Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cryptography loading needs better error handling. #17871

Open
15 tasks
edward-swirldslabs opened this issue Feb 12, 2025 · 1 comment · May be fixed by #17882
Open
15 tasks

Cryptography loading needs better error handling. #17871

edward-swirldslabs opened this issue Feb 12, 2025 · 1 comment · May be fixed by #17882
Assignees
@mxtartaglia-sl
Labels
Platform Tickets pertaining to the platform
Milestone
v0.60

Comments

@edward-swirldslabs
Copy link
Contributor

edward-swirldslabs commented Feb 12, 2025
edited
Loading

Background

The EnhanceKeyStoreLoader throws an exception when trying to generate an agreement key when there is no signing key present:

2025-02-12 08:31:48.636 TRACE 317  EnhancedKeyStoreLoader - Completed key store enumeration
2025-02-12 08:31:48.636 INFO  336  EnhancedKeyStoreLoader - Generating agreement key pair for local node 0 [ alias = node1 ]
java.lang.NullPointerException: Cannot invoke "java.security.cert.X509Certificate.getPublicKey()" because "signingCert" is null
    at com.swirlds.platform.crypto.EnhancedKeyStoreLoader.generate(EnhancedKeyStoreLoader.java:348) ~[swirlds-platform-core-0.59.0.jar:0.59.0]
    at com.swirlds.platform.crypto.CryptoStatic.initNodeSecurity(CryptoStatic.java:566) ~[swirlds-platform-core-0.59.0.jar:0.59.0]
    at com.hedera.node.app.ServicesMain.main(ServicesMain.java:331) ~[HederaNode.jar:0.59.0]

Acceptance Criteria

As a precondition of generating the agreement keys in generate() , the system should check that all local nodes have signing keys and public certificates loaded. If not, then log an informative error message and exit the application.

The above might be better implemented as a post condition of scan().

Dependencies

None

Definition of Ready (DoR) Checklist

  • Clear acceptance criteria
  • Clear and detailed description
  • Dependencies identified
  • Links to documentation
  • Should be completable in 2-3 Days
  • Initial draft of Low-level design document
  • At least high level test plan
  • Groomed/Estimated

Definition of Done (DoD) Checklist

  • Acceptance Criteria complete
  • No Codacy issues greater than minor (in new code)
  • JavaDocs updated/created
  • Code commented
  • Unit tests created/updated
  • 80% test code coverage (in new code)
  • Happy Path and major negative cases in HAPI tests as applicable
@edward-swirldslabs edward-swirldslabs added the Platform Tickets pertaining to the platform label Feb 12, 2025
@mxtartaglia-sl mxtartaglia-sl self-assigned this Feb 12, 2025
@mxtartaglia-sl mxtartaglia-sl added this to the v0.60 milestone Feb 12, 2025
@mxtartaglia-sl
Copy link
Contributor

I propose to protect the scan method against null keys so that the verify method can fail as it is programmed to do. Also, add a Warn logging exception in the verify before throwing the exception.
Once verify throws the exception, the program stops as requested.

@mxtartaglia-sl mxtartaglia-sl linked a pull request Feb 13, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mxtartaglia-sl mxtartaglia-sl

Labels
Platform Tickets pertaining to the platform
Projects
None yet
Milestone
v0.60
Development

Successfully merging a pull request may close this issue.

chore: Cryptography better loading hiero-ledger/hiero-consensus-node
2 participants
@edward-swirldslabs @mxtartaglia-sl