Henry Borasch
--- a/core/src/main/java/dev/fitko/fitconnect/core/validation/DefaultValidationService.java

+ 23

− 17
+++ b/core/src/main/java/dev/fitko/fitconnect/core/validation/DefaultValidationService.java

+ 23

− 17
 @@ -79,11 +79,10 @@ public class DefaultValidationService implements ValidationService {
 @@ -79,11 +79,10 @@ public class DefaultValidationService implements ValidationService {
    @Override
    public ValidationResult validateEncryptionPublicKey(final RSAKey publicKey) {
        try {
-            validateKey(publicKey, KeyOperation.WRAP_KEY);
+            return validateKey(publicKey, KeyOperation.WRAP_KEY);
        } catch (final Exception e) {
            return ValidationResult.error(e);
        }
-        return ValidationResult.ok();
    }
    @Override
 @@ -196,11 +195,11 @@ public class DefaultValidationService implements ValidationService {
 @@ -196,11 +195,11 @@ public class DefaultValidationService implements ValidationService {
        return returnValidationResult(SCHEMA_FACTORY_DRAFT_2020.getSchema(schema).validate(inputNode));
    }
-    private void validateKey(final RSAKey publicKey, final KeyOperation purpose) throws JWKValidationException {
+    private ValidationResult validateKey(final RSAKey publicKey, final KeyOperation purpose) {
        if (config.getCurrentEnvironment().isAllowInsecurePublicKey()) {
-            validateWithoutCertChain(publicKey, purpose);
+            return validateWithoutCertChain(publicKey, purpose);
        } else {
-            validateCertChain(publicKey, purpose);
+            return validateCertChain(publicKey, purpose);
        }
    }
 @@ -215,26 +214,35 @@ public class DefaultValidationService implements ValidationService {
 @@ -215,26 +214,35 @@ public class DefaultValidationService implements ValidationService {
        return validator.withThrowingExceptions().withErrorLogLevel(LogLevel.ERROR).build();
    }
-    private void validateWithoutCertChain(final RSAKey publicKey, final KeyOperation purpose) throws JWKValidationException {
+    private ValidationResult validateWithoutCertChain(final RSAKey publicKey, final KeyOperation purpose) {
        LOGGER.info("Validating public key without XC5 certificate chain");
-        withoutX5CValidation().withErrorLogLevel(config.getCurrentEnvironment().isAllowInsecurePublicKey() ?
+        try {
-                LogLevel.WARN : LogLevel.ERROR).build().validate(publicKey, purpose);
+            withoutX5CValidation().withErrorLogLevel(config.getCurrentEnvironment().isAllowInsecurePublicKey() ?
+                    LogLevel.WARN : LogLevel.ERROR).build().validate(publicKey, purpose);
+        } catch (JWKValidationException exception) {
+            return ValidationResult.error(exception);
+        }
+        return ValidationResult.ok();
    }
-    void validateCertChain(final RSAKey publicKey, final KeyOperation purpose) throws JWKValidationException {
+    ValidationResult validateCertChain(final RSAKey publicKey, final KeyOperation purpose) {
        final List<String> trustedRootCertificates = this.loadTrustedRootCertificates();
        LOGGER.info("Validation public key with XC5 certificate chain checks");
-        if (isProxySet()) {
+        try {
-            validateWithX509AndProxy(trustedRootCertificates, publicKey, purpose);
+            if (isProxySet()) {
-        } else {
+                validateWithX509AndProxy(trustedRootCertificates, publicKey, purpose);
-            validateWithX509AndWithoutProxy(trustedRootCertificates, publicKey, purpose);
+            } else {
+                validateWithX509AndWithoutProxy(trustedRootCertificates, publicKey, purpose);
+            }
+        } catch (JWKValidationException exception) {
+            return ValidationResult.error(exception);
        }
+        return  ValidationResult.ok();
    }
    private List<String> loadTrustedRootCertificates() {
-        List<String> trustedRootCertificates = rootCertificates.stream()
+        return rootCertificates.stream()
                .map(FileUtil::convertToX509Certificate)
                .map(cert -> {
                    try {
 @@ -243,8 +251,6 @@ public class DefaultValidationService implements ValidationService {
 @@ -243,8 +251,6 @@ public class DefaultValidationService implements ValidationService {
                        throw new RootCertificateException(e);
                    }
                }).collect(Collectors.toList());
-        return trustedRootCertificates;
    }
    private boolean isProxySet() {