Merge pull request #1350 from /issues/1349-log-security-exception

Fix #1349: Coverity: Unlogged security exception
wultra · Feb 26, 2024 · e4bf223 · e4bf223
2 parents 11b9ff1 + 776d17d
commit e4bf223
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/...o/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java b/...o/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java
@@ -192,6 +192,8 @@ public AuthenticatorDetail storeAuthenticator(String applicationId, String activ
             try {
                 devicePublicKey = keyConvertor.convertBytesToPublicKey(devicePublicKeyBytes);
             } catch (InvalidKeySpecException ex) {
+                logger.warn("Invalid public key, activation ID: {}, {}", activation.getActivationId(), ex.getMessage());
+                logger.debug("Invalid public key, activation ID: {}", activation.getActivationId(), ex);
                 handleInvalidPublicKey(activation);
             }
 
@@ -377,7 +379,6 @@ private void handleInvalidPublicKey(ActivationRecordEntity activation) throws Ge
         activation.setActivationStatus(io.getlime.security.powerauth.app.server.database.model.enumeration.ActivationStatus.REMOVED);
         serviceBehaviorCatalogue.getActivationHistoryServiceBehavior().saveActivationAndLogChange(activation);
         serviceBehaviorCatalogue.getCallbackUrlBehavior().notifyCallbackListenersOnActivationChange(activation);
-        logger.warn("Invalid public key, activation ID: {}", activation.getActivationId());
         // Exception must not be rollbacking, otherwise data written to database in this method would be lost
         throw localizationProvider.buildExceptionForCode(ServiceError.ACTIVATION_NOT_FOUND);
     }