jurosens
commented
3 years ago It is a bug and will be fixed soon.
Open J08nY opened 3 years ago
jurosens
commented
3 years ago It is a bug and will be fixed soon.
The
checkTrustAnchorSignaturemethod inGatewayDataDownloadBtpServiceImplis unimplemented but returnstrue. Furthermore the method is unused.https://github.com/eu-digital-green-certificates/dgca-businessrule-service/blob/6e87451612437324c03287cb6aabd31d7d501612/src/main/java/eu/europa/ec/dgc/businessrule/service/GatewayDataDownloadBtpServiceImpl.java#L294-L297
It is possible that this functionality does not need to verify the trust anchor signatures to work securely or that it is done elsewhere but this is still a big code smell and should be handled. (Returning
truefrom a signature verification method that is not implemented is just dangerous!)