From cc42179c9ebc80dcaec87034ed4c07887448f83f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bernd=20Pr=C3=BCnster?= Date: Tue, 17 Oct 2023 14:48:00 +0200 Subject: [PATCH] 1.4.2: fix iOS Exception Propagation --- CHANGELOG.md | 5 +++- attestation-service/build.gradle.kts | 2 +- .../src/main/kotlin/AttestationService.kt | 26 +++++++++++++++---- .../src/main/kotlin/Throwables.kt | 3 +++ .../kotlin/DefaultAttestationServiceTest.kt | 11 ++++---- 5 files changed, 35 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d654544..19ce6fa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -81,4 +81,7 @@ attestation on Android, please re-read the readme! #### 1.4.1 - make all config classes `data` classes -- update to android attestation 1.2.1 \ No newline at end of file +- update to android attestation 1.2.1 + +#### 1.4.2 +- fix temporal iOS receipt validation error not being propagated as such \ No newline at end of file diff --git a/attestation-service/build.gradle.kts b/attestation-service/build.gradle.kts index c9c0b18..fb0deaf 100644 --- a/attestation-service/build.gradle.kts +++ b/attestation-service/build.gradle.kts @@ -11,7 +11,7 @@ plugins { } group = "at.asitplus" -version = "1.4.1" +version = "1.4.2" sourceSets.test { kotlin { diff --git a/attestation-service/src/main/kotlin/AttestationService.kt b/attestation-service/src/main/kotlin/AttestationService.kt index 73a5000..ea3177d 100644 --- a/attestation-service/src/main/kotlin/AttestationService.kt +++ b/attestation-service/src/main/kotlin/AttestationService.kt @@ -738,18 +738,34 @@ class DefaultAttestationService( ) } - private fun encapsulateIosAttestationException(it: Throwable) = - if (it is ch.veehait.devicecheck.appattest.attestation.AttestationException.InvalidCertificateChain || it is ReceiptException.InvalidCertificateChain) { + private fun encapsulateIosAttestationException(it: Throwable): AttException { + return if (it is ch.veehait.devicecheck.appattest.attestation.AttestationException.InvalidCertificateChain || it is ReceiptException.InvalidCertificateChain) { var ex = it.cause - while (ex !is CertPathValidatorException) ex = ex?.cause + while (ex !is CertPathValidatorException) { + if (ex == null) return AttException.Content(Platform.IOS, cause = it) + ex = ex.cause + } if ((ex.reason == BasicReason.NOT_YET_VALID) || (ex.reason == BasicReason.EXPIRED)) AttException.Certificate.Time( Platform.IOS, - cause = it + cause = ex ) else AttException.Certificate.Trust( Platform.IOS, - cause = it + cause = ex ) + } else if (it is ch.veehait.devicecheck.appattest.attestation.AttestationException.InvalidReceipt) { + var ex = it.cause + while (ex !is ReceiptException.InvalidPayload) { + if (ex == null) return AttException.Content(Platform.IOS, cause = it) + ex = ex.cause + } + if (ex.message?.startsWith("Receipt's creation time is after") == true) + AttException.Certificate.Time( + Platform.IOS, + cause = ex + ) + else AttException.Content(Platform.IOS, cause = it) } else AttException.Content(Platform.IOS, cause = it) + } } diff --git a/attestation-service/src/main/kotlin/Throwables.kt b/attestation-service/src/main/kotlin/Throwables.kt index 338d27f..7de46df 100644 --- a/attestation-service/src/main/kotlin/Throwables.kt +++ b/attestation-service/src/main/kotlin/Throwables.kt @@ -59,4 +59,7 @@ sealed class AttestationException(val platform: Platform, message: String? = nul */ class Configuration(platform: Platform, message: String? = null, cause: Throwable? = null) : AttestationException(platform, message = message, cause = cause) + + override fun toString() = + "AttestationException.${this::class.simpleName}: platform: $platform, message: ${message ?: cause?.message}, cause: $cause" } \ No newline at end of file diff --git a/attestation-service/src/test/kotlin/DefaultAttestationServiceTest.kt b/attestation-service/src/test/kotlin/DefaultAttestationServiceTest.kt index 5542fbd..78cc661 100644 --- a/attestation-service/src/test/kotlin/DefaultAttestationServiceTest.kt +++ b/attestation-service/src/test/kotlin/DefaultAttestationServiceTest.kt @@ -27,10 +27,9 @@ class DefaultAttestationServiceTest : FreeSpec() { init { "iosIDA" { - - val iosIDA = AttestationData( - "ida", "Q049ODBlZDdlMjk4NzM3NWVmYjFhYWJhMDhjNjFjM2E3ZGIsTz1FSUQtREVWLVBLSSxPVT1ULUVudg==", + "ida", + "Q049ODBlZDdlMjk4NzM3NWVmYjFhYWJhMDhjNjFjM2E3ZGIsTz1FSUQtREVWLVBLSSxPVT1ULUVudg==", listOf( "o2NmbXRvYXBwbGUtYXBwYXR0ZXN0Z2F0dFN0bXSiY3g1Y4JZAuwwggLoMIICbaADAgECAgYBioRZyjgwCgYIKoZ" + "Izj0EAwIwTzEjMCEGA1UEAwwaQXBwbGUgQXBwIEF0dGVzdGF0aW9uIENBIDExEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAg" + @@ -104,7 +103,10 @@ class DefaultAttestationServiceTest : FreeSpec() { "BIVggnR9YIRF7/HKp0sEoKWSozd6LZijt0mYySuJSKwhjScgiWCBwYQnNviCytmZ/gNlU0B2/2aQUlbZZ1BF82NOmY/hw6w==", "omlzaWduYXR1cmVYSDBGAiEAjLQRt6NtttWQPfVSZpZqjAOfG0snhMtoGz/DflZPxDgCIQCq11k3Kmua6MKCPF/w" + "9R0HW4Qprd+PVoFS1oQFrFO9pHFhdXRoZW50aWNhdG9yRGF0YVgljiSVS1qsC3yiRa+Gw3NrIPZ0W9pBspx+KbwXluNyqeVAAAAA" + - "AQ=="), "2023-09-11T16:02:40Z",pubKeyB64 = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFT1XwEeF8NftY84GfnqTFBoxHNkdG7wZHcOkLKwT4W6333Jqmga1XkKySq/ApnslBPNZE1Os363SAv8X85ZIrQ==" + "AQ==" + ), + "2023-09-11T16:02:40Z", + pubKeyB64 = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFT1XwEeF8NftY84GfnqTFBoxHNkdG7wZHcOkLKwT4W6333Jqmga1XkKySq/ApnslBPNZE1Os363SAv8X85ZIrQ==" ) DefaultAttestationService( @@ -128,7 +130,6 @@ class DefaultAttestationServiceTest : FreeSpec() { } } - "The Good" - { theGood.forEach { recordedAttestation -> recordedAttestation.name - {