Validate UZI number before credential creation

Moved UZI number validation to check before generating uraCredential, ensuring serialNumber matches UZI number early in the process. Also removed redundant serialNumber parameter from uraCredential function.
nuts-foundation · Nov 1, 2024 · 8b1feb5 · 8b1feb5
1 parent 956e42c
commit 8b1feb5
Showing 1 changed file with 11 additions and 12 deletions.
diff --git a/uzi_vc_issuer/ura_issuer.go b/uzi_vc_issuer/ura_issuer.go
@@ -110,7 +110,14 @@ func BuildUraVerifiableCredential(chain []*x509.Certificate, signingKey *rsa.Pri
 	if err != nil {
 		return nil, err
 	}
-	template, err := uraCredential(did, otherNameValue, serialNumber, subjectDID)
+	uzi, _, _, err := x509_cert.ParseUraFromOtherNameValue(otherNameValue)
+	if err != nil {
+		return nil, err
+	}
+	if uzi != serialNumber {
+		return nil, errors.New("serial number does not match UZI number")
+	}
+	template, err := uraCredential(did, otherNameValue, subjectDID)
 	if err != nil {
 		return nil, err
 	}
@@ -255,16 +262,9 @@ func convertHeaders(headers map[string]interface{}) (jws.Headers, error) {
 
 // uraCredential generates a VerifiableCredential for a given URA and UZI number, including the subject's DID.
 // It sets a 1-year expiration period from the current issuance date.
-func uraCredential(issuer string, otherNameValue string, serialNumber string, subjectDID string) (*vc.VerifiableCredential, error) {
+func uraCredential(issuer string, otherNameValue string, subjectDID string) (*vc.VerifiableCredential, error) {
 	exp := time.Now().Add(time.Hour * 24 * 365 * 100)
 	iat := time.Now()
-	uzi, _, _, err := x509_cert.ParseUraFromOtherNameValue(otherNameValue)
-	if err != nil {
-		return nil, err
-	}
-	if uzi != serialNumber {
-		return nil, errors.New("serial number does not match UZI number")
-	}
 	return &vc.VerifiableCredential{
 		Issuer:         ssi.MustParseURI(issuer),
 		Context:        []ssi.URI{ssi.MustParseURI("https://www.w3.org/2018/credentials/v1")},
@@ -274,9 +274,8 @@ func uraCredential(issuer string, otherNameValue string, serialNumber string, su
 		ExpirationDate: &exp,
 		CredentialSubject: []interface{}{
 			map[string]interface{}{
-				"id":           subjectDID,
-				"serialNumber": serialNumber,
-				"otherName":    otherNameValue,
+				"id":        subjectDID,
+				"otherName": otherNameValue,
 			},
 		},
 	}, nil