Remove redundant check from P2PX509TrustManager

rescala-lang · Jul 29, 2024 · cfa3f3f · cfa3f3f
1 parent d9d10fb
commit cfa3f3f
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 9 deletions.
diff --git a/Modules/Local-first Access Control/src/main/scala/lofi_acl/crypto/X509Util.scala b/Modules/Local-first Access Control/src/main/scala/lofi_acl/crypto/X509Util.scala
@@ -85,6 +85,9 @@ object X509Util {
     */
   @throws[CertificateException]
   def certificateToPublicIdentity(certificate: X509Certificate): PublicIdentity = {
+    // Certificate still valid?
+    certificate.checkValidity()
+
     val subject = certificate.getSubjectX500Principal
     val issuer  = certificate.getIssuerX500Principal
 

diff --git a/...es/Local-first Access Control/src/main/scala/lofi_acl/transport/P2PX509TrustManager.scala b/...es/Local-first Access Control/src/main/scala/lofi_acl/transport/P2PX509TrustManager.scala
@@ -13,15 +13,7 @@ class P2PX509TrustManager extends X509TrustManager {
       throw CertificateException("Only Ed25519 is supported as signature algo")
     if certificate.getVersion != 3 then throw CertificateException("Only X509v3 Certificates are supported")
 
-    // Certificate still valid?
-    certificate.checkValidity()
-
-    // Self issued?
-    val subject = certificate.getSubjectX500Principal
-    val issuer  = certificate.getIssuerX500Principal
-    if !subject.equals(issuer) then throw CertificateException("certificate not self-issued")
-
-    // Verifies that certificate is actually signed by identity in certificate
+    // Validates and verifies the certificate
     val id = X509Util.certificateToPublicIdentity(certificate)
   }