1.4.2: fix iOS Exception Propagation

a-sit-plus · Oct 17, 2023 · cc42179 · cc42179
1 parent e0dd3fd
commit cc42179
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 12 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -81,4 +81,7 @@ attestation on Android, please re-read the readme!
 
 #### 1.4.1
 - make all config classes `data` classes
-- update to android attestation 1.2.1
+- update to android attestation 1.2.1
+
+#### 1.4.2
+- fix temporal iOS receipt validation error not being propagated as such 
diff --git a/attestation-service/build.gradle.kts b/attestation-service/build.gradle.kts
@@ -11,7 +11,7 @@ plugins {
 }
 
 group = "at.asitplus"
-version = "1.4.1"
+version = "1.4.2"
 
 sourceSets.test {
     kotlin {

diff --git a/attestation-service/src/main/kotlin/AttestationService.kt b/attestation-service/src/main/kotlin/AttestationService.kt
@@ -738,18 +738,34 @@ class DefaultAttestationService(
         )
     }
 
-    private fun encapsulateIosAttestationException(it: Throwable) =
-        if (it is ch.veehait.devicecheck.appattest.attestation.AttestationException.InvalidCertificateChain || it is ReceiptException.InvalidCertificateChain) {
+    private fun encapsulateIosAttestationException(it: Throwable): AttException {
+        return if (it is ch.veehait.devicecheck.appattest.attestation.AttestationException.InvalidCertificateChain || it is ReceiptException.InvalidCertificateChain) {
             var ex = it.cause
-            while (ex !is CertPathValidatorException) ex = ex?.cause
+            while (ex !is CertPathValidatorException) {
+                if (ex == null) return AttException.Content(Platform.IOS, cause = it)
+                ex = ex.cause
+            }
             if ((ex.reason == BasicReason.NOT_YET_VALID) || (ex.reason == BasicReason.EXPIRED))
                 AttException.Certificate.Time(
                     Platform.IOS,
-                    cause = it
+                    cause = ex
                 ) else AttException.Certificate.Trust(
                 Platform.IOS,
-                cause = it
+                cause = ex
             )
+        } else if (it is ch.veehait.devicecheck.appattest.attestation.AttestationException.InvalidReceipt) {
+            var ex = it.cause
+            while (ex !is ReceiptException.InvalidPayload) {
+                if (ex == null) return AttException.Content(Platform.IOS, cause = it)
+                ex = ex.cause
+            }
+            if (ex.message?.startsWith("Receipt's creation time is after") == true)
+                AttException.Certificate.Time(
+                    Platform.IOS,
+                    cause = ex
+                )
+            else AttException.Content(Platform.IOS, cause = it)
         } else AttException.Content(Platform.IOS, cause = it)
+    }
 
 }
diff --git a/attestation-service/src/main/kotlin/Throwables.kt b/attestation-service/src/main/kotlin/Throwables.kt
@@ -59,4 +59,7 @@ sealed class AttestationException(val platform: Platform, message: String? = nul
      */
     class Configuration(platform: Platform, message: String? = null, cause: Throwable? = null) :
         AttestationException(platform, message = message, cause = cause)
+
+    override fun toString() =
+        "AttestationException.${this::class.simpleName}: platform: $platform, message: ${message ?: cause?.message}, cause: $cause"
 }
diff --git a/attestation-service/src/test/kotlin/DefaultAttestationServiceTest.kt b/attestation-service/src/test/kotlin/DefaultAttestationServiceTest.kt
@@ -27,10 +27,9 @@ class DefaultAttestationServiceTest : FreeSpec() {
     init {
 
         "iosIDA" {
-
-
             val iosIDA = AttestationData(
-                "ida", "Q049ODBlZDdlMjk4NzM3NWVmYjFhYWJhMDhjNjFjM2E3ZGIsTz1FSUQtREVWLVBLSSxPVT1ULUVudg==",
+                "ida",
+                "Q049ODBlZDdlMjk4NzM3NWVmYjFhYWJhMDhjNjFjM2E3ZGIsTz1FSUQtREVWLVBLSSxPVT1ULUVudg==",
                 listOf(
                     "o2NmbXRvYXBwbGUtYXBwYXR0ZXN0Z2F0dFN0bXSiY3g1Y4JZAuwwggLoMIICbaADAgECAgYBioRZyjgwCgYIKoZ" +
                             "Izj0EAwIwTzEjMCEGA1UEAwwaQXBwbGUgQXBwIEF0dGVzdGF0aW9uIENBIDExEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAg" +
@@ -104,7 +103,10 @@ class DefaultAttestationServiceTest : FreeSpec() {
                             "BIVggnR9YIRF7/HKp0sEoKWSozd6LZijt0mYySuJSKwhjScgiWCBwYQnNviCytmZ/gNlU0B2/2aQUlbZZ1BF82NOmY/hw6w==",
                     "omlzaWduYXR1cmVYSDBGAiEAjLQRt6NtttWQPfVSZpZqjAOfG0snhMtoGz/DflZPxDgCIQCq11k3Kmua6MKCPF/w" +
                             "9R0HW4Qprd+PVoFS1oQFrFO9pHFhdXRoZW50aWNhdG9yRGF0YVgljiSVS1qsC3yiRa+Gw3NrIPZ0W9pBspx+KbwXluNyqeVAAAAA" +
-                            "AQ=="), "2023-09-11T16:02:40Z",pubKeyB64 = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFT1XwEeF8NftY84GfnqTFBoxHNkdG7wZHcOkLKwT4W6333Jqmga1XkKySq/ApnslBPNZE1Os363SAv8X85ZIrQ=="
+                            "AQ=="
+                ),
+                "2023-09-11T16:02:40Z",
+                pubKeyB64 = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFT1XwEeF8NftY84GfnqTFBoxHNkdG7wZHcOkLKwT4W6333Jqmga1XkKySq/ApnslBPNZE1Os363SAv8X85ZIrQ=="
             )
 
             DefaultAttestationService(
@@ -128,7 +130,6 @@ class DefaultAttestationServiceTest : FreeSpec() {
             }
         }
 
-
         "The Good" - {
             theGood.forEach { recordedAttestation ->
                 recordedAttestation.name - {