Merge pull request #27 from minvws/remove-extra-oid-ca-check

Removed oid ca check
minvws · Feb 27, 2023 · 280e24d · 280e24d
2 parents 7ccaca7 + 09ca464
commit 280e24d
Show file tree

Hide file tree

Showing 3 changed files with 0 additions and 59 deletions.
diff --git a/src/Exceptions/UziCaException.php b/src/Exceptions/UziCaException.php
diff --git a/src/UziValidator.php b/src/UziValidator.php
@@ -4,7 +4,6 @@
 
 use MinVWS\PUZI\Exceptions\UziAllowedRoleException;
 use MinVWS\PUZI\Exceptions\UziAllowedTypeException;
-use MinVWS\PUZI\Exceptions\UziCaException;
 use MinVWS\PUZI\Exceptions\UziCardExpired;
 use MinVWS\PUZI\Exceptions\UziCertificateException;
 use MinVWS\PUZI\Exceptions\UziException;
@@ -81,14 +80,6 @@ public function validate(Request $request): void
             throw new UziCertificateException('No UZI data found in certificate');
         }
 
-        if (
-            $this->strictCAcheck === true &&
-            $uziInfo->getOidCa() !== UziConstants::OID_CA_CARE_PROVIDER &&
-            $uziInfo->getOidCa() !== UziConstants::OID_CA_NAMED_EMPLOYEE
-        ) {
-            throw new UziCaException('CA OID not UZI register Care Provider or named employee');
-        }
-
         if (! $x509->validateSignature(count($this->caCerts) > 0)) {
             throw new UziCertificateException('Uzi certificate path not valid');
         }

diff --git a/tests/UziValidatorTest.php b/tests/UziValidatorTest.php
@@ -4,7 +4,6 @@
 
 use MinVWS\PUZI\Exceptions\UziAllowedRoleException;
 use MinVWS\PUZI\Exceptions\UziAllowedTypeException;
-use MinVWS\PUZI\Exceptions\UziCaException;
 use MinVWS\PUZI\Exceptions\UziCertificateException;
 use MinVWS\PUZI\Exceptions\UziVersionException;
 use MinVWS\PUZI\UziConstants;
@@ -60,42 +59,6 @@ public function testInvalidCert(): void
         $validator->validate($request);
     }
 
-    public function testValidateIncorectOIDca(): void
-    {
-        $user = new UziUser();
-        $user->setOidCa("1.2.3.4");
-
-        $this->expectException(UziCaException::class);
-        $this->expectExceptionMessage("CA OID not UZI register Care Provider or named employee");
-
-        $request = new Request();
-        $request->server->set('SSL_CLIENT_VERIFY', "SUCCESS");
-        $request->server->set('SSL_CLIENT_CERT', file_get_contents(__DIR__ . '/certs/mock-020-incorrect-oidca.cert'));
-
-        $reader = new UziReader();
-        $validator = new UziValidator($reader, true, [], []);
-        $validator->validate($request);
-    }
-
-    public function testValidateIncorectOIDcaWithoutStrictCheck(): void
-    {
-        $user = new UziUser();
-        $user->setOidCa("1.2.3.4");
-
-        $request = new Request();
-        $request->server->set('SSL_CLIENT_VERIFY', "SUCCESS");
-        $request->server->set('SSL_CLIENT_CERT', file_get_contents(__DIR__ . '/certs/mock-020-incorrect-oidca.cert'));
-
-        $reader = new UziReader();
-        $validator = new UziValidator(
-            $reader,
-            false,
-            [UziConstants::UZI_TYPE_NAMED_EMPLOYEE],
-            [UziConstants::UZI_ROLE_DOCTOR]
-        );
-        $this->assertTrue($validator->isValid($request));
-    }
-
     public function testIncorrectVersion(): void
     {
         $request = new Request();