Add Flogger logging and ThreadSafe annotations to Verifier.

PiperOrigin-RevId: 850090876

Author: agxp

src/main/kotlin/Verifier.kt

@@ -22,6 +22,7 @@ import com.android.keyattestation.verifier.provider.KeyAttestationProvider
 import com.android.keyattestation.verifier.provider.ProvisioningMethod
 import com.android.keyattestation.verifier.provider.RevocationChecker
 import com.google.common.collect.ImmutableList
+import com.google.common.flogger.GoogleLogger
 import com.google.common.util.concurrent.ListenableFuture
 import com.google.errorprone.annotations.ThreadSafe
 import com.google.protobuf.ByteString
@@ -42,28 +43,44 @@ import kotlinx.coroutines.guava.future
 import kotlinx.coroutines.runBlocking
 
 /** The result of verifying an Android Key Attestation certificate chain. */
+@ThreadSafe
 sealed interface VerificationResult {
+  @ThreadSafe
   data class Success(
-    val publicKey: PublicKey,
+    @field:ThreadSafe.Suppress(reason = "PublicKey is immutable") val publicKey: PublicKey,
     val challenge: ByteString,
     val securityLevel: SecurityLevel,
     val verifiedBootState: VerifiedBootState,
     val deviceInformation: ProvisioningInfoMap?,
+    @field:ThreadSafe.Suppress(reason = "DeviceIdentity is deeply immutable")
     val attestedDeviceIds: DeviceIdentity,
   ) : VerificationResult
 
-  data object ChallengeMismatch : VerificationResult
+  @ThreadSafe data object ChallengeMismatch : VerificationResult
 
-  data class PathValidationFailure(val cause: CertPathValidatorException) : VerificationResult
+  @ThreadSafe
+  data class PathValidationFailure(
+    @field:ThreadSafe.Suppress(reason = "Exceptions are generally immutable after creation")
+    val cause: CertPathValidatorException
+  ) : VerificationResult
 
-  data class ChainParsingFailure(val cause: Exception) : VerificationResult
+  @ThreadSafe
+  data class ChainParsingFailure(
+    @field:ThreadSafe.Suppress(reason = "Exceptions are generally immutable after creation")
+    val cause: Exception
+  ) : VerificationResult
 
-  data class ExtensionParsingFailure(val cause: ExtensionParsingException) : VerificationResult
+  @ThreadSafe
+  data class ExtensionParsingFailure(
+    @field:ThreadSafe.Suppress(reason = "Exceptions are generally immutable after creation")
+    val cause: ExtensionParsingException
+  ) : VerificationResult
 
+  @ThreadSafe
   data class ExtensionConstraintViolation(val cause: String, val reason: KeyAttestationReason) :
     VerificationResult
 
-  data object SoftwareAttestationUnsupported : VerificationResult
+  @ThreadSafe data object SoftwareAttestationUnsupported : VerificationResult
 }
 
 /**
@@ -141,6 +158,10 @@ open class Verifier(
   private val revokedSerialsSource: () -> Set<String>,
   private val instantSource: InstantSource,
 ) {
+  companion object {
+    private val logger = GoogleLogger.forEnclosingClass()
+  }
+
   init {
     Security.addProvider(KeyAttestationProvider())
     for (anchor in trustAnchorsSource()) {
@@ -176,6 +197,7 @@ open class Verifier(
         val certPath = KeyAttestationCertPath(chain)
         runBlocking { internalVerify(certPath, challengeChecker, requestLog) }
       } catch (e: CertificateException) {
+        logger.atWarning().withCause(e).log("Failed to parse certificate chain.")
         requestLog?.logInputChain(chain.map { it.getEncoded().toByteString() })
         VerificationResult.ChainParsingFailure(e)
       }
@@ -209,6 +231,7 @@ open class Verifier(
           val certPath = KeyAttestationCertPath(immutableChain)
           internalVerify(certPath, challengeChecker, requestLog)
         } catch (e: CertificateException) {
+          logger.atWarning().withCause(e).log("Failed to parse certificate chain.")
           requestLog?.logInputChain(immutableChain.map { it.getEncoded().toByteString() })
           VerificationResult.ChainParsingFailure(e)
         }
@@ -242,6 +265,7 @@ open class Verifier(
         try {
           certPath.attestationCert().provisioningInfo()
         } catch (e: Exception) {
+          logger.atWarning().withCause(e).log("Failed to parse provisioning info map.")
           log?.logInfoMessage("Failed to parse provisioning info map: ${e.message}")
           null
         }
@@ -257,13 +281,20 @@ open class Verifier(
           e.message == "No matching trust anchor found" &&
             certPath.certificatesWithAnchor.last().isSoftwareRoot()
         ) {
+          logger
+            .atWarning()
+            .withCause(e)
+            .log(
+              "Chain terminates in a software root and no matching trust anchor was found, so the chain was not validated."
+            )
           return VerificationResult.PathValidationFailure(
             CertPathValidatorException(
               "Chain terminates in a software root and no matching trust anchor was found, so the chain was not validated.",
               e,
             )
           )
         }
+        logger.atWarning().withCause(e).log("Certificate path validation failed.")
         return VerificationResult.PathValidationFailure(e)
       }
 
@@ -276,8 +307,10 @@ open class Verifier(
           "Key attestation extension not found"
         }
       } catch (e: ExtensionParsingException) {
+        logger.atWarning().withCause(e).log("Failed to parse key description extension.")
         return VerificationResult.ExtensionParsingFailure(e)
       } catch (e: Exception) {
+        logger.atWarning().withCause(e).log("Failed to parse key description extension.")
         // TODO(google-internal bug): When experimental contracts aren't experimental,
         // update the IllegalArgumentException and IllegalStateException cases to return
         // ExtensionParsingException.
@@ -287,6 +320,7 @@ open class Verifier(
     if (challengeChecker != null) {
       val checkResult = challengeChecker.checkChallenge(keyDescription.attestationChallenge).await()
       if (!checkResult) {
+        logger.atWarning().log("Attestation challenge mismatch.")
         return VerificationResult.ChallengeMismatch
       }
     }
@@ -295,6 +329,12 @@ open class Verifier(
       keyDescription.hardwareEnforced.origin == null ||
         keyDescription.hardwareEnforced.origin != Origin.GENERATED
     ) {
+      logger
+        .atWarning()
+        .log(
+          "Constraint violation: origin != GENERATED: %s",
+          keyDescription.hardwareEnforced.origin,
+        )
       return VerificationResult.ExtensionConstraintViolation(
         "origin != GENERATED: ${keyDescription.hardwareEnforced.origin}",
         KeyAttestationReason.KEY_ORIGIN_NOT_GENERATED,
@@ -305,17 +345,28 @@ open class Verifier(
       if (keyDescription.attestationSecurityLevel == keyDescription.keyMintSecurityLevel) {
         keyDescription.attestationSecurityLevel
       } else {
+        logger
+          .atWarning()
+          .log(
+            "Constraint violation: attestationSecurityLevel != keyMintSecurityLevel: %s != %s",
+            keyDescription.attestationSecurityLevel,
+            keyDescription.keyMintSecurityLevel,
+          )
         return VerificationResult.ExtensionConstraintViolation(
           "attestationSecurityLevel != keyMintSecurityLevel: ${keyDescription.attestationSecurityLevel} != ${keyDescription.keyMintSecurityLevel}",
           KeyAttestationReason.MISMATCHED_SECURITY_LEVELS,
         )
       }
     val rootOfTrust =
       keyDescription.hardwareEnforced.rootOfTrust
-        ?: return VerificationResult.ExtensionConstraintViolation(
-          "hardwareEnforced.rootOfTrust is null",
-          KeyAttestationReason.ROOT_OF_TRUST_MISSING,
-        )
+        ?: run {
+          logger.atWarning().log("Constraint violation: hardwareEnforced.rootOfTrust is null")
+          return VerificationResult.ExtensionConstraintViolation(
+            "hardwareEnforced.rootOfTrust is null",
+            KeyAttestationReason.ROOT_OF_TRUST_MISSING,
+          )
+        }
+    logger.atInfo().log("Attestation verification succeeded.")
     return VerificationResult.Success(
       pathValidationResult.publicKey,
       keyDescription.attestationChallenge,