From 8a65ee00fa00c35ca6853298c50692d6c82d61f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20=C3=85berg?= Date: Fri, 18 Oct 2024 12:08:23 +0200 Subject: [PATCH] Reverting some changes (#554) I'm keeping these around until we've understood if we really can drop them --- Src/Fido2/Extensions/CryptoUtils.cs | 2 +- Test/CryptoUtilsTests.cs | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Src/Fido2/Extensions/CryptoUtils.cs b/Src/Fido2/Extensions/CryptoUtils.cs index 18eae2f6..bbc56698 100644 --- a/Src/Fido2/Extensions/CryptoUtils.cs +++ b/Src/Fido2/Extensions/CryptoUtils.cs @@ -61,7 +61,7 @@ public static bool ValidateTrustChain(X509Certificate2[] trustPath, X509Certific // Let's check the simplest case first. If subject and issuer are the same, and the attestation cert is in the list, that's all the validation we need // We have the same singular root cert in trustpath and it is in attestationRootCertificates - if (trustPath.Length == 1) + if (trustPath.Length == 1 && trustPath[0].Subject.Equals(trustPath[0].Issuer, StringComparison.Ordinal)) { foreach (X509Certificate2 cert in attestationRootCertificates) { diff --git a/Test/CryptoUtilsTests.cs b/Test/CryptoUtilsTests.cs index 505f75db..2ce5d81a 100644 --- a/Test/CryptoUtilsTests.cs +++ b/Test/CryptoUtilsTests.cs @@ -66,8 +66,8 @@ public void TestValidateTrustChainSubAnchor() Assert.False(0 == attestationRootCertificates[0].Issuer.CompareTo(attestationRootCertificates[0].Subject)); Assert.True(CryptoUtils.ValidateTrustChain(trustPath, attestationRootCertificates)); - Assert.True(CryptoUtils.ValidateTrustChain(trustPath, trustPath)); - Assert.True(CryptoUtils.ValidateTrustChain(attestationRootCertificates, attestationRootCertificates)); + Assert.False(CryptoUtils.ValidateTrustChain(trustPath, trustPath)); + Assert.False(CryptoUtils.ValidateTrustChain(attestationRootCertificates, attestationRootCertificates)); Assert.False(CryptoUtils.ValidateTrustChain(attestationRootCertificates, trustPath)); }