From 819c3b5c295619cad27a06212be05dec2835add9 Mon Sep 17 00:00:00 2001 From: nagendra0721 Date: Tue, 24 Feb 2026 19:45:54 +0530 Subject: [PATCH 1/4] MOSIP-42630: null pointer exception fix for cwt payload Signed-off-by: nagendra0721 --- .../signature/service/impl/CoseSignatureServiceImpl.java | 3 ++- .../io/mosip/kernel/signature/util/SignatureUtil.java | 8 +++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/service/impl/CoseSignatureServiceImpl.java b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/service/impl/CoseSignatureServiceImpl.java index 767ad5c7..eb7ecfaa 100644 --- a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/service/impl/CoseSignatureServiceImpl.java +++ b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/service/impl/CoseSignatureServiceImpl.java @@ -385,7 +385,8 @@ public String getKeyId(String kidPrepend, SignatureCertificate certificateRespon (requestDto.getUnprotectedHeader() != null && requestDto.getUnprotectedHeader().containsKey(SignatureConstant.COSE_HEADER_KID))) { String kidPrefix = kidPrepend; if (kidPrepend.equalsIgnoreCase(SignatureConstant.KEY_ID_PREFIX)) { - kidPrefix = SignatureUtil.getIssuerFromPayload(requestDto.getPayload()).concat(SignatureConstant.KEY_ID_SEPARATOR); + String payload = Objects.isNull(requestDto.getPayload()) ? "" : requestDto.getPayload(); + kidPrefix = SignatureUtil.getIssuerFromPayload(payload).concat(SignatureConstant.KEY_ID_SEPARATOR); } String keyId = SignatureUtil.convertHexToBase64(certificateResponse.getUniqueIdentifier()); if (includeKeyId && Objects.nonNull(keyId)) { diff --git a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/util/SignatureUtil.java b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/util/SignatureUtil.java index aaf4872e..c31c6529 100644 --- a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/util/SignatureUtil.java +++ b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/util/SignatureUtil.java @@ -226,7 +226,13 @@ else return switch (referenceId) { public static String getIssuerFromPayload(String jsonPayload) { try { - JsonNode jsonNode = mapper.readTree(jsonPayload); + if (!isDataValid(jsonPayload)) { + LOGGER.error(SignatureConstant.SESSIONID, SignatureConstant.JWT_SIGN, SignatureConstant.BLANK, + "Invalid JSON Payload Data Provided. Payload: " + jsonPayload); + return SignatureConstant.BLANK; + } + + JsonNode jsonNode = mapper.readTree(new String(CryptoUtil.decodeURLSafeBase64(jsonPayload))); if (jsonNode.has(SignatureConstant.ISSUER)) { return jsonNode.get(SignatureConstant.ISSUER).asText(); From 063e60061c0a76a68b5b30000a6b79e75c761f95 Mon Sep 17 00:00:00 2001 From: nagendra0721 Date: Tue, 24 Feb 2026 20:26:03 +0530 Subject: [PATCH 2/4] MOSIP-42630: kid add Signed-off-by: nagendra0721 --- .../signature/service/impl/CoseSignatureServiceImpl.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/service/impl/CoseSignatureServiceImpl.java b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/service/impl/CoseSignatureServiceImpl.java index eb7ecfaa..a2b2e3a3 100644 --- a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/service/impl/CoseSignatureServiceImpl.java +++ b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/service/impl/CoseSignatureServiceImpl.java @@ -386,7 +386,11 @@ public String getKeyId(String kidPrepend, SignatureCertificate certificateRespon String kidPrefix = kidPrepend; if (kidPrepend.equalsIgnoreCase(SignatureConstant.KEY_ID_PREFIX)) { String payload = Objects.isNull(requestDto.getPayload()) ? "" : requestDto.getPayload(); - kidPrefix = SignatureUtil.getIssuerFromPayload(payload).concat(SignatureConstant.KEY_ID_SEPARATOR); + kidPrefix = SignatureUtil.getIssuerFromPayload(payload); + if (kidPrefix.isEmpty()) + kidPrefix = SignatureConstant.BLANK; + else + kidPrefix = kidPrefix.concat(SignatureConstant.KEY_ID_SEPARATOR); } String keyId = SignatureUtil.convertHexToBase64(certificateResponse.getUniqueIdentifier()); if (includeKeyId && Objects.nonNull(keyId)) { From 14ca5cb166358248185ab86e9cf6b46b9cb87ddd Mon Sep 17 00:00:00 2001 From: nagendra0721 Date: Fri, 27 Feb 2026 10:59:06 +0530 Subject: [PATCH 3/4] INJICERT-1316: kid decode issue fix Signed-off-by: nagendra0721 --- .../signature/service/impl/CoseSignatureServiceImpl.java | 5 +++-- .../java/io/mosip/kernel/signature/util/SignatureUtil.java | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/service/impl/CoseSignatureServiceImpl.java b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/service/impl/CoseSignatureServiceImpl.java index a2b2e3a3..f683409b 100644 --- a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/service/impl/CoseSignatureServiceImpl.java +++ b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/service/impl/CoseSignatureServiceImpl.java @@ -385,8 +385,9 @@ public String getKeyId(String kidPrepend, SignatureCertificate certificateRespon (requestDto.getUnprotectedHeader() != null && requestDto.getUnprotectedHeader().containsKey(SignatureConstant.COSE_HEADER_KID))) { String kidPrefix = kidPrepend; if (kidPrepend.equalsIgnoreCase(SignatureConstant.KEY_ID_PREFIX)) { - String payload = Objects.isNull(requestDto.getPayload()) ? "" : requestDto.getPayload(); - kidPrefix = SignatureUtil.getIssuerFromPayload(payload); + String payload = Objects.isNull(requestDto.getPayload()) ? SignatureConstant.BLANK : requestDto.getPayload(); + String jsonData = SignatureUtil.isDataValid(payload) ? (new String(CryptoUtil.decodeURLSafeBase64(payload))) : SignatureConstant.BLANK; + kidPrefix = SignatureUtil.getIssuerFromPayload(jsonData); if (kidPrefix.isEmpty()) kidPrefix = SignatureConstant.BLANK; else diff --git a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/util/SignatureUtil.java b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/util/SignatureUtil.java index c31c6529..59ef5dc1 100644 --- a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/util/SignatureUtil.java +++ b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/util/SignatureUtil.java @@ -232,7 +232,7 @@ public static String getIssuerFromPayload(String jsonPayload) { return SignatureConstant.BLANK; } - JsonNode jsonNode = mapper.readTree(new String(CryptoUtil.decodeURLSafeBase64(jsonPayload))); + JsonNode jsonNode = mapper.readTree(jsonPayload); if (jsonNode.has(SignatureConstant.ISSUER)) { return jsonNode.get(SignatureConstant.ISSUER).asText(); From 8e7eccff2c380ff388bfb81a9cb9bda74a2985ba Mon Sep 17 00:00:00 2001 From: nagendra0721 Date: Fri, 27 Feb 2026 11:08:12 +0530 Subject: [PATCH 4/4] INJICERT-1316: test case fix Signed-off-by: nagendra0721 --- .../kernel/signature/test/Util/SignatureUtilTest.java | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/kernel/kernel-keymanager-service/src/test/java/io/mosip/kernel/signature/test/Util/SignatureUtilTest.java b/kernel/kernel-keymanager-service/src/test/java/io/mosip/kernel/signature/test/Util/SignatureUtilTest.java index 6562b76e..d7e6ac78 100644 --- a/kernel/kernel-keymanager-service/src/test/java/io/mosip/kernel/signature/test/Util/SignatureUtilTest.java +++ b/kernel/kernel-keymanager-service/src/test/java/io/mosip/kernel/signature/test/Util/SignatureUtilTest.java @@ -154,16 +154,14 @@ public void testGetSignAlgorithm() { @Test public void testGetIssuerFromPayload() { - // getIssuerFromPayload expects URL-safe Base64 encoded JSON payload - String payload = CryptoUtil.encodeToURLSafeBase64("{\"iss\":\"test-issuer\",\"data\":\"value\"}".getBytes()); + String payload = "{\"iss\":\"test-issuer\",\"data\":\"value\"}"; String issuer = SignatureUtil.getIssuerFromPayload(payload); Assert.assertEquals("test-issuer", issuer); - String noIssuer = SignatureUtil.getIssuerFromPayload(CryptoUtil.encodeToURLSafeBase64("{\"data\":\"value\"}".getBytes())); + String noIssuer = SignatureUtil.getIssuerFromPayload("{\"data\":\"value\"}"); Assert.assertEquals("", noIssuer); - // Test with invalid base64-encoded JSON (malformed JSON after decoding) - String invalidJson = SignatureUtil.getIssuerFromPayload(CryptoUtil.encodeToURLSafeBase64("invalid json".getBytes())); + String invalidJson = SignatureUtil.getIssuerFromPayload("invalid json"); Assert.assertEquals("", invalidJson); }