From 8b1feb5569eb03238fed25a8645d914c2a20f6d8 Mon Sep 17 00:00:00 2001
From: Roland Groen <roland@headease.nl>
Date: Fri, 1 Nov 2024 13:32:26 +0100
Subject: [PATCH] Validate UZI number before credential creation

Moved UZI number validation to check before generating uraCredential, ensuring serialNumber matches UZI number early in the process. Also removed redundant serialNumber parameter from uraCredential function.
---
 uzi_vc_issuer/ura_issuer.go | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/uzi_vc_issuer/ura_issuer.go b/uzi_vc_issuer/ura_issuer.go
index 5054a2a..6d7b522 100644
--- a/uzi_vc_issuer/ura_issuer.go
+++ b/uzi_vc_issuer/ura_issuer.go
@@ -110,7 +110,14 @@ func BuildUraVerifiableCredential(chain []*x509.Certificate, signingKey *rsa.Pri
 	if err != nil {
 		return nil, err
 	}
-	template, err := uraCredential(did, otherNameValue, serialNumber, subjectDID)
+	uzi, _, _, err := x509_cert.ParseUraFromOtherNameValue(otherNameValue)
+	if err != nil {
+		return nil, err
+	}
+	if uzi != serialNumber {
+		return nil, errors.New("serial number does not match UZI number")
+	}
+	template, err := uraCredential(did, otherNameValue, subjectDID)
 	if err != nil {
 		return nil, err
 	}
@@ -255,16 +262,9 @@ func convertHeaders(headers map[string]interface{}) (jws.Headers, error) {
 
 // uraCredential generates a VerifiableCredential for a given URA and UZI number, including the subject's DID.
 // It sets a 1-year expiration period from the current issuance date.
-func uraCredential(issuer string, otherNameValue string, serialNumber string, subjectDID string) (*vc.VerifiableCredential, error) {
+func uraCredential(issuer string, otherNameValue string, subjectDID string) (*vc.VerifiableCredential, error) {
 	exp := time.Now().Add(time.Hour * 24 * 365 * 100)
 	iat := time.Now()
-	uzi, _, _, err := x509_cert.ParseUraFromOtherNameValue(otherNameValue)
-	if err != nil {
-		return nil, err
-	}
-	if uzi != serialNumber {
-		return nil, errors.New("serial number does not match UZI number")
-	}
 	return &vc.VerifiableCredential{
 		Issuer:         ssi.MustParseURI(issuer),
 		Context:        []ssi.URI{ssi.MustParseURI("https://www.w3.org/2018/credentials/v1")},
@@ -274,9 +274,8 @@ func uraCredential(issuer string, otherNameValue string, serialNumber string, su
 		ExpirationDate: &exp,
 		CredentialSubject: []interface{}{
 			map[string]interface{}{
-				"id":           subjectDID,
-				"serialNumber": serialNumber,
-				"otherName":    otherNameValue,
+				"id":        subjectDID,
+				"otherName": otherNameValue,
 			},
 		},
 	}, nil