fix(PW-3126): ignore ou components with invalid length when parsing branch from DN

parseBranch now skips ou values that are not exactly 3 characters, gracefully
handling malformed DNs without throwing or returning incorrect branch codes.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: zubri

src/main/java/com/prowidesoftware/swift/model/DistinguishedName.java

@@ -97,13 +97,14 @@ public static String parseBIC(final String dn) {
     /**
      * Parses the branch code from a SWIFT Distinguished Name string.
      *
-     * <p>The branch is represented by the {@code ou} component. When multiple {@code ou} components
-     * are present, the one closest to {@code o=&lt;bic8&gt;} (i.e. the rightmost) is the branch code,
+     * <p>The branch is represented by the {@code ou} component. Only {@code ou} values with exactly
+     * 3 characters are considered valid; others are silently ignored. When multiple valid {@code ou}
+     * components are present, the one closest to {@code o=&lt;bic8&gt;} (i.e. the rightmost) is used,
      * as DNs are read right-to-left from least to most specific:
      * <pre>cn=a,ou=dept,ou=bbb,o=biccode,o=swift → branch is "BBB"</pre>
      *
      * @param dn the Distinguished Name string, may be null or blank
-     * @return the branch code in uppercase, or null if not present or if the input is blank
+     * @return the branch code in uppercase, or null if not present, invalid, or if the input is blank
      */
     protected static String parseBranch(final String dn) {
         if (StringUtils.isBlank(dn)) {
@@ -112,11 +113,14 @@ protected static String parseBranch(final String dn) {
         String branch = null;
         for (String s : StringUtils.split(dn, ",")) {
             if (Strings.CS.startsWith(s, "ou=")) {
-                // keep iterating — last match is the rightmost (closest to o=<bic8>)
-                branch = StringUtils.substringAfter(s, "ou=");
+                String value = StringUtils.substringAfter(s, "ou=");
+                if (value.length() == 3) {
+                    // keep iterating — last valid match is the rightmost (closest to o=<bic8>)
+                    branch = value;
+                }
             }
         }
-        return StringUtils.isBlank(branch) ? null : StringUtils.upperCase(branch);
+        return branch != null ? StringUtils.upperCase(branch) : null;
     }
 
     /**

src/test/java/com/prowidesoftware/swift/model/DistinguishedNameTest.java

@@ -99,4 +99,16 @@ void testParseBranchBlank() {
     void testParseBranchNoMatch() {
         assertNull(DistinguishedName.parseBranch("o=biccode,o=swift"));
     }
+
+    @Test
+    void testParseBranchIgnoresInvalidOULength() {
+        // ou values with length != 3 must be ignored
+        assertNull(DistinguishedName.parseBranch("ou=toolong,o=biccode,o=swift"));
+        assertNull(DistinguishedName.parseBranch("ou=ab,o=biccode,o=swift"));
+        assertNull(DistinguishedName.parseBranch("ou=x,o=biccode,o=swift"));
+        // valid ou present alongside invalid ones — valid one wins
+        assertEquals("XXX", DistinguishedName.parseBranch("ou=toolong,ou=xxx,o=biccode,o=swift"));
+        // multiple invalid ou, no valid one
+        assertNull(DistinguishedName.parseBranch("ou=ab,ou=toolong,o=biccode,o=swift"));
+    }
 }