +++ b/sdk/keyvault/azure-security-keyvault-secrets/src/main/java/com/azure/security/keyvault/secrets/implementation/models/SecretsModelsUtils.java @@ -17,6 +17,7 @@ import java.time.Instant; import java.time.OffsetDateTime; import java.time.ZoneOffset; +import java.util.Objects; import java.util.function.Consumer; /** @@ -72,7 +73,8 @@ private static void setSecretPropertiesValues(SecretBundle secretBundle, SecretP SecretPropertiesHelper.setCreatedOn(secretProperties, secretAttributes.getCreated()); SecretPropertiesHelper.setUpdatedOn(secretProperties, secretAttributes.getUpdated()); - SecretPropertiesHelper.setRecoveryLevel(secretProperties, secretAttributes.getRecoveryLevel().toString()); + SecretPropertiesHelper.setRecoveryLevel(secretProperties, + Objects.toString(secretAttributes.getRecoveryLevel(), null)); SecretPropertiesHelper.setRecoverableDays(secretProperties, secretAttributes.getRecoverableDays()); } @@ -105,7 +107,8 @@ private static void setSecretPropertiesValues(SecretItem secretItem, SecretPrope SecretPropertiesHelper.setCreatedOn(secretProperties, secretAttributes.getCreated()); SecretPropertiesHelper.setUpdatedOn(secretProperties, secretAttributes.getUpdated()); - SecretPropertiesHelper.setRecoveryLevel(secretProperties, secretAttributes.getRecoveryLevel().toString()); + SecretPropertiesHelper.setRecoveryLevel(secretProperties, + Objects.toString(secretAttributes.getRecoveryLevel(), null)); SecretPropertiesHelper.setRecoverableDays(secretProperties, secretAttributes.getRecoverableDays()); }