Either TppInfo.getTppName() should not be part of this Validation or the Parsing should be failsafe. An Option in AspspProfile for disabling this Validation would also be nice.
Steps to reproduce
Do an Initiation-Request Consent/Payment for Redirect-Aproach with an Certificate resulting in TppInfo.getTppName() returning a String like 'Foo Bank AG' -> java.lang.IllegalArgumentException is thrown
SCA approach
[x] Redirect
[ ] Embedded
[ ] Decoupled
XS2A version(s):
3.10
Log files or other additional info
de.adorsys.psd2.xs2a.exception.GlobalExceptionHandlerController: Stacktrace: {}
java.lang.IllegalArgumentException: Not a valid domain name: 'foo bank ag'
at com.google.common.base.Preconditions.checkArgument(Preconditions.java:191)
at com.google.common.net.InternetDomainName.(InternetDomainName.java:141)
at com.google.common.net.InternetDomainName.from(InternetDomainName.java:196)
at de.adorsys.psd2.xs2a.web.validator.header.TppDomainValidator.buildURL(TppDomainValidator.java:91)
Place where bug appeared
Current behavior
TPP-Redirect-URI
andTPP-Nok-Redirect-URI
are validated. Therefor the FieldsTppInfo.getDnsList()
is extended byTppInfo.getTppName()
. Now we got a certificate for one of our customers with the full Bank name e.g.: 'Foo Bank AG' inTppInfo.getTppName()
from https://www.a-trust.at/. So whengetTppName()
ist not an url or domain-name then an uncatched IllegalArgumentException is thrown by:com.google.common.net.InternetDomainName.from
in https://github.com/adorsys/xs2a/blob/8947ae2a4a8becf705c406b2d4a75a25242df3ab/xs2a-impl/src/main/java/de/adorsys/psd2/xs2a/web/validator/header/TppDomainValidator.java#L91Expected behavior
TppInfo.getTppName()
should not be part of this Validation or the Parsing should be failsafe. An Option in AspspProfile for disabling this Validation would also be nice.Steps to reproduce
TppInfo.getTppName()
returning a String like 'Foo Bank AG' -> java.lang.IllegalArgumentException is thrownSCA approach
XS2A version(s):
Log files or other additional info
de.adorsys.psd2.xs2a.exception.GlobalExceptionHandlerController: Stacktrace: {} java.lang.IllegalArgumentException: Not a valid domain name: 'foo bank ag' at com.google.common.base.Preconditions.checkArgument(Preconditions.java:191) at com.google.common.net.InternetDomainName.(InternetDomainName.java:141)
at com.google.common.net.InternetDomainName.from(InternetDomainName.java:196)
at de.adorsys.psd2.xs2a.web.validator.header.TppDomainValidator.buildURL(TppDomainValidator.java:91)