libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Implement SdJwtVP.of(String) with enhanced error handling

Browse source 
This update includes validation for missing disclosures, duplicate disclosure digests, and malformed disclosure data, improving overall robustness and error handling during disclosure processing.

Closes #33020

Signed-off-by: Ogenbertrand <ogenbertrand@gmail.com>
This commit is contained in:
Ogen Bertrand 2024-10-07 15:40:54 +01:00 committed by GitHub
parent 0a1f28c5fc
commit 304da50efc
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 31 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
core/src/main/java/org/keycloak/sdjwt/vp/SdJwtVP.java
View file

@ -104,8 +104,16 @@ public class SdJwtVP {
int disclosureStart = sdJwtString.indexOf(SdJwt.DELIMITER); int disclosureStart = sdJwtString.indexOf(SdJwt.DELIMITER);
int disclosureEnd = sdJwtString.lastIndexOf(SdJwt.DELIMITER); int disclosureEnd = sdJwtString.lastIndexOf(SdJwt.DELIMITER);
if (disclosureStart == -1) {
throw new IllegalArgumentException("SD-JWT is malformed, expected to contain a '" + SdJwt.DELIMITER + "'");
}
String issuerSignedJWTString = sdJwtString.substring(0, disclosureStart); String issuerSignedJWTString = sdJwtString.substring(0, disclosureStart);
String disclosuresString = sdJwtString.substring(disclosureStart + 1, disclosureEnd); String disclosuresString = "";
if (disclosureEnd > disclosureStart) {
disclosuresString = sdJwtString.substring(disclosureStart + 1, disclosureEnd);
}
IssuerSignedJWT issuerSignedJWT = IssuerSignedJWT.fromJws(issuerSignedJWTString); IssuerSignedJWT issuerSignedJWT = IssuerSignedJWT.fromJws(issuerSignedJWTString);

22
core/src/test/java/org/keycloak/sdjwt/sdjwtvp/SdJwtVPTest.java
View file

@ -32,6 +32,8 @@ import org.keycloak.sdjwt.vp.SdJwtVP;
import java.util.Arrays; import java.util.Arrays;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertThrows;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
/** /**
@ -196,4 +198,24 @@ public abstract class SdJwtVPTest {
.verifySignature(TestSettings.verifierContextFrom(presenteSdJwtVP.getCnfClaim(), "ES256")); .verifySignature(TestSettings.verifierContextFrom(presenteSdJwtVP.getCnfClaim(), "ES256"));
} }
@Test
public void testOf_validInput() {
String sdJwtString = TestUtils.readFileAsString(getClass(), "sdjwt/s6.2-presented-sdjwtvp.txt");
SdJwtVP sdJwtVP = SdJwtVP.of(sdJwtString);
assertNotNull(sdJwtVP);
assertEquals(4, sdJwtVP.getDisclosures().size());
}
@Test
public void testOf_MalformedSdJwt_ThrowsIllegalArgumentException() {
// Given
String malformedSdJwt = "issuer-signed-jwt";
// When & Then
IllegalArgumentException exception = assertThrows(IllegalArgumentException.class, () -> SdJwtVP.of(malformedSdJwt));
assertEquals("SD-JWT is malformed, expected to contain a '~'", exception.getMessage());
}
} }