From c171fecc9533a0b97138e92bc1ae4293225e7271 Mon Sep 17 00:00:00 2001
From: Roman Strobl <roman.strobl@wultra.com>
Date: Thu, 27 Aug 2020 16:27:42 +0200
Subject: [PATCH] Fix #829: Potential null pointer exception in
 ICACertificateParser

---
 .../app/tppengine/model/certificate/ICACertificateParser.java | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/powerauth-tpp-engine-model/src/main/java/io/getlime/security/powerauth/app/tppengine/model/certificate/ICACertificateParser.java b/powerauth-tpp-engine-model/src/main/java/io/getlime/security/powerauth/app/tppengine/model/certificate/ICACertificateParser.java
index b31c2adfb..adac14b11 100644
--- a/powerauth-tpp-engine-model/src/main/java/io/getlime/security/powerauth/app/tppengine/model/certificate/ICACertificateParser.java
+++ b/powerauth-tpp-engine-model/src/main/java/io/getlime/security/powerauth/app/tppengine/model/certificate/ICACertificateParser.java
@@ -88,6 +88,10 @@ public CertInfo parse(String certificatePem) throws CertificateException {
             }
             final ASN1Primitive qcStatementAsn1Primitive = JcaX509ExtensionUtils.parseExtensionValue(qcStatement);
 
+            if (qcStatementAsn1Primitive == null) {
+                throw new CertificateException("Unable to extract PSD2 mandates from extension value.");
+            }
+
             final DLSequence it = ((DLSequence) qcStatementAsn1Primitive);
 
             Set<CertInfo.PSD2> psd2Mandates = new HashSet<>();