Skip to content

Commit

Permalink
Fix certificate lookup in validator
Browse files Browse the repository at this point in the history 
Re-enable the use of findSigningCertificate to ensure proper certificate validation based on X509 thumbprint. Remove hardcoding of the signingCert as first certificate in the chain and handle potential errors appropriately.
  • Loading branch information
@rolandgroen
rolandgroen committed Oct 14, 2024
1 parent 2eaf1d2 commit 622cef4
Showing 1 changed file with 4 additions and 5 deletions.
9 changes: 4 additions & 5 deletions uzi_vc_validator/ura_validator.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,11 +57,10 @@ func (u UraValidatorImpl) Validate(jwtString string) error {
return err
}

// signingCert, err := findSigningCertificate(chainCertificates, headerValues.X509CertThumbprint)
signingCert := chainCertificates[0]
// if err != nil {
// return err
// }
signingCert, err := findSigningCertificate(chainCertificates, headerValues.X509CertThumbprint)
if err != nil {
return err
}

err = validateChain(signingCert, chainCertificates, u.allowUziTestCa, u.allowSelfSignedCa)
if err != nil {
Expand Down

0 comments on commit 622cef4

Please sign in to comment.