Fix possible Nullpointer on digest validation

Author: jonesbusy

src/main/java/land/oras/Registry.java

@@ -590,7 +590,9 @@ public Descriptor getDescriptor(ContainerRef containerRef) {
     public Descriptor probeDescriptor(ContainerRef ref) {
         Map<String, String> headers = getHeaders(ref);
         String digest = validateDockerContentDigest(headers);
-        SupportedAlgorithm.fromDigest(digest);
+        if (digest != null) {
+            SupportedAlgorithm.fromDigest(digest);
+        }
         String contentType = headers.get(Const.CONTENT_TYPE_HEADER.toLowerCase());
         return Descriptor.of(digest, 0L, contentType);
     }
@@ -640,12 +642,19 @@ private void validateDockerContentDigest(HttpClient.ResponseWrapper<Path> respon
         ensureDigest(digest, computedDigest);
     }
 
-    private String validateDockerContentDigest(HttpClient.ResponseWrapper<?> response) {
+    private @Nullable String validateDockerContentDigest(HttpClient.ResponseWrapper<?> response) {
         return validateDockerContentDigest(response.headers());
     }
 
-    private String validateDockerContentDigest(Map<String, String> headers) {
+    private @Nullable String validateDockerContentDigest(Map<String, String> headers) {
         String digest = headers.get(Const.DOCKER_CONTENT_DIGEST_HEADER.toLowerCase());
+        // This might happen when blob are hosted other storage.
+        // We need a way to propagate the headers like scoped.
+        // For now just skip validation
+        if (digest == null) {
+            LOG.warn("Docker-Content-Digest header not found in response. Skipping validation.");
+            return null;
+        }
         SupportedAlgorithm.fromDigest(digest);
         return digest;
     }

src/test/java/land/oras/HarborS3ITCase.java

@@ -44,5 +44,6 @@ void shouldPullOneBlob() {
         Layer oneLayer = manifest.getLayers().get(0);
         registry.fetchBlob(containerRef1.withDigest(oneLayer.getDigest()), tempDir.resolve("my-blob"));
         assertNotNull(tempDir.resolve("my-blob"));
+        registry.pullArtifact(containerRef1, tempDir, true);
     }
 }

src/test/java/land/oras/RegistryWireMockTest.java

@@ -598,6 +598,23 @@ void shouldValidateDockerContentDigestMismatch(WireMockRuntimeInfo wmRuntimeInfo
                 e.getMessage());
     }
 
+    @Test
+    void shouldNotValidateDockerContentDigestWhenProbingDescriptor(WireMockRuntimeInfo wmRuntimeInfo) {
+        WireMock wireMock = wmRuntimeInfo.getWireMock();
+        String registryUrl = wmRuntimeInfo.getHttpBaseUrl().replace("http://", "");
+        wireMock.register(head(urlEqualTo("/v2/library/validate-digest/manifests/latest"))
+                .willReturn(aResponse().withStatus(200).withBody("blob-data")));
+
+        // Test
+        Registry registry = Registry.Builder.builder()
+                .withAuthProvider(authProvider)
+                .withInsecure(true)
+                .build();
+        ContainerRef containerRef = ContainerRef.parse("%s/library/validate-digest".formatted(registryUrl));
+        Descriptor descriptor = registry.probeDescriptor(containerRef);
+        assertNotNull(descriptor, "Descriptor should not be null");
+    }
+
     @Test
     void shouldFollowRedirectAfterRequestingToken(WireMockRuntimeInfo wmRuntimeInfo) {