Skip to content

Commit

Permalink
fix: fix the data validation of StrKey class.
Browse files Browse the repository at this point in the history
  • Loading branch information
@overcat
overcat committed Nov 14, 2024
1 parent ae48e08 commit ccc92e4
Show file tree
Hide file tree
Showing 4 changed files with 48 additions and 5 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
- feat: add support for Soroban PRC's `getLedgers` API interface.
- refactor!: if seed is not present, calling `Keypair.sign` throws IllegalStateException.
- refactor!: `StrKeyException` has been removed, use `IllegalArgumentException` instead. When you call functions like `Keypair.fromAccountId`, this exception will also be thrown if invalid data is passed in.
- fix: fix the data validation of `StrKey` class.

## 1.0.0-beta1

Expand Down
30 changes: 28 additions & 2 deletions src/main/java/org/stellar/sdk/StrKey.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -387,12 +387,38 @@ static byte[] decodeCheck(VersionByte versionByte, char[] encoded) {

byte[] decoded = base32decode(bytes);
byte decodedVersionByte = decoded[0];
VersionByte decodedVersionByteEnum =
VersionByte.findByValue(decodedVersionByte)
.orElseThrow(() -> new IllegalArgumentException("Version byte is invalid"));
byte[] payload = Arrays.copyOfRange(decoded, 0, decoded.length - 2);
byte[] data = Arrays.copyOfRange(payload, 1, payload.length);
byte[] checksum = Arrays.copyOfRange(decoded, decoded.length - 2, decoded.length);

if (decodedVersionByte != versionByte.getValue()) {
throw new IllegalArgumentException("Version byte is invalid");
// Check the data length
switch (decodedVersionByteEnum) {
case SIGNED_PAYLOAD:
if (data.length < 32 + 4 + 4 || data.length > 32 + 4 + 64) {
throw new IllegalArgumentException(
"Invalid data length, the length should be between 40 and 100 bytes, got "
+ data.length);
}
break;
case MUXED:
if (data.length != 32 + 8) {
throw new IllegalArgumentException(
"Invalid data length, expected 40 bytes, got " + data.length);
}
break;
default:
if (data.length != 32) {
throw new IllegalArgumentException(
"Invalid data length, expected 32 bytes, got " + data.length);
}
break;
}

if (decodedVersionByteEnum != versionByte) {
throw new IllegalArgumentException("Version byte mismatch");
}

byte[] expectedChecksum = StrKey.calculateChecksum(payload);
Expand Down
2 changes: 2 additions & 0 deletions src/test/java/org/stellar/sdk/KeyPairTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,8 @@ public void testFromAccountIdThrows() {
"",
"hello",
"GAXDYNIBA5E4DXR5TJN522RRYESFQ5UNUXHIPTFGVLLD5O5K552DFBAD",
"GA7QYNF7SOWQ3GLR2BGMZEHXAVIRZA4KVWLTJJFC7MGXUA74P7UJUACUSI",
"GA7QYNF7SOWQ3GLR2BGMZEHXAVIRZA4KVWLTJJFC7MGXUA74P7UJVSGZA",
"GAXDYNIBA5E4DXR5TJN522RRYESFQ5UNUXHIPTFGVLLD5O5K552DF5Z",
"masterpassphrasemasterpassphrase",
"gsYRSEQhTffqA9opPepAENCr2WG6z5iBHHubxxbRzWaHf8FBWcu");
Expand Down
20 changes: 17 additions & 3 deletions src/test/java/org/stellar/sdk/MuxedAccountTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@
import static org.junit.Assert.assertThrows;

import java.math.BigInteger;
import java.util.Arrays;
import java.util.List;
import org.junit.Test;
import org.stellar.sdk.xdr.CryptoKeyType;
import org.stellar.sdk.xdr.Uint256;
Expand Down Expand Up @@ -72,8 +74,20 @@ public void testFromAccountEd25519Account() {

@Test
public void testFromAccountInvalidAccountRaise() {
String invalidAccount =
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
assertThrows(IllegalArgumentException.class, () -> new MuxedAccount(invalidAccount));
List<String> invalidAccounts =
Arrays.asList(
"GAAAAAAAACGC6",
"MA7QYNF7SOWQ3GLR2BGMZEHXAVIRZA4KVWLTJJFC7MGXUA74P7UJUAAAAAAAAAAAACJUR",
"GA7QYNF7SOWQ3GLR2BGMZEHXAVIRZA4KVWLTJJFC7MGXUA74P7UJVSGZA",
"GA7QYNF7SOWQ3GLR2BGMZEHXAVIRZA4KVWLTJJFC7MGXUA74P7UJUACUSI",
"G47QYNF7SOWQ3GLR2BGMZEHXAVIRZA4KVWLTJJFC7MGXUA74P7UJVP2I",
"MA7QYNF7SOWQ3GLR2BGMZEHXAVIRZA4KVWLTJJFC7MGXUA74P7UJVAAAAAAAAAAAAAJLKA",
"MA7QYNF7SOWQ3GLR2BGMZEHXAVIRZA4KVWLTJJFC7MGXUA74P7UJVAAAAAAAAAAAAAAV75I",
"M47QYNF7SOWQ3GLR2BGMZEHXAVIRZA4KVWLTJJFC7MGXUA74P7UJUAAAAAAAAAAAACJUQ",
"MA7QYNF7SOWQ3GLR2BGMZEHXAVIRZA4KVWLTJJFC7MGXUA74P7UJUAAAAAAAAAAAACJUK===",
"MA7QYNF7SOWQ3GLR2BGMZEHXAVIRZA4KVWLTJJFC7MGXUA74P7UJUAAAAAAAAAAAACJUO");
for (String invalidAccount : invalidAccounts) {
assertThrows(IllegalArgumentException.class, () -> new MuxedAccount(invalidAccount));
}
}
}

0 comments on commit ccc92e4

Please sign in to comment.