fix: ensure revocation policy decoded bitValue always consists of val…

…id binary characters (0,1)
walt-id · Feb 5, 2025 · 86e0e12 · 86e0e12
1 parent 42ba97c
commit 86e0e12
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/...erification-policies/src/jvmMain/kotlin/id/walt/policies/policies/RevocationPolicy.jvm.kt b/...erification-policies/src/jvmMain/kotlin/id/walt/policies/policies/RevocationPolicy.jvm.kt
@@ -47,7 +47,10 @@ actual class RevocationPolicy : RevocationPolicyMp() {
             val credentialSubject = payload["vc"]!!.jsonObject["credentialSubject"]?.jsonObject!!
             val encodedList = credentialSubject["encodedList"]?.jsonPrimitive?.content ?: ""
             val bitValue = get(encodedList, statusListIndex)
-            if (StreamUtils.binToInt(bitValue!!.joinToString("")) == 0) {
+            // ensure bitValue always consists of valid binary characters (0,1)
+            require(!bitValue.isNullOrEmpty()) { "Null or empty bit value" }
+            require(isBinaryValue(bitValue)) { "Invalid bit value" }
+            if (StreamUtils.binToInt(bitValue.joinToString("")) == 0) {
                 Result.success(statusListCredentialUrl!!)
             } else {
                 Result.failure(Throwable("Credential has been revoked"))
@@ -91,4 +94,8 @@ object StreamUtils {
 }
 
 fun get(bitstring: String, idx: ULong? = null, bitSize: Int = 1) =
-    idx?.let { StreamUtils.getBitValue(GZIPInputStream(Base64Utils.decode(bitstring).inputStream()), it, bitSize) }
+    idx?.let { StreamUtils.getBitValue(GZIPInputStream(Base64Utils.decode(bitstring).inputStream()), it, bitSize) }
+
+fun isBinaryValue(value: List<Char>) = setOf('0', '1').let { valid ->
+    value.all { it in valid }
+}