Revert "Conformance-breaking: Keep the stricter rules"

abergs · abergs · commit 05fbed1ae1ec · 2024-10-18T13:52:52.000+02:00
This reverts commit ac11a81.
diff --git a/Src/Fido2/Extensions/CryptoUtils.cs b/Src/Fido2/Extensions/CryptoUtils.cs
@@ -61,7 +61,7 @@ public static bool ValidateTrustChain(X509Certificate2[] trustPath, X509Certific
         // Let's check the simplest case first.  If subject and issuer are the same, and the attestation cert is in the list, that's all the validation we need
 
         // We have the same singular root cert in trustpath and it is in attestationRootCertificates
-        if (trustPath.Length == 1 && trustPath[0].Subject.Equals(trustPath[0].Issuer, StringComparison.Ordinal))
+        if (trustPath.Length == 1)
         {
             foreach (X509Certificate2 cert in attestationRootCertificates)
             {
diff --git a/Test/CryptoUtilsTests.cs b/Test/CryptoUtilsTests.cs
@@ -66,8 +66,8 @@ public void TestValidateTrustChainSubAnchor()
 
         Assert.False(0 == attestationRootCertificates[0].Issuer.CompareTo(attestationRootCertificates[0].Subject));
         Assert.True(CryptoUtils.ValidateTrustChain(trustPath, attestationRootCertificates));
-        Assert.False(CryptoUtils.ValidateTrustChain(trustPath, trustPath));
-        Assert.False(CryptoUtils.ValidateTrustChain(attestationRootCertificates, attestationRootCertificates));
+        Assert.True(CryptoUtils.ValidateTrustChain(trustPath, trustPath));
+        Assert.True(CryptoUtils.ValidateTrustChain(attestationRootCertificates, attestationRootCertificates));
         Assert.False(CryptoUtils.ValidateTrustChain(attestationRootCertificates, trustPath));
     }
 

Original file line number	Diff line number	Diff line change
`@@ -61,7 +61,7 @@ public static bool ValidateTrustChain(X509Certificate2[] trustPath, X509Certific`
`61`	`61`	`// Let's check the simplest case first. If subject and issuer are the same, and the attestation cert is in the list, that's all the validation we need`
`62`	`62`
`63`	`63`	`// We have the same singular root cert in trustpath and it is in attestationRootCertificates`
`64`		`- if (trustPath.Length == 1 && trustPath[0].Subject.Equals(trustPath[0].Issuer, StringComparison.Ordinal))`
	`64`	`+ if (trustPath.Length == 1)`
`65`	`65`	`{`
`66`	`66`	`foreach (X509Certificate2 cert in attestationRootCertificates)`
`67`	`67`	`{`
Original file line number	Diff line number	Diff line change
`@@ -66,8 +66,8 @@ public void TestValidateTrustChainSubAnchor()`
`66`	`66`
`67`	`67`	`Assert.False(0 == attestationRootCertificates[0].Issuer.CompareTo(attestationRootCertificates[0].Subject));`
`68`	`68`	`Assert.True(CryptoUtils.ValidateTrustChain(trustPath, attestationRootCertificates));`
`69`		`- Assert.False(CryptoUtils.ValidateTrustChain(trustPath, trustPath));`
`70`		`- Assert.False(CryptoUtils.ValidateTrustChain(attestationRootCertificates, attestationRootCertificates));`
	`69`	`+ Assert.True(CryptoUtils.ValidateTrustChain(trustPath, trustPath));`
	`70`	`+ Assert.True(CryptoUtils.ValidateTrustChain(attestationRootCertificates, attestationRootCertificates));`
`71`	`71`	`Assert.False(CryptoUtils.ValidateTrustChain(attestationRootCertificates, trustPath));`
`72`	`72`	`}`
`73`	`73`