Add Flogger logging and ThreadSafe annotations to Verifier.

agxp · copybara-github · commit 29b8243789db · 2025-12-29T11:48:31.000-08:00
PiperOrigin-RevId: 850090876
diff --git a/src/main/kotlin/Verifier.kt b/src/main/kotlin/Verifier.kt
@@ -22,6 +22,7 @@ import com.android.keyattestation.verifier.provider.KeyAttestationProvider
 import com.android.keyattestation.verifier.provider.ProvisioningMethod
 import com.android.keyattestation.verifier.provider.RevocationChecker
 import com.google.common.collect.ImmutableList
+import com.google.common.flogger.GoogleLogger
 import com.google.common.util.concurrent.ListenableFuture
 import com.google.errorprone.annotations.ThreadSafe
 import com.google.protobuf.ByteString
@@ -42,28 +43,44 @@ import kotlinx.coroutines.guava.future
 import kotlinx.coroutines.runBlocking
 
 /** The result of verifying an Android Key Attestation certificate chain. */
+@ThreadSafe
 sealed interface VerificationResult {
+  @ThreadSafe
   data class Success(
-    val publicKey: PublicKey,
+    @field:ThreadSafe.Suppress(reason = "PublicKey is immutable") val publicKey: PublicKey,
     val challenge: ByteString,
     val securityLevel: SecurityLevel,
     val verifiedBootState: VerifiedBootState,
     val deviceInformation: ProvisioningInfoMap?,
+    @field:ThreadSafe.Suppress(reason = "DeviceIdentity is deeply immutable")
     val attestedDeviceIds: DeviceIdentity,
   ) : VerificationResult
 
-  data object ChallengeMismatch : VerificationResult
+  @ThreadSafe data object ChallengeMismatch : VerificationResult
 
-  data class PathValidationFailure(val cause: CertPathValidatorException) : VerificationResult
+  @ThreadSafe
+  data class PathValidationFailure(
+    @field:ThreadSafe.Suppress(reason = "Exceptions are generally immutable after creation")
+    val cause: CertPathValidatorException
+  ) : VerificationResult
 
-  data class ChainParsingFailure(val cause: Exception) : VerificationResult
+  @ThreadSafe
+  data class ChainParsingFailure(
+    @field:ThreadSafe.Suppress(reason = "Exceptions are generally immutable after creation")
+    val cause: Exception
+  ) : VerificationResult
 
-  data class ExtensionParsingFailure(val cause: ExtensionParsingException) : VerificationResult
+  @ThreadSafe
+  data class ExtensionParsingFailure(
+    @field:ThreadSafe.Suppress(reason = "Exceptions are generally immutable after creation")
+    val cause: ExtensionParsingException
+  ) : VerificationResult
 
+  @ThreadSafe
   data class ExtensionConstraintViolation(val cause: String, val reason: KeyAttestationReason) :
     VerificationResult
 
-  data object SoftwareAttestationUnsupported : VerificationResult
+  @ThreadSafe data object SoftwareAttestationUnsupported : VerificationResult
 }
 
 /**
@@ -141,6 +158,10 @@ open class Verifier(
   private val revokedSerialsSource: () -> Set<String>,
   private val instantSource: InstantSource,
 ) {
+  companion object {
+    private val logger = GoogleLogger.forEnclosingClass()
+  }
+
   init {
     Security.addProvider(KeyAttestationProvider())
     for (anchor in trustAnchorsSource()) {
@@ -170,17 +191,17 @@ open class Verifier(
     challengeChecker: ChallengeChecker? = null,
     log: LogHook? = null,
   ): VerificationResult {
-    val requestLog = log?.createRequestLog()
+    val requestLog = (log ?: GoogleLoggerLogHook(logger)).createRequestLog()
     val result =
       try {
         val certPath = KeyAttestationCertPath(chain)
         runBlocking { internalVerify(certPath, challengeChecker, requestLog) }
       } catch (e: CertificateException) {
-        requestLog?.logInputChain(chain.map { it.getEncoded().toByteString() })
+        requestLog.logInputChain(chain.map { it.getEncoded().toByteString() })
         VerificationResult.ChainParsingFailure(e)
       }
-    requestLog?.logResult(result)
-    requestLog?.flush()
+    requestLog.logResult(result)
+    requestLog.flush()
     return result
   }
 
@@ -203,17 +224,17 @@ open class Verifier(
   ): ListenableFuture<VerificationResult> {
     val immutableChain = ImmutableList.copyOf(chain)
     return coroutineScope.future {
-      val requestLog = log?.createRequestLog()
+      val requestLog = (log ?: GoogleLoggerLogHook(logger)).createRequestLog()
       val result =
         try {
           val certPath = KeyAttestationCertPath(immutableChain)
           internalVerify(certPath, challengeChecker, requestLog)
         } catch (e: CertificateException) {
-          requestLog?.logInputChain(immutableChain.map { it.getEncoded().toByteString() })
+          requestLog.logInputChain(immutableChain.map { it.getEncoded().toByteString() })
           VerificationResult.ChainParsingFailure(e)
         }
-      requestLog?.logResult(result)
-      requestLog?.flush()
+      requestLog.logResult(result)
+      requestLog.flush()
       result
     }
   }
@@ -242,6 +263,7 @@ open class Verifier(
         try {
           certPath.attestationCert().provisioningInfo()
         } catch (e: Exception) {
+          logger.atWarning().withCause(e).log("Failed to parse provisioning info map.")
           log?.logInfoMessage("Failed to parse provisioning info map: ${e.message}")
           null
         }
@@ -312,10 +334,12 @@ open class Verifier(
       }
     val rootOfTrust =
       keyDescription.hardwareEnforced.rootOfTrust
-        ?: return VerificationResult.ExtensionConstraintViolation(
-          "hardwareEnforced.rootOfTrust is null",
-          KeyAttestationReason.ROOT_OF_TRUST_MISSING,
-        )
+        ?: run {
+          return VerificationResult.ExtensionConstraintViolation(
+            "hardwareEnforced.rootOfTrust is null",
+            KeyAttestationReason.ROOT_OF_TRUST_MISSING,
+          )
+        }
     return VerificationResult.Success(
       pathValidationResult.publicKey,
       keyDescription.attestationChallenge,
@@ -325,4 +349,46 @@ open class Verifier(
       DeviceIdentity.parseFrom(keyDescription),
     )
   }
+
+  @ThreadSafe
+  private class GoogleLoggerLogHook(private val logger: GoogleLogger) : LogHook {
+    override fun createRequestLog(): VerifyRequestLog {
+      return GoogleLoggerRequestLog(logger)
+    }
+  }
+
+  @ThreadSafe
+  private class GoogleLoggerRequestLog(private val logger: GoogleLogger) : VerifyRequestLog {
+    override fun logInputChain(inputChain: List<ByteString>) {}
+
+    override fun logResult(result: VerificationResult) {
+      when (result) {
+        is VerificationResult.Success -> logger.atInfo().log("Attestation verification succeeded.")
+        is VerificationResult.ChallengeMismatch ->
+          logger.atWarning().log("Attestation challenge mismatch.")
+        is VerificationResult.PathValidationFailure ->
+          logger.atWarning().withCause(result.cause).log("Certificate path validation failed.")
+        is VerificationResult.ChainParsingFailure ->
+          logger.atWarning().withCause(result.cause).log("Failed to parse certificate chain.")
+        is VerificationResult.ExtensionParsingFailure ->
+          logger
+            .atWarning()
+            .withCause(result.cause)
+            .log("Failed to parse key description extension.")
+        is VerificationResult.ExtensionConstraintViolation ->
+          logger.atWarning().log("Constraint violation: %s", result.cause)
+        is VerificationResult.SoftwareAttestationUnsupported -> {}
+      }
+    }
+
+    override fun logKeyDescription(keyDescription: KeyDescription) {}
+
+    override fun logProvisioningInfoMap(provisioningInfoMap: ProvisioningInfoMap) {}
+
+    override fun logCertSerialNumbers(certSerialNumbers: List<String>) {}
+
+    override fun logInfoMessage(infoMessage: String) {}
+
+    override fun flush() {}
+  }
 }
