From 819c3b5c295619cad27a06212be05dec2835add9 Mon Sep 17 00:00:00 2001
From: nagendra0721 <nagendra0718@gmail.com>
Date: Tue, 24 Feb 2026 19:45:54 +0530
Subject: [PATCH 1/2] MOSIP-42630: null pointer exception fix for cwt payload

Signed-off-by: nagendra0721 <nagendra0718@gmail.com>
---
 .../signature/service/impl/CoseSignatureServiceImpl.java  | 3 ++-
 .../io/mosip/kernel/signature/util/SignatureUtil.java     | 8 +++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/service/impl/CoseSignatureServiceImpl.java b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/service/impl/CoseSignatureServiceImpl.java
index 767ad5c7..eb7ecfaa 100644
--- a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/service/impl/CoseSignatureServiceImpl.java
+++ b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/service/impl/CoseSignatureServiceImpl.java
@@ -385,7 +385,8 @@ public String getKeyId(String kidPrepend, SignatureCertificate certificateRespon
                 (requestDto.getUnprotectedHeader() != null && requestDto.getUnprotectedHeader().containsKey(SignatureConstant.COSE_HEADER_KID))) {
             String kidPrefix = kidPrepend;
             if (kidPrepend.equalsIgnoreCase(SignatureConstant.KEY_ID_PREFIX)) {
-                kidPrefix = SignatureUtil.getIssuerFromPayload(requestDto.getPayload()).concat(SignatureConstant.KEY_ID_SEPARATOR);
+                String payload = Objects.isNull(requestDto.getPayload()) ? "" : requestDto.getPayload();
+                kidPrefix = SignatureUtil.getIssuerFromPayload(payload).concat(SignatureConstant.KEY_ID_SEPARATOR);
             }
             String keyId = SignatureUtil.convertHexToBase64(certificateResponse.getUniqueIdentifier());
             if (includeKeyId && Objects.nonNull(keyId)) {
diff --git a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/util/SignatureUtil.java b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/util/SignatureUtil.java
index aaf4872e..c31c6529 100644
--- a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/util/SignatureUtil.java
+++ b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/util/SignatureUtil.java
@@ -226,7 +226,13 @@ else return switch (referenceId) {
 
 	public static String getIssuerFromPayload(String jsonPayload) {
 		try {
-			JsonNode jsonNode = mapper.readTree(jsonPayload);
+			if (!isDataValid(jsonPayload)) {
+				LOGGER.error(SignatureConstant.SESSIONID, SignatureConstant.JWT_SIGN, SignatureConstant.BLANK,
+						"Invalid JSON Payload Data Provided. Payload: " + jsonPayload);
+				return SignatureConstant.BLANK;
+			}
+
+			JsonNode jsonNode = mapper.readTree(new String(CryptoUtil.decodeURLSafeBase64(jsonPayload)));
 
 			if (jsonNode.has(SignatureConstant.ISSUER)) {
 				return jsonNode.get(SignatureConstant.ISSUER).asText();

From 063e60061c0a76a68b5b30000a6b79e75c761f95 Mon Sep 17 00:00:00 2001
From: nagendra0721 <nagendra0718@gmail.com>
Date: Tue, 24 Feb 2026 20:26:03 +0530
Subject: [PATCH 2/2] MOSIP-42630: kid add

Signed-off-by: nagendra0721 <nagendra0718@gmail.com>
---
 .../signature/service/impl/CoseSignatureServiceImpl.java    | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/service/impl/CoseSignatureServiceImpl.java b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/service/impl/CoseSignatureServiceImpl.java
index eb7ecfaa..a2b2e3a3 100644
--- a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/service/impl/CoseSignatureServiceImpl.java
+++ b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/service/impl/CoseSignatureServiceImpl.java
@@ -386,7 +386,11 @@ public String getKeyId(String kidPrepend, SignatureCertificate certificateRespon
             String kidPrefix = kidPrepend;
             if (kidPrepend.equalsIgnoreCase(SignatureConstant.KEY_ID_PREFIX)) {
                 String payload = Objects.isNull(requestDto.getPayload()) ? "" : requestDto.getPayload();
-                kidPrefix = SignatureUtil.getIssuerFromPayload(payload).concat(SignatureConstant.KEY_ID_SEPARATOR);
+                kidPrefix = SignatureUtil.getIssuerFromPayload(payload);
+                if (kidPrefix.isEmpty())
+                    kidPrefix = SignatureConstant.BLANK;
+                else
+                    kidPrefix = kidPrefix.concat(SignatureConstant.KEY_ID_SEPARATOR);
             }
             String keyId = SignatureUtil.convertHexToBase64(certificateResponse.getUniqueIdentifier());
             if (includeKeyId && Objects.nonNull(keyId)) {