ViraHavrylenko
commented
4 years ago Hello benmoeARZ, thanks for your feedback, we'll take a look.
Closed benmoeARZ closed 4 years ago
ViraHavrylenko
commented
4 years ago Hello benmoeARZ, thanks for your feedback, we'll take a look.
ViraHavrylenko
commented
4 years ago Hello benmoeARZ, this bug is fixed in xs2a v.4.0 and v.5.0
Place where bug appeared
Current behavior
TPP-Redirect-URIandTPP-Nok-Redirect-URIare validated. Therefor the FieldsTppInfo.getDnsList()is extended byTppInfo.getTppName(). Now we got a certificate for one of our customers with the full Bank name e.g.: 'Foo Bank AG' inTppInfo.getTppName()from https://www.a-trust.at/. So whengetTppName()ist not an url or domain-name then an uncatched IllegalArgumentException is thrown by:com.google.common.net.InternetDomainName.fromin https://github.com/adorsys/xs2a/blob/8947ae2a4a8becf705c406b2d4a75a25242df3ab/xs2a-impl/src/main/java/de/adorsys/psd2/xs2a/web/validator/header/TppDomainValidator.java#L91Expected behavior
TppInfo.getTppName()should not be part of this Validation or the Parsing should be failsafe. An Option in AspspProfile for disabling this Validation would also be nice.Steps to reproduce
TppInfo.getTppName()returning a String like 'Foo Bank AG' -> java.lang.IllegalArgumentException is thrownSCA approach
XS2A version(s):
Log files or other additional info
de.adorsys.psd2.xs2a.exception.GlobalExceptionHandlerController: Stacktrace: {} java.lang.IllegalArgumentException: Not a valid domain name: 'foo bank ag' at com.google.common.base.Preconditions.checkArgument(Preconditions.java:191) at com.google.common.net.InternetDomainName.(InternetDomainName.java:141)
at com.google.common.net.InternetDomainName.from(InternetDomainName.java:196)
at de.adorsys.psd2.xs2a.web.validator.header.TppDomainValidator.buildURL(TppDomainValidator.java:91)