Internal Server Error when issuing credential containing ÅÄÖ

[lenkan]

I tried to issue an ECR credential with my name "Daniel Lenksjö" as the "personLegalName". This causes keria to fail with an internal server error.

Stack trace:

keria-1  | 2024-03-01 10:35:06 [FALCON] [ERROR] POST /identifiers/Daniel/credentials => Traceback (most recent call last):
keria-1  |   File "/keria/venv/lib/python3.12/site-packages/keri/core/serdering.py", line 441, in __init__
keria-1  |     self._verify()  # raises exception when not verify
keria-1  |     ^^^^^^^^^^^^^^
keria-1  |   File "/keria/venv/lib/python3.12/site-packages/keri/core/serdering.py", line 1472, in _verify
keria-1  |     super(SerderACDC, self)._verify(**kwa)
keria-1  |   File "/keria/venv/lib/python3.12/site-packages/keri/core/serdering.py", line 540, in _verify
keria-1  |     raise ValidationError(f"Invalid said field '{label}' in sad"
keria-1  | keri.kering.ValidationError: Invalid said field 'd' in sad = {'v': 'ACDC10JSON0007e9_', 'd': 'EJpk4QJ_dA07popZCgwD7Anl8lgappVAtZgcoUh5OWhQ', 'u': '0ADnSw_qVTfKrOUeYKxGkdrY', 'i': 'EGwSHtH-4z2IbNjmHrL5T6wKqOzyHXfDVboSNMbMpEqr', 'ri': 'EIFaPHyrc2sF0GmNolMxU9lW-SNR4yY7AbIm62op4Ybo', 's': 'EEy9PkikFcANV1l7EHukCeXqrzT1hNZjGlUk7wuMO5jw', 'a': {'d': 'ECUxVJ8_DiUft8ZqSOyq9T-nQzUzqVlLqPDV2Y0RibXX', 'u': '0ABYlPfXqmPqoCNNU-s-DIDr', 'i': 'EGwSHtH-4z2IbNjmHrL5T6wKqOzyHXfDVboSNMbMpEqr', 'dt': '2024-03-01T10:35:05.718000+00:00', 'LEI': '125315131', 'personLegalName': 'Daniel Lenksjö', 'engagementContextRole': 'ECR'}, 'e': {'le': {'n': 'EM4Il9wzhNKF1jWOy6vXYpvo2DovPvLQEtEkU_KuuOn7', 's': 'ENPXp1vQzRF6JwIuS-mp2U8Uf1MoADoP_GqQ62VsDZWY'}, 'd': 'ECjQSUi-WMZ5Bkprul0Vl1qrVA4XNtjusiLgesUNFuBA'}, 'r': {'usageDisclaimer': {'l': 'Usage of a valid, unexpired, and non-revoked vLEI Credential, as defined in the associated Ecosystem Governance Framework, does not assert that the Legal Entity is trustworthy, honest, reputable in its business dealings, safe to do business with, or compliant with any laws or that an implied or expressly intended purpose will be fulfilled.'}, 'issuanceDisclaimer': {'l': 'All information in a valid, unexpired, and non-revoked vLEI Credential, as defined in the associated Ecosystem Governance Framework, is accurate as of the date the validation process was complete. The vLEI Credential has been issued to the legal entity or person named in the vLEI Credential as the subject; and the qualified vLEI Issuer exercised reasonable care to perform the validation process set forth in the vLEI Ecosystem Governance Framework.'}, 'privacyDisclaimer': {'l': 'It is the sole responsibility of Holders as Issuees of an ECR vLEI Credential to present that Credential in a privacy-preserving manner using the mechanisms provided in the Issuance and Presentation Exchange (IPEX) protocol specification and the Authentic Chained Data Container (ACDC) specification. https://github.com/WebOfTrust/IETF-IPEX and https://github.com/trustoverip/tswg-acdc-specification.'}, 'd': 'EMAWBbr0UIIlbaZbXlh_H79zR7lLAz55_Ey8psrsKSly'}}, should be EAmaYvSMA5MkChyMlMjPmCrB0zgD6jtM2pHBU4hL3VPu.
keria-1  |
keria-1  | The above exception was the direct cause of the following exception:
keria-1  |
keria-1  | Traceback (most recent call last):
keria-1  |   File "falcon/app.py", line 365, in falcon.app.App.__call__
keria-1  |   File "/keria/src/keria/app/credentialing.py", line 484, in on_post
keria-1  |     creder = serdering.SerderACDC(sad=httping.getRequiredParam(body, "acdc"))
keria-1  |              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
keria-1  |   File "/keria/venv/lib/python3.12/site-packages/keri/core/serdering.py", line 445, in __init__
keria-1  |     raise ValidationError(f"Invalid sad for Serder ="
keria-1  | keri.kering.ValidationError: Invalid sad for Serder ={'v': 'ACDC10JSON0007e9_', 'd': 'EJpk4QJ_dA07popZCgwD7Anl8lgappVAtZgcoUh5OWhQ', 'u': '0ADnSw_qVTfKrOUeYKxGkdrY', 'i': 'EGwSHtH-4z2IbNjmHrL5T6wKqOzyHXfDVboSNMbMpEqr', 'ri': 'EIFaPHyrc2sF0GmNolMxU9lW-SNR4yY7AbIm62op4Ybo', 's': 'EEy9PkikFcANV1l7EHukCeXqrzT1hNZjGlUk7wuMO5jw', 'a': {'d': 'ECUxVJ8_DiUft8ZqSOyq9T-nQzUzqVlLqPDV2Y0RibXX', 'u': '0ABYlPfXqmPqoCNNU-s-DIDr', 'i': 'EGwSHtH-4z2IbNjmHrL5T6wKqOzyHXfDVboSNMbMpEqr', 'dt': '2024-03-01T10:35:05.718000+00:00', 'LEI': '125315131', 'personLegalName': 'Daniel Lenksjö', 'engagementContextRole': 'ECR'}, 'e': {'le': {'n': 'EM4Il9wzhNKF1jWOy6vXYpvo2DovPvLQEtEkU_KuuOn7', 's': 'ENPXp1vQzRF6JwIuS-mp2U8Uf1MoADoP_GqQ62VsDZWY'}, 'd': 'ECjQSUi-WMZ5Bkprul0Vl1qrVA4XNtjusiLgesUNFuBA'}, 'r': {'usageDisclaimer': {'l': 'Usage of a valid, unexpired, and non-revoked vLEI Credential, as defined in the associated Ecosystem Governance Framework, does not assert that the Legal Entity is trustworthy, honest, reputable in its business dealings, safe to do business with, or compliant with any laws or that an implied or expressly intended purpose will be fulfilled.'}, 'issuanceDisclaimer': {'l': 'All information in a valid, unexpired, and non-revoked vLEI Credential, as defined in the associated Ecosystem Governance Framework, is accurate as of the date the validation process was complete. The vLEI Credential has been issued to the legal entity or person named in the vLEI Credential as the subject; and the qualified vLEI Issuer exercised reasonable care to perform the validation process set forth in the vLEI Ecosystem Governance Framework.'}, 'privacyDisclaimer': {'l': 'It is the sole responsibility of Holders as Issuees of an ECR vLEI Credential to present that Credential in a privacy-preserving manner using the mechanisms provided in the Issuance and Presentation Exchange (IPEX) protocol specification and the Authentic Chained Data Container (ACDC) specification. https://github.com/WebOfTrust/IETF-IPEX and https://github.com/trustoverip/tswg-acdc-specification.'}, 'd': 'EMAWBbr0UIIlbaZbXlh_H79zR7lLAz55_Ey8psrsKSly'}}.

[2byrds]

From our keri dev meeting:
This was re-confirmed a few weeks ago. Likely using main but will be verified by @lenkan .

[rodolfomiranda]

Can we use the multisig-vlei-issuance test to reproduce the issue?
Also, have you try issuing from kli to see if it's only a KERIA issue?

[rodolfomiranda]

from keripy it's working fine (see Daniel Lenksjö in the VLEI field):
kli vc export --name holder --alias holder --said ELmkMDGm8gRTONIGB3jHVINEth72KiUpTyRnaXKKslTV {"v":"ACDC10JSON000192_","d":"ELmkMDGm8gRTONIGB3jHVINEth72KiUpTyRnaXKKslTV","i":"EKxICWTx5Ph4EKq5xie2znZf7amggUn4Sd-2-46MIQTg","ri":"ELjERDs4x3K9ShHeoxQGXQXrPfHwKRqghKuI-UzphTxH","s":"EBfdlu8R27Fbx-ehrqwImnK-8Cm79sqbAQ4MmvEAYqao","a":{"d":"EFBekeyIO5XilQk6RHmcKy1M2UD_6GVCd34C3L2ITFEN","i":"ELjSFdrTdCebJlmvbFNX9-TLhR2PO0_60al1kQp5_e6k","dt":"2024-04-25T20:52:50.700187+00:00","LEI":"Daniel Lenksjö"}}-IABELmkMDGm8gRTONIGB3jHVINEth72KiUpTyRnaXKKslTV0AAAAAAAAAAAAAAAAAAAAAAAEHGIonO2JA0uy0ZKNaKa7lIzBOO_cK8CBHq3xSIBvx2k%

We can narrow the problem to signify/KERIA.

[rodolfomiranda]

I found that the Serder class in signify-ts was computing the size of the SAD from the string and not from the real bytes. That creates a size error in the version string when special characters takes two bytes in binary.
I submitted the PR WebOfTrust/signify-ts#253

[lenkan]

Thanks a lot for the fix. I guess this issue is in the wrong place then. I will close it, and since you already have a PR for it in signify-ts, we will use that to track. Nice work!

[rodolfomiranda]

I think that KERIA crashes when the validation fails. We should fix it to not crash.

[lenkan]

@rodolfomiranda Good point. It should validate then return HTTP 400? Do you think we should re-open this issue or create a new one?

[rodolfomiranda]

I just retested and I think it does not crash now, but return 500 instead of 400. Creating a new one is fine for me

[2byrds]

fantastic work @rodolfomiranda ! i'll add the new one to the top 10 and add this to the fixed section of the top10.