Skip to content

Update trust anchors #475

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kamphuisem merged 3 commits into from
Aug 14, 2025
Merged

Update trust anchors #475

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
1c04771
Update trust anchors
kamphuisem Aug 12, 2025
e7e758d
Update verifier cert for integration test
kamphuisem Aug 13, 2025
90e0dd1
Add skew for certificate validation
kamphuisem Aug 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 1 addition & 30 deletions eudi/credentials/sdjwtvc/verifier.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -148,36 +148,6 @@ func SplitSdJwtVc(sdjwtvc SdJwtVc) (IssuerSignedJwt, []EncodedDisclosure, *KeyBi
return issuer, encdiscs, kbJwt, nil
}

func CreateX509VerifyOptionsFromMultiplePemChains(pemChains [][]byte) (*x509.VerifyOptions, error) {
rootPool := x509.NewCertPool()
intermediatePool := x509.NewCertPool()

for i, pemChainData := range pemChains {
certs, err := eudi.ParsePemCertificateChain(pemChainData)
if err != nil {
return nil, fmt.Errorf("failed to parse cert chain %d: %w", i, err)
}

if len(certs) == 0 {
return nil, fmt.Errorf("cert chain %d is empty", i)
}

// First cert is assumed to be the root (or self-signed root CA)
rootPool.AddCert(certs[0])

// Remaining certs are intermediates
for _, cert := range certs[1:] {
intermediatePool.AddCert(cert)
}
}

return &x509.VerifyOptions{
Roots: rootPool,
Intermediates: intermediatePool,
KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageAny},
}, nil
}

// CreateX509VerifyOptionsFromCertChain creates x509.VerifyOptions that can be added
// to the `VerificationContext` as the trusted certificate chain.
func CreateX509VerifyOptionsFromCertChain(pemChainData []byte) (*x509.VerifyOptions, error) {
Expand All @@ -198,6 +168,7 @@ func CreateX509VerifyOptionsFromCertChain(pemChainData []byte) (*x509.VerifyOpti
Roots: rootPool,
Intermediates: intermediatePool,
KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageAny},
CurrentTime: time.Now().Add(-5 * time.Minute), // Adjust to account for skew
}

return &certVerifyOpts, nil
Expand Down
126 changes: 59 additions & 67 deletions eudi/trustanchors.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,81 +2,73 @@ package eudi

// DefaultIssuerTrustAnchor_YiviStaging is the default issuer trust anchor for Yivi staging and will be replaced with the actual trust anchor for Yivi production (TODO)
const DefaultIssuerTrustAnchor_YiviStaging = `
Subject: CN=Yivi Requestors RootCA,O=Yivi,C=NL
Issuer: CN=Yivi Requestors RootCA,O=Yivi,C=NL
Subject: CN=Yivi Staging Requestors Root CA,O=Yivi,C=NL
Issuer: CN=Yivi Staging Requestors Root CA,O=Yivi,C=NL
-----BEGIN CERTIFICATE-----
MIIBwTCCAWagAwIBAgIUYfwEDmHlGFzjk0ghWtAbVgPhdAswCgYIKoZIzj0EAwIw
PTELMAkGA1UEBhMCTkwxDTALBgNVBAoMBFlpdmkxHzAdBgNVBAMMFllpdmkgUmVx
dWVzdG9ycyBSb290Q0EwIBcNMjUwNzE1MDg0ODM1WhgPMjA1NTA3MDgwODQ4MzRa
MD0xCzAJBgNVBAYTAk5MMQ0wCwYDVQQKDARZaXZpMR8wHQYDVQQDDBZZaXZpIFJl
cXVlc3RvcnMgUm9vdENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+Z+lxTy+
1xYXBT4kuyGBlbnbpcQFNgUaulP19mAqjme7Uv998RND8jgwxfwbEswk1m/xA323
mAPMYJD4GM38EKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU6h4COg3Q
DNkqZnZib7FOlaKlOSEwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA0kAMEYC
IQDqXBwGeGI9q1kqc3t4PEXJASETzL5WBycnNH6052GNFAIhAKAkzL/N+7IoDHVq
zLVVVuKy/Xcv9t+0zLgxXD3ia4hM
MIIB8jCCAZmgAwIBAgIUd8FwrZvzZ0+08+A0VNFgX5f/eIwwCgYIKoZIzj0EAwQw
RjELMAkGA1UEBhMCTkwxDTALBgNVBAoMBFlpdmkxKDAmBgNVBAMMH1lpdmkgU3Rh
Z2luZyBSZXF1ZXN0b3JzIFJvb3QgQ0EwIBcNMjUwODA4MTAwMDUzWhgPMjA1NTA4
MDExMDAwNTJaMEYxCzAJBgNVBAYTAk5MMQ0wCwYDVQQKDARZaXZpMSgwJgYDVQQD
DB9ZaXZpIFN0YWdpbmcgUmVxdWVzdG9ycyBSb290IENBMFkwEwYHKoZIzj0CAQYI
KoZIzj0DAQcDQgAECTtfysVgEPFVKrVL8FM/Jx3E64qquuKSfG2ZqEucIkH6QHGL
eJPEEhA1RUyGtPTLIZTjY5rHwR6foTSVThGrraNjMGEwDwYDVR0TAQH/BAUwAwEB
/zAfBgNVHSMEGDAWgBRjtHvVs5rhDnC0L2AUi+7ncyXe1jAdBgNVHQ4EFgQUY7R7
1bOa4Q5wtC9gFIvu53Ml3tYwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMEA0cA
MEQCIDCSNbPoyhDZ5A3SWupsyPj/tDF4xNoHYnE0WFIs2pz8AiA9mhXswiJPFbVR
9dYSupOhXkuQRk8CgJuN++OnESd8uw==
-----END CERTIFICATE-----
Subject: CN=Yivi Attestation Providers CA,O=Yivi,C=NL
Issuer: CN=Yivi Requestors RootCA,O=Yivi,C=NL
Subject: CN=Yivi Staging Attestation Providers CA,O=Yivi,C=NL
Issuer: CN=Yivi Staging Requestors Root CA,O=Yivi,C=NL
-----BEGIN CERTIFICATE-----
MIIDdTCCAxugAwIBAgIUN66rLur/gwVXKSWEDCFCmG/cXZQwCgYIKoZIzj0EAwIw
PTELMAkGA1UEBhMCTkwxDTALBgNVBAoMBFlpdmkxHzAdBgNVBAMMFllpdmkgUmVx
dWVzdG9ycyBSb290Q0EwHhcNMjUwNzE1MDk0NzAxWhcNMzkwNzEyMDk1MzAwWjBE
MQswCQYDVQQGEwJOTDENMAsGA1UECgwEWWl2aTEmMCQGA1UEAwwdWWl2aSBBdHRl
c3RhdGlvbiBQcm92aWRlcnMgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQZ
Zfj0UgMD/K9zScgMsO6J8z9UGr4KKUbarTgzU8b7+1JvX/rQ7JwyKK17RAuLIjg4
qETJKpepQWXsdbmTbWg7o4IB8DCCAewwEgYDVR0TAQH/BAgwBgEB/wIBADAfBgNV
HSMEGDAWgBTqHgI6DdAM2SpmdmJvsU6VoqU5ITCBywYIKwYBBQUHAQEEgb4wgbsw
dAYIKwYBBQUHMAKGaGh0dHBzOi8vY2Euc3RhZ2luZy55aXZpLmFwcC9lamJjYS9w
dWJsaWN3ZWIvY2VydGlmaWNhdGVzL3NlYXJjaC5jZ2k/c0tJREhhc2g9Nmg0Q09n
M1FETmtxWm5aaWI3Rk9sYUtsT1NFMEMGCCsGAQUFBzABhjdodHRwczovL2NhLnN0
YWdpbmcueWl2aS5hcHAvZWpiY2EvcHVibGljd2ViL3N0YXR1cy9vY3NwMIG3BgNV
HR8Ega8wgawwgamgZKBihmBodHRwczovL2NhLnN0YWdpbmcueWl2aS5hcHAvZWpi
Y2EvcHVibGljd2ViL2NybHMvc2VhcmNoLmNnaT9zS0lESGFzaD02aDRDT2czUURO
a3FablppYjdGT2xhS2xPU0WiQaQ/MD0xHzAdBgNVBAMMFllpdmkgUmVxdWVzdG9y
cyBSb290Q0ExDTALBgNVBAoMBFlpdmkxCzAJBgNVBAYTAk5MMB0GA1UdDgQWBBTb
73uxigF5vYzKQAyWIJB+4ng2kTAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwID
SAAwRQIhAOGr5oI72XKrw51MxGf60Z6fBJskxvnBKDtBOAyqGF3IAiA7RHnTMnM+
HlY1fmz1gEdQ5OQhwWn9AsMlhMvSDlZKBg==
-----END CERTIFICATE-----`
MIICbTCCAhSgAwIBAgIUX8STjkv3TRF5UBstXlp4ILHy2h0wCgYIKoZIzj0EAwQw
RjELMAkGA1UEBhMCTkwxDTALBgNVBAoMBFlpdmkxKDAmBgNVBAMMH1lpdmkgU3Rh
Z2luZyBSZXF1ZXN0b3JzIFJvb3QgQ0EwHhcNMjUwODEyMTUwODA1WhcNNDAwODA4
MTUwODA0WjBMMQswCQYDVQQGEwJOTDENMAsGA1UECgwEWWl2aTEuMCwGA1UEAwwl
WWl2aSBTdGFnaW5nIEF0dGVzdGF0aW9uIFByb3ZpZGVycyBDQTBZMBMGByqGSM49
AgEGCCqGSM49AwEHA0IABMDTwj6APykJnBdr0sCO8LpkULpbXFOBWV47hKKsJHsa
CVMarjLCYU3CV57UdklHSlMrtm7vfoDpYn4BvUv00UqjgdkwgdYwEgYDVR0TAQH/
BAgwBgEB/wIBADAfBgNVHSMEGDAWgBRjtHvVs5rhDnC0L2AUi+7ncyXe1jBwBgNV
HR8EaTBnMGWgY6Bhhl9odHRwczovL2NhLnN0YWdpbmcueWl2aS5hcHAvZWpiY2Ev
cHVibGljd2ViL2NybHMvc2VhcmNoLmNnaT9pSGFzaD1rRkNPdDhOTGhKOGcwV3FN
QW5sJTJCdm9OMlJ1WTAdBgNVHQ4EFgQUEjcBLRMmQGBJO0h04IL5Jwha1rEwDgYD
VR0PAQH/BAQDAgGGMAoGCCqGSM49BAMEA0cAMEQCIDEaWIs4uSm8KVQe+fy0EndE
Taj1ayt6dUgKQY/xZBO3AiAPYGwRlZMzbeCTFQ2ORLJiSowRtXzbmXpNDSyvtn7e
Dw==
-----END CERTIFICATE-----
`

// DefaultVerifierTrustAnchor_YiviStaging is the default issuer trust anchor for Yivi staging and will be replaced with the actual trust anchor for Yivi production (TODO)
const DefaultVerifierTrustAnchor_YiviStaging = `
Subject: CN=Yivi Requestors RootCA,O=Yivi,C=NL
Issuer: CN=Yivi Requestors RootCA,O=Yivi,C=NL
Subject: CN=Yivi Staging Requestors Root CA,O=Yivi,C=NL
Issuer: CN=Yivi Staging Requestors Root CA,O=Yivi,C=NL
-----BEGIN CERTIFICATE-----
MIIBwTCCAWagAwIBAgIUYfwEDmHlGFzjk0ghWtAbVgPhdAswCgYIKoZIzj0EAwIw
PTELMAkGA1UEBhMCTkwxDTALBgNVBAoMBFlpdmkxHzAdBgNVBAMMFllpdmkgUmVx
dWVzdG9ycyBSb290Q0EwIBcNMjUwNzE1MDg0ODM1WhgPMjA1NTA3MDgwODQ4MzRa
MD0xCzAJBgNVBAYTAk5MMQ0wCwYDVQQKDARZaXZpMR8wHQYDVQQDDBZZaXZpIFJl
cXVlc3RvcnMgUm9vdENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+Z+lxTy+
1xYXBT4kuyGBlbnbpcQFNgUaulP19mAqjme7Uv998RND8jgwxfwbEswk1m/xA323
mAPMYJD4GM38EKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU6h4COg3Q
DNkqZnZib7FOlaKlOSEwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA0kAMEYC
IQDqXBwGeGI9q1kqc3t4PEXJASETzL5WBycnNH6052GNFAIhAKAkzL/N+7IoDHVq
zLVVVuKy/Xcv9t+0zLgxXD3ia4hM
MIIB8jCCAZmgAwIBAgIUd8FwrZvzZ0+08+A0VNFgX5f/eIwwCgYIKoZIzj0EAwQw
RjELMAkGA1UEBhMCTkwxDTALBgNVBAoMBFlpdmkxKDAmBgNVBAMMH1lpdmkgU3Rh
Z2luZyBSZXF1ZXN0b3JzIFJvb3QgQ0EwIBcNMjUwODA4MTAwMDUzWhgPMjA1NTA4
MDExMDAwNTJaMEYxCzAJBgNVBAYTAk5MMQ0wCwYDVQQKDARZaXZpMSgwJgYDVQQD
DB9ZaXZpIFN0YWdpbmcgUmVxdWVzdG9ycyBSb290IENBMFkwEwYHKoZIzj0CAQYI
KoZIzj0DAQcDQgAECTtfysVgEPFVKrVL8FM/Jx3E64qquuKSfG2ZqEucIkH6QHGL
eJPEEhA1RUyGtPTLIZTjY5rHwR6foTSVThGrraNjMGEwDwYDVR0TAQH/BAUwAwEB
/zAfBgNVHSMEGDAWgBRjtHvVs5rhDnC0L2AUi+7ncyXe1jAdBgNVHQ4EFgQUY7R7
1bOa4Q5wtC9gFIvu53Ml3tYwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMEA0cA
MEQCIDCSNbPoyhDZ5A3SWupsyPj/tDF4xNoHYnE0WFIs2pz8AiA9mhXswiJPFbVR
9dYSupOhXkuQRk8CgJuN++OnESd8uw==
-----END CERTIFICATE-----
Subject: CN=Yivi Relying Parties CA,O=Yivi,C=NL
Issuer: CN=Yivi Requestors RootCA,O=Yivi,C=NL
Subject: CN=Yivi Staging Relying Parties CA,O=Yivi,C=NL
Issuer: CN=Yivi Staging Requestors Root CA,O=Yivi,C=NL
-----BEGIN CERTIFICATE-----
MIIDbzCCAxWgAwIBAgIUX1VHxaun5d4JgoXFLkEqK2LBXIYwCgYIKoZIzj0EAwIw
PTELMAkGA1UEBhMCTkwxDTALBgNVBAoMBFlpdmkxHzAdBgNVBAMMFllpdmkgUmVx
dWVzdG9ycyBSb290Q0EwHhcNMjUwNzE1MDk0MjIyWhcNMzkwNzEyMDk0ODIxWjA+
MQswCQYDVQQGEwJOTDENMAsGA1UECgwEWWl2aTEgMB4GA1UEAwwXWWl2aSBSZWx5
aW5nIFBhcnRpZXMgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQZZfj0UgMD
/K9zScgMsO6J8z9UGr4KKUbarTgzU8b7+1JvX/rQ7JwyKK17RAuLIjg4qETJKpep
QWXsdbmTbWg7o4IB8DCCAewwEgYDVR0TAQH/BAgwBgEB/wIBADAfBgNVHSMEGDAW
gBTqHgI6DdAM2SpmdmJvsU6VoqU5ITCBywYIKwYBBQUHAQEEgb4wgbswdAYIKwYB
BQUHMAKGaGh0dHBzOi8vY2Euc3RhZ2luZy55aXZpLmFwcC9lamJjYS9wdWJsaWN3
ZWIvY2VydGlmaWNhdGVzL3NlYXJjaC5jZ2k/c0tJREhhc2g9Nmg0Q09nM1FETmtx
Wm5aaWI3Rk9sYUtsT1NFMEMGCCsGAQUFBzABhjdodHRwczovL2NhLnN0YWdpbmcu
eWl2aS5hcHAvZWpiY2EvcHVibGljd2ViL3N0YXR1cy9vY3NwMIG3BgNVHR8Ega8w
gawwgamgZKBihmBodHRwczovL2NhLnN0YWdpbmcueWl2aS5hcHAvZWpiY2EvcHVi
bGljd2ViL2NybHMvc2VhcmNoLmNnaT9zS0lESGFzaD02aDRDT2czUUROa3Fablpp
YjdGT2xhS2xPU0WiQaQ/MD0xHzAdBgNVBAMMFllpdmkgUmVxdWVzdG9ycyBSb290
Q0ExDTALBgNVBAoMBFlpdmkxCzAJBgNVBAYTAk5MMB0GA1UdDgQWBBTb73uxigF5
vYzKQAyWIJB+4ng2kTAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwIDSAAwRQIh
AJ345PijWRJZ2kztubVPfDWY+F8ipBFQ4NFrv2BgDESAAiB8I/dol3DCLBYtRIwr
1j+O4+RgM6cvGWwb5pGToMVmxw==
MIICaDCCAg6gAwIBAgIUVbrz0YgTTgjJE/qHcwLtn6lT4pEwCgYIKoZIzj0EAwQw
RjELMAkGA1UEBhMCTkwxDTALBgNVBAoMBFlpdmkxKDAmBgNVBAMMH1lpdmkgU3Rh
Z2luZyBSZXF1ZXN0b3JzIFJvb3QgQ0EwHhcNMjUwODA4MTEzMDUxWhcNNDAwODA0
MTEzMDUwWjBGMQswCQYDVQQGEwJOTDENMAsGA1UECgwEWWl2aTEoMCYGA1UEAwwf
WWl2aSBTdGFnaW5nIFJlbHlpbmcgUGFydGllcyBDQTBZMBMGByqGSM49AgEGCCqG
SM49AwEHA0IABD6/Jx9e/BIjRZQNSMcyvb6jcv9jtE9DEnQUgdkR4ZbMsEqAa6Kj
SF358k8N8DrV3nRvi2jbcnXP2gWXc3yTpZujgdkwgdYwEgYDVR0TAQH/BAgwBgEB
/wIBADAfBgNVHSMEGDAWgBRjtHvVs5rhDnC0L2AUi+7ncyXe1jBwBgNVHR8EaTBn
MGWgY6Bhhl9odHRwczovL2NhLnN0YWdpbmcueWl2aS5hcHAvZWpiY2EvcHVibGlj
d2ViL2NybHMvc2VhcmNoLmNnaT9pSGFzaD1rRkNPdDhOTGhKOGcwV3FNQW5sJTJC
dm9OMlJ1WTAdBgNVHQ4EFgQUn+JmQGo29ozmYyzmKGG5lYN5maEwDgYDVR0PAQH/
BAQDAgGGMAoGCCqGSM49BAMEA0gAMEUCIQDs40VU7/tHrBsHdwVj2kc+ZqpvLoOf
EtyHWcNN5HZpUAIgI3qf4KxHuFXdzEakHYb4aOpiQI9O7Sk8TUxJT7jymXM=
-----END CERTIFICATE-----
`
5 changes: 4 additions & 1 deletion eudi/verifier_validator.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,15 @@ import (
"encoding/json"
"fmt"
"strings"
"time"

"github.com/go-errors/errors"
"github.com/golang-jwt/jwt/v5"
"github.com/privacybydesign/irmago/eudi/openid4vp"
)

const SchemeExtensionOID = "2.1.123.1"
const ClockSkew = 300 * time.Second

// VerifierValidator is an interface to be used to verify verifiers by parsing and verifying the
// authorization request and returning the requestor info for the verifier.
Expand Down Expand Up @@ -106,8 +108,9 @@ func (v *RequestorCertificateStoreVerifierValidator) createAuthRequestVerifier()
certVerifyOpts := x509.VerifyOptions{
Roots: v.model.GetRootCerts(),
Intermediates: v.model.GetIntermediateCerts(),
KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
DNSName: hostname,
CurrentTime: time.Now().Add(-ClockSkew), // Adjust to account for skew
}

parsedCert, err := getEndEntityCertFromX5cHeader(token)
Expand Down
12 changes: 6 additions & 6 deletions testdata/eudi/verifier/chain.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIbVTCCGvugAwIBAgIUaJZX+x6EoPXdaSmPDvV1+lwb4nkwCgYIKoZIzj0EAwIw
MIIbVDCCGvugAwIBAgIUYJgzQsuejq3oRk+rDTkiJ2ppIM0wCgYIKoZIzj0EAwIw
RzELMAkGA1UEBhMCTkwxGTAXBgNVBAoMEERlbW8gVmVyaWZpZXIgQ0ExHTAbBgNV
BAMMFERlbW8gUmVxdWVzdG9ycyBSb290MB4XDTI1MDgwNTA5NTAzMloXDTI3MTEw
ODA5NTAzMlowPzELMAkGA1UEBhMCTkwxDTALBgNVBAoMBFlpdmkxEjAQBgNVBAMM
BAMMFERlbW8gUmVxdWVzdG9ycyBSb290MB4XDTI1MDgxMzA2NDgxNVoXDTI3MTEx
NjA2NDgxNVowPzELMAkGA1UEBhMCTkwxDTALBgNVBAoMBFlpdmkxEjAQBgNVBAMM
CWxvY2FsaG9zdDENMAsGA1UEBRMEMTIzNDBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABOuqqlgV4cdjZ8wRoe9SaKEfWrMxTY2A+cr95aEh7oDDxP/9D09lUIJ1MfBr
l9svmW5C18Olt7tE+x+rU5VDACujghnLMIIZxzAmBgNVHREEHzAdhhBodHRwOi8v
bG9jYWxob3N0gglsb2NhbGhvc3QwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBaAw
EwYDVR0lBAwwCgYIKwYBBQUHAwEwghkrBgNRewEEghkiDIIZHnsicmVnaXN0cmF0
EwYDVR0lBAwwCgYIKwYBBQUHAwIwghkrBgNRewEEghkiDIIZHnsicmVnaXN0cmF0
aW9uIjoiaHR0cHM6Ly9wb3J0YWwuZGV2L29yZ2FuaXphdGlvbnMveWl2aS8iLCJv
cmdhbml6YXRpb24iOnsibG9nbyI6eyJtaW1lVHlwZSI6ImltYWdlL3BuZyIsImRh
dGEiOiJpVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBR1FBQUFCa0NBSUFBQUQvZ0FJ
Expand Down Expand Up @@ -143,8 +143,8 @@ cmVkZW50aWFsIjoicGJkZi5nZW1lZW50ZS5wZXJzb25hbERhdGEiLCJhdHRyaWJ1
dGVzIjpbIm92ZXIxOCJdfV0sInB1cnBvc2UiOnsiZW4iOiJBZ2UgdmVyaWZpY2F0
aW9uIiwibmwiOiJMZWVmdGlqZHN2ZXJpZmljYXRpZSJ9fX0wHQYDVR0OBBYEFHnL
9P1C3+jruk4O5bBBxExmGL3uMB8GA1UdIwQYMBaAFDz3b3XVIzc6lHcdBjuEo5SA
4pZ2MAoGCCqGSM49BAMCA0gAMEUCIFq1Dxgg0Yu3dTDxjWPckh5NkzqkrrONdLUP
rJ1IYU80AiEAvGy1pGLDXQ6JF+wbo6AZq2FNse8JAftg9M1iaQbAT7U=
4pZ2MAoGCCqGSM49BAMCA0cAMEQCICfdWtoKEIOO9r7XZO4iBoo7XZEuSdlwMpKn
26XTaYJ9AiAjb0fPrJH6n3re7ht+QjX9+ilUfulWJFhrWlZxLIx+IQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIB5DCCAYmgAwIBAgIUKp3l1e+X2zF9p49OH70NS4rA3VcwCgYIKoZIzj0EAwIw
Expand Down
2 changes: 1 addition & 1 deletion testdata/eudi/verifier/end-entity.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ CN = localhost
subjectAltName = @alt_names
basicConstraints = critical,CA:false
keyUsage = digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth
extendedKeyUsage = clientAuth
2.1.123.1 = ASN1:UTF8String:{\"registration\":\"https://portal.dev/organizations/yivi/\",\"organization\":{\"logo\":{\"mimeType\":\"image/png\",\"data\":\"iVBORw0KGgoAAAANSUhEUgAAAGQAAABkCAIAAAD/gAIDAAABg2lDQ1BJQ0MgUHJvZmlsZQAAKM+VkT1Iw0AcxV/TSkUqDnYQcQhYxcEuKuLYVqEIFUKt0KqDyaVf0KQhSXFxFFwLDn4sVh1cnHV1cBUEwQ8QVxcnRRcp8X9JoUWo4IXjfrzLe9y9A4RGhWlWIAZoum2mkwkxm1sVg68I0BfCKCZkZhlxSUqh6/i6h4+vd1Gehf+NfjVvMcAnEseYYdrEG8Szm7bBeZ84zEqySnxOPGnSAYkfua54/Ma56LLAM8NmJj1PHCYWix2sdDArmRrxDHFE1XTKF7Ieq5y3OGuVGmudk98wlNdXlrlOcwRJLGIJEkQoqKGMCmxEadVJsZCm/UQX/7Drl8ilkKsMRo4FVKFBdv3gb/C7W6swPeUlhRJAz4vjfIwBwV2gWXec72PHaZ4A/mfgSm/7qw1g7pP0eluLHAED28DFdVtT9oDLHWDoyZBN2ZX8NIVCAXg/o2fKAYO3QN+a11trH6cPQIa6St0AB4fAeJGy17vcu7eztz//afX3A4g1cq9dzZTfAAAACXBIWXMAAA3WAAAN1gGQb3mcAAAAGHRFWHRTb2Z0d2FyZQBQYWludC5ORVQgNS4xLjgbaeqoAAAAjGVYSWZJSSoACAAAAAUAGgEFAAEAAABKAAAAGwEFAAEAAABSAAAAKAEDAAEAAAACAAAAMQECABAAAABaAAAAaYcEAAEAAABqAAAAAAAAAIhfAQDoAwAAiF8BAOgDAABQYWludC5ORVQgNS4xLjgAAgAAkAcABAAAADAyMzABoAMAAQAAAP//AAAAAAAAOkiPeVdr+akAAA9NSURBVHhe7ZpZcBzHecf/3T3XXtjFzQWJiyABkMRByiQBXpJsMWJJliLHsVOJypVTL0lKj5Hj5CUPsfMQO67cFaeiJCpbcQ6nKkpFsiXajCRK0EFJ5mGIIkhCICESBEBce+/M9JeHWezOzkIyBlSoFDO/ajyg55vpmX/P/+ue7mVEhID1wb0VAR9OIJYPArF8EIjlg0AsHwRi+SAQyweBWD4IxPJBIJYPArF8EIjlg0AsHwRi+SAQyweBWD4IxPJBIJYPArF8EIjlg0AsHwRi+SAQyweBWD5gn9Qmq8zm7HSaqaqSiIMx7+GPAzuTkZks0zQlEfce2xCfgFhkWcs/+FH6O/9hj19l8ZB2bLT+S1/UO7Z4424Bmc8v/ef3M9/9L3lxhjXFjIfvTjz681pLszfOJ7ddLKL5J7+deuz3GLpZUoMpaf4mP9LX+u0/+bj0Isua/eZfZ5/4Y651o1FFQdLCjPLFI61/+VW1uckb7YfbnbMy595NP/Z13t7PukMwBGIq27pJvnxh8R++S1J6ozdE+vVT2Sf+jHftwGYDhkBcZVvbrX99aenfnvGG+uR2i5UdexMAFFe7BNbWVHjquHlj1hW4UYgyJ15lSMCdBgmsIZn73nFradlV65vbK5aU1tQHQNhbr3G6dNNaXPLW+0cWTXtyGgh5D0QEvTNjr6S89X64vWIxxnQNqLEbAeBMUbz1/mGcwfiQJmIKU4S33g+3Wyxt53ZgpcojAJZN/pmtasstZV8HpqraYF9tEzSdF0f6lPr6qlqf3F6xgOihETa8HVN598PIpcnIr39eSSTckRsmevQeoA5LZqUJSYQr0Ud/loeM6lh/3PapA5Aae3Phkd+luRtAHWAR5kJ/8FvNv/PbIlyTyzbK0vM/Wjr2FSAPRIAiYTHyp19u/s1fY6rqDfXDJyAWgPz7U6kXXjQvTPK6aOjwvtjBEa7r3qBbI/feROr4S9bkVdGUCN99ILr/U7eeEz8ZsUoQ/S996FT4WJtYl1hSykwqtWZgJBYVYo0hJp/LFQtFz30SoBA05x9W+sPqdS0iqnkwBuh1McbXyK25bNYsmt4mCCpQMlt1EyREUVsjZzGGkKZ4G16L9Yll23/3tW+ee+5Vra4yf5GE+EL68Sf/qH5wZ1U0AODpP//Wa9951khE3FcvMvaFQ3u2/vdbti3dCZ6b9mxf95wp1Zk5iIouJEnLm3c9+dXI1q5KNADAtqy//cNvnD/+hhY1nG5gAAG2oT36qV3JF96wBa80QRCZ3OSD941/9hGFyJmqOJiSehLho/2byjUfwRo9VgsXom/v8PzYhfTkfLksTM23nZqUr53yRgPLC4tvP3MiP72ScsUv/2RGjRhdewbtH16hs7PuIk9OXzDCK51d8sx16+pSpVxbNl48n3/njLcBYO7G7Ol/PpG7tpyanHdaSU3OL56ajiebNg/0Wy9P0DlXE+dmrTevX8zmC7Ys2LJgUbnkLbklUTOD/RDWJRaA3oGd8Z3tTOHcUJyi6EpvY2Px+Kt2JusJnrxwce74hNoYKgdzQ7Gm80OfHmnYnJQoIKaWC4sq+bbQZUUU+vuR0JkmmF4qXBMxJZY/MSZN09PExNnxzPlZJaZXNXEzt/ue0VhLE8FyN8EjSmpT5ApjKsAAxkoFDBFVtCXWOwqvV6zmZGv/Q6PF2ZIuNtBEaK3Tiv9yqjD5vif43Otv8dXUVMZGfmDfXYqqAra7nhNmw8rNopnflLT6O2BaTj0BmpR6m2Y+OVaYvuY+RdryzMnXtUTUXQkCg9i5Z4gx7jaa8+FwPSxSRJ7EZEtqi+p1xnrnE+sVSyjK0JGR4nza+dcEttkUBghW9tSP3ZErS8tnn39V3171JLJgNd7bs7Vvm6xZWiCFT2pc2rYZDheGd7FUoVTPEDFtwRly89kzP3GfMn/jxrvPvqa1RdyVVrrY/ovDW7o6pF3VGQCkyicUxmqysyR0N1Rd5KNZr1gAegd3RbY3ki2dMabHkowAJZ5/4RU7myuHTU1cuvHseRGq6q7ipcyu+w8k4nEpq56EEfK6mJBSIQJjmd5eiFL3M0Kk9JbF8yfGpFV64wBcHD+/8s415l66AAqTK0P3HQzpumeph0lKG+KSZXvGbAJCCm9bd8LyJ1ZLW7L3oRFzLieBRsImmyQD26xbT58qTF0ph517420G72TCtHKDB/fBNVFw4ETzurhuSsHApMwm2+wdHShajgcN0yYGtiVs/tNY4dqMc4qU8szJN9RodaIhANi1d0/ln1U4Y9c1sWBK1+gIx4PJqFYX8qaLj8CHWIqqDN09WphNmQzbbIrI0mIBkM+9ddqJSS2vnHn+FX1bzH2iLNoNh7p6dvS5K0sIPqlwy5YAQGSGw/nhnSxdIMYili2cd0TlmJ3JnR13zrg5Ozf+3JjWXmUfO1vc8oWh9h7vDAOAVPglzphVNVlxvhe7GyLrmV6V8SEWgL7dA6GuerKpxya22n+MxXMvnJS5PIArlyevPzPu9eBUZsex0YaaJd2SB4mU8uvGeaa/H4wxomjRKk0pAaAud+JVadkALr17YemNq1ytenkLl1KDnzkQjVV1kjONzBjikpSeHE6AofD1j4MO/sRqbUv2PLyvbj6XtEiWH6TDsJ46Vbg67YyDDMzTh2YuO3x4hNXMzjnRvCGu2VIpnyBlLtlm9W3WCqbjQQe2OWL++1jxxiyAM6+8rhrehyTIgZG7PJUAONiMLm7akle3bkvaFNETfjzoWyxV0wbvOdA1sxyRrtzDGZDOnz6XyeXO/nBM76n2oGkn9rd/iAfZ+wo3XbN5RlSMRPPDuyJzGSFdqUfjmPyg8O57C4tL498f07o8HjSTj+zq6NnqrnQghV3iDO5LAaseDNd030/Bn1gAduwe3BGOccvTfLz4yqn33zlz7eUJEa7qLnM6239spLFmG4oRCrq4SKS6r0QgzjL9/dHZgidPA7H82FsX3j699Mo1rlV78GJq8L4DsXidu7LkQV25JKVSfSUCdME3+/TgRsTavKWt90v77KuVuQIA1hkyXzp7+q+eQr3h8WAxldl99yiv+RJmRDd1ZdqWq1MFB4KUrGOLcbSbMpW5AgDWHi08N/bjv3la6feKQrAHR/d6Kh0P3tDFnLcJ2JI2RbVEdaeuB+8z/FRUXa87ephQtbnAODMX8+zMVUWv6nOyZN3uZM/OfnelAxNsSuFFu5L6HCxbdnUno5//NM1VN6FwcyatvHud61XLUnbObHmgr2PbWh4U7LJgtJYHO+vDniy2HnyLBSC0ZwiIw3bdBFHWUKMhPca5e0ZYvJbtf3C0ubXFVYdSbtLFBVR7EHBuqKspFh65C3DmJqsQZUJqQ0jTUR6HAaA4kR68/2C83rskzSRlDcVrc+crSvD2hI+Je5mNiKW3b1Z/Yz9dcTuRpTXFILQK4U79xaX08JFRXrPgxQgLuvJBjUEkocFQmsKqvrWbHxvEcrF8iBhLqUqEWJMQ7v6wYX6IBzGri1nLrmmCWiMb8eAGxeK6bhw9BFQ2LC3BsorgkpJclFcmyZLRnS3bBnZUzlyFcTal8nytB4k6EiGNMyVepz1whBZXSvGAKXhOCIUoyStiybzVfHRbV2+P6xolSOGXBZM1HrQlOhNhwX17cINiAQjvGQIizpDMiHKqYjJGQD14RHDnBos3sn0PjbZs8q6rMVBRFxMgzyDlTEI6V79sw6OfAlZzPFFGU2wOApoY11jJiYUL6cFjhxINDZVLAE4TOV1MSFnrQVWwjnrf46DDBsXSO9uVX9mPqTxQ8iAxEGBItAphEwEo3kwPHxkRNfuaDFg0xFVLepZyJVFCV1qipZXfUG8Pu28AK6bjwYyqMAIBUWKNq060kR84sIYHGTCni9m1bN4S1uojG9wc2aBY3DBC9x0kLJc96PQ1I9rEBRgjW0Z6m3qHdnnPBBjYFVXkvB5ktqSOeEhf/Y5R6xP6A4fo5krZg068IEpyLivLPturLlOCX1a4XetBoq760MY8uHGxAIT27gYMZlNeVczVbxkCGsDDghdnc9sf2t+STHpPA0woa3iQiDHWVb26FDq4FyiAKKsplutOm5lQGStMpHcdO1jf1Og+xRk98lBrx0EQKZy1129kHHTYuFhGZ4fy6F5M59OqUv6IIyAk0SJEdm5l+O5RRfVu1XFgCeoVu9aDqNNFS6xq9yXUt50d2UlpK60q5fmCBGLEGjkvyNVln2oYMAdtpmYctCQ1hdSGjXrwlsTi4ZBx9KApUxm15EEHRrQJPNTd0Dc84I4vHQWbComs14MwLdkZDxnVawlaQ73+4EFzPpurdo4garVRf3jr2p+cDJfBrRoPWjZ11YeVjXrwlsQCENl3Vx5hs3obkwiJ5eLAw/tb2tb0IC7kiixnyoJVKSmTpOxcyyDhw/szKFo2wZQwbaeQKRunskPHRhtqPAigAPYe8jzvun7BsueLgqPD//egm1sSS+/uLP7qfhQtrvByYSoPTeUP3XtQ09aY+KWEmNvTnOhsjLQ3lEuot2lzMtFat8YOqNHfm/vsHhbWWNxg8ZBTEDdicX30yIHaZR8AS4qysrM13lG5fqS9ITTU3JVMNEY37kHHNN7Xdf3IQuHK479vPnuaNVSek2zCYmHzy98K93RXRQMAioViJp1mzMktq3ujBKEotcsGAIgot7BIzjJO1Z2SkYiLtfojn8/nMlnGqk4ggqqptauDvrglsVZOvrZ45HHWUe9eaaCprPrYSPIvvsY+7t96fOL4sKGdSmXHz5sLC3Ymay0tr5wcW/ry19EYI8GIuwqWjJ85fOcp5e/NKly5er3zc/xAF0s20M0V+eJl1hRDnVrlDlNixWo9/Y9GV4er9g7Bx5tFREyL0vlF+YMJGp9nXQ2IVSvFQNMLxlc+Z3S2u2rvHHyIBVtSUSKmoEVHtLLJUCFtseZE/Bce+Rh/EvV/Ch9ikW0D9hoaOSNbwZazV+N//4RR8/OgOwYfYkHKypqJm6Kky4t0bTn+vW8kHrzfe/QOwkeCz46fv7FrL0MnoKxuf9oAsS1J7Zfvjf/Sz4UH1vhV252ED7FkNpc9/545fd1eXIJlQ3AejahtSa1ji5ZsZTVrx3cePsQK8JOz/t8TiOWDQCwfBGL5IBDLB4FYPgjE8kEglg8CsXwQiOWDQCwfBGL5IBDLB4FYPgjE8kEglg8CsXwQiOWDQCwfBGL5IBDLB4FYPgjE8kEglg8CsXwQiOWD/wEhyYVr0vqJXgAAAABJRU5ErkJggg==\"},\"legalName\":{\"en\":\"Yivi B.V.\",\"nl\":\"Yivi B.V.\"}},\"rp\":{\"authorized\":[{\"credential\":\"pbdf.gemeente.personalData\",\"attributes\":[\"over18\"]}],\"purpose\":{\"en\":\"Age verification\",\"nl\":\"Leeftijdsverificatie\"}}}

[ alt_names ]
Expand Down
Binary file modified testdata/eudi/verifier/keystore.p12
View file
Open in desktop
Binary file not shown.
Loading