Implement SdJwtVP.of(String) with enhanced error handling

This update includes validation for missing disclosures, duplicate disclosure digests, and malformed disclosure data, improving overall robustness and error handling during disclosure processing. Closes #33020 Signed-off-by: Ogenbertrand <ogenbertrand@gmail.com>
2024-10-07 15:40:54 +01:00 · 2024-10-07 15:40:54 +01:00 · 304da50efc
commit 304da50efc
parent 0a1f28c5fc
2 changed files with 31 additions and 1 deletions
--- a/core/src/main/java/org/keycloak/sdjwt/vp/SdJwtVP.java
+++ b/core/src/main/java/org/keycloak/sdjwt/vp/SdJwtVP.java
@ -104,8 +104,16 @@ public class SdJwtVP {
        int disclosureStart = sdJwtString.indexOf(SdJwt.DELIMITER);
        int disclosureEnd = sdJwtString.lastIndexOf(SdJwt.DELIMITER);

+        if (disclosureStart == -1) {
+            throw new IllegalArgumentException("SD-JWT is malformed, expected to contain a '" + SdJwt.DELIMITER + "'");
+        }
+
        String issuerSignedJWTString = sdJwtString.substring(0, disclosureStart);
-        String disclosuresString = sdJwtString.substring(disclosureStart + 1, disclosureEnd);
+        String disclosuresString = "";
+
+        if (disclosureEnd > disclosureStart) {
+            disclosuresString = sdJwtString.substring(disclosureStart + 1, disclosureEnd);
+        }

        IssuerSignedJWT issuerSignedJWT = IssuerSignedJWT.fromJws(issuerSignedJWTString);

--- a/core/src/test/java/org/keycloak/sdjwt/sdjwtvp/SdJwtVPTest.java
+++ b/core/src/test/java/org/keycloak/sdjwt/sdjwtvp/SdJwtVPTest.java
@ -32,6 +32,8 @@ import org.keycloak.sdjwt.vp.SdJwtVP;
 import java.util.Arrays;

 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;

 /**
@ -196,4 +198,24 @@ public abstract class SdJwtVPTest {
                .verifySignature(TestSettings.verifierContextFrom(presenteSdJwtVP.getCnfClaim(), "ES256"));
    }

+
+    @Test
+    public void testOf_validInput() {
+        String sdJwtString = TestUtils.readFileAsString(getClass(), "sdjwt/s6.2-presented-sdjwtvp.txt");
+        SdJwtVP sdJwtVP = SdJwtVP.of(sdJwtString);
+
+        assertNotNull(sdJwtVP);
+        assertEquals(4, sdJwtVP.getDisclosures().size());
+    }
+
+    @Test
+    public void testOf_MalformedSdJwt_ThrowsIllegalArgumentException() {
+        // Given
+        String malformedSdJwt = "issuer-signed-jwt";
+
+        // When & Then
+        IllegalArgumentException exception = assertThrows(IllegalArgumentException.class, () -> SdJwtVP.of(malformedSdJwt));
+        assertEquals("SD-JWT is malformed, expected to contain a '~'", exception.getMessage());
+    }
+
 }