Robust CBOR deserialization for IssuerSignedItem/List with deferred element identifier#531
Robust CBOR deserialization for IssuerSignedItem/List with deferred element identifier#531
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 572bebaae0
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
openid-data-classes/src/commonMain/kotlin/at/asitplus/iso/IssuerSignedItemSerializer.kt
Outdated
Show resolved
Hide resolved
openid-data-classes/src/commonMain/kotlin/at/asitplus/iso/IssuerSignedItemSerializer.kt
Outdated
Show resolved
Hide resolved
nodh
force-pushed
the
codex/add-tests-for-deserializing-elementvalue-error
branch
from
c6fbb45 to
aaad495
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 63676a3cca
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
openid-data-classes/src/commonMain/kotlin/at/asitplus/iso/IssuerSignedItemSerializer.kt
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c55911e40a
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
openid-data-classes/src/commonMain/kotlin/at/asitplus/iso/IssuerSignedItemSerializer.kt
Show resolved
Hide resolved
nodh
force-pushed
the
codex/add-tests-for-deserializing-elementvalue-error
branch
from
b049fab to
7158112
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 715811254c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
openid-data-classes/src/commonMain/kotlin/at/asitplus/iso/IssuerSignedItemSerializer.kt
Outdated
Show resolved
Hide resolved
nodh
force-pushed
the
codex/add-tests-for-deserializing-elementvalue-error
branch
from
cdf31bb to
e9fb71a
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f70bc527bd
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
openid-data-classes/src/commonMain/kotlin/at/asitplus/iso/IssuerSignedItemSerializer.kt
Outdated
Show resolved
Hide resolved
|
pinging @JesusMcCloud |
|
|
||
| private fun CborMap.toIssuerSignedItem(): IssuerSignedItem { | ||
| val digestId = coseCompliantSerializer.decodeFromByteArray( | ||
| Long.serializer(), |
There was a problem hiding this comment.
long or ulong? important for KxS 1.10
There was a problem hiding this comment.
In the CDDL it's uint, so major type 0. But there is no encodeUIntElement, so is it safe to use encodeLongElement or not?
nodh
force-pushed
the
codex/add-tests-for-deserializing-elementvalue-error
branch
from
d5fb5a0 to
db9c163
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: db9c163880
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| runCatching { return coseCompliantSerializer.decodeFromByteArray(InstantStringSerializer, bytes) } | ||
| runCatching { return coseCompliantSerializer.decodeFromByteArray(String.serializer(), bytes) } | ||
| runCatching { return coseCompliantSerializer.decodeFromByteArray(Long.serializer(), bytes) } | ||
| runCatching { return coseCompliantSerializer.decodeFromByteArray(Float.serializer(), bytes) } |
There was a problem hiding this comment.
In decodeGenericElementValue, Float.serializer() is attempted before Double.serializer(), so unregistered 64-bit floating-point claims parsed via deserializeFromOborMap can be downcast to Float before Double is ever tried. This changes both runtime type and precision for valid double-valued elementValue fields in IssuerSignedList, which can break round-trips and numeric comparisons for consumers that expect full Double fidelity.
Useful? React with 👍 / 👎.
2 participants
Mitigate errors like #311 by preventing deserialization of
IssuerSignedItemwithout a namespace. Our code relies on deserializingIssuerSignedListinstead, which has two advantages: Always has anamespaceand uses OBOR generic CBOR parsingelementValuewhich should at least return the CBOR byte array as a fallback.Started with the help of codex 5.3 high.