Improve processing of certificates with more sequences #1120

saalistaja · 2022-11-14T09:42:05Z

Currently we fail on java.lang.ClassCastException: org.bouncycastle.asn1.ASN1Integer incompatible with org.bouncycastle.asn1.DLSequence when a certificate does not contain the PSD2 sequence as the first one.

We should be more robust and allow processing of similar sequences like:

0 = {DLSequence@1600} "[0.4.0.1862.1.1]"
1 = {DLSequence@1587} "[0.4.0.1862.1.3, 20]"
2 = {DLSequence@1601} "[0.4.0.1862.1.4]"
3 = {DLSequence@1602} "[0.4.0.1862.1.6, [0.4.0.1862.1.6.3]]"
4 = {DLSequence@1603} "[0.4.0.19495.2, [[[0.4.0.19495.1.1, PSP_AS], [0.4.0.19495.1.2, PSP_PI], [0.4.0.19495.1.3, PSP_AI], [0.4.0.19495.1.4, PSP_IC]], Erste, AT-ERS]]"

The cause lies at https://github.com/wultra/powerauth-webflow/blob/develop/powerauth-tpp-engine-model/src/main/java/io/getlime/security/powerauth/app/tppengine/model/certificate/ICACertificateParser.java#L106

DLSequence mandates = (DLSequence) sequence.getObjectAt(1);
if (psd2.equals(id.getId())) {
  ...

Unfortunately the root exception is swallowed so I tried to provide as much as possible notes here.

The text was updated successfully, but these errors were encountered:

romanstrobl · 2022-11-30T16:01:02Z

I can look at it after the release.

saalistaja self-assigned this Nov 14, 2022

romanstrobl self-assigned this Nov 30, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Improve processing of certificates with more sequences #1120

Improve processing of certificates with more sequences #1120

saalistaja commented Nov 14, 2022 •

edited

Loading

romanstrobl commented Nov 30, 2022

Improve processing of certificates with more sequences #1120

Improve processing of certificates with more sequences #1120

Comments

saalistaja commented Nov 14, 2022 • edited Loading

romanstrobl commented Nov 30, 2022

saalistaja commented Nov 14, 2022 •

edited

Loading