From 622cef41c418c0984992ac3219ccaa147a7b1e06 Mon Sep 17 00:00:00 2001
From: Roland Groen <roland@headease.nl>
Date: Tue, 15 Oct 2024 00:12:05 +0200
Subject: [PATCH] Fix certificate lookup in validator

Re-enable the use of findSigningCertificate to ensure proper certificate validation based on X509 thumbprint. Remove hardcoding of the signingCert as first certificate in the chain and handle potential errors appropriately.
---
 uzi_vc_validator/ura_validator.go | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/uzi_vc_validator/ura_validator.go b/uzi_vc_validator/ura_validator.go
index 6889b06..9f249cb 100644
--- a/uzi_vc_validator/ura_validator.go
+++ b/uzi_vc_validator/ura_validator.go
@@ -57,11 +57,10 @@ func (u UraValidatorImpl) Validate(jwtString string) error {
 		return err
 	}
 
-	// signingCert, err := findSigningCertificate(chainCertificates, headerValues.X509CertThumbprint)
-	signingCert := chainCertificates[0]
-	// if err != nil {
-	// 	return err
-	// }
+	signingCert, err := findSigningCertificate(chainCertificates, headerValues.X509CertThumbprint)
+	if err != nil {
+		return err
+	}
 
 	err = validateChain(signingCert, chainCertificates, u.allowUziTestCa, u.allowSelfSignedCa)
 	if err != nil {